Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933084AbbFXAw7 (ORCPT ); Tue, 23 Jun 2015 20:52:59 -0400 Received: from mail-lb0-f174.google.com ([209.85.217.174]:34455 "EHLO mail-lb0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754891AbbFXAwu (ORCPT ); Tue, 23 Jun 2015 20:52:50 -0400 MIME-Version: 1.0 In-Reply-To: References: From: Andy Lutomirski Date: Tue, 23 Jun 2015 17:52:29 -0700 Message-ID: Subject: Re: kdbus: to merge or not to merge? To: Linus Torvalds Cc: "linux-kernel@vger.kernel.org" , David Herrmann , Djalal Harouni , Greg KH , Havoc Pennington , "Eric W. Biederman" , One Thousand Gnomes , Tom Gundersen , Daniel Mack Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2411 Lines: 49 On Tue, Jun 23, 2015 at 4:19 PM, Linus Torvalds wrote: > On Mon, Jun 22, 2015 at 11:06 PM, Andy Lutomirski wrote: >> >> Can you opine as to whether you think that kdbus should be merged? I >> don't mean whether you'd accept a pull request that Greg may or may >> not send during this merge window -- I mean whether you think that >> kdbus should be merged if it had appropriate review and people were >> okay with the implementation. > > So I am still expecting to merge it, mainly for a rather simple > reason: I trust my submaintainers, and Greg in particular. So when a > major submaintainer wants to merge something, that pulls a *lot* of > weight with me. Then I'll try to review the parts that I can review, time permitting, in the event that someone sends a clean, reviewable set of patches. Preferably not during the merge window. If my, or anyone else's, review uncovers an ABI issue, then I will be correspondingly grumpy now that the userspace code is slated to ship with new systemd versions. Because we can't actually ship a kernel.org kernel that will fail to boot with Fedora Rawhide or Arch AUR or whatever unless kdbus=0 is set on the kernel command line. If someone ships an actual desktop sandbox based on kdbus custom endpoints, I'll try to poke holes in it as usual. I don't intend to review that part for security in advance because I've already said my part: I think the design is unfit for its purpose. Given that I don't see how one is supposed to use it in a sensible manner for sandboxing in the first place, it's hard to evaluate whether it will do its job a priori. (NB: I think I may have figured out what people mean when they say that custom endpoints are useful for sandboxes. They might be talking about BusPolicy= in systemd .service files. That's a nifty feature, but it seems rather limited and doesn't seem to me like it would be useful for things like xdg-app. Also, it could certainly be implemented in userspace.) --Andy P.S. I still remain unconvinced that any of the other arguments for merging it are better than the performance argument. But whatever. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/