SELinux: How to split permissions for keys?

Stephen Smalley sds at tycho.nsa.gov
Mon Feb 3 14:48:12 UTC 2020


On 2/3/20 9:03 AM, Richard Haines wrote:
> On Mon, 2020-02-03 at 08:13 -0500, Stephen Smalley wrote:
>> Was that kernel patch ever posted to selinux list and/or the selinux
>> kernel maintainers?  I don't recall seeing it.  If not, please send
>> it
>> to the selinux list for review; at least one selinux maintainer
>> should
>> ack it before it gets accepted into any other tree.
>>
>>
> 
> Not formally. I did post it in a discussion about keys in [2]. Since
> then it's been modified to support the split permissions.

Yes, that doesn't count since a) it wasn't the final version of the 
patch which changed significantly afterward and b) even it had been the 
final version, there was no acked-by or reviewed-by from a selinux 
maintainer, just some suggestions.  A non-trivial patch that modifies 
security/selinux needs to be at least acked by a selinux maintainer and 
often should go through the upstream selinux maintainer (Paul).

> I've extracted the patch from [1] and will post that to list for
> comments.

Thanks.

> [2]
> https://lore.kernel.org/selinux/35455b30b5185780628e92c98ec8191c70f39bde.camel@btinternet.com/





More information about the Linux-security-module-archive mailing list