From: Xin Long <lucien.xin@gmail.com>
To: Paul Moore <paul@paul-moore.com>
Cc: David Miller <davem@davemloft.net>,
Ondrej Mosnacek <omosnace@redhat.com>,
network dev <netdev@vger.kernel.org>,
SElinux list <selinux@vger.kernel.org>,
LSM List <linux-security-module@vger.kernel.org>,
"linux-sctp @ vger . kernel . org" <linux-sctp@vger.kernel.org>,
Jakub Kicinski <kuba@kernel.org>,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
jmorris <jmorris@namei.org>,
Richard Haines <richard_c_haines@btinternet.com>
Subject: Re: [PATCHv2 net 4/4] security: implement sctp_assoc_established hook in selinux
Date: Thu, 4 Nov 2021 15:49:35 -0400 [thread overview]
Message-ID: <CADvbK_f7XyL8uvHdSgdvbphfw6QzTPFMvwZdW0P4R7qFJPc=yQ@mail.gmail.com> (raw)
In-Reply-To: <CAHC9VhQUdU6iXrnMTGsHd4qg7DnHDVoiWE9rfOQPjNoasLBbUA@mail.gmail.com>
On Thu, Nov 4, 2021 at 3:10 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Thu, Nov 4, 2021 at 7:02 AM David Miller <davem@davemloft.net> wrote:
> > From: Paul Moore <paul@paul-moore.com>
> > Date: Wed, 3 Nov 2021 23:17:00 -0400
> > >
> > > While I understand you did not intend to mislead DaveM and the netdev
> > > folks with the v2 patchset, your failure to properly manage the
> > > patchset's metadata *did* mislead them and as a result a patchset with
> > > serious concerns from the SELinux side was merged. You need to revert
> > > this patchset while we continue to discuss, develop, and verify a
> > > proper fix that we can all agree on. If you decide not to revert this
> > > patchset I will work with DaveM to do it for you, and that is not
> > > something any of us wants.
> >
> > I would prefer a follow-up rathewr than a revert at this point.
> >
> > Please work with Xin to come up with a fix that works for both of you.
>
> We are working with Xin (see this thread), but you'll notice there is
> still not a clear consensus on the best path forward. The only thing
> I am clear on at this point is that the current code in linux-next is
> *not* something we want from a SELinux perspective. I don't like
> leaving known bad code like this in linux-next for more than a day or
> two so please revert it, now. If your policy is to merge substantive
> non-network subsystem changes into the network tree without the proper
> ACKs from the other subsystem maintainers, it would seem reasonable to
> also be willing to revert those patches when the affected subsystems
> request it.
>
> I understand that if a patchset is being ignored you might feel the
> need to act without an explicit ACK, but this particular patchset
> wasn't even a day old before you merged into the netdev tree. Not to
> mention that the patchset was posted during the second day of the
> merge window, a time when many maintainers are busy testing code,
> sending pull requests to Linus, and generally managing merge window
> fallout.
>
> --
> paul moore
> www.paul-moore.com
Hi Paul,
It's applied on net tree, I think mostly because I posted this on net.git tree.
Also, it's well related to the network part and affects SCTP protocol
quite a lot.
I wanted to post it on selinux tree: pcmoore/selinux.git, but I noticed the
commit on top is written in 2019:
commit 6e6934bae891681bc23b2536fff20e0898683f2c (HEAD -> main,
origin/main, origin/HEAD)
Author: Paul Moore <paul@paul-moore.com>
Date: Tue Sep 17 15:02:56 2019 -0400
selinux: add a SELinux specific README.md
DO NOT SUBMIT UPSTREAM
Then I thought this tree was no longer active, sorry about that.
next prev parent reply other threads:[~2021-11-04 19:49 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-02 12:02 [PATCHv2 net 0/4] security: fixups for the security hooks in sctp Xin Long
2021-11-02 12:02 ` [PATCHv2 net 1/4] security: pass asoc to sctp_assoc_request and sctp_sk_clone Xin Long
2021-11-02 12:02 ` [PATCHv2 net 2/4] security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce Xin Long
2021-11-02 12:02 ` [PATCHv2 net 3/4] security: add sctp_assoc_established hook Xin Long
2021-11-02 12:02 ` [PATCHv2 net 4/4] security: implement sctp_assoc_established hook in selinux Xin Long
2021-11-03 16:40 ` Ondrej Mosnacek
2021-11-03 17:33 ` Xin Long
2021-11-03 17:36 ` Xin Long
2021-11-03 22:01 ` Paul Moore
2021-11-04 1:46 ` Xin Long
2021-11-04 3:17 ` Paul Moore
2021-11-04 10:17 ` Richard Haines
2021-11-04 10:40 ` Ondrej Mosnacek
2021-11-04 19:28 ` Paul Moore
2021-11-04 10:56 ` Xin Long
2021-11-04 11:02 ` David Miller
2021-11-04 19:10 ` Paul Moore
2021-11-04 19:49 ` Xin Long [this message]
2021-11-04 20:07 ` Paul Moore
2021-11-03 11:20 ` [PATCHv2 net 0/4] security: fixups for the security hooks in sctp patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CADvbK_f7XyL8uvHdSgdvbphfw6QzTPFMvwZdW0P4R7qFJPc=yQ@mail.gmail.com' \
--to=lucien.xin@gmail.com \
--cc=davem@davemloft.net \
--cc=jmorris@namei.org \
--cc=kuba@kernel.org \
--cc=linux-sctp@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=marcelo.leitner@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=richard_c_haines@btinternet.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).