[RFC PATCH 1/2] LSM: Allow dynamically appendable LSM modules.
Paul Moore
paul at paul-moore.com
Tue Oct 3 23:27:24 UTC 2023
On Wed, Sep 27, 2023 at 12:02 PM KP Singh <kpsingh at kernel.org> wrote:
>
> Until I hear the real limitations of using BPF, it's a NAK from me.
There is a lot going on in this thread, and while I'm still playing
catch-up from LSS-EU and some time off (ish) it looks like most of the
most important points have already been made, which is great.
However, I did want to comment quickly on the statement above.
We want to be very careful about using an existing upstream LSM as a
reason for blocking the inclusion of a new LSM upstream. We obviously
want to reject obvious duplicates and proposals that are sufficiently
"close" (with "close" deliberately left ambiguous here), but we don't
want to stifle new ideas simply because an existing LSM claims to "do
it all". We've recently been trying to document this, with the latest
draft viewable here:
https://github.com/LinuxSecurityModule/kernel#new-lsm-guidelines
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list