Let me draw your attention to a previous comment of yours with useful links regarding the reasons why LSM fails to fulfil its duty:
It's clear, that LSM is incapable to hook important security projects. All major solutions remained outside the tree. Why? Do you really think, that those security experts, who knows processor architectures better than some Linux kernel developers are all insanely staying outside? Or just a particular company does not care about other solutions apart from its own? I think if the promotion of LSM is seriously considered, the developers and that company must be convinced to cope with the targeted projects on polishing LSM and make it a useful piece of software. It might be possible for someone smaller than Novell to introduce some improvements (AppArmor). But I'm afraid that should have been done at the beginning. Not after its unusefulness had been widely proven.
Personally I'm happy, that potential security solutions won't threaten average Linux users. It gives me the possibility to remain more secure, while most of them keep their Compiz cubes rotating faster. They don't have to care about security. Although I hope that there won't be a lesson to learn.
BTW, you may left out a handy feature (or I didn't noticed it was mentioned) of Grsecurity: it has an option to disable kernel module loading. How pretty it would be for a malware to hook itself into the kernel as a module? There would be plenty of information to intercept with the help of LSM...
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds