lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 26 Oct 2017 12:59:08 -0700
From:   John Johansen <>
To:     Linus Torvalds <>
Cc:     James Bottomley <>,
        Thorsten Leemhuis <>,
        Vlastimil Babka <>,
        Seth Arnold <>,
        linux-kernel <>
Subject: Re: regression in 4.14-rc2 caused by apparmor: add base infastructure
 for socket mediation

On 10/26/2017 10:36 AM, Linus Torvalds wrote:
> On Tue, Oct 24, 2017 at 1:57 PM, John Johansen
> <> wrote:
>> actually a lot of work and testing has been done. A regression was
>> found, the fix is in testing and it should land soon, but its not the
>> regression you are having issues with.
> Stop gthis f*cking idiocy already!
> As far as the kernel is concerned, a regressions is THE KERNEL NOT
> The regression was in the kernel. You trying to shift the regressions
> somewhere  else is bogus SHIT.
> And seriously, it's the kind of garbage that makes me think your
> opinion and your code cannot be relied on.
> If you are not willing to admit that your commit 651e28c5537a
> ("apparmor: add base infastructure for socket mediation") caused a
> regression, then honestly, I don't want to get commits from you.
> It's that simple.
> I'm *very* unhappy with the security layer as is, the last thing I
> want to see is some security layer developer that then goes on to try
> to re-define was regression means.
> If you break existing user space setups THAT IS A REGRESSION.
You're right, sorry. I really wasn't thinking about this the right way.

> It's not ok to say "but we'll fix the user space setup".
> Really. NOT OK.
> I think I will have to revert that garbage, for the simple reason that
> I refuse to have code in the kernel from maintainers that cannot even
> understand the first rule of kernel development.
> The first rule is:
>  - we don't cause regressions
> and the corollary is that when regressions *do* occur, we admit to
> them and fix them, instead of blaming user space.
> The fact that you have apparently been denying the regression now for
> three weeks means that I will revert, and I will stop pulling apparmor
> requests until the people involved understand how kernel development
> is done.

ack, and understood. I will update the apparmor module kernel abi to
ensure that existing userspaces won't break here. After that we will
implement full policy versioning to ensure that userspace and the
kernel agree on the version of security policy that should be used.

Going forward if for any reason there is a regression we will either
get a patch to you asap or ask for the offending patch to be reverted.

Again, sorry, our perspective was too narrow. We will make it right.

Powered by blists - more mailing lists