On Wed, Sep 27, 2023 at 12:02 PM KP Singh <kpsingh@xxxxxxxxxx> wrote: > > Until I hear the real limitations of using BPF, it's a NAK from me. There is a lot going on in this thread, and while I'm still playing catch-up from LSS-EU and some time off (ish) it looks like most of the most important points have already been made, which is great. However, I did want to comment quickly on the statement above. We want to be very careful about using an existing upstream LSM as a reason for blocking the inclusion of a new LSM upstream. We obviously want to reject obvious duplicates and proposals that are sufficiently "close" (with "close" deliberately left ambiguous here), but we don't want to stifle new ideas simply because an existing LSM claims to "do it all". We've recently been trying to document this, with the latest draft viewable here: https://github.com/LinuxSecurityModule/kernel#new-lsm-guidelines -- paul-moore.com
