On Thu, 2020-10-29 at 16:33 -0700, Tushar Sugandhi wrote: > Hello Mimi/Stephen/Paul, > > As you are already aware, we have several patch-sets in review for > IMA infrastructure for measurement of critical kernel data and it's > usage. > > [1] infrastructure for measurement of critical data patch-set: > > https://patchwork.kernel.org/project/linux-integrity/list/?series=354437 > > [2] Using [1] to measure SeLinux data: > https://patchwork.kernel.org/patch/11801585/ > > [3] Using [1] to measure dm-crypt data: > > https://patchwork.kernel.org/project/linux-integrity/list/?series=366903 > > [4] Using [1] to measure kernel_version: > https://patchwork.kernel.org/patch/11854625/ > > [5] built-in IMA policy rule to handle critical data before > a custom IMA policy is loaded: > {Patch is not yet sent for public review} > > Mimi has suggested that patch-set [1] should include a demonstrative > example use of the functionality in the same series. And that example > should be SeLinux (patch-set [2]). > > However, SeLinux patch-set [2] depends on the functionality in SeLinux > branch [7], which is not yet merged in Integrity branch [6]. > Therefore SeLinux patch-set [2] does not apply on the Integrity branch > at this time. > > Further, SeLinux patch-set [2] also depends on the new code for > critical data infrastructure (patch-set [1] and [5]) which is all > IMA code. Patch-set [1] and [5], even though all IMA code, applies > cleanly on SeLinux branch - along with patch-set [2]. > > For the above reason, the new series we are going to post, which > combines [1], [2], and [5], needs to be based on SeLinux branch. > > Since [1] and [5] contains IMA code - we wanted to confirm with the > maintainers if there are any concerns to base the series on SeLinux > branch. > > Thanks, > Tushar > > [6] Integrity Repo/Branch: > Repo: > https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git > Branch: linux-integrity > > [7] SeLinux Branch: > Repo: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git > Branch: next Unless this patch set is specifically dependent on the two patches in the SELinux tree beyond v5.10.0-rc1, please base it on v5.10.0-rc1. thanks, Mimi
