[PATCH v1 2/8] LSM: Add an LSM identifier for external use

Casey Schaufler casey at schaufler-ca.com
Fri Oct 28 16:54:59 UTC 2022


On 10/26/2022 11:31 PM, Greg KH wrote:
> On Wed, Oct 26, 2022 at 12:36:34PM -0700, Casey Schaufler wrote:
>>>> + *
>>>> + * Copyright (C) 2022 Casey Schaufler <casey at schaufler-ca.com>
>>>> + * Copyright (C) Intel Corporation
>>> No date for Intel?
>> The latest guidance I have received is that Intel does not want a date.
> Ok, then I need to have an Intel lawyer sign off on a patch that does
> this in order to have that be their official statement.  Otherwise, it
> needs a date.

Seems I misunderstood something. The date will be there.

>>>> + */
>>>> +
>>>> +#ifndef _UAPI_LINUX_LSM_H
>>>> +#define _UAPI_LINUX_LSM_H
>>>> +
>>>> +/*
>>>> + * ID values to identify security modules.
>>>> + * A system may use more than one security module.
>>>> + *
>>>> + * LSM_ID_XXX values 0 - 31 are reserved for future use
>>> Reserved for what?  Why?
>> You're not the first person to ask.
> And the answer is?

There hasn't been an argument for it beyond "just in case".
I can't see a rational reason to reserve specific numbers as
I don't see value in LSM ranges.

>> I'll remove the reserved values for the next version.
> Because we asked it will be removed?

Because I don't have a good reason for including it and it
has been called into question. If a reviewer has a legitimate
case for reserved values they may be back.

> confused,
>
> greg k-h



More information about the Linux-security-module-archive mailing list