New LSM hooks

Paul Moore paul at paul-moore.com
Tue Feb 5 19:58:35 UTC 2019


On Tue, Feb 5, 2019 at 2:26 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> On 2/5/2019 10:28 AM, Edwin Zimmerman wrote:
> > Here's my suggestion for starters. According to kernel documentation, new
> > LSMs must be documented before being accepted.  Perhaps we need a
> > similar requirement for LSM hooks.
>
> That would be handy. The documentation would need to cover
> the purpose for the hook and how a security module would be
> expected to use it.

We have a weak version of this now with the comments in
include/linux/lsm_hooks.h, and as far as I recall we've pushed back on
people who have changed the hooks without some documentation in the
comments.  Whatever we end up doing, let's try to keep this going as a
practice.

-- 
paul moore
www.paul-moore.com



More information about the Linux-security-module-archive mailing list