[PATCH 4.19 v3 0/6] Backport handling -ESTALE policy update failure to 4.19
Mimi Zohar
zohar at linux.ibm.com
Tue Feb 28 19:45:04 UTC 2023
On Tue, 2023-02-28 at 11:25 -0500, Paul Moore wrote:
> On Tue, Feb 28, 2023 at 3:09 AM GUO Zihua <guozihua at huawei.com> wrote:
> >
> > This series backports patches in order to resolve the issue discussed here:
> > https://lore.kernel.org/selinux/389334fe-6e12-96b2-6ce9-9f0e8fcb85bf@huawei.com/
> >
> > This required backporting the non-blocking LSM policy update mechanism
> > prerequisite patches. As well as bugfixes that follows:
> >
> > c66f67414c1f ("IB/core: Don't register each MAD agent for LSM notifier")
> > 42df744c4166 ("LSM: switch to blocking policy update notifiers")
> > b16942455193 ("ima: use the lsm policy update notifier")
> > 483ec26eed42 ("ima: ima/lsm policy rule loading logic bug fixes")
> > e144d6b26541 ("ima: Evaluate error in init_ima()")
> > c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()")
> >
> > c66f67414c1f ("IB/core: Don't register each MAD agent for LSM notifier")
> > is merged as the prerequisite of 42df744c4166 ("LSM: switch to blocking
> > policy update notifiers"). e144d6b26541 ("ima: Evaluate error in
> > init_ima()"), 483ec26eed42 ("ima: ima/lsm policy rule loading logic bug
> > fixes") and 9ff8a616dfab ("ima: Have the LSM free its audit rule") are
> > merged as a follow up bugfix for b16942455193 ("ima: use the lsm policy
> > update notifier").
Scott, there's no need to duplicate the list of commits like this.
Having an unordered list would have been fine.
> >
> > I've tested the patches against said issue and can confirm that the
> > issue is fixed.
> >
> > Link to the original maillist discussion:
> > https://lore.kernel.org/all/389334fe-6e12-96b2-6ce9-9f0e8fcb85bf@huawei.com/
> >
> > Change log:
> > v2: Fixed build issue and backport bugfix commits for backported
> > patches.
>
> Is there a quick summary of the changes in v3 of this patchset?
v3: Backport commit 483ec26eed42b ("ima: ima/lsm policy rule loading
logic bug fixes") as well.
--
thanks,
Mimi
More information about the Linux-security-module-archive
mailing list