Re: [GIT PULL] security subsystem: Tomoyo updates for v5.2

[Casey Schaufler]

On 5/11/2019 11:13 AM, Paul Moore wrote:
> On Sat, May 11, 2019 at 10:38 AM Linus Torvalds
> <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> > On Fri, May 10, 2019 at 6:09 PM James Morris <jmorris@xxxxxxxxx> wrote:
> > > These patches include fixes to enable fuzz testing, and a fix for
> > > calculating whether a filesystem is user-modifiable.
> > So now these have been very recently rebased (on top of a random
> > merge-window "tree of the day" version) instead of having multiple
> > merges.
> >
> > That makes the history cleaner, but has its own issues.
> >
> > We really need to find a different model for the security layer patches.
> If it helps, the process I use for the SELinux and audit trees is
> documented below.  While it's far from perfect (I still don't like
> basing the -next trees on -rcX releases) it has seemed to work
> reasonably well for some time now.
>
> * https://github.com/SELinuxProject/selinux-kernel/blob/master/README.md

On the whole this looks fine to me. I am less comfortable than Paul
is regarding changes that happen elsewhere, so I would be more likely
to base in the rc-1 than Paul. More developers test with SELinux than
Smack. I am in the process of putting an appropriate GPG environment
together for 5.3.

The LSM infrastructure work I've been doing should still go through
James, as it has global implications.