[RFC PATCH 1/2] LSM: Allow dynamically appendable LSM modules.

KP Singh kpsingh at kernel.org
Tue Oct 3 23:41:15 UTC 2023


On Wed, Oct 4, 2023 at 1:27 AM Paul Moore <paul at paul-moore.com> wrote:
>
> On Wed, Sep 27, 2023 at 12:02 PM KP Singh <kpsingh at kernel.org> wrote:
> >
> > Until I hear the real limitations of using BPF, it's a NAK from me.
>
> There is a lot going on in this thread, and while I'm still playing
> catch-up from LSS-EU and some time off (ish) it looks like most of the
> most important points have already been made, which is great.
> However, I did want to comment quickly on the statement above.
>
> We want to be very careful about using an existing upstream LSM as a
> reason for blocking the inclusion of a new LSM upstream.  We obviously
> want to reject obvious duplicates and proposals that are sufficiently
> "close" (with "close" deliberately left ambiguous here), but we don't
> want to stifle new ideas simply because an existing LSM claims to "do
> it all".  We've recently been trying to document this, with the latest
> draft viewable here:
>
> https://github.com/LinuxSecurityModule/kernel#new-lsm-guidelines

Thanks for the context and documenting this Paul.

>
> --
> paul-moore.com



More information about the Linux-security-module-archive mailing list