* [GIT PULL] SELinux patches for v5.18
@ 2022-03-21 22:13 Paul Moore
2022-03-22 3:56 ` pr-tracker-bot
0 siblings, 1 reply; 2+ messages in thread
From: Paul Moore @ 2022-03-21 22:13 UTC (permalink / raw)
To: Linus Torvalds; +Cc: selinux, linux-security-module, linux-kernel
Linus,
We've got a number of SELinux patches queued up for v5.18, the
highlights are below:
- Fixup the security_fs_context_parse_param() LSM hook so it executes
all of the LSM hook implementations unless a serious error occurs. We
also correct the SELinux hook implementation so that it returns zero
on success.
- In addition to a few SELinux mount option parsing fixes, we
simplified the parsing by moving it earlier in the process. The logic
was that it was unlikely an admin/user would use the new mount API and
not have the policy loaded before passing the SELinux options.
- Properly fixed the LSM/SELinux/SCTP hooks with the addition of the
security_sctp_assoc_established() hook. This work was done in
conjunction with the netdev folks and should complete the move of the
SCTP labeling from the endpoints to the associations.
- Fixed a variety of sparse warnings caused by changes in the "__rcu"
markings of some core kernel structures.
- Ensure we access the superblock's LSM security blob using the
stacking-safe accessors.
- Added the ability for the kernel to always allow FIOCLEX and
FIONCLEX if the "ioctl_skip_cloexec" policy capability is specified.
- Various constifications improvements, type casting improvements,
additional return value checks, and dead code/parameter removal.
- Documentation fixes.
Please merge.
-Paul
--
The following changes since commit e783362eb54cd99b2cac8b3a9aeac942e6f6ac07:
Linux 5.17-rc1 (2022-01-23 10:12:53 +0200)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
tags/selinux-pr-20220321
for you to fetch changes up to cdbec3ede0b8cb318c36f5cc945b9360329cbd25:
selinux: shorten the policy capability enum names
(2022-03-02 11:37:03 -0500)
----------------------------------------------------------------
selinux/stable-5.18 PR 20220321
----------------------------------------------------------------
Casey Schaufler (1):
LSM: general protection fault in legacy_parse_param
Christian Göttsche (11):
selinux: check return value of sel_make_avc_files
selinux: declare path parameters of _genfs_sid const
selinux: declare name parameter of hash_eval const
selinux: enclose macro arguments in parenthesis
selinux: drop cast to same type
selinux: drop unused parameter of avtab_insert_node
selinux: do not discard const qualifier in cast
selinux: simplify cred_init_security
selinux: drop unused macro
selinux: drop return statement at end of void functions
selinux: use correct type for context length
GONG, Ruiqi (1):
selinux: access superblock_security_struct in LSM blob way
Ondrej Mosnacek (3):
selinux: parse contexts for mount options early
security: add sctp_assoc_established hook
security: implement sctp_assoc_established hook in selinux
Paul Moore (3):
selinux: fix a type cast problem in cred_init_security()
selinux: various sparse fixes
selinux: shorten the policy capability enum names
Richard Haines (1):
selinux: allow FIOCLEX and FIONCLEX with policy capability
Scott Mayhew (2):
selinux: Fix selinux_sb_mnt_opts_compat()
selinux: try to use preparsed sid before calling parse_sid()
Wan Jiabing (1):
docs: fix 'make htmldocs' warning in SCTP.rst
Documentation/security/SCTP.rst | 26 ++-
include/linux/lsm_hook_defs.h | 2 +
include/linux/lsm_hooks.h | 5 +
include/linux/security.h | 8 +
net/sctp/sm_statefuns.c | 8 +-
security/security.c | 24 ++-
security/selinux/hooks.c | 299 ++++++++++++++---------------
security/selinux/ibpkey.c | 2 +-
security/selinux/ima.c | 4 +-
security/selinux/include/policycap.h | 21 +-
security/selinux/include/policycap_names.h | 5 +-
security/selinux/include/security.h | 31 +--
security/selinux/netnode.c | 9 +-
security/selinux/netport.c | 2 +-
security/selinux/selinuxfs.c | 4 +-
security/selinux/ss/avtab.c | 6 +-
security/selinux/ss/conditional.c | 2 -
security/selinux/ss/ebitmap.c | 1 -
security/selinux/ss/ebitmap.h | 6 +-
security/selinux/ss/mls.c | 1 -
security/selinux/ss/policydb.c | 4 +-
security/selinux/ss/services.c | 10 +-
security/selinux/ss/sidtab.c | 4 +-
security/selinux/xfrm.c | 2 +-
24 files changed, 255 insertions(+), 231 deletions(-)
--
paul-moore.com
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [GIT PULL] SELinux patches for v5.18
2022-03-21 22:13 [GIT PULL] SELinux patches for v5.18 Paul Moore
@ 2022-03-22 3:56 ` pr-tracker-bot
0 siblings, 0 replies; 2+ messages in thread
From: pr-tracker-bot @ 2022-03-22 3:56 UTC (permalink / raw)
To: Paul Moore; +Cc: Linus Torvalds, selinux, linux-security-module, linux-kernel
The pull request you sent on Mon, 21 Mar 2022 18:13:51 -0400:
> https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20220321
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/c269497d248e43558aafc6b3f87b49d4dd3c2713
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-03-22 3:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-21 22:13 [GIT PULL] SELinux patches for v5.18 Paul Moore
2022-03-22 3:56 ` pr-tracker-bot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.