On Thu, Jun 25, 2026 at 7:23 AM Christian Brauner <[email protected]> wrote: <snip> > > We expose a bunch of VFS heavy operations for various security modules > and this is really not different. For xattrs we have it all centralized > in the VFS and in general all VFS related bpf kfuncs should continue > living there and be registered there. Anything that's just bpf infra > specific can go to security/bpf/kfuncs.c instead. But anyway, it's a bpf > specific helper so it's the bpf maintainer's call.
After Alexei's requested changes removing the attach-time checks, there's really not much left to go in an LSM-specific kfuncs file. The bpf infra plumbing for registering the kfunc and bpf_xattrs_used() seem to be the only LSM-specific bits aside from the kfunc. I am willing to put this code anywhere. I've tried to CC all involved in all 3 patches, even though there's some split in concerns.

