On Tue, Aug 2, 2022 at 10:15 PM Casey Schaufler [off-list ref] wrote:

On 8/2/2022 5:56 PM, Paul Moore wrote:

quoted

On Tue, Aug 2, 2022 at 8:01 PM Casey Schaufler [off-list ref] wrote:

quoted

I would like very much to get v38 or v39 of the LSM stacking for Apparmor
patch set in the LSM next branch for 6.1. The audit changes have polished
up nicely and I believe that all comments on the integrity code have been
addressed. The interface_lsm mechanism has been beaten to a frothy peak.
There are serious binder changes, but I think they address issues beyond
the needs of stacking. Changes outside these areas are pretty well limited
to LSM interface improvements.

The LSM stacking patches are near the very top of my list to review
once the merge window clears, the io_uring fixes are in (bug fix), and
SCTP is somewhat sane again (bug fix).  I'm hopeful that the io_uring
and SCTP stuff can be finished up in the next week or two.

Since I'm the designated first stuckee now for the stacking stuff I
want to go back through everything with fresh eyes, which probably
isn't a bad idea since it has been a while since I looked at the full
patchset from bottom to top.  I can tell you that I've never been
really excited about the /proc changes,

I have been and remain perfectly happy to do something completely
different provided it works. The interface_lsm scheme as implemented
is horrible, but it's better than the half dozen alternatives I've
proposed. At least no one has pointed out a use case that it can't
satisfy. I take full responsibility for mucking up "current".

Yes, I have no concerns around your willingness to do the Right Thing
Casey, whatever that may be :)

-- 
paul-moore.com