On Tue, May 19, 2026 at 12:57 PM Sasha Levin <[email protected]> wrote: [...] > >Fully agree with Song here that there is no clear boundary, and that the > >killswitch could lead to arbitrary, hard to debug breakage if applied to > >the wrong function.. introducing worse bugs than the one being mitigated > >or even /short-circuit LSM enforcement/ (engage security_file_open 0, > >engage cap_capable 0, engage apparmor_* etc). > > This is similar to livepatch, right? Do we need guardrails there too?
livepatch has the same guardrails as other kernel modules: CONFIG_MODULE_SIG, CONFIG_MODULE_SIG_FORCE, etc. Thanks, Song
