Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933084AbbFXAw7 (ORCPT <rfc822;w@1wt.eu>);
	Tue, 23 Jun 2015 20:52:59 -0400
Received: from mail-lb0-f174.google.com ([209.85.217.174]:34455 "EHLO
	mail-lb0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754891AbbFXAwu (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 23 Jun 2015 20:52:50 -0400
MIME-Version: 1.0
In-Reply-To: <CA+55aFwdk0FYXM=vmWhFye-dzgyBLUzKt40ujjEhKjjBLDwk7g@mail.gmail.com>
References: <CALCETrW5sdcwM4zoX7BQdf+a2fWgQhd6rPDg8br0FU7Xy-2ZhQ@mail.gmail.com>
 <CA+55aFwdk0FYXM=vmWhFye-dzgyBLUzKt40ujjEhKjjBLDwk7g@mail.gmail.com>
From: Andy Lutomirski <luto@amacapital.net>
Date: Tue, 23 Jun 2015 17:52:29 -0700
Message-ID: <CALCETrX2K8EcGF0Y8Mo+GD5X4m082AG=Z20J-pmD=FkmpmJCmA@mail.gmail.com>
Subject: Re: kdbus: to merge or not to merge?
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        David Herrmann <dh.herrmann@gmail.com>,
        Djalal Harouni <tixxdz@opendz.org>,
        Greg KH <gregkh@linuxfoundation.org>,
        Havoc Pennington <havoc.pennington@gmail.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
        Tom Gundersen <teg@jklm.no>, Daniel Mack <daniel@zonque.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2411
Lines: 49

On Tue, Jun 23, 2015 at 4:19 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Mon, Jun 22, 2015 at 11:06 PM, Andy Lutomirski <luto@amacapital.net> wrote:
>>
>> Can you opine as to whether you think that kdbus should be merged?  I
>> don't mean whether you'd accept a pull request that Greg may or may
>> not send during this merge window -- I mean whether you think that
>> kdbus should be merged if it had appropriate review and people were
>> okay with the implementation.
>
> So I am still expecting to merge it, mainly for a rather simple
> reason: I trust my submaintainers, and Greg in particular. So when a
> major submaintainer wants to merge something, that pulls a *lot* of
> weight with me.

Then I'll try to review the parts that I can review, time permitting,
in the event that someone sends a clean, reviewable set of patches.
Preferably not during the merge window.

If my, or anyone else's, review uncovers an ABI issue, then I will be
correspondingly grumpy now that the userspace code is slated to ship
with new systemd versions.  Because we can't actually ship a
kernel.org kernel that will fail to boot with Fedora Rawhide or Arch
AUR or whatever unless kdbus=0 is set on the kernel command line.

If someone ships an actual desktop sandbox based on kdbus custom
endpoints, I'll try to poke holes in it as usual.  I don't intend to
review that part for security in advance because I've already said my
part: I think the design is unfit for its purpose.  Given that I don't
see how one is supposed to use it in a sensible manner for sandboxing
in the first place, it's hard to evaluate whether it will do its job a
priori.

(NB: I think I may have figured out what people mean when they say
that custom endpoints are useful for sandboxes.  They might be talking
about BusPolicy= in systemd .service files.  That's a nifty feature,
but it seems rather limited and doesn't seem to me like it would be
useful for things like xdg-app.  Also, it could certainly be
implemented in userspace.)

--Andy

P.S.  I still remain unconvinced that any of the other arguments for
merging it are better than the performance argument.  But whatever.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/