On Fri, Mar 29, 2024 at 3:28 PM Mimi Zohar zohar@linux.ibm.com wrote:
On Fri, 2024-03-29 at 15:12 -0400, Paul Moore wrote:
Another important thing to keep in mind about 'Fixes' tags, unless you've told the stable kernel folks to only take patches that you've explicitly marked for stable, they are likely going to attempt to backport anything with a 'Fixes' tag.
How do we go about doing that? Do we just send an email to stable?
When I asked for a change to the stable policy, it was an email exchange with Greg where we setup what is essentially a shell glob to filter out the files to skip unless explicitly tagged:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree...
Is it disabled for security?
I asked for it to be disabled for the LSM layer, SELinux, and audit. I sent a note about it last year to the mailing list:
https://lore.kernel.org/linux-security-module/CAHC9VhQgzshziG2tvaQMd9jchAVMu...
I thought new functionality won't be backported.
One thing I noticed fairly consistently in the trees I maintained is that commits marked with a 'Fixes' tag were generally backported regardless of if they were marked for stable.
Hopefully the changes for making IMA & EVM full fledged LSMs won't be automatically backported to stable.
I haven't seen that happening, and I wouldn't expect it in the future as none of those patches were explicitly marked for stable or had a 'Fixes' tag.
-- paul-moore.com