linux-sctp.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Paul Moore <paul@paul-moore.com>
To: David Miller <davem@davemloft.net>
Cc: lucien.xin@gmail.com, omosnace@redhat.com,
	netdev@vger.kernel.org, selinux@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-sctp@vger.kernel.org, kuba@kernel.org,
	marcelo.leitner@gmail.com, jmorris@namei.org,
	richard_c_haines@btinternet.com
Subject: Re: [PATCHv2 net 4/4] security: implement sctp_assoc_established hook in selinux
Date: Thu, 4 Nov 2021 15:10:28 -0400	[thread overview]
Message-ID: <CAHC9VhQUdU6iXrnMTGsHd4qg7DnHDVoiWE9rfOQPjNoasLBbUA@mail.gmail.com> (raw)
In-Reply-To: <20211104.110213.948977313836077922.davem@davemloft.net>

On Thu, Nov 4, 2021 at 7:02 AM David Miller <davem@davemloft.net> wrote:
> From: Paul Moore <paul@paul-moore.com>
> Date: Wed, 3 Nov 2021 23:17:00 -0400
> >
> > While I understand you did not intend to mislead DaveM and the netdev
> > folks with the v2 patchset, your failure to properly manage the
> > patchset's metadata *did* mislead them and as a result a patchset with
> > serious concerns from the SELinux side was merged.  You need to revert
> > this patchset while we continue to discuss, develop, and verify a
> > proper fix that we can all agree on.  If you decide not to revert this
> > patchset I will work with DaveM to do it for you, and that is not
> > something any of us wants.
>
> I would prefer a follow-up rathewr than a revert at this point.
>
> Please work with Xin to come up with a fix that works for both of you.

We are working with Xin (see this thread), but you'll notice there is
still not a clear consensus on the best path forward.  The only thing
I am clear on at this point is that the current code in linux-next is
*not* something we want from a SELinux perspective.  I don't like
leaving known bad code like this in linux-next for more than a day or
two so please revert it, now.  If your policy is to merge substantive
non-network subsystem changes into the network tree without the proper
ACKs from the other subsystem maintainers, it would seem reasonable to
also be willing to revert those patches when the affected subsystems
request it.

I understand that if a patchset is being ignored you might feel the
need to act without an explicit ACK, but this particular patchset
wasn't even a day old before you merged into the netdev tree.  Not to
mention that the patchset was posted during the second day of the
merge window, a time when many maintainers are busy testing code,
sending pull requests to Linus, and generally managing merge window
fallout.

-- 
paul moore
www.paul-moore.com

  reply	other threads:[~2021-11-04 19:10 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-02 12:02 [PATCHv2 net 0/4] security: fixups for the security hooks in sctp Xin Long
2021-11-02 12:02 ` [PATCHv2 net 1/4] security: pass asoc to sctp_assoc_request and sctp_sk_clone Xin Long
2021-11-02 12:02 ` [PATCHv2 net 2/4] security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce Xin Long
2021-11-02 12:02 ` [PATCHv2 net 3/4] security: add sctp_assoc_established hook Xin Long
2021-11-02 12:02 ` [PATCHv2 net 4/4] security: implement sctp_assoc_established hook in selinux Xin Long
2021-11-03 16:40   ` Ondrej Mosnacek
2021-11-03 17:33     ` Xin Long
2021-11-03 17:36       ` Xin Long
2021-11-03 22:01         ` Paul Moore
2021-11-04  1:46           ` Xin Long
2021-11-04  3:17             ` Paul Moore
2021-11-04 10:17               ` Richard Haines
2021-11-04 10:40               ` Ondrej Mosnacek
2021-11-04 19:28                 ` Paul Moore
2021-11-04 10:56               ` Xin Long
2021-11-04 11:02               ` David Miller
2021-11-04 19:10                 ` Paul Moore [this message]
2021-11-04 19:49                   ` Xin Long
2021-11-04 20:07                     ` Paul Moore
2021-11-03 11:20 ` [PATCHv2 net 0/4] security: fixups for the security hooks in sctp patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAHC9VhQUdU6iXrnMTGsHd4qg7DnHDVoiWE9rfOQPjNoasLBbUA@mail.gmail.com \
    --to=paul@paul-moore.com \
    --cc=davem@davemloft.net \
    --cc=jmorris@namei.org \
    --cc=kuba@kernel.org \
    --cc=linux-sctp@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=lucien.xin@gmail.com \
    --cc=marcelo.leitner@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=omosnace@redhat.com \
    --cc=richard_c_haines@btinternet.com \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).