On Wed, Jun 13, 2018 at 5:14 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > On 6/13/2018 12:57 PM, Paul Moore wrote: >> On Wed, Jun 13, 2018 at 3:30 PM, Joe Perches <joe@xxxxxxxxxxx> wrote: >>> On Wed, 2018-06-13 at 12:19 -0400, Paul Moore wrote: >>>> On Wed, Jun 13, 2018 at 12:04 PM, Joe Perches <joe@xxxxxxxxxxx> wrote: >>>>> On Wed, 2018-06-13 at 11:49 -0400, Paul Moore wrote: >>>>>> On Tue, Jun 12, 2018 at 8:29 PM, Joe Perches <joe@xxxxxxxxxxx> wrote: >>>>>>> On Tue, 2018-06-12 at 17:12 -0400, Paul Moore wrote: ... >>> If James is not approving or merging security/selinux or >>> security/tomoyo then perhaps the F: entries could be >>> augmented with appropriate X: entries or made specific >>> by using specific entries like: >>> >>> F: security/* >>> F: security/integrity/ >>> F: security/keys/ > > There are already F: entries for security/selinux, security/smack > and security/apparmor so I don't get your point. Perhaps I've interpreted this the wrong way, but I took this to mean that those security subsystems which don't flow through James should use the X: entry to exclude themselves. For example, here is a quick diff to exclude SELinux: diff --git a/MAINTAINERS b/MAINTAINERS index c13b9fb3be0b..dc0b31121459 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -12771,6 +12771,7 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/g> W: http://kernsec.org/ S: Supported F: security/ +X: security/selinux/ SELINUX SECURITY MODULE M: Paul Moore <paul@xxxxxxxxxxxxxx> -- paul moore www.paul-moore.com
