[RFC PATCH security-next 0/4] Introducing Hornet LSM
lore.kernel.org
    • InnerScientist@lemmy.world
      5·
      2 days ago

      Preventing kernel modifications to expand upon the work done for kernel lockdown. Add additional layers to system security.

      Kernel_lockdown:

      prevent both direct and indirect access to a running kernel image, attempting to protect against unauthorized modification of the kernel image and to prevent access to security and cryptographic data located in kernel memory, […]

      • lumonyEnglish
        12·
        2 days ago

        Is anyone having security issues without this patch?

        • InnerScientist@lemmy.world
          4·
          2 days ago

          From the mailing list I’m reading that kernel maintainers have heard a few companies looking for something like this, so yes?

          Edit:

          However, to be clear, the Hornet LSM proposed here seems very reasonable to me and I would have no conceptual objections to merging it upstream. Based on off-list discussions I believe there is a lot of demand for something like this, and I believe many people will be happy to have BPF signature verification in-tree.