LSM stacking in next for 6.1?
Paul Moore
paul at paul-moore.com
Wed Sep 14 13:56:41 UTC 2022
On Fri, Sep 9, 2022 at 7:33 AM Tetsuo Handa
<penguin-kernel at i-love.sakura.ne.jp> wrote:
> On 2022/09/09 3:52, Paul Moore wrote:
> > At least one of those, Landlock, has been merged upstream and is now
> > available in modern released Linux Kernels. As far as the other LSMs
> > are concerned, I don't recall there ever being significant interest
> > among other developers or users to warrant their inclusion upstream.
> > If the authors believe that has changed, or is simply not true, they
> > are always welcome to post their patches again for discussion, review,
> > and potential upstreaming. However, I will caution that it is
> > becoming increasingly difficult for people to find time to review
> > potential new LSMs so it may a while to attract sufficient comments
> > and feedback.
>
> Inclusion into upstream is far from the goal.
For better or worse, there is a long history of the upstream Linux
Kernel focusing only on in-tree kernel code, I see no reason why we
should change that now for LSMs. I am sorry that this approach
negatively affects the LSMs you mentioned, but if they are not
interested in being merged upstream there is not much we can do to
help.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list