Received: by 2002:a05:7412:1e0b:b0:fc:a2b0:25d7 with SMTP id kr11csp511685rdb; Thu, 15 Feb 2024 07:03:55 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVoXwf+rYo57GrcVi2EhVTVRRCK0mAdXusvSk0SZ28XN5zj451lA7fyN4P9fcyd4KRy+RTEkpAhb+XV3DrmQWf1XykCgzgml6cy4R0hrw== X-Google-Smtp-Source: AGHT+IGwm5bavoCimh56x74qPIv718n1QVQ0xBOVdO3yNcCwpW6uPzX0L7JJ4//P34k0/7mOqwht X-Received: by 2002:a17:902:f60f:b0:1d9:bd7d:3c79 with SMTP id n15-20020a170902f60f00b001d9bd7d3c79mr2607856plg.26.1708009434576; Thu, 15 Feb 2024 07:03:54 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708009434; cv=pass; d=google.com; s=arc-20160816; b=yUKeQjZTKPx2/YFg842YDWLgWxc/Z6DnLd9nJgwjVoqIax6nQeSfg0sy2n7m1lSRKV GRm2cQ3YRbVWK04pojbSl8+Zq4AadofnxTFe+T9QW2NBsnYQuOuSqL0fnQ6s3v5DOoGx ceO4Sca9JZCAOWE0L9cz35xkobLcfS2IGl9FpDpZiK9GVswlrW/29qXLn9RE4CycDLlv uTJqNnjrkWGXhvV76exmzSd6DIiGb49jw3nQtIaskR4kR/2ezdhjEnabcVRrF0kSfnkH d56oof1WVLcU4p8Ylw6KjiEFYq6i4JY3nQmdsi7gLyGpnntpdmEOvV8wkKgpHgnwv8MF Yebg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=QFQm0M3CmcqPtJRvHCagf6VByOoqALYCn6DYTnpLumI=; fh=zGP3Gm0RA4xASNr046LCCkGUTTPL39Men03KvG6v7qs=; b=wsI2/fZ2SWtltK5jqmINmhb08SI7Rlie634HGdanvtMYQ6Qwc4CzvfChqGs8y4tx9T s4RTILBmeiIsgZXuvAan9mmXFn6Oh4WLHn4O4VDbpafSVlX0pZq02xl9Gd0sd0yMBKVR 8l0Dm0zXxAkY0QLwODEfKfifXhbuCbelWShW3rMogodLSGUW46sGtp4+oV+f+8plmEZi PvVomticGxH3akyXJvrQ+G6jx8bUxMqWKJa+g23fHKxvma8K+BRGiyubNtDwh0y5ftlu ik6FI747ISh/UPCzToa+NymE2r3uCHSrUZ9GDsS3dJCKKnlOxVCpsPw7iXy48gd9RWv8 V1xQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=BvCcjRui; arc=pass (i=1 spf=pass spfdomain=paul-moore.com dkim=pass dkdomain=paul-moore.com dmarc=pass fromdomain=paul-moore.com); spf=pass (google.com: domain of linux-kernel+bounces-67134-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-67134-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id z16-20020a170902ccd000b001db8eb9eddasi866678ple.528.2024.02.15.07.03.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 07:03:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-67134-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=BvCcjRui; arc=pass (i=1 spf=pass spfdomain=paul-moore.com dkim=pass dkdomain=paul-moore.com dmarc=pass fromdomain=paul-moore.com); spf=pass (google.com: domain of linux-kernel+bounces-67134-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-67134-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id D2CCA287DF7 for ; Thu, 15 Feb 2024 15:03:28 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 62344132C29; Thu, 15 Feb 2024 15:03:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="BvCcjRui" Received: from mail-yb1-f174.google.com (mail-yb1-f174.google.com [209.85.219.