ANN: new LSM guidelines

Paul Moore paul at paul-moore.com
Mon Aug 7 21:52:45 UTC 2023 

On Fri, Aug 4, 2023 at 3:58 AM Mickaël Salaün <mic at digikod.net> wrote:
>
> On Thu, Aug 03, 2023 at 05:38:23PM -0400, Paul Moore wrote:
> > On Wed, Aug 2, 2023 at 6:00 PM Paul Moore <paul at paul-moore.com> wrote:
> > > On Tue, Aug 1, 2023 at 6:47 PM Paul Moore <paul at paul-moore.com> wrote:
> > > > I've updated the README.md doc based on the feedback, and copied the
> > > > two new sections below for easier review.  If anyone has any
> > > > additional feedback or concerns, please let me know.
> > >
> > > Another update based on feedback received (thanks everyone!).  Just as
> > > before, I welcome any comments or feedback you are able to share.
> >
> > MOAR UPDATES!
>
> With some optional nitpicking, looks good to me!

Great, thanks for your help with the reviews, suggestions, etc.  I
think the guidelines are much better now than when we started.

> > ## New LSM Guidelines

...

> > * New LSMs must be accompanied by a publicly available test suite to verify
> > basic functionality and help identify regressions.  Test coverage does not need
> > to reach a specific percentage, but core functionality and any user interfaces
>
> I'm not sure it is worth specifying the "not need" part, for tests and
> documentation paragraphs.

My goal with that was to try and not scare people away with a
tremendous documentation and/or testing burden to start.  I'd like to
keep it in the doc, but I understand your point.

> > It is important to note that these requirements are not complete, due to the
> > ever changing nature of the Linux kernel and the unique nature of each LSM.
> > Ultimately, new LSMs are added to the kernel at the discretion of the
> > maintainers and reviewers.
>
> This paragraph sounds a lot like the last paragraph of the LSM hook
> section, but I don't have a better suggestion.

That's because it is pretty much the same paragraph :)

I agree, it would be nice if there were a little more different, but
given that the purpose is the same for each paragraph I'm not sure
spending a lot of time to make them read significantly different is
going to accomplish a lot.

-- 
paul-moore.com

More information about the Linux-security-module-archive mailing list