Hardcoded security module suggestion - stop the stacking insanity
Paul Moore
paul at paul-moore.com
Wed Apr 10 01:58:50 UTC 2024
On Tue, Apr 9, 2024 at 7:34 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> The question is what would be acceptable? I've been proposing LSM
> infrastructure changes for a painfully long time. I'd be
> de-f***ing-lighted to hear what would be better than what we have now.
> While I can't change the brain dead behavior of 21st century hardware
> I am perfectly willing to re-write the entire $%^&*( LSM layer if it
> can be done in a way that makes you happy.
Relax Casey, no one is rewriting the entire LSM layer. Perhaps more
accurately, I'm not going to merge a single patchset that throws
everything out and substitutes a single-LSM approach to satisfy a spur
of the moment comment triggered by the latest hardware flaw.
We'll sort out the static call conversion first and go from there.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list