[PATCH v4 2/14] Add TSEM specific documentation.

Paul Moore paul at paul-moore.com
Thu Feb 6 15:48:57 UTC 2025

On Wed, Feb 5, 2025 at 7:01 AM Dr. Greg <greg at enjellic.com> wrote:
> On Tue, Jan 28, 2025 at 05:23:52PM -0500, Paul Moore wrote:
> > I believe the LSM can support both the enforcement of security policy
> > and the observation of security relevant events on a system.  In fact
> > most of the existing LSMs do both, at least to some extent.
> >
> > However, while logging of security events likely needs to be
> > asynchronous for performance reasons, enforcement of security policy
> > likely needs to be synchronous to have any reasonable level of
> > assurance.  You are welcome to propose LSMs which provide
> > observability functionality that is either sync, async, or some
> > combination of both (? it would need to make sense to do both ?), but
> > I'm not currently interested in accepting LSMs that provide
> > asynchronous enforcement as I don't view that as a "reasonable"
> > enforcement mechanism.
> This is an artificial distinction that will prove limiting to the
> security that Linux will be able to deliver in the future.
> Based on your response, is it your stated position as Linux security
> maintainer, that you consider modern Endpoint Detection and Response
> Systems (EDRS) lacking with respect to their ability to implement a
> "reasonable" enforcement and assurance mechanism?

As stated previously: "I'm not currently interested in accepting LSMs
that provide asynchronous enforcement as I don't view that as a
reasonable enforcement mechanism."

> If this is the case, your philosophy leaves Linux in a position that
> is inconsistent with how the industry is choosing to implement
> security.

In this case perhaps TSEM is not well suited for the upstream Linux
kernel and your efforts are better spent downstream, much like the
industry you appear to respect.


More information about the Linux-security-module-archive mailing list