Re: regression in 4.14-rc2 caused by apparmor: add base infastructure for socket mediation

From: Linus Torvalds
Date: Thu Oct 26 2017 - 15:02:36 EST


On Thu, Oct 26, 2017 at 8:54 PM, James Morris <james.l.morris@xxxxxxxxxx> wrote:
> On Thu, 26 Oct 2017, Linus Torvalds wrote:
>
>> I'm *very* unhappy with the security layer as is
>
> What are you unhappy with?

We had two big _fundamental_ problems this merge window:

- untested code that clearly didn't do what it claimed it did, and
which caused me to not even accept the main pull request

- apparmor code that had a regression, where it took three weeks for
that regression to be escalated to me simply because the developer was
denying the regression.

Tell me why I *shouldn't* be unhappy with the security layer?

I shouldn't be in the situation where I start reviewing the code and
go "that can't be right".

And I *definitely* shouldn't be in the situation where I need to come
in three weeks later and tell people what a regression is!

Linus