[RFC PATCH] lsm: Add Rust bindings with example LSM

Paul Moore paul at paul-moore.com
Tue Apr 22 16:28:11 UTC 2025 

On Tue, Apr 22, 2025 at 7:22 AM Lukas Fischer <kernel at o1oo11oo.de> wrote:
> On 21.04.25 21:09, Paul Moore wrote:
> > Thanks for sharing this Lukas.  My Rust knowledge is still far too
> > basic to offer any constructive review of the Rust code, but I'm happy
> > to see some effort being put into looking at what would be required to
> > support a LSM written in Rust.
>
> Hi Paul,
>
> that's alright, I was mainly asking the Rust for Linux contributors for feedback
> on that, but I wanted to keep you in the loop as well.
>
> > It isn't clear to me if this is simply an exercise in seeing what
> > Rust/C interfaces would be needed to implement a Rust based LSM, or if
> > you ultimately have a LSM you would like to submit upstream and this
> > is the necessary groundwork so you can implement it in Rust.  Unless
> > it is the latter, I'm not sure this is something that is a candidate
> > for merging into the upstream Linux kernel as we don't merge "demo"
> > type LSMs.  If you are intending to develop a proper LSM, we do have
> > some guidelines that may help explain what is expected:
> >
> > * https://github.com/LinuxSecurityModule/kernel/blob/main/README.md
> thanks for the feedback, I guess I was missing some context in the initial mail.
> The LSM I'm using it for in my thesis is more of a research testbed (or "demo"),
> so I never intended to upstream that. Since I still needed to create bindings to
> implement that in Rust, I figured I would post them to the lists to get some
> feedback and to get things started in case someone wants to implement an actual
> upstreamed LSM in Rust in the future. This is why I marked this "RFC PATCH", it
> is not intended for upstreaming, only for feedback.
>
> If there is interest in it, I might polish the bindings after the thesis, so
> that they can be properly used for an actual LSM. In the state they are
> currently in they do allow writing an LSM in Rust, but not in a way a safe Rust
> abstraction should.

Thanks for the background, that's helpful.  If anything changes and
you decide that you do want to implement a proper LSM in Rust and
propose it for upstream inclusion please let me know.

-- 
paul-moore.com

More information about the Linux-security-module-archive mailing list