[GIT PULL] tomoyo update for v6.12
Paul Moore
paul at paul-moore.com
Wed Oct 2 14:01:55 UTC 2024
On Tue, Oct 1, 2024 at 11:32 PM Tetsuo Handa
<penguin-kernel at i-love.sakura.ne.jp> wrote:
> On 2024/10/02 3:22, Paul Moore wrote:
> > Starting tomorrow when I'm reliably back in front of computer I'll
> > sort this out with the rest of the LSM folks. Unless something
> > unexpected comes up in the discussion I'll send you a revert later
> > this week.
>
> What I am asking LSM framework is as simple as
> https://lkml.kernel.org/r/caafb609-8bef-4840-a080-81537356fc60@I-love.SAKURA.ne.jp .
You mention that Linux hasn't supported loadable LSMs since v2.6.23
when SELinux was the only LSM implementation in the upstream Linux
kernel. In the (almost) 17 years since then we've seen a number of
new LSMs introduced and merged into the upstream kernel, each having a
voice as to how the LSM framework is managed.
> Now that built-in LSM modules started using __ro_after_init static calls, !built-in
> LSM modules can start using !__ro_after_init linked list without affecting built-in
> LSM modules. I can't understand why Paul does not like it.
A *lot* of effort has gone into both hardening and improving the
performance of the LSM framework. I'm loath to introduce anything
which would take away from those gains, especially if it is only done
to satisfy out-of-tree LSMs, or users who don't agree with their
distro kernel's build-time configuration.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list