[PATCH] LSM: allow loadable kernel module based LSM modules
Tetsuo Handa
penguin-kernel at I-love.SAKURA.ne.jp
Sat Sep 7 10:14:17 UTC 2024
On 2024/09/06 23:24, Paul Moore wrote:
> On Fri, Sep 6, 2024 at 3:43 AM Tetsuo Handa
> <penguin-kernel at i-love.sakura.ne.jp> wrote:
>> If you ignore my concern, I have to NACK the static call changes you are
>> going to send in the upcoming merge window.
>
> I'm not ignoring your concern, I've responded to your emails and
> patches on the topic over, and over, and over, and over again by
> trying to explain to you that your goal of supporting out-of-tree LSMs
> regardless of the impact to the upstream LSM effort is not something
> that is acceptable to the upstream LSM effort, or the Linux kernel in
> general.
I want LKM-based LSM support in order to allow one of in-tree LSMs (namely
TOMOYO) to be delivered to my intended users, for nobody can solve the
realities that commit 20510f2f4e2d ("security: Convert LSM into a static
interface") missed:
how difficult/unrealistic for Linux users who are using prebuilt kernel
packages provided by Linux distributors to replace their kernels
how difficult for Linux distributors to allow their users to use in-tree
LSM modules which that distributor is not familiar with [1] because Linux
distributors are supposed to support kernel packages they built and
shipped
Linux distributors do not want to enable out-of-tree code due to upstream
first policy, while Linux kernel development community can not afford
accepting whatever proposed code due to limited resources
One of LSM developers commented me ( Mon, 22 Jul 2024 17:12:05 +0200
in off-list discusstion) about AKARI
Ofcourse you found a way to hack it. You want me to curl bash pipe
your kernel module code that disables certain protections and runs
arbitrary hacks on my machine? No thank you!
Ofcourse you change the memory mapping of data. You are misleading
your users into trusting you and instead of contributing code and
working with distros for your use case, you are shipping hacks and
making noise without any constructive code contribution or alignment
with distros for your use-case (below RHEL won't eneable it even
if we had a proper API).
and this patch is for following that comment. All concerns about updating
__ro_after_init data is gone if we move to a dual static call and linked
list based approach. I'm very very very sad that you did not respond to
I think what you can do is send patches for an API for LKM based LSMs
and have it merged before my series, I will work with the code I have
and make LKM based LSMs work. If this work gets merged, and your
use-case is accepted (I think I can speak for at least Kees [if not
others] too here) we will help you if you get stuck with MAX_LSM_COUNT
or a dual static call and linked list based approach.
in [2], and started saying "No" to this approach after you accepted
the static call changes. You are ignoring my concern!
Link: https://bugzilla.redhat.com/show_bug.cgi?id=542986 [1]
Link: https://lkml.kernel.org/r/CACYkzJ7ght66802wQFKzokfJKMKDOobYgeaCpu5Gx=iX0EuJVg@mail.gmail.com [2]
More information about the Linux-security-module-archive
mailing list