Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2172568pxb; Mon, 8 Mar 2021 16:45:44 -0800 (PST) X-Google-Smtp-Source: ABdhPJyvnawmtlq7kkQXoKB/T7hN1d+jvMa7UZ45hA9mD/SxILEa1a+VmJs+nyRiYSsumvBJP/qH X-Received: by 2002:a17:907:2bd7:: with SMTP id gv23mr17698716ejc.351.1615250744636; Mon, 08 Mar 2021 16:45:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615250744; cv=none; d=google.com; s=arc-20160816; b=xfcocKYH+YlvoBG7vF1kIKMmjT4qbAo/VPuSKXNcm1iS4OhlvHXAFmKMmesHZoLjo8 u38YcbUudPLojMkDkr54IRuRHFmpDBh+QYb+YbdVtv+LRjIaPT+zpb/4GvZW6L/lrNrs zjLh9cJ0kCco7FWapW4aKezXyw7HR4CxeyQM7wocRh2UVEvzhcWV6RWFvBgp1CYJLoOz LA2QIAPK0fFm4U5MqTqRCoeVfpJbEt7mk8JLlJjdAdrF3rD6RsvpbbNmrn9M8Cra9yF1 xae1bI8soOa1beGXYbrk74UkJYaEXgsq0gVwyN8R7pfCdvMA6eUFKeO270/aVhnb6Yqh cqhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=C76/WHac0N5dofcpCfqmmbgG/z/7d+A5P13qFcVNTw0=; b=oEdRQ7Spj4SoXWEV6fmLYlp0V35V6Z994NUc885QDxHmidYoSCHxNJPl1Xn4KoXNAQ KCRaTPT8fbt+mFbw4aw2oFMuWI+p1d6b5sE45jNfxvRnBKojeKfqnZ426sj1D2lNLVIk GwFkx+ofzKvI7Ng0Cyi2+tDLlDuNrYNaHt+4gqhuRylMJKzf+XAtgrOCzI42U5sF8SKw zymWjs4XB9nnD8N9NO1GRv+4BPcZcAUt/EJMOhn9lW8fPxj5CylMX7JQHKjt7YszdraC 5Cs5m+/VJVPwcUBJjNNkdQDpZJrP5hn5vcbx/I78RPuScZ29J60Kjy039RqjWAL8ranr HUbg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=aNi9vvcZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v5si7869187eji.385.2021.03.08.16.45.21; Mon, 08 Mar 2021 16:45:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=aNi9vvcZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229772AbhCIAnP (ORCPT + 99 others); Mon, 8 Mar 2021 19:43:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230460AbhCIAmf (ORCPT ); Mon, 8 Mar 2021 19:42:35 -0500 Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 309C1C061761 for ; Mon, 8 Mar 2021 16:42:35 -0800 (PST) Received: by mail-ej1-x634.google.com with SMTP id p7so12687902eju.6 for ; Mon, 08 Mar 2021 16:42:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=C76/WHac0N5dofcpCfqmmbgG/z/7d+A5P13qFcVNTw0=; b=aNi9vvcZjpTpC0ikBenjWHm1ZPsi4x8VyV09lw4CeHGd5H4Vaph8cgfFK3uIS8FqfJ KQ2jzaGIOm3wrWNR9VmtZyy7ECTl6fqS84xHDSjqj/3J8uCNjZoJZTr/72IHbUg6YvSX yZI07xMyXmv88iUtWnafN0Oucy3z3yEC/vmyxh+yMA1yEcSAQgw2Y947s+sIbyXZJgmG p4U+/iPP3AcGRJOncOCbb5NnDt9P2hriv6UROarWJ+qSSXmNc6te1gHbXnIaifZIwEjr jheymuT2SdP7g0l5H+zNWEFkqHdcrjavhRaK95kB+a/FaljGtFCaZjJD3peWQY/zhKUN R+YQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=C76/WHac0N5dofcpCfqmmbgG/z/7d+A5P13qFcVNTw0=; b=Kaq5wb72WzuVJEie7WlX86i5GAzXRqalzKEh7i9ZIOBlV+FoTzZc0aTi35PQLCEaPs 6qHSJl1KZUptZPjPwYyHgsto2WFmAdBjqW/cLT1JT0+3vUm21eMfZI9tC6xFYG5hPozd 5x6fMJHAfb9t0luTGs8TdMrhas1n4rUPuMBIIsZoEEkTFukm+Tfa18TOK3+GnqER3gHz 47/Vxdmob7hjnh4I5cRbkpKkTG9E4uAFcKi+T/i/uql9a1k8n0fLzr7z8NNMlGqQ1BX0 Mu9JyIzXqO4dhXQxnAv5IFs3gYPEypdswxGx33TbqdydwQsdyxyfZlT/aDel/ykhlVdH