Hello Mimi/Stephen/Paul,
As you are already aware, we have several patch-sets in review for
IMA infrastructure for measurement of critical kernel data and it's
usage.
[1] infrastructure for measurement of critical data patch-set:
https://patchwork.kernel.org/project/linux-integrity/list/?series=354437
[2] Using [1] to measure SeLinux data:
https://patchwork.kernel.org/patch/11801585/
[3] Using [1] to measure dm-crypt data:
https://patchwork.kernel.org/project/linux-integrity/list/?series=366903
[4] Using [1] to measure kernel_version:
https://patchwork.kernel.org/patch/11854625/
[5] built-in IMA policy rule to handle critical data before
a custom IMA policy is loaded:
{Patch is not yet sent for public review}
Mimi has suggested that patch-set [1] should include a demonstrative
example use of the functionality in the same series. And that example
should be SeLinux (patch-set [2]).
However, SeLinux patch-set [2] depends on the functionality in SeLinux
branch [7], which is not yet merged in Integrity branch [6].
Therefore SeLinux patch-set [2] does not apply on the Integrity branch
at this time.
Further, SeLinux patch-set [2] also depends on the new code for
critical data infrastructure (patch-set [1] and [5]) which is all
IMA code. Patch-set [1] and [5], even though all IMA code, applies
cleanly on SeLinux branch - along with patch-set [2].
For the above reason, the new series we are going to post, which
combines [1], [2], and [5], needs to be based on SeLinux branch.
Since [1] and [5] contains IMA code - we wanted to confirm with the
maintainers if there are any concerns to base the series on SeLinux
branch.
Thanks,
Tushar
[6] Integrity Repo/Branch:
Repo:
https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
Branch: linux-integrity
[7] SeLinux Branch:
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
Branch: next
