[GIT PULL] SELinux fix for 3.16-rcX

[GIT PULL] SELinux fix for 3.16-rcX

[Paul Moore]

Hi James,

A single fix for the upcoming 3.16 release.  This patch is worth pushing up 
for 3.16, despite the late stage of the release, because without this patch 
SELinux systems with the latest version of cryptsetup may not be able to 
access their encrypted volumes (more details in the patch description) which 
could prevent the system from booting properly, users accessing their home 
directories, etc.

The patch is fairly minor and passes the SELinux testsuite.

-Paul

---
The following changes since commit 170b5910d9fbea79de1bb40df22eda5f98250c0c:

  Merge tag 'v3.15' into next (2014-06-17 17:30:23 -0400)

are available in the git repository at:

  git://git.infradead.org/users/pcmoore/selinux stable-3.16

for you to fetch changes up to 4da6daf4d3df5a977e4623963f141a627fd2efce:

  selinux: fix the default socket labeling in sock_graft()
           (2014-07-10 10:17:48 -0400)

----------------------------------------------------------------
Paul Moore (1):
      selinux: fix the default socket labeling in sock_graft()

 include/linux/security.h |  5 ++++-
 security/selinux/hooks.c | 13 +++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

-- 
paul moore
security and virtualization @ redhat

Re: [GIT PULL] SELinux fix for 3.16-rcX

[James Morris]

On Tue, 15 Jul 2014, Paul Moore wrote:

> Hi James,
> 
> A single fix for the upcoming 3.16 release.  This patch is worth pushing up 
> for 3.16, despite the late stage of the release, because without this patch 
> SELinux systems with the latest version of cryptsetup may not be able to 
> access their encrypted volumes (more details in the patch description) which 
> could prevent the system from booting properly, users accessing their home 
> directories, etc.
> 
> The patch is fairly minor and passes the SELinux testsuite.

Pulled, thanks.


-- 
James Morris
<jmorris@namei.org>

Re: [GIT PULL] SELinux fix for 3.16-rcX

[Paul Moore]

On Thursday, July 17, 2014 02:54:32 AM James Morris wrote:
> On Tue, 15 Jul 2014, Paul Moore wrote:
> > Hi James,
> > 
> > A single fix for the upcoming 3.16 release.  This patch is worth pushing
> > up for 3.16, despite the late stage of the release, because without this
> > patch SELinux systems with the latest version of cryptsetup may not be
> > able to access their encrypted volumes (more details in the patch
> > description) which could prevent the system from booting properly, users
> > accessing their home directories, etc.
> > 
> > The patch is fairly minor and passes the SELinux testsuite.
> 
> Pulled, thanks.

Hi James,

I haven't seen this patch in the last two 3.16-rcX releases from Linus, is 
there a reason this isn't being pushed further up?

-Paul

-- 
paul moore
security and virtualization @ redhat

Re: [GIT PULL] SELinux fix for 3.16-rcX

[Paul Moore]

On Monday, July 28, 2014 09:15:27 AM Paul Moore wrote:
> On Thursday, July 17, 2014 02:54:32 AM James Morris wrote:
> > On Tue, 15 Jul 2014, Paul Moore wrote:
> > > Hi James,
> > > 
> > > A single fix for the upcoming 3.16 release.  This patch is worth pushing
> > > up for 3.16, despite the late stage of the release, because without this
> > > patch SELinux systems with the latest version of cryptsetup may not be
> > > able to access their encrypted volumes (more details in the patch
> > > description) which could prevent the system from booting properly, users
> > > accessing their home directories, etc.
> > > 
> > > The patch is fairly minor and passes the SELinux testsuite.
> > 
> > Pulled, thanks.
> 
> Hi James,
> 
> I haven't seen this patch in the last two 3.16-rcX releases from Linus, is
> there a reason this isn't being pushed further up?

B'ah, nevermind.  Probably best to hold on this I guess, I just got one report 
of a problem that *may* be related.

