On 2022/09/16 0:50, Casey Schaufler wrote: >> Although the upstream Linux Kernel focuses only on in-tree kernel code, >> CONFIG_MODULES=y is not limited for in-tree kernel code. It is used by e.g. >> device vendors to deliver their out-of-tree driver code. > > I see this argument all the time. The response is "get your driver upstream". > Vendors/developers who whine "It's too hard" get no sympathy from me. >
Getting off-topic from loadable module LSMs, but one of reasons they do not try to get upstream might be to be able to synchronize across multiple kernel versions. For example, splx_kernel_module-3.0.1.0024-src.tar.gz is trying to serve as a common source code for many distributor's kernel versions. If some snapshot were included in upstream kernel, it becomes difficult to keep the same bugfixes/features applied across kernel versions the vendor wants to load into. Although ./scripts/checkpatch.pl warns about use of LINUX_VERSION_CODE, there are cases where vendors want to share the same bugfixes/features across all kernel versions. -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
