ANN: new LSM guidelines

Tetsuo Handa penguin-kernel at I-love.SAKURA.ne.jp
Sat Sep 9 00:46:02 UTC 2023


On 2023/08/03 7:00, Paul Moore wrote:
> * The new LSM must be sufficiently unique to justify the additional work
> involved in reviewing, maintaining, and supporting the LSM.  It is reasonable
> for there to be a level of overlap between LSMs, but either the security model
> or the admin/user experience must be significantly unique.

s/work/burden/ ?

> * Any userspace tools or patches created in support of the LSM must be publicly
> available, with a public git repository preferable over a tarball snapshot.

What is the definition of "publicly" here? Everyone can download related resources
including the source code etc. anonymously (e.g. without asking for creating user
account and/or buying subscriptions ) ?



If one of userspace tools designed for the new LSM depends on the LSM ID, when can
the author of the new LSM obtain the stable LSM ID for that LSM ?

This might trigger a catch-22 situation while reviewing, for the author of such
userspace tools will not be able to publish on a publicly available git repository
without the stable LSM ID whereas LSM people say that only in-tree LSMs get the
stable LSM ID. If userspace tools needs to be publicly available while reviewing,
a stable LSM ID must be assigned for that LSM in order to allow userspace tools
being published on a publicly available git repository by the moment the author
of a new LSM proposes that LSM to the community for review.

I'm still against the "only in-tree LSMs get the stable LSM ID" part. As long as
someone developed an LSM in a manner that is publicly available, a stable LSM ID
should be assigned, regardless of whether that LSM succeeds in becoming one of
in-tree LSMs.



More information about the Linux-security-module-archive mailing list