[PATCH bpf-next 3/4] bpf: Introduce path iterator

Al Viro viro at zeniv.linux.org.uk
Thu May 29 20:15:51 UTC 2025


On Thu, May 29, 2025 at 12:46:00PM -0700, Song Liu wrote:

> > Basically, you are creating a spot we will need to watch very carefully
> > from now on.  And the rationale appears to include "so that we could
> > expose that to random out-of-tree code that decided to call itself LSM",
> > so pardon me for being rather suspicious about the details.
> 
> No matter what we call them, these use cases exist, out-of-tree or
> in-tree, as BPF programs or kernel modules. We are learning from
> Landlock here, simply because it is probably the best way to achieve
> this.

If out-of-tree code breaks from something we do kernel-side, it's the
problem of that out-of-tree code.  You are asking for a considerable
buy-in, without even bothering to spell out what it is that we are
supposed to care about supporting.

If you want cooperation, explain what is needed, and do it first, so that
there's no goalpost shifting afterwards.



More information about the Linux-security-module-archive mailing list