Stemming from a security researcher and his team proposing a new Linux Security Module (LSM) three years ago and it not being accepted to the mainline kernel, he raised issue over the lack of review/action to Linus Torvalds and the mailing lists. In particular, seeking more guidance for how new LSMs should be introduced and raised the possibility of taking the issue to the Linux Foundation Technical Advisory Board (TAB).
This mailing list post today laid out that a proposed TSEM LSM for a framework for generic security modeling was proposed but saw little review activity in the past three years or specific guidance on getting that LSM accepted to the Linux kernel. Thus seeking documented guidance on new Linux Security Module submissions for how they should be optimally introduced otherwise the developers are “prepared to pursue this through the [Technical Advisory Board] if necessary.”
Linus Torvalds responded and rightfully called out the ever-growing and complex nature of security modules:
“If you can’t convince the LSM people to take your code, you sure can’t convince me.
I already think we have too many of those pointless things. There’s a fine line between diversity and “too much confusion because everybody thinks they know best”. And the linux security modules passed that line years ago.
So my suggestion is to standardize on normal existing security models instead of thinking that you can do better by making yet another one. Or at least work with the existing people instead of trying to bypass them and ignoring what they tell you.
Yes, I know that security people always think they know best, and they all disagree with each other, which is why we already have tons of security modules. Ask ten people what model is the right one, and you get fifteen different answers.
I’m not in the least interested in becoming some kind of arbiter or voice of sanity in this.”
Fine words and reason yet again by Linus; the Linux LSM/security landscape can be quite a mess and difficult to keep track of short of being dedicated to the security subsystem while also having a lot of overlap with different security approaches.
There was already a response to Torvalds’ commentary suggesting that he then “issue an immediate statement” to no longer accept any new LSMs. And also suggesting: “If Linux is really about technology, as you have continually advocated, then there has to be an open playing field for contributors. Absent that, Linux will balkanize, the same way the commercial Unix implementations did, around corporate driven interests and motivations. We will pursue the open playing field issue through the TAB if necessary.“
