LSM stacking in next for 6.1?
Paul Moore
paul at paul-moore.com
Wed Aug 3 02:33:30 UTC 2022
On Tue, Aug 2, 2022 at 10:15 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> On 8/2/2022 5:56 PM, Paul Moore wrote:
> > On Tue, Aug 2, 2022 at 8:01 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> >> I would like very much to get v38 or v39 of the LSM stacking for Apparmor
> >> patch set in the LSM next branch for 6.1. The audit changes have polished
> >> up nicely and I believe that all comments on the integrity code have been
> >> addressed. The interface_lsm mechanism has been beaten to a frothy peak.
> >> There are serious binder changes, but I think they address issues beyond
> >> the needs of stacking. Changes outside these areas are pretty well limited
> >> to LSM interface improvements.
> > The LSM stacking patches are near the very top of my list to review
> > once the merge window clears, the io_uring fixes are in (bug fix), and
> > SCTP is somewhat sane again (bug fix). I'm hopeful that the io_uring
> > and SCTP stuff can be finished up in the next week or two.
> >
> > Since I'm the designated first stuckee now for the stacking stuff I
> > want to go back through everything with fresh eyes, which probably
> > isn't a bad idea since it has been a while since I looked at the full
> > patchset from bottom to top. I can tell you that I've never been
> > really excited about the /proc changes,
>
> I have been and remain perfectly happy to do something completely
> different provided it works. The interface_lsm scheme as implemented
> is horrible, but it's better than the half dozen alternatives I've
> proposed. At least no one has pointed out a use case that it can't
> satisfy. I take full responsibility for mucking up "current".
Yes, I have no concerns around your willingness to do the Right Thing
Casey, whatever that may be :)
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list