Re: -next status as at v7.1-rc6

Next message: Borislav Petkov: "Re: Save a WRMSR GS.base?"
Previous message: Andrew Morton: "Re: [PATCH] fs: efs: Fix compilation bug and use pr_debug()"
In reply to: Linus Torvalds: "Re: -next status as at v7.1-rc6"
Next in thread: Serge E. Hallyn: "Re: -next status as at v7.1-rc6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Paul Moore

Date: Thu Jun 04 2026 - 22:55:12 EST

On Thu, Jun 4, 2026 at 7:19 PM Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Thu, 4 Jun 2026 at 15:23, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> >
> > While you didn't reply to any of my comments explaining how Hornet
> > works, specifically how it ties into the kernel, I'm assuming you've
> > read the overview. Can you help those of us in the LSM space
> > understand why a BPF dev's NACK on code that lives strictly under
> > security/ is sufficient grounds to reject an LSM patch?
>
> Honestly, I'm not competent to make a judgment call between two
> different models for hash chain verification, so I basically *have* to
> go by maintainer opinions.

I appreciate the explanation, thank you.

I'll admit it's not particularly satisfying, as it doesn't appear to
identify any specific failing other than two groups having differing
opinions.

> So that's basically where I stand - I've seen disagreement, and I've
> seen what looks to me like reasonable push-back, and I've not really
> seen the LSM response as taking it into account.

I would point out the several different attempts Blaise made to work
and compromise with the BPF devs before Hornet was even an idea.
Hornet came into existence only because the BPF devs refused to accept
any use cases other than their own.

Regardless, I think that's about it on this topic. Thanks for the discussion.

... and of course the invitation to the security summit in Prague (or
any future instance for that matter) still stands.

--
paul-moore.com