On 2022/09/14 22:56, Paul Moore wrote: > On Fri, Sep 9, 2022 at 7:33 AM Tetsuo Handa > <penguin-ker...@i-love.sakura.ne.jp> wrote: >> Inclusion into upstream is far from the goal. > > For better or worse, there is a long history of the upstream Linux > Kernel focusing only on in-tree kernel code, I see no reason why we > should change that now for LSMs.
Because we can't afford accepting/maintaining whatever LSMs that are proposed. Do you think that we are going to accept/maintain whatever LSMs that are proposed if we get to the point to "The commitment I made to Paul some years ago now was that the stacking would eventually include making all combinations possible" ? I don't think so. Although the upstream Linux Kernel focuses only on in-tree kernel code, CONFIG_MODULES=y is not limited for in-tree kernel code. It is used by e.g. device vendors to deliver their out-of-tree driver code. Then, I see no reason why we can't do the same for LSMs. We simply don't need to "provide efforts for fixing bugs in whatever LSMs"; we simply should "allow whatever LSMs to exist". -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
