Re: [RFC] Finding the right target branch for patches that span IMA and SeLinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2020-10-29 at 16:33 -0700, Tushar Sugandhi wrote:
> Hello Mimi/Stephen/Paul,
> 
> As you are already aware, we have several patch-sets in review for
> IMA infrastructure for measurement of critical kernel data and it's
> usage.
> 
> [1] infrastructure for measurement of critical data patch-set:
> 
> https://patchwork.kernel.org/project/linux-integrity/list/?series=354437
> 
> [2] Using [1] to measure SeLinux data:
>      https://patchwork.kernel.org/patch/11801585/
> 
> [3] Using [1] to measure dm-crypt data:
> 
> https://patchwork.kernel.org/project/linux-integrity/list/?series=366903
> 
> [4] Using [1] to measure kernel_version:
>      https://patchwork.kernel.org/patch/11854625/
> 
> [5] built-in IMA policy rule to handle critical data before
>      a custom IMA policy is loaded:
>      {Patch is not yet sent for public review}
> 
> Mimi has suggested that patch-set [1] should include a demonstrative
> example use of the functionality in the same series. And that example
> should be SeLinux (patch-set [2]).
> 
> However, SeLinux patch-set [2] depends on the functionality in SeLinux
> branch [7], which is not yet merged in Integrity branch [6].
> Therefore SeLinux patch-set [2] does not apply on the Integrity branch
> at this time.
> 
> Further, SeLinux patch-set [2] also depends on the new code for
> critical data infrastructure (patch-set [1] and [5]) which is all
> IMA code. Patch-set [1] and [5], even though all IMA code, applies
> cleanly on SeLinux branch - along with patch-set [2].
> 
> For the above reason, the new series we are going to post, which
> combines [1], [2], and [5], needs to be based on SeLinux branch.
> 
> Since [1] and [5] contains IMA code - we wanted to confirm with the
> maintainers if there are any concerns to base the series on SeLinux
> branch.
> 
> Thanks,
> Tushar
> 
> [6] Integrity Repo/Branch:
> Repo: 
> https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
> Branch: linux-integrity
> 
> [7] SeLinux Branch:
> Repo: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
> Branch: next

Unless this patch set is specifically dependent on the two patches in
the SELinux tree beyond v5.10.0-rc1, please base it on v5.10.0-rc1.

thanks,

Mimi





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux