[Maverick][GIT PULL] replacement of hacks with Yama
Leann Ogasawara
leann.ogasawara at canonical.com
Wed Jun 30 21:30:23 UTC 2010
On Wed, 2010-06-30 at 13:45 -0700, Kees Cook wrote:
> Hi Tim,
>
> On Wed, Jun 30, 2010 at 08:12:24AM -0600, Tim Gardner wrote:
> > These commits all have '(cherry picked from commit *)' comments in
> > the commit log, but as the objects are not from Linus' tree, they
> > are not relevant. Can you amend these commit log messages?
>
> Ah, sorry, they're from security-testing-2.6#next:
> http://git.kernel.org/?p=linux/kernel/git/jmorris/security-testing-2.6.git;a=shortlog;h=refs/heads/next
>
> What is the best way to reference these kinds of cherry picks?
I don't think we've standardized on a syntax but something like the
following would be fine with me:
(cherry picked from commit <insert sha1>
from git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6.git next)
Thanks,
Leann
> > I've noted a couple of upstream suggestions for your patch set
> > inclusion in Morris' tree. Will you be including those so that we
> > don't drift from upstream?
>
> Yes, I updated and tested those changes this morning.
>
> > Given that this is an LSM, and LSMs don't stack or chain (I think),
> > how is it going to interact with AppArmor ?
>
> The top patch in the pull request takes care of this in an LSM-agnostic way
> (i.e. Yama is unconditionally called before whatever the active LSM is):
> http://kernel.ubuntu.com/git?p=kees/linux-2.6.git;a=commitdiff;h=9578dd34c5949d41a1237d2ad080bcf438d963e7
>
> -Kees
>
> --
> Kees Cook
> Ubuntu Security Team
>
More information about the kernel-team
mailing list