Bug 19722

Summary: please allow module LSM
Product: Other Reporter: Ritesh Raj Sarraf (linux-kernel-bugs)
Component: Loadable Security Modules (LSM)Assignee: Other/LSM (other_lsm)
Status: RESOLVED INVALID    
Severity: normal CC: alan
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.36-rc5 Subsystem:
Regression: No Bisected commit-id:

Description Ritesh Raj Sarraf 2010-10-04 11:07:24 UTC 
Given that we have multiple LSM implementations (SELinux, SMACK, AppArmor, TOMOYO) and that only one can be used effectively at a time, it makes more sense to not enable and load all off them in to memory.

By current design of non-modular LSMs, it becomes very difficult for a general purpose distribution like Debian to support all users with a single kernel flavor. It is also impractical to  build linux-image-selinux , linux-image-apparmor, linux-image-tomoyo et cetera.

Building all the features and setting default to False works but is regarded as inefficient and bloated. Can LSM be made modular ? Otherwise, can the image size be trimmed at runtime after determining the effective LSM in use ?

BTW: Is it correct in the bugzilla reference ? It states Loadable Security Module.