On 30/05/2023 20:02, Jeff Xu wrote:
As I believe we are in the latter stages of review for the syscall
API, perhaps you could take a look and ensure that the current
proposed API works for what you are envisioning with Landlock?
Which review/patch to look for the proposed API ?
https://lore.kernel.org/lkml/20230428203417.159874-3-casey@xxxxxxxxxxxxxxxx/T/
How easy is it to add a customized LSM with new APIs?
I'm asking because there are some hard-coded constant/macro, i.e.
I guess this question is related to the Chromium OS LSM right? I think
this would be a good opportunity to think about mainlining this LSM to
avoid the hassle of dealing with LSM IDs.
+#define LSM_ID_LANDLOCK 111
(Do IDs need to be sequential ?)
+ define LSM_CONFIG_COUNT
Today, only security/Kconfig change is needed to add a new LSM, I think ?
