[PATCH v2 5/5] security: Add CONFIG_SECURITY_HOOK_LIKELY
Paul Moore
paul at paul-moore.com
Mon Sep 18 13:55:52 UTC 2023
On Thu, Jun 15, 2023 at 8:05 PM KP Singh <kpsingh at kernel.org> wrote:
>
> This config influences the nature of the static key that guards the
> static call for LSM hooks.
No further comment on the rest of this patch series yet, this just
happened to bubble to the top of my inbox and I wanted to comment
quickly - I'm not in favor of adding a Kconfig option for something
like this. If you have an extremely well defined use case then you
can probably do the work to figure out the "correct" value for the
tunable, but for a general purpose kernel build that will have
different LSMs active, a variety of different BPF LSM hook
implementations at different times, etc. there is little hope to
getting this right. No thank you.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list