[PATCH v7 0/6] Safe LSM (un)loading, and immutable hooks

James Morris jmorris at namei.org
Tue May 1 18:49:38 UTC 2018


On Mon, 30 Apr 2018, Sargun Dhillon wrote:

> On Mon, Apr 30, 2018 at 2:16 PM, James Morris <jmorris at namei.org> wrote:
> > On Mon, 30 Apr 2018, Sargun Dhillon wrote:
> >
> >> I guess I'm just a little bit frustrated, because, in my mind, some of
> >> my patches provide immediate value, and are ready to be reviewed, and
> >> or respun.
> >
> > I'm not seeing much value in this functionality, given that SELinux is the
> > only unloadable LSM, and that is really just an historical workaround
> > which may be normalized at some point.
> >
> > Patch 1 may be useful on its own.
> Do you not think patch 2 is also useful? Is it worth me re-rolling 1-2
> independently?
> 

Yes, please split out the seq file change and submit them as independent 
changes.

> Do you think not think that minor loadable LSMs are valuable? -- And
> if so, do you think it's okay with, or without guardrails?

Potentially, but we can't add infrastructure for non-existent or out of 
tree code.



-- 
James Morris
<jmorris at namei.org>

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list