From: Vasily Kulikov <segoon@openwall.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>,
James Morris <jmorris@namei.org>,
LSM <linux-security-module@vger.kernel.org>,
LKLM <linux-kernel@vger.kernel.org>,
SE Linux <selinux@tycho.nsa.gov>,
John Johansen <john.johansen@canonical.com>,
Eric Paris <eparis@redhat.com>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Kees Cook <keescook@chromium.org>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH v12 0/9] LSM: Multiple concurrent LSMs
Date: Tue, 8 Jan 2013 10:34:45 +0400 [thread overview]
Message-ID: <20130108063445.GA4537@cachalot> (raw)
In-Reply-To: <50EB9C7E.7090304@schaufler-ca.com>
On Mon, Jan 07, 2013 at 20:11 -0800, Casey Schaufler wrote:
> On 1/7/2013 7:59 PM, Stephen Rothwell wrote:
> > You probably also want to think a bit harder about the order of the
> > patches - you should introduce new APIs before you use them and remove
> > calls to functions before you remove the functions.
> >
> The unfortunate reality is that I couldn't find a good way to stage the
> changes. It's a wonking big set of infrastructure change. I could introduce
> the security blob abstraction separately but that is a fraction of the
> change. If it would have gone through mail filters as a single patch I'd
> have sent it that way.
>
> I can spend time on patch presentation, and will if necessary.
I guess it can be divided this way:
1) Introduce lsm_get_cred(), etc. which unconditionally return
->security, ->i_security, etc.
2) Move all LSMs, procfs, etc. to the new API, a patch per LSM/subsystem.
3) Change structures along with new API.
The pro of the division is that if you have a bug in the series (and you
surely have! ;)) it is MUCH more simple to locate this bug (bisect, etc.).
Also it is more descriptive as you divide LSM changes and the core security
subsystem itself targeted on multiple LSMs which divides LSM
implementations (which might be not very important for someone) and the core
architecture (which is important for everybody).
Thanks,
--
Vasily Kulikov
http://www.openwall.com - bringing security into open computing environments
next prev parent reply other threads:[~2013-01-08 6:40 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-08 1:54 [PATCH v12 0/9] LSM: Multiple concurrent LSMs Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 1/9] " Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 2/9] " Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 3/9] " Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 4/9] " Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 5/9] " Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 6/9] " Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 7/9] " Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 8/9] " Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 9/9] " Casey Schaufler
2013-01-08 3:01 ` [PATCH v12 0/9] " Stephen Rothwell
2013-01-08 3:59 ` Stephen Rothwell
2013-01-08 4:11 ` Casey Schaufler
2013-01-08 6:34 ` Vasily Kulikov [this message]
2013-01-08 4:02 ` Casey Schaufler
2013-01-08 6:38 ` Vasily Kulikov
2013-01-08 9:12 ` James Morris
2013-01-08 17:14 ` Casey Schaufler
2013-01-08 20:19 ` Kees Cook
2013-01-09 13:42 ` James Morris
2013-01-09 17:07 ` Casey Schaufler
2013-01-08 20:40 ` John Johansen
2013-01-09 13:28 ` James Morris
2013-01-10 10:25 ` John Johansen
2013-01-10 13:23 ` Tetsuo Handa
2013-01-11 0:46 ` Eric W. Biederman
2013-01-11 0:57 ` John Johansen
2013-01-11 1:13 ` Eric W. Biederman
2013-01-11 1:15 ` John Johansen
2013-01-11 18:13 ` Casey Schaufler
2013-01-11 19:35 ` Eric W. Biederman
2013-01-08 17:47 ` Stephen Smalley
2013-01-08 18:17 ` Casey Schaufler
2013-01-08 20:01 ` John Johansen
2013-01-15 4:17 ` Casey Schaufler
2013-01-08 20:22 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130108063445.GA4537@cachalot \
--to=segoon@openwall.com \
--cc=akpm@linux-foundation.org \
--cc=casey@schaufler-ca.com \
--cc=eparis@redhat.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=selinux@tycho.nsa.gov \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox