lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1633246.WIdWYpcqb3@sifl>
Date:	Wed, 13 Jan 2016 11:24:29 -0500
From:	Paul Moore <pmoore@...hat.com>
To:	Stephen Rothwell <sfr@...b.auug.org.au>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-audit@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] Audit patches for 4.5

On Thursday, January 14, 2016 02:03:25 AM Stephen Rothwell wrote:
> Hi Paul,
> 
> On Wed, 13 Jan 2016 09:29:55 -0500 Paul Moore <pmoore@...hat.com> wrote:
> > The following changes since commit afd2ff9b7e...:
> >   Linux 4.4 (2016-01-10 15:01:32 -0800)
> > 
> > are available in the git repository at:
> >   git://git.infradead.org/users/pcmoore/audit upstream
> 
> This has all been rebased onto v4.4 (and all the author dates changed) :-(
> 
> And your "next" branch hasn't been updated to match :-(

Hi Stephen,

In December I made some changes to how I manage the SELinux and audit trees:

 * https://www.redhat.com/archives/linux-audit/2015-December/msg00019.html

... I will readily admit it isn't a perfect system, in fact it is a step back 
in some areas, but the changes make it easier for me to get pre-built kernel 
packages to users who are interested in testing the bleeding edge (the Fedora 
COPR repository, see below) and it helps me keep up with weekly testing of 
both the -rcX kernel releases and the changes in the SELinux and audit trees.  
One of the things I've been trying to work on lately is better, more 
automated, testing of the SELinux and audit bits in the Linux kernel; 
unfortunately, some things have had to change a little to help make this 
happen, but I think the more frequent testing outweighs any disadvantages.

The date change is likely a result of moving the patches from audit#next to 
audit#upstream as part of the process mentioned above.  I haven't updated 
audit#next yet because I know you try to keep linux-next quiet until -rc1 is 
released; if that has changed let me know and I'll be happy to update 
audit#next.  Also, if you have any suggestions on how to improve my process, 
I'm always open to new ideas.

For reference, the Fedora COPR repository can be found below, it was announced 
back in November, but only to the relevant lists.  Anyone is welcome to give 
the kernels a try (instructions are provided) and report any problems they 
find.  I tend to push out an update at least once a week to coincide with the 
new -rcX release, although the exact day varies due to merge conflicts, build 
problems, etc.

 * https://copr.fedoraproject.org/coprs/pcmoore/kernel-secnext

Eventually I'd like to do something similar for Debian, Gentoo, distro du 
juor, etc. (I'm hoping if I lower the barrier for testing, more people will 
give it a try) but I'm starting with Fedora Rawhide to get the kinks worked 
out and improve my automation.

-Paul

-- 
paul moore
security @ redhat

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