From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com ([209.132.183.28]:58970 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1759828AbcAUPpk (ORCPT ); Thu, 21 Jan 2016 10:45:40 -0500 From: Paul Moore To: Mimi Zohar Cc: "Luis R. Rodriguez" , Casey Schaufler , John Johansen , Tetsuo Handa , linux-security-module@vger.kernel.org, kexec@lists.infradead.org, linux-modules@vger.kernel.org, fsdevel@vger.kernel.org, David Howells , David Woodhouse , Kees Cook , Dmitry Torokhov , Dmitry Kasatkin Subject: Re: [RFC PATCH v2 08/11] module: replace copy_module_from_fd with kernel version Date: Thu, 21 Jan 2016 10:45:37 -0500 Message-ID: <5369666.tSqfcRVJfN@sifl> In-Reply-To: <1453381932.9549.131.camel@linux.vnet.ibm.com> References: <1453129886-20192-1-git-send-email-zohar@linux.vnet.ibm.com> <20160121000300.GN11277@wotan.suse.de> <1453381932.9549.131.camel@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-linux-modules@vger.kernel.org List-ID: On Thursday, January 21, 2016 08:12:12 AM Mimi Zohar wrote: > Paul, Casey, Kees, Jon, Tetsuo does it make sense to consolidate the > module, firmware, and kexec pre and post security hooks and have just > one set of pre and post security kernel_read_file hook instead? Does > it make sense for this patch set to define the new hooks to allow the > LSMs to migrate to it independently of each other? Well, as usual, the easiest way to both get solid feedback and actually get a change accepted is to post patches to the affected LSMs. Probably not what you wanted to hear, but at least I'm honest :) -- paul moore security @ redhat