Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx> writes: > Why do you prefer such > an approach instead of going with no extra permissions by default, but > allowing custom LSM policy to grant few exceptions for known and > trusted use cases? Should you be curious, you can find some of the history of the "no authoritative hooks" policy at: https://lwn.net/2001/1108/kernel.php3 It was fairly heatedly discussed at the time. jon
