Huawei Proposes In-Kernel Transactional Database For Security Purposes
The new proposal is a feature called "Huawei Digest Lists" as an in-kernel database for storing file and metadata digests. The intended use-case would be around integrity measurement (IMA) and exposing the database to user-space through SecurityFS.
Among the data intended for Digest Lists could be RPM headers and Debian repository metadata information. Huawei is pursuing the in-kernel database design so that it's stored within kernel memory and less prone to user-space attacks. Huawei Digest Lists are already in use with their openEuler Linux distribution.
Those interested in all the technical details on this Huawei Digest Lists proposal can find the cover letter and patches on the kernel mailing list. The "digest_lists" kernel implementation in its current form is just under four thousand lines of code.