From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CD707C43334 for ; Tue, 12 Jul 2022 21:58:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1657663129; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=J5afL3+NTWGMveYLHPkhxth+TqhAaa/mLDLF+wjaFlY=; b=WIqoZBNL1WkmpQ+l4o/l6XxHzD35RN71f6R828FecXiD0lfVwbjoLEVgE+pUc6J+VI/Kkc WA4LbUh8cDkoVZl8V0xjl14IwT+swucpKuoRCKzgXtslg+/IMrQfyZb+0/NauIxu5No+co 4CquggXVUuNsPYG0wGFN89qCZ3rWQQY= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-564-_6rXCfR3NiKw3Q8PuL6PdA-1; Tue, 12 Jul 2022 17:58:46 -0400 X-MC-Unique: _6rXCfR3NiKw3Q8PuL6PdA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D41703C344E1; Tue, 12 Jul 2022 21:58:44 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 19B5F1415117; Tue, 12 Jul 2022 21:58:43 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id B813A194705F; Tue, 12 Jul 2022 21:58:42 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 0559F194704C for ; Tue, 12 Jul 2022 21:58:41 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id BDA9F9D7F; Tue, 12 Jul 2022 21:58:41 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B99472EF9E for ; Tue, 12 Jul 2022 21:58:41 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 88FEC29AA3BE for ; Tue, 12 Jul 2022 21:58:41 +0000 (UTC) Received: from sonic302-28.consmr.mail.ne1.yahoo.com (sonic302-28.consmr.mail.ne1.yahoo.com [66.163.186.154]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-629-KNG40lEoPI67so-mdNITLw-1; Tue, 12 Jul 2022 17:58:39 -0400 X-MC-Unique: KNG40lEoPI67so-mdNITLw-1 X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1657663118; bh=vMtm3knwl8FuSNtV8coCan4p4lnRSBW/SGD6OIDuNQM=; h=X-Sonic-MF:Date:Subject:To:From:From:Subject; b=iVm957K1acjI1jubbeR/Mrf+yVlRF+OnfZuUrVGx0KecKd+g6aOsEoYfaCAjBsPIa/RTZ9ztFYO5qFVfzx90gblpNskS1OKuVBLJhrafZY6McdzExKZG9FRvafQaHubzsexVezrr3WrAoYAEUlj/xe+7QmtR91G4Tz8AKZnUFAXQFO4F4hfcseKn1DsW58H+lXxDu+RQaQ2ASlgs/VGsVQVHiBMKWt2aNpKjwffbVvQZHVCOnLtRNW+Lsb5R6koQsYledLyFzj+MX+Wx8j1X4wj71wp8soqJLeI4p1wkxAZBLjXlZ6YiScN+PRgPSVDm/VOasFoxuGWA/SpLkOn5QA== X-YMail-OSG: Oi.EETMVM1m5phQ7qVKWgCZ5oxFF975C7ntLaVE5DOebGnXBED9ZYsNTLi84dwb 8ETv3wwruoDTSO1G5E4LWCQpr6Hh0pTKjBzZH8yEFVxJ0ZlvoYQjVyqidWEQcGlD7oqMBA3B6V3X jpO8ttGlFSqyPj03CTK.WJPlWoC3V7mekqjXabI3rh8Xy2z1EogqpGn.jkJ__wlQ9mhSyXiP2nI1 _nxvghME57setAQZICcC6Qj9gze4hPCBsulQ2OI8Bzgap2cl_xJWM7QRp0pCGjniFmRl53bKmi7d LoltQ1s9hk84m4Nqjmu23PJtU13yj7vzOjyRegXDeig_NTDdfrQIOApQ5b4BwpqFHlVmj4Jc6M9N 4JCsZEf74BJJ2foJ6GQ0gORmbc5nsv_ZBC_qHrmCpof7w4maof.rWT41g5rLfts0fu8kcNjlOeUB