On Wed, May 13, 2020 at 10:40:31AM -0500, Eric W. Biederman wrote: > Luis Chamberlain <mcgrof@xxxxxxxxxx> writes: > > > Certain symbols are not meant to be used by everybody, the security > > helpers for reading files directly is one such case. Use a symbol > > namespace for them. > > > > This will prevent abuse of use of these symbols in places they were > > not inteded to be used, and provides an easy way to audit where these > > types of operations happen as a whole. > > Why not just remove the ability for the firmware loader to be a module? I agree, it's been a mess of build options to try to keep alive over time. > Is there some important use case that requires the firmware loader > to be a module? I don't think so anymore. > We already compile the code in by default. So it is probably just > easier to remove the modular support all together. Which would allow > the export of the security hooks to be removed as well. Agreed. thanks, greg k-h
