-next status as at v7.1-rc6
Paul Moore
paul at paul-moore.com
Fri Jun 5 02:53:44 UTC 2026
On Thu, Jun 4, 2026 at 7:19 PM Linus Torvalds
<torvalds at linux-foundation.org> wrote:
> On Thu, 4 Jun 2026 at 15:23, Paul Moore <paul at paul-moore.com> wrote:
> >
> > While you didn't reply to any of my comments explaining how Hornet
> > works, specifically how it ties into the kernel, I'm assuming you've
> > read the overview. Can you help those of us in the LSM space
> > understand why a BPF dev's NACK on code that lives strictly under
> > security/ is sufficient grounds to reject an LSM patch?
>
> Honestly, I'm not competent to make a judgment call between two
> different models for hash chain verification, so I basically *have* to
> go by maintainer opinions.
I appreciate the explanation, thank you.
I'll admit it's not particularly satisfying, as it doesn't appear to
identify any specific failing other than two groups having differing
opinions.
> So that's basically where I stand - I've seen disagreement, and I've
> seen what looks to me like reasonable push-back, and I've not really
> seen the LSM response as taking it into account.
I would point out the several different attempts Blaise made to work
and compromise with the BPF devs before Hornet was even an idea.
Hornet came into existence only because the BPF devs refused to accept
any use cases other than their own.
Regardless, I think that's about it on this topic. Thanks for the discussion.
... and of course the invitation to the security summit in Prague (or
any future instance for that matter) still stands.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list