[RFC PATCH] lsm: Add Rust bindings with example LSM

[Paul Moore]

On Wed, Apr 16, 2025 at 5:36 PM Lukas Fischer <kernel at o1oo11oo.de> wrote:
>
> These are the bare necessities to implement an LSM in Rust. They are in
> an early WIP state intended to gather feedback, mainly for the use of
> unsafe.
>
> The LSM is implemented in security/rust_lsm/lsm.rs and uses the bindings
> to the C side directly to set itself up. This is of course not
> production ready, but enough to set up a minimal example of an LSM.
>
> The `lsm_info` struct technically needs to be aligned to
> `size_of::<kernel::ffi::c_ulong>()`, but Rust does not allow this in
> combination with `repr(transparent)`. So far this works, but it seems
> brittle.
>
> To limit the scope of the implementation, the example and bindings only
> cover the `file_permission` hook.
>
> Signed-off-by: Lukas Fischer <kernel at o1oo11oo.de>
> ---
> As part of my master's thesis, I am developing a Rust-based LSM. These
> are the bindings I have created for that, so that I can register and
> implement an LSM in Rust.

Thanks for sharing this Lukas.  My Rust knowledge is still far too
basic to offer any constructive review of the Rust code, but I'm happy
to see some effort being put into looking at what would be required to
support a LSM written in Rust.

It isn't clear to me if this is simply an exercise in seeing what
Rust/C interfaces would be needed to implement a Rust based LSM, or if
you ultimately have a LSM you would like to submit upstream and this
is the necessary groundwork so you can implement it in Rust.  Unless
it is the latter, I'm not sure this is something that is a candidate
for merging into the upstream Linux kernel as we don't merge "demo"
type LSMs.  If you are intending to develop a proper LSM, we do have
some guidelines that may help explain what is expected:

* https://github.com/LinuxSecurityModule/kernel/blob/main/README.md

-- 
paul-moore.com