On 2022/09/14 22:56, Paul Moore wrote: > On Fri, Sep 9, 2022 at 7:33 AM Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: >> Inclusion into upstream is far from the goal. > > For better or worse, there is a long history of the upstream Linux > Kernel focusing only on in-tree kernel code, I see no reason why we > should change that now for LSMs. Because we can't afford accepting/maintaining whatever LSMs that are proposed. Do you think that we are going to accept/maintain whatever LSMs that are proposed if we get to the point to "The commitment I made to Paul some years ago now was that the stacking would eventually include making all combinations possible" ? I don't think so. Although the upstream Linux Kernel focuses only on in-tree kernel code, CONFIG_MODULES=y is not limited for in-tree kernel code. It is used by e.g. device vendors to deliver their out-of-tree driver code. Then, I see no reason why we can't do the same for LSMs. We simply don't need to "provide efforts for fixing bugs in whatever LSMs"; we simply should "allow whatever LSMs to exist".
