From: Eric Suen <ericsu@linux.microsoft.com>
To: Daniel Durning <danieldurning.work@gmail.com>,
Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <stephen.smalley.work@gmail.com>,
selinux@vger.kernel.org, omosnace@redhat.com
Subject: Re: [PATCH] selinux: implement bpf_token_cmd and bpf_token_capable hooks
Date: Tue, 5 Aug 2025 11:19:53 -0700 [thread overview]
Message-ID: <b69d2b6e-544f-400e-bde6-9aaa4b2964f4@linux.microsoft.com> (raw)
In-Reply-To: <CAKrb_fEe8UmSMXpv2qHNiSMxhJz-msztxeDqzp0n1MckY3BRSw@mail.gmail.com>
On 8/5/2025 7:17 AM, Daniel Durning wrote:
> On Mon, Aug 4, 2025 at 4:13 PM Paul Moore<paul@paul-moore.com> wrote:
>> On Mon, Aug 4, 2025 at 8:18 AM Stephen Smalley
>> <stephen.smalley.work@gmail.com> wrote:
>>> Eric - note that Daniel also posted a patch for the selinux-testsuite
>>> to exercise these hooks and checks based on the Linux kernel self-test
>>> for bpf tokens, see
>>> https://lore.kernel.org/selinux/CAEjxPJ7DBDnZEFvgpe58K4B+4kZdOqUGMHvGC2vKt-4Zget=Hg@mail.gmail.com/T/#t
>> FWIW, I believe Eric has some basic tests too, although I will admit
>> to losing track of that aspect, as we have had several months of
>> setbacks lately due to package building, email, etc.
>>
>>> Paul - it would be good to avoid such duplication of effort in the
>>> future, maybe we should be tracking such things in the GitHub project?
>> Yes, it's unfortunate when we see duplicated work, but thankfully it
>> happens very rarely in our case. We can track things on GitHub, but
>> with development happening largely on the mailing list I'm skeptical
>> about how successful that will end up being. Our GH related efforts
>> have been very mixed thus far. Another option might simply be to tell
>> people to announce a development effort on the mailing list, although
>> I can see that having problems too.
>>
>> If there are some positives, it may be that both Daniel and Eric's
>> work are still in the early stages, so there is likely room for the
>> two of them to cooperate together on a solution. Daniel, Eric, what
>> do you think about that?
> I would be happy to work with Eric on a solution. Looking forward to
> seeing his patch once it gets posted.
Thanks a lot, Daniel. I was actually hesitant to send out my changes
since you
already have test changes prepared, and I didn’t want to step on your toes.
Really appreciate your openness to collaborate.
I'll send out my patch soon and make sure to reference your test work in the
description.
next prev parent reply other threads:[~2025-08-05 18:19 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-01 15:46 [PATCH] selinux: implement bpf_token_cmd and bpf_token_capable hooks danieldurning.work
2025-08-01 18:38 ` Stephen Smalley
2025-08-01 19:29 ` Stephen Smalley
2025-08-03 12:28 ` Paul Moore
2025-08-04 12:18 ` Stephen Smalley
2025-08-04 20:13 ` Paul Moore
2025-08-05 14:17 ` Daniel Durning
2025-08-05 18:19 ` Eric Suen [this message]
2025-08-06 18:30 ` Eric Suen
2025-08-04 13:20 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b69d2b6e-544f-400e-bde6-9aaa4b2964f4@linux.microsoft.com \
--to=ericsu@linux.microsoft.com \
--cc=danieldurning.work@gmail.com \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).