On 9/6/2022 5:10 PM, John Johansen wrote: > sorry I am wayyyy behind on this, so starting from here > > On 9/6/22 16:24, Paul Moore wrote: >> I can't currently in good conscience defend the kernel/userspace >> combined label interfaces as "good", especially when we have a very >> rare opportunity to do better. >> > > so I am going to grab and hold onto >>>> Further, I think we can add the new syscall API separately from the >>>> LSM stacking changes as they do have standalone value. >>> > > what I think Paul is saying is we can move the LSM stacking patches > forward by removing the combined label interface. Do you mean /proc/self/attr/interface_lsm? /proc/.../attr/context? > They won't be as > useful but it would be a huge step forward, and the next step could > be the syscall API.
