A formal request for process clarifications.

Dr. Greg greg at enjellic.com
Mon Dec 15 16:57:17 UTC 2025 

On Mon, Dec 15, 2025 at 07:38:58PM +1200, Linus Torvalds wrote:

Good morning Linus, thanks for taking the time to respond.

> On Mon, 15 Dec 2025 at 19:13, Dr. Greg <greg at enjellic.com> wrote:
> >
> > Three years ago our team had submitted for review our TSEM LSM that
> > provides a framework for generic security modeling,

> If you can't convince the LSM people to take your code, you sure can't
> convince me.
> 
> I already think we have too many of those pointless things. There's a
> fine line between diversity and "too much confusion because everybody
> thinks they know best". And the linux security modules passed that
> line years ago.
> 
> So my suggestion is to standardize on normal existing security models
> instead of thinking that you can do better by making yet another one.
> Or at least work with the existing people instead of trying to bypass
> them and ignoring what they tell you.
> 
> Yes, I know that security people always think they know best, and they
> all disagree with each other, which is why we already have tons of
> security modules.  Ask ten people what model is the right one, and you
> get fifteen different answers.
> 
> I'm not in the least interested in becoming some kind of arbiter or
> voice of sanity in this.

First, to be very clear, we are not asking for any kind of
intervention or arbitration on your part.

Second and most importantly.  You've been belly-aching about this
problem for as long as I can remember and you I go back to 1992
together with Linux.

You, and only you, can fix the problem if you want it fixed.  Issue an
immediate statement that you will no longer accept any code that
implements an 'LSM'.

That will drive security development out of the kernel, which is where
it is going to go eventually anyway OR it will drive the security
community to try and fix what it considers to be the challenges with
eBPF when it comes to building security solutions.

Somewhat paradoxically in all of this, TSEM isn't even an LSM that
implements security policy.  It is generic infrastructure that was
built to address the very problem you are bitching about.

If Linux is really about technology, as you have continually
advocated, then there has to be an open playing field for
contributors.  Absent that, Linux will balkanize, the same way the
commercial Unix implementations did, around corporate driven
interests and motivations.

We will pursue the open playing field issue through the TAB if
necessary.


>               Linus

Once again, with all due respect, fix the problem if it annoys you,
you would be doing a lot of people a favor.

Best wishes for a pleasant holiday season to you and your family.

As always,
Dr. Greg

The Quixote Project - Flailing at the Travails of Cybersecurity
              https://github.com/Quixote-Project

More information about the Linux-security-module-archive mailing list