On Wed, 2007-03-28 at 12:20 -0400, James Morris wrote:

On Wed, 28 Mar 2007, Joy Latten wrote:

quoted

Eric, sorry as I know you already patched lspp kernel
for testing.

I think it'd be better to have the lspp kernel join the upstream workflow 
process, rather than being a shortcut into RHEL.

Please consider creating an lspp git tree (based off Linus' tree), then 
once patches there are tested and ready to submit upstream, post them here 
or selinux-list, where they can be reviewed and applied to either my or 
DaveM's git tree.

From there, they'll be picked up in -mm for even wider testing then be 
merged into mainline as appropriate.  Then, they can be incorporated into 
distro devel kernels when they update their kernels, or backported to 
stable distro kernels as already reviewed & tested upstream patches.

If there are any objections, please respond.

It is definitely NOT a shortcut into RHEL.  Nor is this government cert
effort (LSPP) being driven primary on RHEL code.  Not a single patch
will go into RHEL until it is upstream or in a tree to go upstream.
That is a given.  All development is being done upstream and then being
ported back to RHEL.  The LSPP kernel she mentioned is at this time
merely a testing ground for patches which may not quite be upstream
ready or are upstream but aren't in RHEL proper yet.  As it stands now
the LSPP kernel is carrying 22 patches on top of RHEL 5 GA (which is
2.6.18 based)  of those let me give you a breakdown.

12 are network related.
10 of those are in Linus's kernel
1 is not yet in miller's tree but i would expect it soon
1 is going to likely be dropped according to this thread

10 remaining patches are audit patches.

There is already a viro/audit-current.git tree on kernel.org where these
should be appearing.  I could make this a little easier for the audit
tree maintainer and make my own tree which he could pull from and then
push to Linus but a tree which should hold all of these does exist.  All
of them have been sent to the linux-audit mailing list and have been
commented on there.

I don't want to give the impression that upstream is not coming first.
All the work is being done upstream either on netdev or linux-audit and
then I pull it back into this LSPP kernel she talked about so that
people interested primarily in the testing necessary to meet that
particular government standard have a neat tidy little prebuild rpm to
work with.  Eventually all of these will show up in RHEL, but not until
all of the patches i'm dealing with are upstream.

-Eric