[PATCH] fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
Vlastimil Babka
vbabka at suse.cz
Mon Jun 23 14:21:15 UTC 2025
On 6/23/25 16:01, Christoph Hellwig wrote:
> On Mon, Jun 23, 2025 at 07:00:39AM -0700, Christoph Hellwig wrote:
>> On Mon, Jun 23, 2025 at 12:16:27PM +0200, Christian Brauner wrote:
>> > I'm more than happy to switch a bunch of our exports so that we only
>> > allow them for specific modules. But for that we also need
>> > EXPOR_SYMBOL_FOR_MODULES() so we can switch our non-gpl versions.
>>
>> Huh? Any export for a specific in-tree module (or set thereof) is
>> by definition internals and an _GPL export if perfectly fine and
>> expected.
Peterz tells me EXPORT_SYMBOL_GPL_FOR_MODULES() is not limited to in-tree
modules, so external module with GPL and matching name can import.
But if we're targetting in-tree stuff like kvm, we don't need to provide a
non-GPL variant I think?
> .. the only thing we should do is to drop the pointless _GPL in the
> name entirely.
I'd agree if it was indeed limited to in-tree modules.
More information about the Linux-security-module-archive
mailing list