On Mon, 30 Dec 2019, Kees Cook wrote: > > Given the discussion around tracing and stable ABI at the last kernel > summit, Linus's mandate is mainly around "every day users" and not > around these system-builder-sensitive cases where everyone has a strong > expectation to rebuild their policy when the kernel changes. i.e. it's > not "powertop", which was Linus's example of "and then everyone running > Fedora breaks". > > So, while I know we've tried in the past to follow the letter of the > law, it seems Linus really expects this only to be followed when it will > have "real world" impact on unsuspecting end users. > > Obviously James Morris has the final say here, but as I understand it, > it is fine to expose these here for the same reasons it's fine to expose > the (ever changing) tracepoints and BPF hooks. Agreed. This API should be seen in the same light as tracing / debugging, and it should not be exposed by users directly to general purpose applications. -- James Morris <jmorris@xxxxxxxxx>
