[RFC PATCH v21 0/6] mm: security: ro protection for dynamic data
Jonathan Corbet
corbet at lwn.net
Thu Mar 29 20:50:36 UTC 2018
On Fri, 30 Mar 2018 00:25:22 +0400
Igor Stoppa <igor.stoppa at gmail.com> wrote:
> On 27/03/18 20:55, Jonathan Corbet wrote:
> > On Tue, 27 Mar 2018 18:37:36 +0300
> > Igor Stoppa <igor.stoppa at huawei.com> wrote:
> >
> >> This patch-set introduces the possibility of protecting memory that has
> >> been allocated dynamically.
> >
> > One thing that jumps out at me as I look at the patch set is: you do not
> > include any users of this functionality. Where do you expect this
> > allocator to be used? Actually seeing the API in action would be a useful
> > addition, I think.
>
> Yes, this is very true.
> Initially I had in mind to use LSM hooks as easy example, but sadly they
> seem to be in an almost constant flux.
>
> My real use case is to secure both those and the SELinux policy DB.
> I have said this few times, but it didn't seem to be worth mentioning in
> the cover letter.
In general, it is quite hard to merge a new API without users to go along
with it. Among other things, that's how reviewers can see how well the
API works in real-world use. I am certainly not the one who will make the
decision on whether this goes in, but I suspect that whoever *does* make
that decision would prefer to see some users.
Thanks,
jon
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list