On 2025/05/08 0:37, Maxime Bélair wrote: > Again, each module decides which operations to expose through this syscall. In many cases > the operation will still require CAP_SYS_ADMIN or a similar capability, so environments > that choose this interface remain secure while gaining its advantages. If the interpretation of "flags" argument varies across LSMs, it sounds like ioctl()'s "cmd" argument. Also, there is prctl() which can already carry string-ish parameters without involving open(). Why can't we use prctl() instead of lsm_manage_policy() ?
