From: "Serge E. Hallyn" <serge@hallyn.com>
To: Simon Thoby <git@nightmared.fr>
Cc: "Paul Moore" <paul@paul-moore.com>,
"Tetsuo Handa" <penguin-kernel@i-love.sakura.ne.jp>,
"Kees Cook" <kees@kernel.org>,
"Fan Wu" <wufan@linux.microsoft.com>,
"Mickaël Salaün" <mic@digikod.net>,
"Mimi Zohar" <zohar@linux.ibm.com>,
"Micah Morton" <mortonm@chromium.org>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"John Johansen" <john.johansen@canonical.com>,
"Roberto Sassu" <roberto.sassu@huawei.com>,
"KP Singh" <kpsingh@kernel.org>,
"Jonathan Corbet" <corbet@lwn.net>,
linux-security-module@vger.kernel.org
Subject: Re: TOMOYO's pull request for v6.12
Date: Sat, 5 Oct 2024 19:02:06 -0500 [thread overview]
Message-ID: <20241006000206.GA901131@mail.hallyn.com> (raw)
In-Reply-To: <ec8770e0-8f7c-42b7-b66b-7f830be7271a@nightmared.fr>
On Sat, Oct 05, 2024 at 07:28:35PM +0200, Simon Thoby wrote:
...
> Perhaps you would be better served by providing your users with a snippet of documentation
> explaining how to configure MOK and to rebuild the RHEL kernel with TOMOYO enabled?
> To be fair, I know that your customers may find this a time-consuming ordeal compared to using
> the official kernel - especially as you want to keep up with the frequent updates.
Tetsuo's problem, AIUI, is not that it's difficult to rebuild the kernel enabling
tomoyo, it's that once his customers do so, RedHat will not support/debug in case
of failures.
> But OTOH that's not end-of-the-world complexity either, which makes it fine for occasional use,
> e.g. to behave like "a sort of system-wide strace-like profiler" (I'm guessing your customers
> are only doing this operation from time to time, not continuously in production).
> There's no perfect solution I guess, but to keep lobbying distributors to enabled TOMOYO
> in their kernels.
>
> Simon
next prev parent reply other threads:[~2024-10-06 0:02 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-02 20:12 TOMOYO's pull request for v6.12 Paul Moore
2024-10-03 2:43 ` Serge E. Hallyn
2024-10-03 2:51 ` Serge E. Hallyn
2024-10-03 3:05 ` John Johansen
2024-10-03 15:32 ` Paul Moore
2024-10-03 16:29 ` Serge E. Hallyn
2024-10-04 10:50 ` Tetsuo Handa
2024-10-04 13:11 ` Mickaël Salaün
2024-10-04 14:34 ` Tetsuo Handa
2024-10-05 4:39 ` John Johansen
2024-10-03 16:36 ` Casey Schaufler
2024-10-03 16:42 ` Serge E. Hallyn
2024-10-03 16:49 ` Paul Moore
2024-10-03 16:58 ` Casey Schaufler
2024-10-04 20:54 ` Kees Cook
2024-10-04 21:03 ` Paul Moore
2024-10-04 23:41 ` Tetsuo Handa
2024-10-05 0:17 ` Kees Cook
2024-10-05 3:38 ` John Johansen
2024-10-23 10:52 ` Tetsuo Handa
2024-10-05 7:10 ` Tetsuo Handa
2024-10-05 16:10 ` Casey Schaufler
2024-10-05 17:02 ` Dr. Greg
2024-10-05 18:58 ` Casey Schaufler
2024-10-05 23:47 ` Paul Moore
2024-10-06 16:18 ` Dr. Greg
2024-10-06 16:47 ` Casey Schaufler
2024-10-06 20:20 ` Paul Moore
2024-10-06 21:50 ` John Johansen
2024-10-05 16:30 ` Paul Moore
2024-10-05 17:28 ` Simon Thoby
2024-10-06 0:02 ` Serge E. Hallyn [this message]
2024-10-06 10:02 ` Tetsuo Handa
2024-10-06 11:14 ` Simon Thoby
2024-10-07 11:00 ` Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241006000206.GA901131@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=casey@schaufler-ca.com \
--cc=corbet@lwn.net \
--cc=git@nightmared.fr \
--cc=john.johansen@canonical.com \
--cc=kees@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=mortonm@chromium.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=roberto.sassu@huawei.com \
--cc=wufan@linux.microsoft.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox