[PATCH v2 0/5] rust: lsm: introduce safe Rust abstractions for the LSM framework
Paul Moore
paul at paul-moore.com
Wed Mar 11 21:16:11 UTC 2026
On Wed, Mar 11, 2026 at 2:49 AM Alice Ryhl <aliceryhl at google.com> wrote:
> On Wed, Mar 11, 2026 at 6:09 AM Jamie Lindsey <jamie at matrixforgelabs.com> wrote:
> >
> > v2: add missing Signed-off-by tags, fix short commit hash in patch 4.
> > No code changes from v1.
> >
> > This series introduces the first safe Rust abstractions for the Linux
> > Security Module (LSM) framework. It allows a complete, policy-enforcing
> > LSM to be written entirely in Rust with no C boilerplate required from
> > the LSM author.
> >
> > --- Motivation ---
> >
> > The LSM framework is a natural target for Rust: hook registration is
> > unsafe by nature (raw function pointers, C ABI, __randomize_layout on
> > the hook list struct), and the trait system can enforce correct
> > implementation at compile time.
>
> Hi Jamie,
>
> What is the intended end-user of these abstractions?
Building on Alice's question, I wanted to mention that we don't
accept/merge example LSMs into the upstream Linux kernel. I'm
supportive of using Rust to develop new LSMs, and I recognize that
developing a meaningful LSM in Rust will require significant
shim/plumbing work, but that shim work needs to be done in conjunction
with a real LSM.
In case it may be helpful, I wanted to point out some previous work on
developing a LSM in Rust:
https://lore.kernel.org/linux-security-module/20250416213206.26060-2-kernel@o1oo11oo.de
... and if you are serious about developing a proper LSM in Rust, here
is some guidance for developing and submitting new LSMs upstream:
https://github.com/LinuxSecurityModule/kernel/blob/main/README.md#new-lsms
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list