* Stephen Smalley (sds@private) wrote: > On Mon, 2004-07-26 at 10:22, Stephen Smalley wrote: > > BTW, I'd advise working against the > > mainline kernel tree, as the LSM BitKeeper tree seems dead (last updated > > for 2.6.4 vs. current mainline of 2.6.8-rc2), and you'll have to re-base > > anyway to submit any patches upstream due to differences in security.h > > and elsewhere from legacy hooks. > > I thought I should raise this issue as a separate thread. My > impression, and our practice for SELinux for some time since LSM was > merged into mainline, is that people using LSM should just work directly > off the mainline kernel and submit any new hooks and/or security modules > to lkml and the appropriate subsystem maintainers (including Chris > Wright, as the LSM maintainer), with a cc to the lsm list for general > awareness among other LSM users/developers. Yes, I agree with this. > At this point, the LSM > BitKeeper tree seems to mostly just be for historical reference. If It is at this point. It's not really a staging ground for what needs to be merged. Primarily because it includes all the rejected hooks (which are useful for historical reference). > someone wanted to actively maintain a separate tree to allow more > radical development in preparation for 2.7, I think that they would > likely want to clone a new tree from mainline to ease maintenance and > allow easier generation of diffs against mainline for submission > upstream. Yes, basing it on the LSM bk tree would be the wrong starting point. > Working from the LSM tree seems to suffer from 1) lagging > behind mainline, 2) reliance on legacy hooks not in mainline (and no > impetus to get those hooks accepted, since the security module writer > doesn't even realize that the hook is only in the LSM tree), 3) failure > to get any other security modules into mainline - they just get posted > to lsm or a few are in the LSM BitKeeper tree, but they never make their > way to lkml for general review and consideration. The latter point is my fault. LIDS, for example, has gone through some review cycles with me and is waiting for final review and push towards mainline. And I haven't scheduled time for this. It's not for lack of LIDS developer interest that this has lagged. Given the relative stability of the LSM interface, and the new 2.6/2.7 development model, it's reasonable to review pending items for mainline inclusion. I can create a separate tree, or maintain pointers to patches, or whatever people find useful. Ideally, we'll get modules pushed upstream. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2.1.3 : Fri Jul 30 2004 - 14:36:51 PDT