From: Paul Moore <paul@paul-moore.com>
To: Olga Kornievskaia <olga.kornievskaia@gmail.com>
Cc: Anna Schumaker <anna.schumaker@netapp.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
Linux Security Module list
<linux-security-module@vger.kernel.org>,
SElinux list <selinux@vger.kernel.org>
Subject: Re: [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
Date: Mon, 15 Mar 2021 12:15:57 -0400 [thread overview]
Message-ID: <CAHC9VhTZe0azgqt_OSk0cy-nM+upz9z2_i0j1wQQLD8UgbX9+Q@mail.gmail.com> (raw)
In-Reply-To: <CAN-5tyHdiuiOBX2bkZBGOTK-AMOccm27=qE-AZ_J9QQ00P91-Q@mail.gmail.com>
On Mon, Mar 15, 2021 at 11:31 AM Olga Kornievskaia
<olga.kornievskaia@gmail.com> wrote:
> On Sun, Mar 14, 2021 at 9:44 PM Paul Moore <paul@paul-moore.com> wrote:
> > On Fri, Mar 12, 2021 at 5:35 PM Olga Kornievskaia
> > <olga.kornievskaia@gmail.com> wrote:
> > > On Fri, Mar 12, 2021 at 4:55 PM Paul Moore <paul@paul-moore.com> wrote:
> > > >
> > > > On Fri, Mar 12, 2021 at 10:45 AM Anna Schumaker
> > > > <anna.schumaker@netapp.com> wrote:
> > > > > On Thu, Mar 4, 2021 at 8:34 PM Paul Moore <paul@paul-moore.com> wrote:
> > > > > > On Tue, Mar 2, 2021 at 10:53 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
> > > > > > > On 3/2/2021 10:20 AM, Anna Schumaker wrote:
> > > > > > > > Hi Casey,
> > > > > > > >
> > > > > > > > On Fri, Feb 26, 2021 at 10:40 PM Olga Kornievskaia
> > > > > > > > <olga.kornievskaia@gmail.com> wrote:
> > > > > > > >> From: Olga Kornievskaia <kolga@netapp.com>
> > > > > > > >>
> > > > > > > >> Add a new hook that takes an existing super block and a new mount
> > > > > > > >> with new options and determines if new options confict with an
> > > > > > > >> existing mount or not.
> > > > > > > >>
> > > > > > > >> A filesystem can use this new hook to determine if it can share
> > > > > > > >> the an existing superblock with a new superblock for the new mount.
> > > > > > > >>
> > > > > > > >> Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
> > > > > > > > Do you have any other thoughts on this patch? I'm also wondering how
> > > > > > > > you want to handle sending it upstream.
> > > > > > >
> > > > > > > James Morris is the maintainer for the security sub-system,
> > > > > > > so you'll want to send this through him. He will want you to
> > > > > > > have an ACK from Paul Moore, who is the SELinux maintainer.
> > > > > >
> > > > > > In the past I've pulled patches such as this (new LSM hook, with only
> > > > > > a SELinux implementation of the new hook) in via the selinux/next tree
> > > > > > after the other LSMs have ACK'd the new hook. This helps limit merge
> > > > > > problems with other SELinux changes and allows us (the SELinux folks)
> > > > > > to include it in the ongoing testing that we do during the -rcX
> > > > > > releases.
> > > > > >
> > > > > > So Anna, if you or anyone else on the NFS side of the house want to
> > > > > > add your ACKs/REVIEWs/etc. please do so as I don't like merging
> > > > > > patches that cross subsystem boundaries without having all the
> > > > > > associated ACKs. Casey, James, and other LSM folks please do the
> > > > > > same.
> > > > >
> > > > > Sure:
> > > > > Acked-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
> > > > >
> > > > > Are you also going to take patch 3/3 that uses the new hook, or should
> > > > > that go through the NFS tree? Patch 2/3 is a cleanup that can go
> > > > > through the NFS tree.
