* [GIT PULL] SELinux fix for 3.16-rcX
@ 2014-07-16 2:38 Paul Moore
2014-07-16 16:54 ` James Morris
2014-07-28 15:16 ` Paul Moore
0 siblings, 2 replies; 7+ messages in thread
From: Paul Moore @ 2014-07-16 2:38 UTC (permalink / raw)
To: James Morris; +Cc: linux-security-module, selinux
Hi James,
A single fix for the upcoming 3.16 release. This patch is worth pushing up
for 3.16, despite the late stage of the release, because without this patch
SELinux systems with the latest version of cryptsetup may not be able to
access their encrypted volumes (more details in the patch description) which
could prevent the system from booting properly, users accessing their home
directories, etc.
The patch is fairly minor and passes the SELinux testsuite.
-Paul
---
The following changes since commit 170b5910d9fbea79de1bb40df22eda5f98250c0c:
Merge tag 'v3.15' into next (2014-06-17 17:30:23 -0400)
are available in the git repository at:
git://git.infradead.org/users/pcmoore/selinux stable-3.16
for you to fetch changes up to 4da6daf4d3df5a977e4623963f141a627fd2efce:
selinux: fix the default socket labeling in sock_graft()
(2014-07-10 10:17:48 -0400)
----------------------------------------------------------------
Paul Moore (1):
selinux: fix the default socket labeling in sock_graft()
include/linux/security.h | 5 ++++-
security/selinux/hooks.c | 13 +++++++++++--
2 files changed, 15 insertions(+), 3 deletions(-)
--
paul moore
security and virtualization @ redhat
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [GIT PULL] SELinux fix for 3.16-rcX
2014-07-16 2:38 [GIT PULL] SELinux fix for 3.16-rcX Paul Moore
@ 2014-07-16 16:54 ` James Morris
2014-07-28 13:15 ` Paul Moore
2014-07-28 15:16 ` Paul Moore
1 sibling, 1 reply; 7+ messages in thread
From: James Morris @ 2014-07-16 16:54 UTC (permalink / raw)
To: Paul Moore; +Cc: linux-security-module, selinux
On Tue, 15 Jul 2014, Paul Moore wrote:
> Hi James,
>
> A single fix for the upcoming 3.16 release. This patch is worth pushing up
> for 3.16, despite the late stage of the release, because without this patch
> SELinux systems with the latest version of cryptsetup may not be able to
> access their encrypted volumes (more details in the patch description) which
> could prevent the system from booting properly, users accessing their home
> directories, etc.
>
> The patch is fairly minor and passes the SELinux testsuite.
Pulled, thanks.
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [GIT PULL] SELinux fix for 3.16-rcX
2014-07-16 16:54 ` James Morris
@ 2014-07-28 13:15 ` Paul Moore
2014-07-28 14:02 ` Paul Moore
0 siblings, 1 reply; 7+ messages in thread
From: Paul Moore @ 2014-07-28 13:15 UTC (permalink / raw)
To: James Morris; +Cc: linux-security-module, selinux
On Thursday, July 17, 2014 02:54:32 AM James Morris wrote:
> On Tue, 15 Jul 2014, Paul Moore wrote:
> > Hi James,
> >
> > A single fix for the upcoming 3.16 release. This patch is worth pushing
> > up for 3.16, despite the late stage of the release, because without this
> > patch SELinux systems with the latest version of cryptsetup may not be
> > able to access their encrypted volumes (more details in the patch
> > description) which could prevent the system from booting properly, users
> > accessing their home directories, etc.
> >
> > The patch is fairly minor and passes the SELinux testsuite.
>
> Pulled, thanks.
Hi James,
I haven't seen this patch in the last two 3.16-rcX releases from Linus, is
there a reason this isn't being pushed further up?
-Paul
--
paul moore
security and virtualization @ redhat
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [GIT PULL] SELinux fix for 3.16-rcX
2014-07-28 13:15 ` Paul Moore
@ 2014-07-28 14:02 ` Paul Moore
2014-07-28 14:38 ` Paul Moore
0 siblings, 1 reply; 7+ messages in thread
From: Paul Moore @ 2014-07-28 14:02 UTC (permalink / raw)
To: James Morris; +Cc: linux-security-module, selinux
On Monday, July 28, 2014 09:15:27 AM Paul Moore wrote:
> On Thursday, July 17, 2014 02:54:32 AM James Morris wrote:
> > On Tue, 15 Jul 2014, Paul Moore wrote:
> > > Hi James,
> > >
> > > A single fix for the upcoming 3.16 release. This patch is worth pushing
> > > up for 3.16, despite the late stage of the release, because without this
> > > patch SELinux systems with the latest version of cryptsetup may not be
> > > able to access their encrypted volumes (more details in the patch
> > > description) which could prevent the system from booting properly, users
> > > accessing their home directories, etc.
> > >
> > > The patch is fairly minor and passes the SELinux testsuite.
> >
> > Pulled, thanks.
>
> Hi James,
>
> I haven't seen this patch in the last two 3.16-rcX releases from Linus, is
> there a reason this isn't being pushed further up?
B'ah, nevermind. Probably best to hold on this I guess, I just got one report
of a problem that *may* be related.
