On Fri, Sep 8, 2017 at 1:25 PM, Linus Torvalds <[email protected]> wrote: > On Fri, Sep 8, 2017 at 12:09 AM, Christoph Hellwig <[email protected]> wrote: >> >> But yes, for the init-time integrity_read_file this is incorrect. >> It never tripped up, and I explicitly added the lockdep annotations >> so that anything would show up, and it's been half a year since >> I sent that first RFC patch.. > > I don't think anybody actually tests linux-next kernels in any big > way, and the automated tests that do get run probably don't run with > any integrity checking enabled. > > Which is why I actually look at the code when merging unexpected stuff. > > This is also why I tend to prefer getting multiple branches for > independent things. > > Now the whole security pull will be ignored because of this thing. I > refuse to pull garbage where I notice major fundamental problems in > code that has obviously never ever been tested.
Is it time to start sending pull request for each LSM and thing under security/ directly? I'm not sure I have a strong preference either way, I just don't want to see the SELinux changes ignored during the merge window. -- paul moore www.paul-moore.com