> > > >
> > > > Generally when patches are posted as patchsets I would apply the whole
> > > > patchset assuming they patches were all good, however it does seem
> > > > like patch 2/3 is not strictly related to the other two? That said,
> > > > as long as your ACK applies to all three patches in the patchset I
> > > > have no problem applying all of them to the selinux/next tree once
> > > > some of the other LSM maintainers provide their ACKs (while there may
> > > > only a SELinux implementation of the hook at the moment, we need to
> > > > make sure the other LSMs are okay with the basic hook concept).
> > > >
> > > > Also, did the v4 posting only include patch 1/3? I see v3 postings
> > > > for the other two patches, but the only v4 patch I see is 1/3 ... ?
> > >
> > > I didn't not repost patches that didn't change.
> >
> > Okay, so I'm guessing that means path 2/3 and 3/3 didn't change?
> >
> > While I suppose there are cases where people do not do this, it has
> > been my experience that if someone posts a patchset and some portion
> > of the patchset changes, due to feedback or other factors, the entire
> > patchset is reposted under the new version number. If nothing else
> > this helps ensure people are always looking at the latest draft of a
> > particular patch instead of having to dig through the list to
> > determine which patch is the most recent.
>
> Correct, patches 2&3 didn't change and selinux patch generated several
> iterations. Would you like me to repost a series? I'm not sure what
> I'm supposed to do at this point.
As long as we are clear that the latest draft of patch 1/3 is to be
taken from the v4 patch{set} and patches 2/3 and 3/3 are to be taken
from v3 of the patchset I don't think you need to do anything further.
The important bit is for the other LSM folks to ACK the new hook; if I
don't see anything from them, either positive or negative, I'll merge
it towards the end of this week or early next.
--
paul moore
www.paul-moore.com
next prev parent reply other threads:[~2021-03-15 16:17 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-19 22:22 [PATCH v3 1/3] [security] Add new hook to compare new mount to an existing mount Olga Kornievskaia
2021-02-19 22:22 ` [PATCH v3 2/3] [NFS] cleanup: remove unneeded null check in nfs_fill_super() Olga Kornievskaia
2021-03-22 19:00 ` Paul Moore
2021-02-19 22:22 ` [PATCH v3 3/3] NFSv4 account for selinux security context when deciding to share superblock Olga Kornievskaia
2021-03-22 19:04 ` Paul Moore
2021-02-25 17:53 ` [PATCH v3 1/3] [security] Add new hook to compare new mount to an existing mount Paul Moore
2021-02-25 18:03 ` Olga Kornievskaia
2021-02-25 18:22 ` Casey Schaufler
2021-02-25 19:30 ` Paul Moore
2021-02-27 3:37 ` [PATCH v4 " Olga Kornievskaia
2021-03-02 18:20 ` Anna Schumaker
2021-03-02 18:51 ` Casey Schaufler
2021-03-05 1:32 ` Paul Moore
2021-03-12 15:45 ` Anna Schumaker
2021-03-12 21:54 ` Paul Moore
2021-03-12 22:34 ` Olga Kornievskaia
2021-03-15 1:43 ` Paul Moore
2021-03-15 15:30 ` Olga Kornievskaia
2021-03-15 16:15 ` Paul Moore [this message]
2021-03-18 19:12 ` Paul Moore
2021-03-18 19:21 ` Casey Schaufler
2021-03-18 22:49 ` James Morris
2021-03-18 22:59 ` Olga Kornievskaia
2021-03-22 18:56 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHC9VhTZe0azgqt_OSk0cy-nM+upz9z2_i0j1wQQLD8UgbX9+Q@mail.gmail.com \
--to=paul@paul-moore.com \
--cc=anna.schumaker@netapp.com \
--cc=casey@schaufler-ca.com \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=olga.kornievskaia@gmail.com \
--cc=selinux@vger.kernel.org \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.