ekwA== X-Gm-Message-State: AOAM533+t3g4aQ+ThJExIUfTfEsTzbgKDoVS4aNuUuHovuBXae2Q8rpu 1AVBKLEh1QEJD4+Rz0pkFAMNPbe1vN96eHx0y74F X-Received: by 2002:a17:906:3b84:: with SMTP id u4mr17224484ejf.431.1615250553701; Mon, 08 Mar 2021 16:42:33 -0800 (PST) MIME-Version: 1.0 References: <20210212163709.3139-1-nramas@linux.microsoft.com> <9170636f-1793-2272-e3fe-1551c18edeb9@linux.microsoft.com> In-Reply-To: <9170636f-1793-2272-e3fe-1551c18edeb9@linux.microsoft.com> From: Paul Moore Date: Mon, 8 Mar 2021 19:42:22 -0500 Message-ID: Subject: Re: [PATCH v3] selinux: measure state and policy capabilities To: Lakshmi Ramasubramanian Cc: James Bottomley , zohar@linux.ibm.com, Stephen Smalley , tusharsu@linux.microsoft.com, tyhicks@linux.microsoft.com, casey@schaufler-ca.com, agk@redhat.com, snitzer@redhat.com, gmazyland@gmail.com, sashal@kernel.org, James Morris , linux-integrity@vger.kernel.org, selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 5, 2021 at 2:29 PM Lakshmi Ramasubramanian wrote: > On 3/5/21 11:22 AM, Paul Moore wrote: > > Hi Paul, > > > On Fri, Mar 5, 2021 at 12:57 PM James Bottomley > > wrote: > >> On Fri, 2021-03-05 at 12:52 -0500, Paul Moore wrote: > >> [...] > >>> This draft seems fine to me, but there is a small logistical blocker > >>> at the moment which means I can't merge this until -rc2 is released, > >>> which likely means this coming Monday. The problem is that this > >>> patch relies on code that went upstream via in the last merge window > >>> via the IMA tree, not the SELinux tree; normally that wouldn't be a > >>> problem as I typically rebase the selinux/next to Linus' -rc1 tag > >>> once the merge window is closed, but in this particular case the -rc1 > >>> tag is dangerously broken for some system configurations (the tag has > >>> since been renamed) so I'm not rebasing onto -rc1 this time around. > >>> > >>> Assuming that -rc2 fixes the swapfile/fs-corruption problem, early > >>> next week I'll rebase selinux/next to -rc2 and merge this patch. > >>> However, if the swapfile bug continues past -rc2 we can consider > >>> merging this via the IMA tree, but I'd assume not do that if possible > >>> due to merge conflict and testing reasons. > >> > >> If it helps, we rebased the SCSI tree on top of the merge for the > >> swapfile fix which is this one, without waiting for -rc2: > > > > Considering that -rc2 is only two days away I'm not going to lose a > > lot of sleep over it. > > > > Thanks for reviewing the patch. > > I can wait until the swapfile issue is resolved (in rc2 or later) and > you are able to merge this patch. Please take your time. Thanks for your patience Lakshmi, I just merged this into my local selinux/next branch and will be pushing it up to kernel.org later tonight - thank you! -- paul moore www.paul-moore.com