On 2022/09/14 22:56, Paul Moore wrote:
On Fri, Sep 9, 2022 at 7:33 AM Tetsuo Handa
<penguin-kernel(a)i-love.sakura.ne.jp> wrote:
> Inclusion into upstream is far from the goal.
For better or worse, there is a long history of the upstream Linux
Kernel focusing only on in-tree kernel code, I see no reason why we
should change that now for LSMs.
Because we can't afford accepting/maintaining whatever LSMs that are proposed.
Do you think that we are going to accept/maintain whatever LSMs that are proposed
if we get to the point to "The commitment I made to Paul some years ago now was
that the stacking would eventually include making all combinations possible" ?
I don't think so.
Although the upstream Linux Kernel focuses only on in-tree kernel code,
CONFIG_MODULES=y is not limited for in-tree kernel code. It is used by e.g.
device vendors to deliver their out-of-tree driver code. Then, I see no reason
why we can't do the same for LSMs. We simply don't need to "provide efforts
for
fixing bugs in whatever LSMs"; we simply should "allow whatever LSMs to
exist".