From: John Johansen <john.johansen@canonical.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: LKLM <linux-kernel@vger.kernel.org>,
"open list:SECURITY SUBSYSTEM"
<linux-security-module@vger.kernel.org>
Subject: [GIT PULL] apparmor updates for 5.5
Date: Tue, 3 Dec 2019 12:33:43 -0800 [thread overview]
Message-ID: <ab8e6cbb-c46d-41bd-0a0d-43530ee37386@canonical.com> (raw)
Hi Linus,
Sorry I didn't manage to get these out before last weeks vacation.
Can you please pull the following changes for apparmor
Thanks!
- John
The following changes since commit 582549e3fbe137eb6ce9be591aca25c2222a36b4:
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma (2019-04-10 09:39:04 -1000)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2019-12-03
for you to fetch changes up to 341c1fda5e17156619fb71acfc7082b2669b4b72:
apparmor: make it so work buffers can be allocated from atomic context (2019-11-22 16:41:08 -0800)
----------------------------------------------------------------
+ Features
- increase left match history buffer size to provide inproved conflict
resolution in overlapping execution rules.
- switch buffer allocation to use a memory pool and GFP_KERNEL
where possible.
- add compression of policy blobs to reduce memory usage.
+ Cleanups
- fix spelling mistake "immutible" -> "immutable"
+ Bug fixes
- fix unsigned len comparison in update_for_len macro
- fix sparse warning for type-casting of current->real_cred
----------------------------------------------------------------
Bharath Vedartham (1):
apparmor: Force type-casting of current->real_cred
Chris Coulson (1):
apparmor: Initial implementation of raw policy blob compression
Colin Ian King (2):
apparmor: fix spelling mistake "immutible" -> "immutable"
apparmor: fix unsigned len comparison with less than zero
John Johansen (7):
apparmor: fix blob compression build failure on ppc
apparmor: fix missing ZLIB defines
apparmor: fix blob compression when ns is forced on a policy load
apparmor: increase left match history buffer size
apparmor: fix wrong buffer allocation in aa_new_mount
apparmor: reduce rcu_read_lock scope for aa_file_perm mediation
apparmor: make it so work buffers can be allocated from atomic context
Sebastian Andrzej Siewior (2):
apparmor: Use a memory pool instead per-CPU caches
apparmor: Switch to GFP_KERNEL where possible
security/apparmor/Kconfig | 2 +
security/apparmor/apparmorfs.c | 130 +++++++++++++++++++-
security/apparmor/domain.c | 46 +++----
security/apparmor/file.c | 45 ++++---
security/apparmor/include/apparmor.h | 1 +
security/apparmor/include/file.h | 2 +-
security/apparmor/include/match.h | 3 +-
security/apparmor/include/path.h | 50 +-------
security/apparmor/include/policy_unpack.h | 8 +-
security/apparmor/label.c | 12 +-
security/apparmor/lsm.c | 198 ++++++++++++++++++++++++------
security/apparmor/match.c | 6 +-
security/apparmor/mount.c | 67 +++++++---
security/apparmor/policy.c | 5 +-
security/apparmor/policy_unpack.c | 116 ++++++++++++++++-
15 files changed, 526 insertions(+), 165 deletions(-)
next reply other threads:[~2019-12-03 20:33 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-03 20:33 John Johansen [this message]
2019-12-03 21:00 ` [GIT PULL] apparmor updates for 5.5 Linus Torvalds
2019-12-03 21:05 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ab8e6cbb-c46d-41bd-0a0d-43530ee37386@canonical.com \
--to=john.johansen@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.