mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-19 17:14:40 +08:00
0a90729278
-----BEGIN PGP SIGNATURE-----
iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmGO6qEUHHBhdWxAcGF1
bC1tb29yZS5jb20ACgkQ6iDy2pc3iXOBLhAAlcQQnj1Rqkle+c3qnJLshq7/ZU12
xr4R7OxAsGlQfAsQzJZLBrZhgu9LtZeLx5wSCYyJKJrWvpFQ5nhwzFAybq3qiWNf
jh0hVTij9WNoDqFP58nUTAmhNH4qqkVvT4qu0Vulnfx7nuyDFF+nJKtpAnVC+Jgo
84uHx2ehjU/FNq+UCnIOstgu62zjJ8YalKKZmyREQn80tWR73sRz47NO+vGqXoER
/Pub67jKKc7CnbxCJODX8mhWf3f+usa7myl+z2xPDj32e17eR/QXU3ZmTR7w+SpH
49TNYIeOyrapD+9hRosdMVDskNz5yuyySk8ZBm+v2EpgmFMXhnYpqVLX5P2ilm1z
etzv8APCqJTOn05Alissx6bUH0D3OfKlmNgpRHaj2Iuc9S7fJlrvrlB5+1aWF2DS
O5NIu6ctmNBYAeFe2/Af1qRnoPBX099XDlGon4PPVROQkrKyz/OIrQHo2W2+Jppg
HysLRjAXuwOw1ODnvfkI2fNAYgRdcv0C9kU7Nqxxhafk87cO7v22grK0zFRjUutp
k9CfXFkXA1Eg32moxHOzijl1sohL70I2Z7wQj/xeuU7gYqayG1HoZXZVBJmfpMmP
pCeqe+pGaVBGoLF9ipENLT38eV6wbi5hG3ZFFlUGkTiKb6qokzj4gPQVyDXHLoQe
TIbdTIOfw8udATo=
=vK/E
-----END PGP SIGNATURE-----
Merge tag 'selinux-pr-20211112' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux fixes from Paul Moore:
"Unfortunately I need to request a revert for two LSM/SELinux patches
that came in via the network tree. The two patches in question add a
new SCTP/LSM hook as well as an SELinux implementation of that LSM
hook. The short version of "why?" is in the commit description of the
revert patch, but I'll copy-n-paste the important bits below to save
some time for the curious:
... Unfortunately these two patches were merged without proper
review (the Reviewed-by and Tested-by tags from Richard Haines
were for previous revisions of these patches that were
significantly different) and there are outstanding objections from
the SELinux maintainers regarding these patches.
Work is currently ongoing to correct the problems identified in
the reverted patches, as well as others that have come up during
review, but it is unclear at this point in time when that work
will be ready for inclusion in the mainline kernel. In the
interest of not keeping objectionable code in the kernel for
multiple weeks, and potentially a kernel release, we are reverting
the two problematic patches.
As usual with these things there is plenty of context to go with this
and I'll try to do my best to provide that now. This effort started
with a report of SCTP client side peel-offs not working correctly with
SELinux, Ondrej Mosnacek put forth a patch which he believed properly
addressed the problem but upon review by the netdev folks Xin Long
described some additional issues and submitted an improved patchset
for review. The SELinux folks reviewed Xin Long's initial patchset and
suggested some changes which resulted in a second patchset (v2) from
Xin Long; this is the patchset that is currently in your tree.
Unfortunately this v2 patchset from Xin Long was merged before it had
spent even just 24 hours on the mailing lists during the early days of
the merge window, a time when many of us were busy doing verification
of the newly released v5.15 kernel as well final review and testing of
our v5.16 pull requests. Making matters worse, upon reviewing the v2
patchset there were both changes which were found objectionable by
SELinux standards as well as additional outstanding SCTP/SELinux
interaction problems. At this point we did two things: resumed working
on a better fix for the SCTP/SELinux issue(s) - thank you Ondrej - and
we asked the networking folks to revert the v2 patchset.
The revert request was obviously rejected, but at the time I believed
it was just going to be an issue for linux-next; I wasn't expecting
something this significant that was merged into the networking tree
during the merge window to make it into your tree in the same window,
yet as of last night that is exactly what happened. While we continue
to try and resolve the SCTP/SELinux problem I am asking once again to
revert the v2 patches and not ship the current
security_sctp_assoc_established() hook in a v5.16-rcX kernel. If I was
confident that we could solve these issues in a week, maybe two, I
would refrain from asking for the revert but our current estimate is
for a minimum of two weeks for the next patch revision. With the
likelihood of additional delays due to normal patch review follow-up
and/or holidays it seems to me that the safest course of action is to
revert the patch both to try and keep some objectionable code out of a
release kernel and limit the chances of any new breakages from such a
change. While the SCTP/SELinux code in v5.15 and earlier has problems,
they are known problems, and I'd like to try and avoid creating new
and different problems while we work to fix things properly.
One final thing to mention: Xin Long's v2 patchset consisted of four
patches, yet this revert is for only the last two. We see the first
two patches as good, reasonable, and not likely to cause an issue. In
an attempt to create a cleaner revert patch we suggest leaving the
first two patches in the tree as they are currently"
* tag 'selinux-pr-20211112' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
net,lsm,selinux: revert the security_sctp_assoc_established() hook
|
||
|---|---|---|
| arch | ||
| block | ||
| certs | ||
| crypto | ||
| Documentation | ||
| drivers | ||
| fs | ||
| include | ||
| init | ||
| ipc | ||
| kernel | ||
| lib | ||
| LICENSES | ||
| mm | ||
| net | ||
| samples | ||
| scripts | ||
| security | ||
| sound | ||
| tools | ||
| usr | ||
| virt | ||
| .clang-format | ||
| .cocciconfig | ||
| .get_maintainer.ignore | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| COPYING | ||
| CREDITS | ||
| Kbuild | ||
| Kconfig | ||
| MAINTAINERS | ||
| Makefile | ||
| README | ||
Linux kernel
============
There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.
In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``. The formatted documentation can also be read online at:
https://www.kernel.org/doc/html/latest/
There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.