New skb extension for use by LSMs (skb "security blob")?

Thu Aug 22 21:59:37 UTC 2019

On 8/22/2019 2:18 PM, David Miller wrote:
> From: Casey Schaufler <casey at schaufler-ca.com>
> Date: Thu, 22 Aug 2019 13:35:01 -0700
>
>> If the secmark where replaced by a security blob, the u32 secmark field
>> in an sk_buff would be replaced by a void * security field.
> You can already use the secmark to hash to some kind of pointer or other
> object.

Would you really want that used in the most common configuration?
Sure, you *can* do that, but it would be insane to do so.