On Tue, 11 Sep 2018, Schaufler, Casey wrote: > How about this? Take Jiri's patch as written. You get everything except checks > on the security blobs and any "magic" that my safesidechannel module did. I > will propose a follow on patch that fixes the SELinux code to eliminate the > locking > issue and enables the LSM hooks in the IBPB case. I can then do a revised > "magic" > safesidechannel security module that uses the ptrace hook instead of adding a > new hook explicitly for IBPB. There is some danger that in the future ptrace > and > IBPB criteria will diverge sufficiently that a common hook becomes > nonsensical. > As no one else seems concerned about this possibility, I won't lose any sleep > over > it either.
Sounds like a plan.