On 8/2/22 17:56, Paul Moore wrote:
On Tue, Aug 2, 2022 at 8:01 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
I would like very much to get v38 or v39 of the LSM stacking for Apparmor
patch set in the LSM next branch for 6.1. The audit changes have polished
up nicely and I believe that all comments on the integrity code have been
addressed. The interface_lsm mechanism has been beaten to a frothy peak.
There are serious binder changes, but I think they address issues beyond
the needs of stacking. Changes outside these areas are pretty well limited
to LSM interface improvements.
The LSM stacking patches are near the very top of my list to review
once the merge window clears, the io_uring fixes are in (bug fix), and
SCTP is somewhat sane again (bug fix). I'm hopeful that the io_uring
and SCTP stuff can be finished up in the next week or two.
Since I'm the designated first stuckee now for the stacking stuff I
want to go back through everything with fresh eyes, which probably
isn't a bad idea since it has been a while since I looked at the full
patchset from bottom to top. I can tell you that I've never been
really excited about the /proc changes, and believe it or not I've
been thinking about those a fair amount since James asked me to start
maintaining the LSM. I don't want to get into any detail until I've
had a chance to look over everything again, but just a heads-up that
I'm not too excited about those bits.
I am slowly working my way through the complete stack of patches again as
well. I have pulled them into a test branch for Ubuntu 22.10 and the
plan is to get them out into our -proposed kernels for broader testing in
the next couple of weeks
