[PATCH 04/10] CaitSith: Add header file.

Tetsuo Handa penguin-kernel at I-love.SAKURA.ne.jp
Wed Nov 9 23:57:06 UTC 2022


On 2022/11/09 23:48, Paul Moore wrote:
>                                             If there is a significant
> change, e.g. the overall kernel policy towards out-of-tree code, we
> can reconsider this policy but as of right now only upstream LSMs will
> have LSM ID tokens assigned to them; in-development LSMs are free to
> temporarily assign themselves an ID token (which may change when the
> LSM is merged upstream), and out-of-tree LSMs are free to do whatever
> they like with respect to their code, just as they do now.

If in-development LSMs and out-of-tree LSMs cannot get a stable ID token,
developers cannot write and publish userspace tools which make use of ID
token. If ID collision happens by use of temporarily ID token, this token
is no longer an identifier. That is a pointless and needless constraint
for getting LSM modules created / tested / used.



More information about the Linux-security-module-archive mailing list