New LSM hooks

[Casey Schaufler]

On 2/6/2019 5:20 AM, Stephen Smalley wrote:
> On 2/5/19 8:11 PM, James Morris wrote:
>> On Tue, 5 Feb 2019, Paul Moore wrote:
>>
>>> I believe that will always be a problem, no matter what we do.  The
>>> point I was trying to make was that everyone, especially the
>>> maintainers, need to watch for this when patches are posted and make
>>> sure the patch author posts to the LSM list in addition to any of the
>>> relevant LSM specific lists.
>>
>> Right, and there is no way a new LSM hook should ever be added to the
>> kernel without review and ack/signoffs from folks on the LSM list
>> (especially those who are maintainers of in-tree LSMs).
>>
>> Casey, do you have any examples of this happening?
>
> Most of the times I've seen that it has come from vfs folks or other subsystems as part of some major reworking of that subsystem rather than from security module developers, e.g. the mount hooks overhaul.

David Howells did contact me directly on the mount hook
changes well in advance. I'm more concerned with special
purpose hooks like we have for binder, kernfs, nfs, tun,
Infiniband and bpf. I'm not saying that we never need to
provide hooks with a single user, but you do have to
wonder about security_ismaclabel().