[$] BPF signing LSM hook change rejected

BPF lets users load programs into a running kernel.Even though BPF programs are checked by the verifier toensure that they stay inside certain limits, some users would still like to ensurethat only approved BPF programs are loaded. KP Singh'spatches adding that capability to the kernel were acceptedin version 6.18, but not everyone issatisfied with his implementation. Blaise Boscaccy, who has been working to geta version of BPF code signing with better auditabilityinto the kernel for some time, posteda patch set on top of Singh's changes that alters the loading process tonot invoke security module hooksuntil the entire loading process is complete.The discussion on the patchset is the continuation of along-running disagreement overthe interface for signed BPF programs.