On 10/26/22 03:19, Tetsuo Handa wrote:
On 2022/10/26 7:41, Casey Schaufler wrote:You need a built-in LSM that loads and manages loadable security modules.That is no longer loadable LSM modules. A loadable LSM module must be capable of loading any code and using any interface that is allowed to loadable kernel modules using /sbin/insmod command. That is my understanding of what you have promised (and the reason I am allowing you to continue working on LSM stacking before I make CONFIG_SECURITY_TOMOYO=m).
Tetsuo, think of it this way. LSM stacking is going to make it much easier for new LSM modules because they won't automatically be excluded because one of the other LSMs is needed. The problem of loadable LSM modules is orthogonal, and Casey shouldn't need to solve it in this patch series. That is further work to be taken up by another, as Casey has clearly stated its work he is not interested in doing. However the real problem you are trying to solve won't be solved by loadable LSM modules, though they may help. Just having loadable LSMs modules won't mean a distro will build an LSM as a loadable module instead of disabling it, nor does it mean a distro will allow loading an out of tree LSM module. Even if the upstream kernel doesn't provide an option to block loading them, distros will.
