On Fri, Mar 29, 2024 at 3:28 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > On Fri, 2024-03-29 at 15:12 -0400, Paul Moore wrote: > > Another important thing to keep in mind about 'Fixes' tags, unless > > you've told the stable kernel folks to only take patches that you've > > explicitly marked for stable, they are likely going to attempt to > > backport anything with a 'Fixes' tag. > > How do we go about doing that? Do we just send an email to stable? When I asked for a change to the stable policy, it was an email exchange with Greg where we setup what is essentially a shell glob to filter out the files to skip unless explicitly tagged: https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/ignore_list > Is it disabled for security? I asked for it to be disabled for the LSM layer, SELinux, and audit. I sent a note about it last year to the mailing list: https://lore.kernel.org/linux-security-module/CAHC9VhQgzshziG2tvaQMd9jchAVMu39M4Ym9RCComgbXj+WF0Q@xxxxxxxxxxxxxx > I thought new functionality won't be backported. One thing I noticed fairly consistently in the trees I maintained is that commits marked with a 'Fixes' tag were generally backported regardless of if they were marked for stable. > Hopefully the changes for making IMA & EVM full fledged LSMs won't be > automatically backported to stable. I haven't seen that happening, and I wouldn't expect it in the future as none of those patches were explicitly marked for stable or had a 'Fixes' tag. -- paul-moore.com
