Re: [GIT PULL] security subsystem: Tomoyo updates for v5.2

From: Casey Schaufler
Date: Sat May 11 2019 - 18:09:54 EST


On 5/11/2019 11:13 AM, Paul Moore wrote:
On Sat, May 11, 2019 at 10:38 AM Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
On Fri, May 10, 2019 at 6:09 PM James Morris <jmorris@xxxxxxxxx> wrote:
These patches include fixes to enable fuzz testing, and a fix for
calculating whether a filesystem is user-modifiable.
So now these have been very recently rebased (on top of a random
merge-window "tree of the day" version) instead of having multiple
merges.

That makes the history cleaner, but has its own issues.

We really need to find a different model for the security layer patches.
If it helps, the process I use for the SELinux and audit trees is
documented below. While it's far from perfect (I still don't like
basing the -next trees on -rcX releases) it has seemed to work
reasonably well for some time now.

* https://github.com/SELinuxProject/selinux-kernel/blob/master/README.md

On the whole this looks fine to me. I am less comfortable than Paul
is regarding changes that happen elsewhere, so I would be more likely
to base in the rc-1 than Paul. More developers test with SELinux than
Smack. I am in the process of putting an appropriate GPG environment
together for 5.3.

The LSM infrastructure work I've been doing should still go through
James, as it has global implications.