On 2019/12/14 3:48, James Morris wrote: > On Thu, 12 Dec 2019, Ondrej Mosnacek wrote: > >> I'd say the burden of implementing this would lie on the arms of >> whoever prepares the patches for dynamic load/unload. > > Correct, and I don't see any such patches being accepted. > > Go and look at some exploits, where LSM is used as a rootkit API... > Evaluating trust of LSM modules is a job of module signing / integrity checking etc. Disallowing loadable LSM modules (because of worrying about rootkit API) is as stupid as enforcing CONFIG_MODULES=n.
