[PATCH v3] selinux: measure state and policy capabilities

Paul Moore paul at paul-moore.com
Tue Mar 9 00:42:22 UTC 2021

On Fri, Mar 5, 2021 at 2:29 PM Lakshmi Ramasubramanian
<nramas at linux.microsoft.com> wrote:
> On 3/5/21 11:22 AM, Paul Moore wrote:
> Hi Paul,
> > On Fri, Mar 5, 2021 at 12:57 PM James Bottomley
> > <James.Bottomley at hansenpartnership.com> wrote:
> >> On Fri, 2021-03-05 at 12:52 -0500, Paul Moore wrote:
> >> [...]
> >>> This draft seems fine to me, but there is a small logistical blocker
> >>> at the moment which means I can't merge this until -rc2 is released,
> >>> which likely means this coming Monday.  The problem is that this
> >>> patch relies on code that went upstream via in the last merge window
> >>> via the IMA tree, not the SELinux tree; normally that wouldn't be a
> >>> problem as I typically rebase the selinux/next to Linus' -rc1 tag
> >>> once the merge window is closed, but in this particular case the -rc1
> >>> tag is dangerously broken for some system configurations (the tag has
> >>> since been renamed) so I'm not rebasing onto -rc1 this time around.
> >>>
> >>> Assuming that -rc2 fixes the swapfile/fs-corruption problem, early
> >>> next week I'll rebase selinux/next to -rc2 and merge this patch.
> >>> However, if the swapfile bug continues past -rc2 we can consider
> >>> merging this via the IMA tree, but I'd assume not do that if possible
> >>> due to merge conflict and testing reasons.
> >>
> >> If it helps, we rebased the SCSI tree on top of the merge for the
> >> swapfile fix which is this one, without waiting for -rc2:
> >
> > Considering that -rc2 is only two days away I'm not going to lose a
> > lot of sleep over it.
> >
> Thanks for reviewing the patch.
> I can wait until the swapfile issue is resolved (in rc2 or later) and
> you are able to merge this patch. Please take your time.

Thanks for your patience Lakshmi, I just merged this into my local
selinux/next branch and will be pushing it up to kernel.org later
tonight - thank you!

paul moore

More information about the Linux-security-module-archive mailing list