[PATCH bpf-next 0/8] New BPF map and BTF security LSM hooks

[Jonathan Corbet]

Andrii Nakryiko <andrii.nakryiko at gmail.com> writes:

> Why do you prefer such
> an approach instead of going with no extra permissions by default, but
> allowing custom LSM policy to grant few exceptions for known and
> trusted use cases?

Should you be curious, you can find some of the history of the "no
authoritative hooks" policy at:

  https://lwn.net/2001/1108/kernel.php3

It was fairly heatedly discussed at the time.

jon