Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752802AbdLMMjV (ORCPT ); Wed, 13 Dec 2017 07:39:21 -0500 Received: from mail-ot0-f196.google.com ([74.125.82.196]:33614 "EHLO mail-ot0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751910AbdLMMjS (ORCPT ); Wed, 13 Dec 2017 07:39:18 -0500 X-Google-Smtp-Source: ACJfBou7VP95hIvg5oBnntMOMbAt2qy58VIVkTx8KFTTGtfD7tJGFezh0ufNBnh5QFHXb6N2wT3wKdw6Xlvk7uyZ9tU= MIME-Version: 1.0 In-Reply-To: References: <5c089f6eb3bcec36e6021db7dcfcd4409be99111.1512704909.git.sargun@netflix.com> From: Sargun Dhillon Date: Wed, 13 Dec 2017 13:38:37 +0100 Message-ID: Subject: Re: [RFC v2 1/3] security: Add safe, dynamic (runtime-loadable) hook support To: James Morris Cc: LSM , Kees Cook , Igor Stoppa , Casey Schaufler , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 998 Lines: 28 On Sun, Dec 10, 2017 at 11:28 PM, James Morris wrote: > On Fri, 8 Dec 2017, Sargun Dhillon wrote: > >> The primary purpose of this patchset is to facilitate the development of >> out-of-tree minor LSMs. > > This is not a valid use-case for the mainline kernel: we don't add > features for out of tree code. > > Please reconsider your rationale :-) > > > - James > -- > James Morris > > Even a la livepatch? One of our primary usecases is for a safer version of livepatch, with simpler consistency guarantees. The model is to be able to generate a module that targets a specific CVE, and roll it out via DKMS, or similar to a heterogenous fleet. The other one is to be able to dynamically compile LSMs a la systemtap, using a DSL. One of the biggest problems we've seen is that the capability of LSMs is limited by the policy. Changing the policy requires in-kernel changes, whereas a compiler in userspace is significantly easier to modify.