On 2024/10/02 23:01, Paul Moore wrote:and you think this fixes that? All this is going to do is force distros to
Now that built-in LSM modules started using __ro_after_init static calls, !built-in
LSM modules can start using !__ro_after_init linked list without affecting built-in
LSM modules. I can't understand why Paul does not like it.
A *lot* of effort has gone into both hardening and improving the
performance of the LSM framework. I'm loath to introduce anything
which would take away from those gains, especially if it is only done
to satisfy out-of-tree LSMs, or users who don't agree with their
distro kernel's build-time configuration.
Forcing distro users to rebuild distro kernels (with or without modified
kernel configurations) is no longer a viable solution.
Since cryptography (e.g. module signing keys) is getting used inside kernels,Yes, and this is an intentional choice on the base of the distro about
noone except the one who has the private key and has built the original kernel
can reproduce the same behavior/functionality (even without modified kernel
configurations). Also, from package management perspective, users get confused
by being forced to use different package names/versions (when installing kernel
related packages) and breaking package dependency (when installing userspace
packages). You said
Comparing userspace applications to kernel code isn't a fair
comparison as a userspace application can generally be added without
impacting the other applications on the system.
Anyone is always free to build their own kernel with whatever code
changes they like, this is the beauty of the kernel source being
available and licensed as Open Source. You are free to build a kernel
with whatever LSM you like included and enabled. You have been shown
examples on how to do this in previous threads.
at https://lkml.kernel.org/r/CAHC9VhQq0-D=p9Kicx2UsDrK2NJQDyn9psL-PWojAA+Y17WiFQ@xxxxxxxxxxxxxx .
But due to above-mentioned realities, your assertion no longer stands.
Kernel source itself might be open, but private keys cannot be open.
The vmlinux cannot be rebuilt without forcing penalties (i.e. having a
negative impact on the user side, which cannot be a viable solution).