[$] Impedance matching for BPF and LSM

The "kernel runtime security instrumentation" (KRSI) patch set has beenmaking the rounds over the past few months; the idea is to use the Linuxsecurity module (LSM) hooks as a way to detect, and potentially deflect,active attacks against a running system.It does so by allowing BPF programs to be attached to the LSM hooks. That hascaused some concern in the past about exposing thesecurity hooks as external kernel APIs, which makes them potentiallysubject to the "don't break user space" edict. But there has been no real objectionto the goals of KRSI. The fourth versionof the patch set was postedby KP Singh on February 20; the concerns raised this time are aboutits impact on the LSM infrastructure.