On 8/2/2022 5:56 PM, Paul Moore wrote: > On Tue, Aug 2, 2022 at 8:01 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: >> I would like very much to get v38 or v39 of the LSM stacking for Apparmor >> patch set in the LSM next branch for 6.1. The audit changes have polished >> up nicely and I believe that all comments on the integrity code have been >> addressed. The interface_lsm mechanism has been beaten to a frothy peak. >> There are serious binder changes, but I think they address issues beyond >> the needs of stacking. Changes outside these areas are pretty well limited >> to LSM interface improvements. > The LSM stacking patches are near the very top of my list to review > once the merge window clears, the io_uring fixes are in (bug fix), and > SCTP is somewhat sane again (bug fix). I'm hopeful that the io_uring > and SCTP stuff can be finished up in the next week or two. > > Since I'm the designated first stuckee now for the stacking stuff I > want to go back through everything with fresh eyes, which probably > isn't a bad idea since it has been a while since I looked at the full > patchset from bottom to top. I can tell you that I've never been > really excited about the /proc changes, I have been and remain perfectly happy to do something completely different provided it works. The interface_lsm scheme as implemented is horrible, but it's better than the half dozen alternatives I've proposed. At least no one has pointed out a use case that it can't satisfy. I take full responsibility for mucking up "current". > and believe it or not I've > been thinking about those a fair amount since James asked me to start > maintaining the LSM. I don't want to get into any detail until I've > had a chance to look over everything again, but just a heads-up that > I'm not too excited about those bits. >
