On 2024/09/04 23:23, Paul Moore wrote: > On Wed, Sep 4, 2024 at 3:10 AM Tetsuo Handa > <pengu****@i-lov*****> wrote: >> >> Until 2.6.23, it was officially possible to register/unregister LSM modules >> that are implemented as loadable kernel modules. > > ... > >> Paul Moore has commented >> >> I do not intentionally plan to make life difficult for the out-of-tree >> LSMs, but if that happens as a result of design decisions intended to >> benefit in-tree LSMs that is acceptable as far as I am concerned. > > Patches that add complexity to the LSM framework without any benefit > to the upstream, in-tree LSMs, or the upstream kernel in general, are > not good candidates for inclusion in the upstream kernel. > The idea and implementation for using LSM from loadable kernel modules is what I demonstrated you in a lightening talk session in LinuxCon North America 2010. It is 14 years since we learned my concern, and you had been ignoring my concern until now. The first solution is "do not use static calls". But you won't agree it. Also, I'm not against use of static calls as long as LKM-based LSM is supported. The second solution is "export static calls" (and leave how it is used by LKM-based LSMs). But some of LSM people do not like solutions that can allow LKMs to disable built-in LSMs. The third solution is "continue using linked list for LKM-based LSMs" which was suggested by KP Singh [1]. I'm OK with this solution, though it is unlucky that LKM-based LSMs can't be benefited from "static calls". If you ignore my concern, I have to NACK the static call changes you are going to send in the upcoming merge window. Link: https://lkml.kernel.org/r/CACYk****@mail***** [1]
TOMOYO
Fork