[$] LSM stacking and the future

The idea of stacking (or chaining) Linuxsecurity modules (LSMs) goes back 15 years (at least) at this point; progresshas definitely been made along the way, especially in the last decade or so. It has been possible tostack "minor" LSMs with one major LSM (e.g. SELinux, Smack, or AppArmor) forsome time, but mixing, say, SELinux and AppArmor in the same system has not been possible. Combining major security solutions may notseem like a truly important feature, but there is a use case where it ispretty clearly needed: containers. Longtime LSM stacker (and Smackmaintainer) Casey Schauflergave a presentation at the 2019Linux Security Summit Europe to report on the status and plans forallowing arbitrary LSM stacking.