--
paul moore
security and virtualization @ redhat
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [GIT PULL] SELinux fix for 3.16-rcX
2014-07-28 14:02 ` Paul Moore
@ 2014-07-28 14:38 ` Paul Moore
0 siblings, 0 replies; 7+ messages in thread
From: Paul Moore @ 2014-07-28 14:38 UTC (permalink / raw)
To: James Morris; +Cc: linux-security-module, selinux
On Monday, July 28, 2014 10:02:54 AM Paul Moore wrote:
> On Monday, July 28, 2014 09:15:27 AM Paul Moore wrote:
> > On Thursday, July 17, 2014 02:54:32 AM James Morris wrote:
> > > On Tue, 15 Jul 2014, Paul Moore wrote:
> > > > Hi James,
> > > >
> > > > A single fix for the upcoming 3.16 release. This patch is worth
> > > > pushing up for 3.16, despite the late stage of the release, because
> > > > without this patch SELinux systems with the latest version of
> > > > cryptsetup may not be able to access their encrypted volumes (more
> > > > details in the patch description) which could prevent the system from
> > > > booting properly, users accessing their home directories, etc.
> > > >
> > > > The patch is fairly minor and passes the SELinux testsuite.
> > >
> > > Pulled, thanks.
> >
> > Hi James,
> >
> > I haven't seen this patch in the last two 3.16-rcX releases from Linus, is
> > there a reason this isn't being pushed further up?
>
> B'ah, nevermind. Probably best to hold on this I guess, I just got one
> report of a problem that *may* be related.
Yeah, my apologies, best to drop that patch for now, I'll send a revert today.
--
paul moore
security and virtualization @ redhat
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [GIT PULL] SELinux fix for 3.16-rcX
2014-07-16 2:38 [GIT PULL] SELinux fix for 3.16-rcX Paul Moore
2014-07-16 16:54 ` James Morris
@ 2014-07-28 15:16 ` Paul Moore
2014-07-29 15:18 ` James Morris
1 sibling, 1 reply; 7+ messages in thread
From: Paul Moore @ 2014-07-28 15:16 UTC (permalink / raw)
To: James Morris; +Cc: linux-security-module, selinux
On Tuesday, July 15, 2014 10:38:19 PM Paul Moore wrote:
> Hi James,
>
> A single fix for the upcoming 3.16 release. This patch is worth pushing up
> for 3.16, despite the late stage of the release, because without this patch
> SELinux systems with the latest version of cryptsetup may not be able to
> access their encrypted volumes (more details in the patch description) which
> could prevent the system from booting properly, users accessing their home
> directories, etc.
>
> The patch is fairly minor and passes the SELinux testsuite.
Hello again,
Below is a revert for the patch above, while it fixed AF_ALG, it killed
Bluetooth so we need to revert it. I'll fix AF_ALG in a future patch.
---
The following changes since commit 4da6daf4d3df5a977e4623963f141a627fd2efce:
selinux: fix the default socket labeling in sock_graft() (2014-07-10
10:17:48 -0400)
are available in the git repository at:
git://git.infradead.org/users/pcmoore/selinux stable-3.16
for you to fetch changes up to 2873ead7e46694910ac49c3a8ee0f54956f96e0c:
Revert "selinux: fix the default socket labeling in sock_graft()"
(2014-07-28 10:46:07 -0400)
----------------------------------------------------------------
Paul Moore (1):
Revert "selinux: fix the default socket labeling in sock_graft()"
include/linux/security.h | 5 +----
security/selinux/hooks.c | 13 ++-----------
2 files changed, 3 insertions(+), 15 deletions(-)
--
paul moore
security and virtualization @ redhat
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [GIT PULL] SELinux fix for 3.16-rcX
2014-07-28 15:16 ` Paul Moore
@ 2014-07-29 15:18 ` James Morris
0 siblings, 0 replies; 7+ messages in thread
From: James Morris @ 2014-07-29 15:18 UTC (permalink / raw)
To: Paul Moore; +Cc: linux-security-module, selinux
On Mon, 28 Jul 2014, Paul Moore wrote:
> On Tuesday, July 15, 2014 10:38:19 PM Paul Moore wrote:
> > Hi James,
> >
> > A single fix for the upcoming 3.16 release. This patch is worth pushing up
> > for 3.16, despite the late stage of the release, because without this patch
> > SELinux systems with the latest version of cryptsetup may not be able to
> > access their encrypted volumes (more details in the patch description) which
> > could prevent the system from booting properly, users accessing their home
> > directories, etc.
> >
> > The patch is fairly minor and passes the SELinux testsuite.
>
> Hello again,
>
> Below is a revert for the patch above, while it fixed AF_ALG, it killed
> Bluetooth so we need to revert it. I'll fix AF_ALG in a future patch.
>
> ---
> The following changes since commit 4da6daf4d3df5a977e4623963f141a627fd2efce:
>
> selinux: fix the default socket labeling in sock_graft() (2014-07-10
> 10:17:48 -0400)
>
> are available in the git repository at:
>
> git://git.infradead.org/users/pcmoore/selinux stable-3.16
>
Pulled, thanks.
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2014-07-29 15:18 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-07-16 2:38 [GIT PULL] SELinux fix for 3.16-rcX Paul Moore
2014-07-16 16:54 ` James Morris
2014-07-28 13:15 ` Paul Moore
2014-07-28 14:02 ` Paul Moore
2014-07-28 14:38 ` Paul Moore
2014-07-28 15:16 ` Paul Moore
2014-07-29 15:18 ` James Morris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.