A formal request for process clarifications.

["Dr. Greg" <greg@enjellic.com>]

Good morning, I hope the week has started well for everyone.

When Paul Moore took over as the security/LSM sub-system maintainer,
three years ago, he indicated a desire to be very prescriptive with
respect to the practices that should be followed for the sub-system,
particularly for the introduction of new LSM's.

The following URL documents the requirements for the introduction of a
new LSM:

https://github.com/LinuxSecurityModule/kernel/blob/main/README.md#new-lsms

We believe that LWN covered the discussion around this document as well.

The following discussion on whether or not the Linux kernel provides
proper support for modern Event Detection and Response Systems (EDR or
EDRS) suggests the need to clarify these recommendations:

https://lore.kernel.org/linux-security-module/CABZOZnS4im-wNK4jtGKvp3YT9hPobA503rgiptutOF8rZEwt_w@mail.gmail.com

In that thread Timur Chernykh noted a possible desire to port the
Apple security API to the kernel, which would presumably be a large
body of virgin code.

Three years ago our team had submitted for review our TSEM LSM that
provides a framework for generic security modeling, particularly to
support machine learning and direct functional modeling of security
behavior.

We haven't been able to receive any substantive review of TSEM over
that period of time.

Casey Schaufler has been vocal in his criticism of how we introduced
what is a virgin LSM implementation.  Most particularly with the fact
that we chose to include, as a single patch, a header file that
contains the structure and enumeration definitions that are referenced
by all of the compilation units that make up TSEM.

He indicates that an LSM submission, should 'tell a story' by bringing
in the structure definitions with the code that uses those structures.

We can offer multiple examples of the challenges we see with doing
this if that would be helpful but will not do so at this time.

We had requested guidance from Paul on how a new submission should be
properly structured, since he is the ultimate judge and jury on a
submission, but he declined to provide guidance.

Given the current security climate, particularly with what is widely
cited as the potential impact of machine learning and AI on security
architectures and practices, there will undoubtedly be new LSM's
coming forward.  It would seem in the best interests of everyone
involved, reviewers and submitters, that specific guidance should be
codified in the 'new-lsms' document of how a virgin body of code
should be introduced.

Optimally this should include links to previous submissions that the
security maintainers believe codify the desired method of story
telling.

Given the importance of security in today's environment we are
prepared to pursue this through the TAB if necessary.

We will look forward to comments from the community on this issue.

Have a good week.

As always,
Dr. Greg

The Quixote Project - Flailing at the Travails of Cybersecurity
              https://github.com/Quixote-Project