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BCFA1132481 for ; Thu, 15 Feb 2024 15:03:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.174 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708009389; cv=none; b=oseT6sqnkzyzwz0TEzu1O8rRHb+aI+2DoK8irItmu2duIZRcgLUPiRSbMEm7hAlvwCkW0htSwtWarXb5YvF/bdi4ZMMLsNNHprHcYawXctktMl0kRQRFh03Vj6hllWdJcPsFTW815NUx9BZwwIiqXNzFse2YwjBOgBgDScdwu1Y= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708009389; c=relaxed/simple; bh=H/soAYrrSeRXs7NdxjAoiXIbfPiwXFyYm3AeSchaEI4=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=BSFOBWfJqXjlMHDN/5wUq3UCjkAwMaaKyVj/6sEWaMKRCE4GmJ8XsYj/i6j7oQyvCfXvdQKzxlB4swGI2vPRp5JpxVZAZhvEPrDSUGhjsJ/MwEXkuxXwGAtnAbHf71+FLeA0naZ73Y1sZy1ULOZbYHJ9phPd+/9TeO/p67RDHVs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=BvCcjRui; arc=none smtp.client-ip=209.85.219.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Received: by mail-yb1-f174.google.com with SMTP id 3f1490d57ef6-dcc86086c9fso883506276.3 for ; Thu, 15 Feb 2024 07:03:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1708009387; x=1708614187; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=QFQm0M3CmcqPtJRvHCagf6VByOoqALYCn6DYTnpLumI=; b=BvCcjRuitUc+Jbgo0sp3PCdep+zPiLjHHISuCWRbRj5zlagvp1mRDi5h0MkuTvX0// kKFmWQ84wtQUvVFX7M4QQpgxJ8rFy4t+zIfZk3S6KuKig1e9Rv9NFUfX0McHjF0scydJ LL1qIK01pmxD2GLJOi+LuF3xy+NJOI3IQ5LUTpb44+zeKcv8z54CH0STHOGFzUXfBAMS TAq+ZWy6N164kUht9XRqx+J1c3iTspPw5VqXXl2gajHwj538dfYf0cEmYjWTqLRtOehu 89KfbYiyM4ZLFNX7XgOMClOoY+pgxGHsk+QeanDljYRohIPxXvnng7wisUlrJlDutl7h W1lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708009387; x=1708614187; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QFQm0M3CmcqPtJRvHCagf6VByOoqALYCn6DYTnpLumI=; b=HASV/s+Z68fvuRqcHpJGBe3g3uKGFAth4Z7MMIIUpwveseVq2Y3kYOJk1nJB9URBBd 7FPjVjMNc9kh8l4eSJ22XXCJyNVX2SQLyvz79zd5lEBk16urR4fSScW1mxVCLAGgHUyY W+zCvy9OfVUI9hmPuHUXiC6fwfShYekILU8lMiy/IsnFvxypat03nnjg72dHRLkZtTms YRmYIsc3kUOTFmdPm3dnwyzGqdHd6AeF3TgApM69tCTwk26ka9qyi/t1slanWQjrn1ll WRg/R5GqTe+9TlPeJXjh1xJKcbtAVxooGQpK9sPMslAKyCFBgfUTiVmQMnHOLqluDdm0 dxkg== X-Forwarded-Encrypted: i=1; AJvYcCURVVEl1BFPiRkdDnVRFvssXZiK5SGv/4V+29SAW3HI41+3e/ygPwNXYrRx9IPmOPJFF7ni2qRlSnSvHQBw+96Ksy6vxNg83nVMiQNJ X-Gm-Message-State: AOJu0YxleqzJoZpI08x6f4IcH9w9tWrbnZglYYjNEwaZTIxIbMJvtGIV IRl6Kb9aKrUR5I8Q1krOt+tCE4kGbwvaYvyvCxiIXWQ4PTCKe9RUji3PLclHUtQnPynfNeW6gk7 nsvCrlJGa4wlsHV4Y1f+ccJi5j7b1O3EpEr7M X-Received: by 2002:a5b:692:0:b0:dc7:4935:a889 with SMTP id j18-20020a5b0692000000b00dc74935a889mr1745565ybq.50.1708009385102; Thu, 15 Feb 2024 07:03:05 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240115181809.885385-1-roberto.sassu@huaweicloud.com> <20240115181809.885385-13-roberto.sassu@huaweicloud.com> <305cd1291a73d788c497fe8f78b574d771b8ba41.camel@linux.ibm.com> <05ad625b0f5a0e6c095abee5507801da255b36cd.camel@huaweicloud.com> <63afc94126521629bb7656b6e6783d6614ee898a.camel@linux.ibm.com> <6ffcd054ff81d64b92b52baf097ed21f8ea4d870.camel@linux.ibm.com> In-Reply-To: <6ffcd054ff81d64b92b52baf097ed21f8ea4d870.camel@linux.ibm.com> From: Paul Moore Date: Thu, 15 Feb 2024 10:02:53 -0500 Message-ID: Subject: Re: [PATCH v9 12/25] security: Introduce file_post_open hook To: Mimi Zohar Cc: Roberto Sassu , viro@zeniv.linux.org.uk, brauner@kernel.org, chuck.lever@oracle.com, jlayton@kernel.org, neilb@suse.de, kolga@netapp.com, Dai.Ngo@oracle.com, tom@talpey.com, jmorris@namei.org, serge@hallyn.com, dmitry.kasatkin@gmail.com, eric.snowberg@oracle.com, dhowells@redhat.com, jarkko@kernel.org, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com, shuah@kernel.org, mic@digikod.net, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, selinux@vger.kernel.org, linux-kselftest@vger.kernel.org, Roberto Sassu , Stefan Berger Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Feb 15, 2024 at 3:18=E2=80=AFAM Mimi Zohar wr= ote: > On Wed, 2024-02-14 at 16:21 -0500, Paul Moore wrote: > > I'm not a big fan of sharing topic branches across different subsystem > > trees, I'd much rather just agree that one tree or another takes the > > patchset and the others plan accordingly. > > Just curious why not? I don't like the idea of cross-tree dependencies, I realize the term "dependency" isn't a great fit for a shared topic branch - no one needs to feel the need to explain how pulls and merges work - but it's the conceptual idea of there being a dependency across different trees that bothers me. I also tend to dislike the idea that a new feature *absolutely* *must* *be* *in* *a* *certain* *release* to the point that we need to subvert our normal processes to make it happen. Further, I believe that shared topic branches also discourages cooperation and collaboration. With a topic branch, anyone who wants to build on top of it simply merges the topic branch and off they go; without a shared topic branch there needs to be a discussion about which other patches are affected, which trees are involved, who is going to carry the patches, when are they going up to Linus, etc. As someone who feels strongly that we need more collaboration across kernel subsystems, I'm always going to pick the option that involves developers talking with other developers outside their immediate subsystem. Hopefully that makes sense. > > Based on our previous > > discussions I was under the impression that you wanted me to merge > > this patchset into lsm/dev, but it looks like that is no longer the > > case - which is okay by me. > > Paul, I don't recall saying that. Please go ahead and upstream it. Robe= rto can > add my acks accordingly. I believe it was during an off-list chat when we were discussing an earlier revision of the patchset, however, as I said earlier I'm not bothered by who merges the patches, as long as they eventually end up in Linus' tree I'm happy :) I *really* want to stress that last bit, if you and Roberto have stuff queued for the IMA/EVM tree that depends on this patchset, please go ahead and merge it; you've got my ACKs on the patches that need them, and I believe I've reviewed most of the other patches that don't require my ACK. While there are a some LSM related patches that would sit on top of this patchset, there is nothing that is so critical that it must go in now. If I don't hear anything back from you, I'll go ahead and merge these into lsm/dev later tonight (probably in about ~12 hours from this email as I have some personal commitments early this evening) just so we can get them into linux-next as soon as possible. --=20 paul-moore.com