On Mon, May 19, 2025 at 6:58 PM Paul Moore paul@paul-moore.com wrote:
When the kernel performs a security relevant operation, such as verifying the signature on a BPF program, where the result of the operation serves as input to a policy decision, system measurement, audit event, etc. the LSM hook needs to be located after the security relevant operation takes place so that the hook is able to properly take into account the state of the event/system and record the actual result as opposed to an implied result (this is critical for auditing, measurement, attestation, etc.).
You explained why you believe the field/hook is not required, but I'm asking for your *technical*objections*. I understand that you believe these changes are not required, but as described above, I happen to disagree and therefore it would be helpful to understand the technical reasons why you can't accept the field/hook changes. Is there a technical reason which would prevent such changes, or is it simply a rejection of the use case and requirements above?
Bubbling this back up to the top of your inbox ...