Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S933978AbcKWSvu (ORCPT <rfc822;w@1wt.eu>);
        Wed, 23 Nov 2016 13:51:50 -0500
Received: from youngberry.canonical.com ([91.189.89.112]:60000 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932814AbcKWSvt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 23 Nov 2016 13:51:49 -0500
Subject: Re: [PATCH 0/8] CaitSith LSM module
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
        linux-security-module@vger.kernel.org
References: <1477054150-4772-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp>
 <3232ef1d-b378-a8a2-f113-03b2db4cc332@canonical.com>
 <201610252026.HCH52140.FOtVFOJLQMSOHF@I-love.SAKURA.ne.jp>
 <201611231531.DGH52135.QtFVOFJLOHFOSM@I-love.SAKURA.ne.jp>
Cc: linux-kernel@vger.kernel.org
From: John Johansen <john.johansen@canonical.com>
Organization: Canonical
Message-ID: <2908442d-90f1-7fa2-24ff-0833f6bd2d95@canonical.com>
Date: Wed, 23 Nov 2016 10:51:44 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <201611231531.DGH52135.QtFVOFJLOHFOSM@I-love.SAKURA.ne.jp>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1192
Lines: 29

On 11/22/2016 10:31 PM, Tetsuo Handa wrote:
> Tetsuo Handa wrote:
>> John Johansen wrote:
>>>> In order to minimize the burden of reviewing, this patchset implements
>>>> only functionality of checking program execution requests (i.e. execve()
>>>> system call) using pathnames. I'm planning to add other functionalities
>>>> after this version got included into mainline. You can find how future
>>>> versions of CaitSith will look like at http://caitsith.osdn.jp/ .
>>>>
>>> Thanks I've started working my way through this, but it is going to take
>>> me a while.
>>>
>>
>> Thank you for your time.
> 
> May I hear the status? Is there something I can do other than waiting?
> 
progressing very slowly, I have some time over the next few days as its a
long weekend here in the US some hopefully I can finish this up

> I wrote a full manual for this patchset as http://caitsith.osdn.jp/index2.html .
thanks

> Does anybody have fundamental objection against CaitSith?
> 
I don't have any objections to CaitSith, but I do worry about the
maintenance of Tomoyo. It feels like there should be a better migration
path for Tomoyo users to CaitSith so that you only have to maintain one
of them.