On Tue, Sep 27, 2022 at 09:41:01AM +0200, Christoph Hellwig wrote: > On Mon, Sep 26, 2022 at 05:22:45PM -0700, Casey Schaufler wrote: > > I suggest that you might focus on the acl/evm interface rather than the entire > > LSM interface. Unless there's a serious plan to make ima/evm into a proper LSM > > I don't see how the breadth of this patch set is appropriate. > > Umm. The problem is the historically the Linux xattr interface was > intended for unstructured data, while some of it is very much structured > and requires interpretation by the VFS and associated entities. So > splitting these out and add proper interface is absolutely the right > thing to do and long overdue (also for other thing like capabilities). > It might make things a little more verbose for LSM, but it fixes a very > real problem. Agreed.
