From patchwork Wed Jun 13 21:22:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 10462939 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 614EA60234 for ; Wed, 13 Jun 2018 21:22:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3726628D21 for ; Wed, 13 Jun 2018 21:22:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1F7C428DEC; Wed, 13 Jun 2018 21:22:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 84B9828D21 for ; Wed, 13 Jun 2018 21:22:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754535AbeFMVWU (ORCPT ); Wed, 13 Jun 2018 17:22:20 -0400 Received: from mail-lf0-f66.google.com ([209.85.215.66]:41101 "EHLO mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754517AbeFMVWT (ORCPT ); Wed, 13 Jun 2018 17:22:19 -0400 Received: by mail-lf0-f66.google.com with SMTP id d24-v6so6129143lfa.8 for ; Wed, 13 Jun 2018 14:22:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=G7aRMKbsemighwGV3SYZAmJGd2MsoJ03kXKpz5fSoeg=; b=BRtLKlvMEIXgUpdydD6f2tUDzf4LlCYIVIJ5rpsgtzX9SIMhaYBqU6n4a2uAqAXBhH RFswUqHdd2HxzE+eJIFnTg8ekH+fvvGh3vklb1CwbEHpjKHa0hq4AOe8jc7wLuTnINYx zmvHYIlPlZQN/RXP1Co+tOn4s02NGj/DBney5VaIiNc3XLe96Br+z+wWi+DNFOyFGUQF Ayp/23Ohcygb0eEKmTA1ocN7m3PQCuJXfbhEzB4SbMfF53TAvre013HuZXFpbfoZCiUY XF+YId0k6v6paAyieOIQmt/a/T/GNQ5PQ18zFH8eUZ4HImRzr62UlGC7b2OdhY7m2IND EKGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=G7aRMKbsemighwGV3SYZAmJGd2MsoJ03kXKpz5fSoeg=; b=n/MAYfV0MGkH4vCPqX9L1gLEE445/lRk2l398lq1ZYzx4R/PiiZKp0ZlxsYyIzGYTR ob6Qx7Pw3X1Fo3AvpaTVnfQltMmw2LzKSj41LLyAoJZBcRB6IsrQhED4Zct5Bm6EKXvn uySNGZYMovg9Hf+U8hwFxSb8bjamnhw2V7I1HteoHABU57H3e2gizfxUZAyuJ1udSZ82 QjRgMWmdPMom4kfizHvNbShVbFj25fd2k0/woFvuwmuRmFnGpFK7KL4qop+X7IiKTZnN d915Szp0c0vQYeKGARRxcF2RyvABQAlmyGaJk2p1hQPQCVFcU3VmN/lRNpFSHwJET8YR m91A== X-Gm-Message-State: APt69E3LekDyfGcjQqmtwBaMhJkq6nMVmZqCbqMnnPGBSSoZOvCtOo72 13AyNQfDXTR9ooeRQXoMigVV20ge8FT1kv89ekJD X-Google-Smtp-Source: ADUXVKLeV0QeiUiXZzbsoEu2UtMgAFgxuK6d22Tpo7s5DLCS8xq2RUCVCpUbcbvBm3MnVw37tpur8JsYzpq6vlCremM= X-Received: by 2002:a19:d245:: with SMTP id j66-v6mr4353168lfg.139.1528924938062; Wed, 13 Jun 2018 14:22:18 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a19:a911:0:0:0:0:0 with HTTP; Wed, 13 Jun 2018 14:22:17 -0700 (PDT) X-Originating-IP: [50.252.214.51] In-Reply-To: <1adae238-44cc-83f5-538a-1b9c12916875@schaufler-ca.com> References: <1e91f8e10ce76d3208239b6b5899aab76d1543ff.1528743633.git.joe@perches.com> <3d890108a942b6a3fb9a5326501174af270707dc.camel@perches.com> <00961ef3fb41930a3304da935f1f73ebe386e83c.camel@perches.com> <38670733fba157f7acd9c1555b44a296420f0774.camel@perches.com> <1adae238-44cc-83f5-538a-1b9c12916875@schaufler-ca.com> From: Paul Moore Date: Wed, 13 Jun 2018 17:22:17 -0400 Message-ID: Subject: Re: [-next PATCH] security: use octal not symbolic permissions To: Casey Schaufler Cc: Joe Perches , James Morris , John Johansen , Mimi Zohar , Dmitry Kasatkin , Stephen Smalley , Eric Paris , Kentaro Takeda , Tetsuo Handa , "Serge E. Hallyn" , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@tycho.nsa.gov Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Wed, Jun 13, 2018 at 5:14 PM, Casey Schaufler wrote: > On 6/13/2018 12:57 PM, Paul Moore wrote: >> On Wed, Jun 13, 2018 at 3:30 PM, Joe Perches wrote: >>> On Wed, 2018-06-13 at 12:19 -0400, Paul Moore wrote: >>>> On Wed, Jun 13, 2018 at 12:04 PM, Joe Perches wrote: >>>>> On Wed, 2018-06-13 at 11:49 -0400, Paul Moore wrote: >>>>>> On Tue, Jun 12, 2018 at 8:29 PM, Joe Perches wrote: >>>>>>> On Tue, 2018-06-12 at 17:12 -0400, Paul Moore wrote: ... >>> If James is not approving or merging security/selinux or >>> security/tomoyo then perhaps the F: entries could be >>> augmented with appropriate X: entries or made specific >>> by using specific entries like: >>> >>> F: security/* >>> F: security/integrity/ >>> F: security/keys/ > > There are already F: entries for security/selinux, security/smack > and security/apparmor so I don't get your point. Perhaps I've interpreted this the wrong way, but I took this to mean that those security subsystems which don't flow through James should use the X: entry to exclude themselves. For example, here is a quick diff to exclude SELinux: diff --git a/MAINTAINERS b/MAINTAINERS index c13b9fb3be0b..dc0b31121459 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -12771,6 +12771,7 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/g> W: http://kernsec.org/ S: Supported F: security/ +X: security/selinux/ SELINUX SECURITY MODULE M: Paul Moore