On 9/25/2023 4:03 AM, Tetsuo Handa wrote: > On 2023/09/24 1:06, KP Singh wrote: >>> I was not pushing LKM-based LSM because the LSM community wanted to make it possible to >>> enable arbitrary combinations (e.g. enabling selinux and smack at the same time) before >>> making it possible to use LKM-based LSMs. > (...snipped...) >>> As a reminder to tell that I still want to make LKM-based LSM officially supported again, >>> I'm responding to changes (like this patch) that are based on "any LSM must be built into >>> vmlinux". Please be careful not to make changes that forever make LKM-based LSMs impossible. > You did not recognize the core chunk of this post. :-( > > It is Casey's commitment that the LSM infrastructure will not forbid LKM-based LSMs. ... And this code doesn't. I you want LKM based LSM support I suggest you provide patches. If there is anything in the LSM infrastructure that you can't work around I'll help work out how to do it. But I am not going to do it for you, and I don't think anyone else is inclined to, either.
