linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: John Johansen <john.johansen@canonical.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>,
	Thorsten Leemhuis <regressions@leemhuis.info>,
	Vlastimil Babka <vbabka@suse.cz>,
	Seth Arnold <seth.arnold@canonical.com>,
	linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: regression in 4.14-rc2 caused by apparmor: add base infastructure for socket mediation
Date: Thu, 26 Oct 2017 12:59:08 -0700	[thread overview]
Message-ID: <fbd2dd37-029b-cc4b-1083-dfc7812bc336@canonical.com> (raw)
In-Reply-To: <CA+55aFwiiQYJ+YoLKCXjN_beDVfu38mg=Ggg5LFOcqHE8Qi7Zw@mail.gmail.com>

On 10/26/2017 10:36 AM, Linus Torvalds wrote:
> On Tue, Oct 24, 2017 at 1:57 PM, John Johansen
> <john.johansen@canonical.com> wrote:
>>
>> actually a lot of work and testing has been done. A regression was
>> found, the fix is in testing and it should land soon, but its not the
>> regression you are having issues with.
> 
> Stop gthis f*cking idiocy already!
> 
> As far as the kernel is concerned, a regressions is THE KERNEL NOT
> GIVING THE SAME END RESULT WITH THE SAME USER SPACE.
> 
> The regression was in the kernel. You trying to shift the regressions
> somewhere  else is bogus SHIT.
> 
> And seriously, it's the kind of garbage that makes me think your
> opinion and your code cannot be relied on.
> 
> If you are not willing to admit that your commit 651e28c5537a
> ("apparmor: add base infastructure for socket mediation") caused a
> regression, then honestly, I don't want to get commits from you.
> 
> It's that simple.
> 
> I'm *very* unhappy with the security layer as is, the last thing I
> want to see is some security layer developer that then goes on to try
> to re-define was regression means.
> 
> If you break existing user space setups THAT IS A REGRESSION.
>
You're right, sorry. I really wasn't thinking about this the right way.

> It's not ok to say "but we'll fix the user space setup".
> 
> Really. NOT OK.
> 
> I think I will have to revert that garbage, for the simple reason that
> I refuse to have code in the kernel from maintainers that cannot even
> understand the first rule of kernel development.
> 
> The first rule is:
> 
>  - we don't cause regressions
> 
> and the corollary is that when regressions *do* occur, we admit to
> them and fix them, instead of blaming user space.
> 
> The fact that you have apparently been denying the regression now for
> three weeks means that I will revert, and I will stop pulling apparmor
> requests until the people involved understand how kernel development
> is done.
> 

ack, and understood. I will update the apparmor module kernel abi to
ensure that existing userspaces won't break here. After that we will
implement full policy versioning to ensure that userspace and the
kernel agree on the version of security policy that should be used.

Going forward if for any reason there is a regression we will either
get a patch to you asap or ask for the offending patch to be reverted.

Again, sorry, our perspective was too narrow. We will make it right.

  parent reply	other threads:[~2017-10-26 19:59 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-10-03  4:02 regression in 4.14-rc2 caused by apparmor: add base infastructure for socket mediation James Bottomley
2017-10-03  4:11 ` John Johansen
2017-10-03  5:15   ` James Bottomley
2017-10-03  6:32     ` John Johansen
2017-10-03  6:48     ` Vlastimil Babka
2017-10-03  7:17       ` John Johansen
2017-10-24  6:39         ` Thorsten Leemhuis
2017-10-24 11:03           ` James Bottomley
2017-10-24 11:57             ` John Johansen
2017-10-26 17:36               ` Linus Torvalds
2017-10-26 18:54                 ` James Morris
2017-10-26 19:02                   ` Linus Torvalds
2017-10-26 19:06                     ` James Morris
2017-10-26 20:08                       ` John Johansen
2017-10-26 19:59                 ` John Johansen [this message]
2017-10-24 15:19             ` Vlastimil Babka
2017-10-24 11:31           ` John Johansen
2017-10-26  9:11             ` Thorsten Leemhuis
2017-10-26 18:13               ` Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fbd2dd37-029b-cc4b-1083-dfc7812bc336@canonical.com \
    --to=john.johansen@canonical.com \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=regressions@leemhuis.info \
    --cc=seth.arnold@canonical.com \
    --cc=torvalds@linux-foundation.org \
    --cc=vbabka@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).