From: Fan Wu <wufan@kernel.org>
To: torvalds@linux-foundation.org
Cc: bluca@debian.org, paul@paul-moore.com,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [GIT PULL] IPE fixes for 6.12-rc4
Date: Fri, 18 Oct 2024 14:26:01 -0700 [thread overview]
Message-ID: <cbe8cfae-e700-4c2a-849e-b7b457130608@kernel.org> (raw)
Hi Linus,
This PR addresses several issues identified by Luca when attempting to
enable IPE on Debian [1] and systemd [2]. It includes four commits
focused on enhancing functionality and resolving issues:
The first and second commits address issues with IPE policy update
errors and policy update version check, improving the clarity of error
messages for better understanding by userspace programs.
The third and fourth commits enable IPE policies to be signed by
secondary and platform keyrings, facilitating broader use across general
Linux distributions like Debian.
The final commit updates the IPE entry in the MAINTAINERS file to
reflect the new tree URL and my updated email from kernel.org.
As this is my first PR submission to you, I apologize in advance for any
mistakes. Could you please consider merging these changes into v6.12-rc4?
Thanks,
Fan
Link: https://salsa.debian.org/kernel-team/linux/-/merge_requests/1233 [1]
Link:
https://github.com/systemd/systemd/commit/394c61416c19bcc3231d3f717b72ef9d90b89ee7
[2]
--
The following changes since commit 8e929cb546ee42c9a61d24fae60605e9e3192354:
Linux 6.12-rc3 (2024-10-13 14:33:32 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/wufan/ipe.git
tags/ipe-pr-20241018
for you to fetch changes up to 917a15c37d371bc40b5ad13df366e29bd49c04a1:
MAINTAINERS: update IPE tree url and Fan Wu's email (2024-10-18
12:15:37 -0700)
----------------------------------------------------------------
ipe/stable-6.12 PR 20241018
----------------------------------------------------------------
Fan Wu (1):
MAINTAINERS: update IPE tree url and Fan Wu's email
Luca Boccassi (4):
ipe: return -ESTALE instead of -EINVAL on update when new policy
has a lower version
ipe: also reject policy updates with the same version
ipe: allow secondary and platform keyrings to install/update policies
ipe: fallback to platform keyring also if key in trusted keyring
is rejected
Documentation/admin-guide/LSM/ipe.rst | 7 +++++--
MAINTAINERS | 4 ++--
security/ipe/Kconfig | 19 +++++++++++++++++++
security/ipe/policy.c | 18 +++++++++++++++---
4 files changed, 41 insertions(+), 7 deletions(-)
next reply other threads:[~2024-10-18 21:26 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-18 21:26 Fan Wu [this message]
2024-10-20 0:59 ` [GIT PULL] IPE fixes for 6.12-rc4 pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cbe8cfae-e700-4c2a-849e-b7b457130608@kernel.org \
--to=wufan@kernel.org \
--cc=bluca@debian.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).