Re: [PATCH v2 security-next 1/4] security: Hornet LSM

Alexei Starovoitov alexei.starovoitov@gmail.com writes:

History repeats itself.

1. the problem is hard.
2. you're only interested in addressing your own use case.

There is no end-to-end design here and no attempt to think it through how it will work for others.

Well, I suppose anything worth doing is going to be hard :)

The end-to-end design for this is the same end-to-end design that exists for signing kernel modules today. We envisioned it working for others the same way module signing works for others.

Hacking into bpf internal objects like maps is not acceptable.

We've heard your concerns about kern_sys_bpf and we agree that the LSM should not be calling it. The proposal in this email should meet both of our needs https://lore.kernel.org/bpf/874iypjl8t.fsf@microsoft.com/

-blaise