Post Syndicated from original https://lwn.net/Articles/929746/

When the developers of the Linux security module (LSM) subsystem find
themselves disagreeing with other kernel developers, it tends to be because
those other developers don’t think to — or don’t want to — add security
hooks to their shiny new subsystems. Sometimes, though, the addition of
new hooks by non-LSM developers can also create some friction. Andrii
Nakryiko’s posting of a pair of
BPF-related security hooks raised a couple of interesting questions,
one of which spurred a fair amount of discussion, and one that did not.