lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <c1eb852b-f8aa-4ab0-9579-19eb0d383cb9@o1oo11oo.de>
Date: Tue, 22 Apr 2025 13:22:06 +0200
From: Lukas Fischer <kernel@...o11oo.de>
To: Paul Moore <paul@...l-moore.com>
Cc: James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>,
 Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>,
 Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
 Björn Roy Baron <bjorn3_gh@...tonmail.com>,
 Benno Lossin <benno.lossin@...ton.me>,
 Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>,
 Trevor Gross <tmgross@...ch.edu>, Danilo Krummrich <dakr@...nel.org>,
 linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org,
 rust-for-linux@...r.kernel.org
Subject: Re: [RFC PATCH] lsm: Add Rust bindings with example LSM

On 21.04.25 21:09, Paul Moore wrote:
> Thanks for sharing this Lukas.  My Rust knowledge is still far too
> basic to offer any constructive review of the Rust code, but I'm happy
> to see some effort being put into looking at what would be required to
> support a LSM written in Rust.

Hi Paul,

that's alright, I was mainly asking the Rust for Linux contributors for feedback
on that, but I wanted to keep you in the loop as well.

> It isn't clear to me if this is simply an exercise in seeing what
> Rust/C interfaces would be needed to implement a Rust based LSM, or if
> you ultimately have a LSM you would like to submit upstream and this
> is the necessary groundwork so you can implement it in Rust.  Unless
> it is the latter, I'm not sure this is something that is a candidate
> for merging into the upstream Linux kernel as we don't merge "demo"
> type LSMs.  If you are intending to develop a proper LSM, we do have
> some guidelines that may help explain what is expected:
> 
> * https://github.com/LinuxSecurityModule/kernel/blob/main/README.md
thanks for the feedback, I guess I was missing some context in the initial mail.
The LSM I'm using it for in my thesis is more of a research testbed (or "demo"),
so I never intended to upstream that. Since I still needed to create bindings to
implement that in Rust, I figured I would post them to the lists to get some
feedback and to get things started in case someone wants to implement an actual
upstreamed LSM in Rust in the future. This is why I marked this "RFC PATCH", it
is not intended for upstreaming, only for feedback.

If there is interest in it, I might polish the bindings after the thesis, so
that they can be properly used for an actual LSM. In the state they are
currently in they do allow writing an LSM in Rust, but not in a way a safe Rust
abstraction should.

Thanks,
Lukas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