[GIT PULL] selinux/selinux-pr-20240513

From: Paul Moore <paul@paul-moore.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [GIT PULL] selinux/selinux-pr-20240513
Date: Mon, 13 May 2024 17:23:02 -0400	[thread overview]
Message-ID: <32b581d2da1208a912f4ad200b08bdf1@paul-moore.com> (raw)

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 3033 bytes --]

Linus,

We've got a variety of SELinux patches queued for Linux v6.10, the
highlights are below:

- Attempt to pre-allocate the SELinux status page so it doesn't appear
  to userspace that we are skipping SELinux policy sequence numbers.

- Reject invalid SELinux policy bitmaps with an error at policy load
  time.

- Consistently use the same type, u32, for ebitmap offsets.

- Improve the "symhash" hash function for better distribution on common
  policies.

- Correct a number of printk format specifiers in the ebitmap code.

- Improved error checking in sel_write_load().

- Ensure we have a proper return code in the
  filename_trans_read_helper_compat() function.

- Make better use of the current_sid() helper function.

- Allow for more hash table statistics when debugging is enabled.

- Migrate from printk_ratelimit() to pr_warn_ratelimited().

- Miscellaneous cleanups and tweaks to selinux_lsm_getattr().

- More consitification work in the conditional policy space.

Please merge,
-Paul

--
The following changes since commit 4cece764965020c22cff7665b18a012006359095:

  Linux 6.9-rc1 (2024-03-24 14:10:05 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
    tags/selinux-pr-20240513

for you to fetch changes up to 581646c3fb98494009671f6d347ea125bc0e663a:

  selinux: constify source policy in cond_policydb_dup()
    (2024-04-30 19:01:04 -0400)

----------------------------------------------------------------
selinux/stable-6.10 PR 20240513

----------------------------------------------------------------
Christian Göttsche (9):
      selinux: reject invalid ebitmaps
      selinux: update numeric format specifiers for ebitmaps
      selinux: make more use of current_sid()
      selinux: dump statistics for more hash tables
      selinux: improve symtab string hashing
      selinux: use u32 as bit position type in ebitmap code
      selinux: pre-allocate the status page
      selinux: avoid printk_ratelimit()
      selinux: constify source policy in cond_policydb_dup()

Ondrej Mosnacek (1):
      selinux: clarify return code in filename_trans_read_helper_compat()

Paul Moore (2):
      selinux: cleanup selinux_lsm_getattr()
      selinux: improve error checking in sel_write_load()

 security/selinux/hooks.c          | 58 ++++++++++++++---------------------
 security/selinux/selinuxfs.c      | 36 ++++++++++++++----------
 security/selinux/ss/conditional.c | 18 +++++++-----
 security/selinux/ss/conditional.h |  2 +-
 security/selinux/ss/ebitmap.c     | 50 +++++++++++++++++++++------------
 security/selinux/ss/ebitmap.h     | 38 ++++++++++++-------------
 security/selinux/ss/hashtab.c     | 10 ++++---
 security/selinux/ss/hashtab.h     |  4 +--
 security/selinux/ss/policydb.c    | 24 +++++++++++-----
 security/selinux/ss/services.c    |  3 +-
 security/selinux/ss/symtab.c      | 20 +++++++-------
 security/selinux/xfrm.c           |  7 ++---
 12 files changed, 145 insertions(+), 125 deletions(-)

--
paul-moore.com