ANN: new LSM guidelines

Paul Moore paul at paul-moore.com
Thu Sep 7 22:12:49 UTC 2023 

On Thu, Aug 3, 2023 at 5:38 PM Paul Moore <paul at paul-moore.com> wrote:
>
> On Wed, Aug 2, 2023 at 6:00 PM Paul Moore <paul at paul-moore.com> wrote:
> > On Tue, Aug 1, 2023 at 6:47 PM Paul Moore <paul at paul-moore.com> wrote:
> > > I've updated the README.md doc based on the feedback, and copied the
> > > two new sections below for easier review.  If anyone has any
> > > additional feedback or concerns, please let me know.
> >
> > Another update based on feedback received (thanks everyone!).  Just as
> > before, I welcome any comments or feedback you are able to share.
>
> MOAR UPDATES!
>
> ## New LSM Hook Guidelines

...

> ## New LSM Guidelines
>
> Historically we have had few requirements around new LSM additions, with
> Arjan van de Ven being the first to describe a basic protocol for accepting new
> LSMs into the Linux kernel[^1].  In an attempt to document Arjan's basic ideas
> and update them for modern Linux kernel development, here are a list of
> requirements for new LSM submissions:
>
> * The new LSM's author(s) must commit to maintain and support the new LSM for
> an extended period of time.  While the authors may be currently employed to
> develop and support the LSM, there is an expectation upstream that support will
> continue beyond the author's employment with the original company, or the
> company's backing of the LSM.

Based on some off-list discussions, I've added some text to the end of
the paragraph above to allow for a reasonable plan of succession in
cases where the original LSM authors are not able to commit to long
term support.  Just as before, comments are always welcome :)

Here is the new paragraph:

"The new LSM's author(s) must commit to maintain and support the new LSM for
an extended period of time.  While the authors may be currently employed to
develop and support the LSM, there is an expectation upstream that support will
continue beyond the authors' employment with the original company, or the
company's backing of the LSM.  If the authors are not able to commit to
supporting the LSM for an extended period of time, a reasonable succession plan
must be submitted along with the LSM."

-- 
paul-moore.com

More information about the Linux-security-module-archive mailing list