Linus Torvalds on Linux Security Modules: We Have Too Many Of Those Pointless Things
Linus Torvalds on Linux Security Modules: We Have Too Many Of Those Pointless Things
- Why Enterprise RAID Rebuilding Succeeds Where Consumer Arrays Fail?
- Linus Torvalds Rejects MMC Subsystem Updates for Linux 7.0: “Complete Garbage”
- The Man Who Maintained Sudo for 30 Years Now Struggles to Fund the Work That Powers Millions of Servers
- How Close Are Quantum Computers to Breaking RSA-2048?
- Why Windows 10 Users Are Flocking to Zorin OS 18 Instead of Linux Mint?
- How to Prevent Ransomware Infection Risks?
- What is the best alternative to Microsoft Office?
Linus Torvalds on Linux Security Modules: We Have Too Many Of Those Pointless Things
The Linux kernel community is grappling with a fundamental question about security architecture after kernel creator Linus Torvalds expressed frustration over the proliferation of Linux Security Modules (LSMs).
His blunt assessment comes amid a three-year struggle by security researchers to gain traction for a new security framework.
When and Why You Need Antivirus on Linux (and How to Install ClamAV)
A Three-Year Wait for Review
Three years ago, a security researcher and their team proposed a new Linux Security Module for inclusion in the mainline kernel. The proposal went nowhere. With minimal review feedback and no clear path forward, the researcher recently escalated the matter directly to Torvalds and the kernel mailing list, seeking concrete guidance on how new LSMs should be introduced and threatening to escalate the issue to the Linux Foundation’s Technical Advisory Board (TAB).
The proposal in question—TSEM LSM, a general security modeling framework—has languished with virtually no review feedback over the past three years. The frustrated developers are now demanding formalized guidance procedures for LSM submissions, warning they are “prepared to push this through the [Technical Advisory Board] if necessary.”
Six Free Antivirus Solutions for Linux OS
Torvalds Pushes Back
Torvalds’s response cut straight to the heart of the matter, highlighting what he sees as growing complexity and bloat in the kernel’s security architecture. While the exact wording of his response wasn’t fully detailed in the available information, his sentiment is clear from the headline statement: he believes Linux already has “too much of this meaningless stuff.”
This represents a significant philosophical stance from the kernel’s creator. Rather than welcoming additional security layers, Torvalds appears concerned that the LSM framework has become a vehicle for adding complexity without corresponding value.
What is the best alternative to Microsoft Office?
The LSM Framework Context
Linux Security Modules provide a standardized framework for implementing different security models within the kernel. Well-known LSMs include SELinux, AppArmor, and Smack, each offering different approaches to mandatory access control and security policy enforcement.
However, the framework’s flexibility may have become a double-edged sword. While it allows for security innovation and experimentation, it also creates opportunities for fragmentation and complexity that can make the kernel harder to maintain and potentially introduce new vulnerabilities.
Replacing Microsoft Outlook on Linux: The Best Email Clients Compared
Broader Implications
This incident raises several important questions for the Linux kernel development process:
Process transparency: The three-year silence on TSEM LSM suggests potential gaps in how security proposals are reviewed and communicated about. Even rejected proposals deserve clear feedback explaining why they don’t meet kernel standards.
Security architecture philosophy: Torvalds’s response indicates possible pushback against the assumption that more security modules automatically mean better security. Sometimes simplicity and maintainability trump additional features.
Community governance: The threat to escalate to the TAB highlights tensions when normal kernel development processes appear to stall. Whether this represents a process failure or simply an unpopular proposal remains debatable.
The kernel community now faces a choice: formalize LSM submission guidelines as the TSEM developers request, or maintain the current approach where new security modules face high barriers to entry. Torvalds’s skepticism suggests the latter may prevail, at least for proposals that don’t demonstrate compelling advantages over existing solutions.
As Linux continues to power everything from smartphones to supercomputers, these debates over security architecture carry real-world consequences for billions of users and devices worldwide.
