[LSF/MM/BPF TOPIC] Refactor LSM hooks for VFS mount operations
Paul Moore
paul at paul-moore.com
Thu Jan 22 17:27:00 UTC 2026
On Wed, Jan 21, 2026 at 10:00 PM Song Liu <song at kernel.org> wrote:
> On Wed, Jan 21, 2026 at 4:14 PM Paul Moore <paul at paul-moore.com> wrote:
> > On Wed, Jan 21, 2026 at 4:18 PM Song Liu <song at kernel.org> wrote:
> > >
> > > Current LSM hooks do not have good coverage for VFS mount operations.
> > > Specifically, there are the following issues (and maybe more..):
> >
> > I don't recall LSM folks normally being invited to LSFMMBPF so it
> > seems like this would be a poor forum to discuss LSM hooks.
>
> Agreed this might not be the best forum to discuss LSM hooks.
> However, I am not aware of a better forum for in person discussions.
The Linux Security Summit (LSS), held both in North America and Europe
each year, typically has a large number of LSM developers and
maintainers in attendance. The CfP for LSS North America just
recently opened (link below), and it closes on March 15th with LSS-NA
taking place May 21st and 22nd; reworking the LSM mount APIs would
definitely be on-topic for LSS. While there is a modest conference
fee to cover recordings (waived for presenters), anyone may attend LSS
as no invitation is required.
https://sessionize.com/linux-security-summit-north-america-2026
The CfP for Linux Security Summit Europe will open later this year,
you can expect a similar CfP as LSS North America.
https://events.linuxfoundation.org/linux-security-summit-europe
> AFAICT, in-tree LSMs have straightforward logics around mount
> monitoring. As long as we get these logic translated properly, I
> don't expect much controversy with in-tree LSMs.
It seems very odd, and potentially a waste of time/energy, to discuss
a redesign of an API without the people needed to sign-off on and
maintain the design, but what do I know ...
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list