Re: [PATCH RFC] perf_event: Add support for LSM and SELinux checks
From: James Morris
Date: Wed Oct 09 2019 - 22:45:08 EST
On Wed, 9 Oct 2019, Casey Schaufler wrote:
> On 10/9/2019 3:14 PM, James Morris wrote:
> > On Wed, 9 Oct 2019, Casey Schaufler wrote:
> >
> >> Please consider making the perf_alloc security blob maintained
> >> by the infrastructure rather than the individual modules. This
> >> will save it having to be changed later.
> > Is anyone planning on using this with full stacking?
> >
> > If not, we don't need the extra code & complexity. Stacking should only
> > cover what's concretely required by in-tree users.
>
> I don't believe it's any simpler for SELinux to do the allocation
> than for the infrastructure to do it. I don't see anyone's head
> exploding over the existing infrastructure allocation of blobs.
> We're likely to want it at some point, so why not avoid the hassle
> and delay by doing it the "new" way up front?
Because it is not necessary.
--
James Morris
<jmorris@xxxxxxxxx>