Re: [PATCH v4 00/19] LSM: Module stacking for SARA and Landlock

From: James Morris
Date: Mon Oct 01 2018 - 13:59:12 EST

Next message: Mark Salyzyn: "RESEND [PATCH v5 01/12] arm: vdso: rename vdso_datapage variables"
Previous message: Mark Salyzyn: "RESEND and REBASE arm+arm64+aarch32 vdso rewrite"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 23 Sep 2018, Casey Schaufler wrote:

> > How do you plan to handle LKM-based LSMs?
>
> My position all along has been that I don't plan to handle LKM
> based LSMs, but that I won't do anything to prevent someone else
> from adding them later. I believe that I've done that. Several
> designs, including a separate list for dynamically loaded modules
> have been proposed. I think some of those would work.

Dynamically loadable LSMs are a bad idea, per several previous
discussions. As a general design concept, kernel security mechanisms
should be invoked during boot, so we can reason about the overall state of
the system at a given point.

In any case, we do not need to take dynamic LSMs into account at this
stage. We don't build infrastructure for non-existent features.

Next message: Mark Salyzyn: "RESEND [PATCH v5 01/12] arm: vdso: rename vdso_datapage variables"
Previous message: Mark Salyzyn: "RESEND and REBASE arm+arm64+aarch32 vdso rewrite"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]