On Wed, Oct 4, 2023 at 1:27 AM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Wed, Sep 27, 2023 at 12:02 PM KP Singh <kpsingh@xxxxxxxxxx> wrote: > > > > Until I hear the real limitations of using BPF, it's a NAK from me. > > There is a lot going on in this thread, and while I'm still playing > catch-up from LSS-EU and some time off (ish) it looks like most of the > most important points have already been made, which is great. > However, I did want to comment quickly on the statement above. > > We want to be very careful about using an existing upstream LSM as a > reason for blocking the inclusion of a new LSM upstream. We obviously > want to reject obvious duplicates and proposals that are sufficiently > "close" (with "close" deliberately left ambiguous here), but we don't > want to stifle new ideas simply because an existing LSM claims to "do > it all". We've recently been trying to document this, with the latest > draft viewable here: > > https://github.com/LinuxSecurityModule/kernel#new-lsm-guidelines Thanks for the context and documenting this Paul. > > -- > paul-moore.com
