Re: [-next PATCH] security: use octal not symbolic permissions
From: Paul Moore
Date: Wed Jun 13 2018 - 17:24:14 EST
On Wed, Jun 13, 2018 at 5:14 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> On 6/13/2018 12:57 PM, Paul Moore wrote:
>> On Wed, Jun 13, 2018 at 3:30 PM, Joe Perches <joe@xxxxxxxxxxx> wrote:
>>> On Wed, 2018-06-13 at 12:19 -0400, Paul Moore wrote:
>>>> On Wed, Jun 13, 2018 at 12:04 PM, Joe Perches <joe@xxxxxxxxxxx> wrote:
>>>>> On Wed, 2018-06-13 at 11:49 -0400, Paul Moore wrote:
>>>>>> On Tue, Jun 12, 2018 at 8:29 PM, Joe Perches <joe@xxxxxxxxxxx> wrote:
>>>>>>> On Tue, 2018-06-12 at 17:12 -0400, Paul Moore wrote:
...
>>> If James is not approving or merging security/selinux or
>>> security/tomoyo then perhaps the F: entries could be
>>> augmented with appropriate X: entries or made specific
>>> by using specific entries like:
>>>
>>> F: security/*
>>> F: security/integrity/
>>> F: security/keys/
>
> There are already F: entries for security/selinux, security/smack
> and security/apparmor so I don't get your point.
Perhaps I've interpreted this the wrong way, but I took this to mean
that those security subsystems which don't flow through James should
use the X: entry to exclude themselves. For example, here is a quick
diff to exclude SELinux:
diff --git a/MAINTAINERS b/MAINTAINERS
index c13b9fb3be0b..dc0b31121459 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -12771,6 +12771,7 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/g>
W: http://kernsec.org/
S: Supported
F: security/
+X: security/selinux/
SELINUX SECURITY MODULE
M: Paul Moore <paul@xxxxxxxxxxxxxx>
--
paul moore
www.paul-moore.com