-- 
paul moore
security and virtualization @ redhat

Re: [GIT PULL] SELinux fix for 3.16-rcX

[Paul Moore]

On Monday, July 28, 2014 10:02:54 AM Paul Moore wrote:
> On Monday, July 28, 2014 09:15:27 AM Paul Moore wrote:
> > On Thursday, July 17, 2014 02:54:32 AM James Morris wrote:
> > > On Tue, 15 Jul 2014, Paul Moore wrote:
> > > > Hi James,
> > > > 
> > > > A single fix for the upcoming 3.16 release.  This patch is worth
> > > > pushing up for 3.16, despite the late stage of the release, because
> > > > without this patch SELinux systems with the latest version of
> > > > cryptsetup may not be able to access their encrypted volumes (more
> > > > details in the patch description) which could prevent the system from
> > > > booting properly, users accessing their home directories, etc.
> > > > 
> > > > The patch is fairly minor and passes the SELinux testsuite.
> > > 
> > > Pulled, thanks.
> > 
> > Hi James,
> > 
> > I haven't seen this patch in the last two 3.16-rcX releases from Linus, is
> > there a reason this isn't being pushed further up?
> 
> B'ah, nevermind.  Probably best to hold on this I guess, I just got one
> report of a problem that *may* be related.

Yeah, my apologies, best to drop that patch for now, I'll send a revert today.

-- 
paul moore
security and virtualization @ redhat

Re: [GIT PULL] SELinux fix for 3.16-rcX

[Paul Moore]

On Tuesday, July 15, 2014 10:38:19 PM Paul Moore wrote:
> Hi James,
> 
> A single fix for the upcoming 3.16 release.  This patch is worth pushing up
> for 3.16, despite the late stage of the release, because without this patch
> SELinux systems with the latest version of cryptsetup may not be able to
> access their encrypted volumes (more details in the patch description) which
> could prevent the system from booting properly, users accessing their home
> directories, etc.
> 
> The patch is fairly minor and passes the SELinux testsuite.

Hello again,

Below is a revert for the patch above, while it fixed AF_ALG, it killed 
Bluetooth so we need to revert it.  I'll fix AF_ALG in a future patch.

---
The following changes since commit 4da6daf4d3df5a977e4623963f141a627fd2efce:

  selinux: fix the default socket labeling in sock_graft() (2014-07-10  
           10:17:48 -0400)

are available in the git repository at:

  git://git.infradead.org/users/pcmoore/selinux stable-3.16

for you to fetch changes up to 2873ead7e46694910ac49c3a8ee0f54956f96e0c:

  Revert "selinux: fix the default socket labeling in sock_graft()"     
          (2014-07-28 10:46:07 -0400)

----------------------------------------------------------------
Paul Moore (1):
      Revert "selinux: fix the default socket labeling in sock_graft()"

 include/linux/security.h |  5 +----
 security/selinux/hooks.c | 13 ++-----------
 2 files changed, 3 insertions(+), 15 deletions(-)

-- 
paul moore
security and virtualization @ redhat

Re: [GIT PULL] SELinux fix for 3.16-rcX

[James Morris]

On Mon, 28 Jul 2014, Paul Moore wrote:

> On Tuesday, July 15, 2014 10:38:19 PM Paul Moore wrote:
> > Hi James,
> > 
> > A single fix for the upcoming 3.16 release.  This patch is worth pushing up
> > for 3.16, despite the late stage of the release, because without this patch
> > SELinux systems with the latest version of cryptsetup may not be able to
> > access their encrypted volumes (more details in the patch description) which
> > could prevent the system from booting properly, users accessing their home
> > directories, etc.
> > 
> > The patch is fairly minor and passes the SELinux testsuite.
> 
> Hello again,
> 
> Below is a revert for the patch above, while it fixed AF_ALG, it killed 
> Bluetooth so we need to revert it.  I'll fix AF_ALG in a future patch.
> 
> ---
> The following changes since commit 4da6daf4d3df5a977e4623963f141a627fd2efce:
> 
>   selinux: fix the default socket labeling in sock_graft() (2014-07-10  
>            10:17:48 -0400)
> 
> are available in the git repository at:
> 
>   git://git.infradead.org/users/pcmoore/selinux stable-3.16
> 

Pulled, thanks.

-- 
James Morris
<jmorris@namei.org>