[PATCH 04/10] CaitSith: Add header file.
Serge E. Hallyn
serge at hallyn.com
Sat Nov 5 23:46:14 UTC 2022
On Sat, Nov 05, 2022 at 01:05:44PM +0900, Tetsuo Handa wrote:
> On 2022/11/05 11:43, Serge E. Hallyn wrote:
> > On Wed, Nov 02, 2022 at 10:57:48AM -0700, Casey Schaufler wrote:
> >> On 11/2/2022 10:10 AM, Tetsuo Handa wrote:
> >>> The main point of this submission is to demonstrate how an LSM module
> >>> which can be loaded using /sbin/insmod can work, and to provide
> >>> consideration points for making changes for LSM stacking in a way that
> >>> will not lock out LSM modules which can be loaded using /sbin/insmod .
> >>
> >> CaitSith could readily be done as an in-tree LSM. The implementation
> >> of loadable module infrastructure is unnecessary.
> >
> > Sorry, I'm getting confused. But in-tree and loadable are not related,
> > right?
>
> Very much related. My goal is to get CaitSith in-tree as a loadable LSM module
> which can be loaded using /sbin/insmod .
Great. I support that. But the sentence
> >> CaitSith could readily be done as an in-tree LSM. The implementation
> >> of loadable module infrastructure is unnecessary.
suggests that because CaitSith could be done in-tree, it doesn't need
to be loadable. I'm saying that is a non sequitur. It sounded like
that setence was meant to say "Because CaitSith could be in-tree, it
doesn't need to be =m. Only out of tree modules need to be loadable."
-serge
More information about the Linux-security-module-archive
mailing list