Re: [PATCH v9 12/25] security: Introduce file_post_open hook
From: Mimi Zohar
Date: Wed Feb 14 2024 - 15:08:24 EST
On Tue, 2024-02-13 at 10:33 -0500, Paul Moore wrote:
> On Tue, Feb 13, 2024 at 7:59 AM Roberto Sassu
> <roberto.sassu@xxxxxxxxxxxxxxx> wrote:
> > On Mon, 2024-02-12 at 16:16 -0500, Paul Moore wrote:
> > > On Mon, Feb 12, 2024 at 4:06 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> > > > Hi Roberto,
> > > >
> > > >
> > > > > diff --git a/security/security.c b/security/security.c
> > > > > index d9d2636104db..f3d92bffd02f 100644
> > > > > --- a/security/security.c
> > > > > +++ b/security/security.c
> > > > > @@ -2972,6 +2972,23 @@ int security_file_open(struct file *file)
> > > > > return fsnotify_perm(file, MAY_OPEN); <=== Conflict
> > > >
> > > > Replace with "return fsnotify_open_perm(file);"
> > > >
> > > > > }
> > > > >
> > > >
> > > > The patch set doesn't apply cleaning to 6.8-rcX without this
> > > > change. Unless
> > > > there are other issues, I can make the change.
> > >
> > > I take it this means you want to pull this via the IMA/EVM tree?
> >
> > Not sure about that, but I have enough changes to do to make a v10.
@Roberto: please add my "Reviewed-by" to the remaining patches.
>
> Sorry, I should have been more clear, the point I was trying to
> resolve was who was going to take this patchset (eventually). There
> are other patches destined for the LSM tree that touch the LSM hooks
> in a way which will cause conflicts with this patchset, and if
> you/Mimi are going to take this via the IMA/EVM tree - which is fine
> with me - I need to take that into account when merging things in the
> LSM tree during this cycle. It's not a big deal either way, it would
> just be nice to get an answer on that within the next week.
Similarly there are other changes for IMA and EVM. If you're willing to create
a topic branch for just the v10 patch set that can be merged into your tree and
into my tree, I'm fine with your upstreaming v10. (I'll wait to send my pull
request after yours.) Roberto will add my Ack's to the integrity, IMA, and EVM
related patches. However if you're not willing to create a topic branch, I'll
upstream the v10 patch set.
thanks,
Mimi