From: Greg KH <gregkh@linuxfoundation.org>
To: Alexander Grund <theflamefire89@gmail.com>
Cc: stable@vger.kernel.org, James Morris <jmorris@namei.org>
Subject: Re: [PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
Date: Sun, 10 Jul 2022 16:15:41 +0200 [thread overview]
Message-ID: <YsrfDfe3urGkepvJ@kroah.com> (raw)
In-Reply-To: <cbc4d668-819e-26e9-52c6-01ea4b62892e@gmail.com>
On Sun, Jul 10, 2022 at 04:08:00PM +0200, Alexander Grund wrote:
> On 10.07.22 15:27, Greg KH wrote:
> >> What kernel version(s) are you wanting this applied to?
>
> That should go onto 4.9, I see I should have used `--subject-prefix`.
>
> >> And your email send address does not match your signed-off-by
> >> name/address, so for obvious reasons, we can't take this.
>
> My 2nd email (from GMail) is much easier to setup but I'd like to keep my usual signed-off tag.
> Would `--from=git@grundis.de --reply-to=theflamefire89@gmail.com` be acceptable?
I can't see reply-to when reviewing a patch, can you?
What would you want to see if you had to review this to verify it was
sane?
> > And of course, why is this needed in any stable kernel tree? It isn't
> > fixing a bug, it's adding a new feature. Patch 2/2 also doesn't fix
> > anything, so we need some explaination here. Perhaps do that in your
> > 0/X email that I can't seem to find here?
>
> Good point, so I need to use `--cover-letter` even for backports. Makes sense.
> The previous discussion can be found at [1].
> The essence is that this adds security hardening by disallowing writes to LSM hooks after initialization.
> Additionally included here to reduce divergence with mainline to ease application of further (backported) commits.
We can't add new features to older kernel versions, as you know that's
not allowed as per the stable kernel rules. If you want newer security
features, just move to a newer kernel version.
And without any context here, or the "further" commits, how are we
supposed to know any of this?
thanks,
greg k-h
prev parent reply other threads:[~2022-07-10 14:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-10 13:10 [PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS theflamefire89
2022-07-10 13:10 ` [PATCH 2/2] security: mark LSM hooks as __ro_after_init theflamefire89
2022-07-10 13:26 ` [PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS Greg KH
2022-07-10 13:27 ` Greg KH
2022-07-10 14:08 ` Alexander Grund
2022-07-10 14:15 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YsrfDfe3urGkepvJ@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=jmorris@namei.org \
--cc=stable@vger.kernel.org \
--cc=theflamefire89@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox