Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Feb 2017 21:50:36 +0900
From: Tetsuo Handa <>
Subject: Re: Re: [RFC PATCH 1/4] security: mark LSM hooks as __ro_after_init

James Morris wrote:
> > Disallowing dynamically loadable security modules is as silly idea as
> > getting rid of LSM framework ( 
> > )
> > unless we accept whatever out-of-tree LSM modules and maintain them as in-tree
> > modules and enable them in distributor's kernels. But such things won't happen.
> > If we legally allow LKM based LSMs, we don't need to make security/ directory
> > look like /dev/random .
> Dynamically loadable LSMs are legally allowed, we just don't cater to them 
> in mainline.
I'm saying that this patch will make dynamically loadable LSMs illegal, for
not allowing updating struct list_head prevents dynamically loadable LSMs from

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.