From: Stephen Smalley <sds@tycho.nsa.gov>
To: James Morris <jmorris@namei.org>, Paul Moore <paul@paul-moore.com>
Cc: Casey Schaufler <casey@schaufler-ca.com>,
LSM <linux-security-module@vger.kernel.org>
Subject: Re: New LSM hooks
Date: Wed, 6 Feb 2019 08:20:45 -0500 [thread overview]
Message-ID: <84c96e67-6668-b954-0a6b-2bccb00c124c@tycho.nsa.gov> (raw)
In-Reply-To: <alpine.LRH.2.21.1902061207010.19811@namei.org>
On 2/5/19 8:11 PM, James Morris wrote:
> On Tue, 5 Feb 2019, Paul Moore wrote:
>
>> I believe that will always be a problem, no matter what we do. The
>> point I was trying to make was that everyone, especially the
>> maintainers, need to watch for this when patches are posted and make
>> sure the patch author posts to the LSM list in addition to any of the
>> relevant LSM specific lists.
>
> Right, and there is no way a new LSM hook should ever be added to the
> kernel without review and ack/signoffs from folks on the LSM list
> (especially those who are maintainers of in-tree LSMs).
>
> Casey, do you have any examples of this happening?
Most of the times I've seen that it has come from vfs folks or other
subsystems as part of some major reworking of that subsystem rather than
from security module developers, e.g. the mount hooks overhaul.
next prev parent reply other threads:[~2019-02-06 13:21 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-05 17:40 New LSM hooks Casey Schaufler
2019-02-05 18:15 ` Paul Moore
2019-02-05 20:04 ` Casey Schaufler
2019-02-06 0:01 ` Paul Moore
2019-02-06 1:11 ` James Morris
2019-02-06 13:20 ` Stephen Smalley [this message]
2019-02-06 17:24 ` Casey Schaufler
2019-02-06 17:44 ` Stephen Smalley
2019-02-06 18:18 ` Casey Schaufler
2019-02-06 16:30 ` Casey Schaufler
2019-02-06 17:06 ` Stephen Smalley
2019-02-06 17:44 ` Casey Schaufler
2019-02-06 17:48 ` Stephen Smalley
2019-02-05 18:28 ` Edwin Zimmerman
2019-02-05 19:25 ` Casey Schaufler
2019-02-05 19:58 ` Paul Moore
2019-02-05 20:10 ` Edwin Zimmerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=84c96e67-6668-b954-0a6b-2bccb00c124c@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).