Re: [GIT PULL] tomoyo update for v6.12

From: John Johansen
Date: Wed Oct 02 2024 - 22:34:03 EST


On 10/1/24 11:22, Paul Moore wrote:
On Tue, Oct 1, 2024 at 12:36 PM Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
On Tue, 1 Oct 2024 at 07:00, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:

Linus, it's unclear if you're still following this thread after the
pull, but can you provide a little insight on your thoughts here?

...

If the consensus is that we should revert, I'll happily revert.

Starting tomorrow when I'm reliably back in front of computer I'll
sort this out with the rest of the LSM folks. Unless something
unexpected comes up in the discussion I'll send you a revert later
this week.

I agree that this is the wrong approach and will add that it is
egregious enough that Ubuntu is going to have to disable Tomoyo as
it effectively allows by-passing signed module loads.

you can add my
Acked-by: John Johansen <john.johansen@xxxxxxxxxxxxx>

This
was all inside of the tomoyo subdirectory, so I didn't see it as some
kind of sidestepping, and treated the pull request as a regular
"another odd security subsystem update".

Yes, that's fair, I think you would need a deeper understanding of the
LSM framework as well as an understanding of recent discussions on the
list to appreciate all of the details.