New LSM hooks

Paul Moore paul at
Tue Feb 5 19:58:35 UTC 2019

On Tue, Feb 5, 2019 at 2:26 PM Casey Schaufler <casey at> wrote:
> On 2/5/2019 10:28 AM, Edwin Zimmerman wrote:
> > Here's my suggestion for starters. According to kernel documentation, new
> > LSMs must be documented before being accepted.  Perhaps we need a
> > similar requirement for LSM hooks.
> That would be handy. The documentation would need to cover
> the purpose for the hook and how a security module would be
> expected to use it.

We have a weak version of this now with the comments in
include/linux/lsm_hooks.h, and as far as I recall we've pushed back on
people who have changed the hooks without some documentation in the
comments.  Whatever we end up doing, let's try to keep this going as a

paul moore

More information about the Linux-security-module-archive mailing list