[LSF/MM/BPF TOPIC] Refactor LSM hooks for VFS mount operations
Song Liu
song at kernel.org
Thu Jan 22 03:00:47 UTC 2026
Hi Paul,
On Wed, Jan 21, 2026 at 4:14 PM Paul Moore <paul at paul-moore.com> wrote:
>
> On Wed, Jan 21, 2026 at 4:18 PM Song Liu <song at kernel.org> wrote:
> >
> > Current LSM hooks do not have good coverage for VFS mount operations.
> > Specifically, there are the following issues (and maybe more..):
>
> I don't recall LSM folks normally being invited to LSFMMBPF so it
> seems like this would be a poor forum to discuss LSM hooks.
Agreed this might not be the best forum to discuss LSM hooks.
However, I am not aware of a better forum for in person discussions.
AFAICT, in-tree LSMs have straightforward logics around mount
monitoring. As long as we get these logic translated properly, I
don't expect much controversy with in-tree LSMs.
> > PS: I am not sure whether other folks are already working on it. I will prepare
> > some RFC patches before the conference if I don't see other proposals.
>
> FWIW, I'm not aware of anyone currently working on revising the mount
> hooks, but it's possible. Posting a patchset, even an early RFC
> draft, is always a good way to find out who might be working in the
> same space :)
>
> Posting to the mailing list also has the advantage of reaching
> everyone who might be interested, whereas discussing this at a
> conference, especially one that is invite-only, is limiting.
I expect there will be RFCs posted to the mailing list before the
conference. We will incorporate feedbacks from the mailing list
to make the discussion more productive at the conference. It is
totally possible that some patches get accepted before the
conference, so that we can simply celebrate at the conference. :)
Thanks,
Song
More information about the Linux-security-module-archive
mailing list