Authoritative hooks

The LSM patch supports only restrictive hooks
Hooks can veto operations
Can not allow new types of access
Thus: LSM can only tighten security

Why:
Fear of LSM-caused security holes
Hope for easier inclusion into 2.5

Authoritative hooks will not go away
Some security schemes need them
Access Control Lists
Perhaps in a later LSM patch