Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp5853386imm; Tue, 12 Jun 2018 14:38:16 -0700 (PDT) X-Google-Smtp-Source: ADUXVKI0vwCZVbmcJ3hnGLYZggRsv8BEDpOSD5njJ8CwVkLvLKqq2KMx83hs3D9pLnpiPaZ90sn9 X-Received: by 2002:a65:43c9:: with SMTP id n9-v6mr1703985pgp.399.1528839496748; Tue, 12 Jun 2018 14:38:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528839496; cv=none; d=google.com; s=arc-20160816; b=KzqZD65ISImi15+/jCZtfaCSf47YTz/yIUMl6+K59NsPc4hFJERwvA/mGEjJzh5oxi ijqFKlu8bet6Dkv6i7RNkTT6jCxjQzREVD36VO0z6iFnXRH1MXboOO/6RzwpTfHYYPqS FOxKG10FSKuCZWpaU98tnbfeSqgVEJUo+nP8gNnyRXfv/Z+twg5q4ZyEJTuvhXJ55Vr6 bQiVYVMDBe/FXwspcFH7P+19R/MFCn7KeWe+pMphR7DDIccIoQjshSTIPIYWukrqJvJW 4xNC6PPLsW+4PNHi1VibZ0QRKg3gIkwWi55YJZP3N3bRIa+F5fmVFcDNvDNqdwRlyq5p LY+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject :arc-authentication-results; bh=MlQtZPAySQzSWNw/ofzCOJ79hPgYKXe9z20UiYLxUVM=; b=CRMnwRShC95WqWrDSP5CYOZ/8ctTlO6p8RuuWtrqPihmYgy1Gr90sSiky0fOF7JHJZ xv3NcZQFJRlYoc7HoJIvCr8jLrF/0klW2czCqT0G0qqwMOAT6LzwRJBxJQc325YzGDIU g2T7H7gepxWYHhhQ4yqw8EvR/i0OKIqGARh4DkMDRN16koqtpcESrdpc+wh81QQ0Yevl qr/E7DL35NAfHTV7Xi0yAoU2benxv/JK8ereeWSvpe5rb/l26yiwC0ir1/ie0XhswgLK eey7d7AuQ4sXITp+3ZCNR/GFYiZJlHrJ7HclP43eqiLEKdPmxBZaLEIhHdax2VuyG55D AQ/g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10-v6si870830pgp.83.2018.06.12.14.38.02; Tue, 12 Jun 2018 14:38:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934331AbeFLVgM (ORCPT + 99 others); Tue, 12 Jun 2018 17:36:12 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:54792 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933518AbeFLVgK (ORCPT ); Tue, 12 Jun 2018 17:36:10 -0400 Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w5CLToWT074847 for ; Tue, 12 Jun 2018 17:36:10 -0400 Received: from e06smtp01.uk.ibm.com (e06smtp01.uk.ibm.com [195.75.94.97]) by mx0b-001b2d01.pphosted.com with ESMTP id 2jjjbj0t45-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 12 Jun 2018 17:36:10 -0400 Received: from localhost by e06smtp01.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 12 Jun 2018 22:36:08 +0100 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp01.uk.ibm.com (192.168.101.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 12 Jun 2018 22:36:04 +0100 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w5CLa3Wj23724276 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 12 Jun 2018 21:36:03 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A2CA5AE045; Tue, 12 Jun 2018 22:24:54 +0100 (BST) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 27AD6AE051; Tue, 12 Jun 2018 22:24:53 +0100 (BST) Received: from dhcp-9-2-54-130.watson.ibm.com (unknown [9.2.54.130]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 12 Jun 2018 22:24:53 +0100 (BST) Subject: Re: [-next PATCH] security: use octal not symbolic permissions From: Mimi Zohar To: John Johansen , Paul Moore , James Morris , Joe Perches Cc: Casey Schaufler , Dmitry Kasatkin , Stephen Smalley , Eric Paris , Kentaro Takeda , Tetsuo Handa , "Serge E. Hallyn" , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@tycho.nsa.gov Date: Tue, 12 Jun 2018 17:36:01 -0400 In-Reply-To: <9ae2397b-ad11-d437-d0f4-4e4f0dff4ce9@canonical.com> References: <1e91f8e10ce76d3208239b6b5899aab76d1543ff.1528743633.git.joe@perches.com> <9ae2397b-ad11-d437-d0f4-4e4f0dff4ce9@canonical.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 x-cbid: 18061221-4275-0000-0000-0000028D1264 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18061221-4276-0000-0000-0000379438EF Message-Id: <1528839361.3874.10.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-06-12_13:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=846 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806120238 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2018-06-12 at 14:29 -0700, John Johansen wrote: > On 06/12/2018 02:12 PM, Paul Moore wrote: > > On Tue, Jun 12, 2018 at 4:32 PM, James Morris wrote: > >> On Mon, 11 Jun 2018, Casey Schaufler wrote: > >> > >>> If you want to break this up by security module I would take > >>> the Smack part as soon as James does the tree update. If James > >>> wants to take the whole thing at once you can add my: > >>> > >>> Acked-by: Casey Schaufler > >>> > >>> for the Smack changes. > >> > >> It's probably simplest for me to take them as one patch. > > > > I would prefer if the SELinux changes were split into a separate > > patch. I'm guessing John would probably want the same for the > > AppArmor patches, but take his work for it, not mine. > > yes that would be preferred Agreed > > > > > Joe, in general I really appreciate the fixes you send, but these > > patches that cross a lot of subsystem boundaries (this isn't the first > > one that does this) causes unnecessary conflicts in -next and during > > the merge window. Could you split your patches up from now on please? > > > > yeah splitting patches at subsystem boundaries is highly recommended. Agreed