[GIT PULL] tomoyo update for v6.12

Tetsuo Handa penguin-kernel at I-love.SAKURA.ne.jp
Wed Oct 2 23:50:46 UTC 2024


On 2024/10/03 8:09, Tetsuo Handa wrote:
> The vmlinux cannot be rebuilt without forcing penalties (i.e. having a
> negative impact on the user side, which cannot be a viable solution).

For example, some out-of-tree device driver supports RHEL but does not
support CentOS, despite there is effectively no difference between RHEL
kernel and CentOS kernel.

Also, for debuginfo packages, one has to share/distribute debuginfo packages
when vmcore is captured while using a rebuilt vmlinux. (Well, debuginfo
might not be limited for analyzing vmcore...) That makes troubleshooting more
difficult; one who captured vmcore cannot directly contact the original kernel
provider, due to discarding the baseline provided by the original kernel
provider.

What Paul is saying is effectively "Do not use RHEL if you want to use TOMOYO".
Just rebuilding RHEL kernels impacts negatively on the user side. Who can
force users to rebuild RHEL kernels, due to the burden caused by giving up
utilizing existing eco-system? That cannot be a viable solution.




More information about the Linux-security-module-archive mailing list