O8P3nJxGPHHkjAUK1ai6XfzdyGgR9eOVSOsVL3C537mVmj_9AOLF.SlcgHT7aFKnLh1rahG9_DGS tG3rPTdWTdG4_a678FBJOM6yu87ZW7AZcQDB50HiNz6HVSzU.Y1gVM.Y5ZfiXxlawwL5IKV2Yze9 oxBQhnpskog9Ckoj0G0OkRarNMw5Rzt57By6wW0m0L_OAT6HeX8shEDsdg4VplpxAbaInHtPREax Ilm90DgtzWgtAtkEBJpurlVFdUpV3zJmhmU7AG55BsKT0a4MQq_VAhTRda6msg9a5WwipN2zKhMG _A5ul01x99w0jcvF7ktz6_i9XdXkpHkz9nPY88Wr2VRm.cmaYfqi0IibWobxC_lUEmFJzJrqjq4W KRwn8tKG9dtHXYlGLo1OrDbUdvX29IF5a2014b.9WM97cZhVjpN0XUmmEFU6xT3dwNidtdqb8qav Fh5J1Ou9td8RT5DDYw1H19JByEMyEUQXaERmL2LpwtWzPgbT8KKy_aTRxDFHVGguAWZgrcKjkEAw T6ftNRbhnI25u3qw71KdFJWW3KabJrrwC6bWtxmzrDqVDit1E3HREp3B5O_zmO9uAPTW5p7nV3w1 AHypka7RDxZ_xEfUl4MXbKRjtBQLDaRi5erbm9jUcqHmQjwFfP4x5JmwfTCNeAR2hE1OMcyrRXqA 5LfKTsfeSmbFeYaqAjuYOduZvyuytbyj1EkEnBnjvr6TEYlPey2_PILJXOwb84sKpZLLTYhqxI_1 X6vfboAdAJ6zQrcAnnYPIoFDNS5za_mJ_DIL.21nW9jygn8duBUyyD_lFFom8BIBMqtfFHLNcR8Q d39Vyt9pFp28QCEX6pi9OAWQ2HwXV7s3u82Z4McZNLaPzIxc0JIOS1AOWPZLwXSsEq5bHe_TC4ZT 8Rm06vsFJrzTpGdIE0zBiayCxqlNyg3TjGgAcNGCNOgE1GFyFbQBG_IL.XHcghO1fqphvsvvG_Yg nu.obAVHyRLUHcf_30YMw9XcU4TS7VvrlyfUBSb.b.wAkx9vq5JL5t0JQ340Ykd_QuuYIMWEre.k 6eK.OalNlTNJMPbMM1pWG5uOrH9ZJJrfntIi6GyQXZcLZDbQs1BpiOKL3yD_Pi3gQaBLqC8WBBGl mIXz7I1j2bP5SEqfXoa0sA6PYwn_thRFDyqWy6NcWODrjEF.WdU_eZO9p4IDBi4E37UPwOn0wUao gj_.T3kXWsh9wOanL.1akr9RkFxdHaQgpR6ihwpD0fyobe83MhwrjGQFyxVuXD5G18uxI3QbQON. F3_LH391cJBJcaqd3fBk.vqEU_pbpY0vl8xPku.Ln2zj1Hn7ItFelVKPHc52OX.9MAdRO9DFTaY3 rMF7VgMJbKc7uYOthn3DXwDtWj3Ef9e6AaXLpi.HRnlKx8kTDdLs1bGOQqqpGIsu.s8uEVKQWqEk I_aeuwqRI.iM_oKDnuOWAgOJCI_.b8wHP0_nf1RW4Gn8ZK0IEy3FtyWPaMq1WlrhOgoRQEO2DksX LYyyPvguc.HjGmcKZtNpc7yszM.tudoXIwygs.Mz54uDstffqDIozIh7ypwoR7_MoQVI9l8U32pu HIe1.n0o.d1b.zZ419ZbH4WOP6d121yn.RUMv_IbfNsNgpAM0R0L9q0DAd1P9ibBdWkai.OtI9Cn nGkDW2tJkWKUjnOo4EYI0OVLa1O5CME5Q0fpBlwgkg7TdQDE14LNOOczOfzPyElWzY2svkFXQ.pv UB.2r5I2fbeEb3F4KToOranoFtuMKpqPgH7jBb7nCi8ON4LOe5Ss9IXhtWY9Z2fklqDthrdYgvpQ 9hAyzYfZA_svd_gOie_EZGlQtctApA8I6Vm65WuZ9TEgVAEXSkylR31Tym3HodHOVaiQtIokkXMS MeWeUtALRLszLzyQ- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Tue, 12 Jul 2022 21:58:38 +0000 Received: by hermes--production-gq1-56bb98dbc7-b6h6x (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID f4844076e4ed28c5f9c2d52b5baf81cd; Tue, 12 Jul 2022 21:58:32 +0000 (UTC) Message-ID: Date: Tue, 12 Jul 2022 14:58:31 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [PATCH v37 00/33] LSM: Module stacking for AppArmor To: John Johansen , casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org References: <20220628005611.13106-1-casey.ref@schaufler-ca.com> <20220628005611.13106-1-casey@schaufler-ca.com> <92d0f7cb-f565-38ad-37e8-54e04189f558@canonical.com> From: Casey Schaufler In-Reply-To: <92d0f7cb-f565-38ad-37e8-54e04189f558@canonical.com> X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-kernel@vger.kernel.org, linux-audit@redhat.com Errors-To: linux-audit-bounces@redhat.com Sender: "Linux-audit" X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 T24gNy8xMi8yMDIyIDI6NDIgUE0sIEpvaG4gSm9oYW5zZW4gd3JvdGU6Cj4gT24gNi8yNy8yMiAx Nzo1NSwgQ2FzZXkgU2NoYXVmbGVyIHdyb3RlOgo+PiBUaGlzIHBhdGNoc2V0IHByb3ZpZGVzIHRo ZSBjaGFuZ2VzIHJlcXVpcmVkIGZvcgo+PiB0aGUgQXBwQXJtb3Igc2VjdXJpdHkgbW9kdWxlIHRv IHN0YWNrIHNhZmVseSB3aXRoIGFueSBvdGhlci4KPj4gVGhlcmUgYXJlIGFkZGl0aW9uYWwgY2hh bmdlcyByZXF1aXJlZCBmb3IgU0VMaW51eCBhbmQgU21hY2sKPj4gdG8gY29leGlzdC4gVGhlc2Ug YXJlIHByaW1hcmlseSBpbiB0aGUgbmV0d29ya2luZyBjb2RlIGFuZAo+PiB3aWxsIGJlIGFkZHJl c3NlZCBhZnRlciB0aGVzZSBjaGFuZ2VzIGFyZSB1cHN0cmVhbS4KPj4KPj4gdjM3OiBSZWJhc2Ug dG8gNS4xOS1yYzMKPj4gwqDCoMKgwqDCoCAtIEF1ZGl0IGNoYW5nZXMgc2hvdWxkIGJlIGNvbXBs ZXRlLCBhbGwgY29tbWVudHMgaGF2ZSBiZWVuCj4+IMKgwqDCoMKgwqDCoMKgIGFkZHJlc3NlZC4K Pj4gwqDCoMKgwqDCoCAtIEFkZHJlc3MgaW5kZXhpbmcgYW4gZW1wdHkgYXJyYXkgZm9yIHRoZSBj YXNlIHdoZXJlIG5vCj4+IMKgwqDCoMKgwqDCoMKgIGJ1aWx0IGluIHNlY3VyaXR5IG1vZHVsZXMg cmVxdWlyZSBkYXRhIGluIHN0cnVjdCBsc21ibG9iLgo+PiDCoMKgwqDCoMKgIC0gRml4IGEgZmV3 IGNoZWNrcGF0Y2ggY29tcGxhaW50cy4KPj4gdjM2OiBSZWJhc2UgdG8gNS4xOS1yYzEKPj4gwqDC oMKgwqDCoCAtIFlldCBhbm90aGVyIHJld29yayBvZiB0aGUgYXVkaXQgY2hhbmdlcy4gUmVhcnJh bmdpbmcgaG93IHRoZQo+PiDCoMKgwqDCoMKgwqDCoCB0aW1lc3RhbXAgaXMgbWFuYWdlZCBhbGxv d3MgYXV4aWxpYXJ5IHJlY29yZHMgdG8gYmUgZ2VuZXJhdGVkCj4+IMKgwqDCoMKgwqDCoMKgIGNv cnJlY3RseSB3aXRoIGEgbWluaW11bSBvZiBmdXNzLgo+PiDCoMKgwqDCoMKgIC0gSW4gdGhlIGVu ZCBubyBMU00gaW50ZXJmYWNlIHNjYWZmb2xkaW5nIHJlbWFpbnMuIFNlY2lkcyBoYXZlCj4+IMKg wqDCoMKgwqDCoMKgIGJlZW4gcmVwbGFjZWQgd2l0aCBsc21ibG9iIHN0cnVjdHVyZXMgaW4gYWxs IGNhc2VzLCBpbmNsdWRpbmcKPj4gwqDCoMKgwqDCoMKgwqAgSU1BIGFuZCBOZXRMYWJlbC4KPgo+ IDw8c25pcD4+Cj4KPj4gaHR0cHM6Ly9naXRodWIuY29tL2NzY2hhdWZsZXIvbHNtLXN0YWNraW5n LmdpdCNzdGFjay01LjE5LXJjMy12MzcKPj4KPgo+IGhleSBDYXNleSwKPgo+IEkgYW0gbm90IGZp bmRpbmcgdjM3IGluIHlvdXIgcHVibGljIGdpdGh1YiB0cmVlLCB0aGUgbmV3ZXN0IEkgc2VlIGlz IHYzNgo+IGFuZCB2MzYtYSBib3RoIGJhc2VkIG9uIDUuMTktcmMxLiBDYW4geW91IG1ha2Ugc3Vy ZSB2MzcgaXMgcHVzaGVkPwoKV2hvb3BzLiB2MzcgaGFkbid0IGdvdHRlbiBwdXNoZWQuIEl0IGhh cyBiZWVuIG5vdy4gVGhhbmtzIGZvcgp5b3VyIGludGVyZXN0ISBBbmQgc3Vic2VxdWVudCByZXZp ZXdzLCBvZiBjb3Vyc2UuCgoKPgo+IHRoYW5rcwo+IGpvaG4KPgoKLS0KTGludXgtYXVkaXQgbWFp bGluZyBsaXN0CkxpbnV4LWF1ZGl0QHJlZGhhdC5jb20KaHR0cHM6Ly9saXN0bWFuLnJlZGhhdC5j b20vbWFpbG1hbi9saXN0aW5mby9saW51eC1hdWRpdAo=