On Wed, Jun 10, 2020 at 10:11 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > Ondrej might want to check that it doesn't break RHEL either but I > wouldn't really expect this to get back-ported to RHEL anyway unless > they want the additional hardening gain from being able to make the > LSM hooks read-only after initialization. FWIW, my opinion regarding pay-for-support distros is that while I would prefer not to break them, if the right thing for upstream and community distros is to do thing "X", we should do thing "X". IBM/RH has a bunch of people who get paid to make sure RHEL keeps working, I trust they can manage RHEL just fine ;) -- paul moore www.paul-moore.com
