[GIT PULL] SELinux updates for 3.12

[GIT PULL] SELinux updates for 3.12

[Paul Moore]

Hi James,

Here are a collection of SELinux updates that should be included in 3.12.  
This request contains mostly various cleanup patches with a few bugfixes and 
performance improvements thrown in for good measure.  The bulk of these 
patches were inherited from Eric's old tree, hence the merge/pull in the log.

Lastly, all of these patches have been in linux-next for some time now, and 
they all pass the SELinux testsuite with flying colors.

Enjoy,
-Paul

---
The following changes since commit 6e4664525b1db28f8c4e1130957f70a94c19213e:

  Linux 3.11 (2013-09-02 13:46:10 -0700)

are available in the git repository at:

  git://git.infradead.org/users/pcmoore/selinux

for you to fetch changes up to 42d64e1add3a1ce8a787116036163b8724362145:

  selinux: correct locking in selinux_netlbl_socket_connect) 
           (2013-09-26 17:00:46 -0400)

----------------------------------------------------------------
Anand Avati (1):
      selinux: consider filesystem subtype in policies

Chris PeBenito (1):
      Add SELinux policy capability for always checking packet and peer 
classes.

Duan Jiong (1):
      selinux: Use kmemdup instead of kmalloc + memcpy

Eric Paris (12):
      SELinux: fix selinuxfs policy file on big endian systems
      SELinux: remove crazy contortions around proc
      SELinux: make it harder to get the number of mnt opts wrong
      SELinux: use define for number of bits in the mnt flags mask
      SELinux: rename SE_SBLABELSUPP to SBLABEL_MNT
      SELinux: do all flags twiddling in one place
      SELinux: renumber the superblock options
      SELinux: change sbsec->behavior to short
      SELinux: do not handle seclabel as a special flag
      SELinux: pass a superblock to security_fs_use
      SELinux: use a helper function to determine seclabel
      Revert "SELinux: do not handle seclabel as a special flag"

Paul Moore (12):
      lsm: split the xfrm_state_alloc_security() hook implementation
      selinux: cleanup and consolidate the XFRM alloc/clone/delete/free code
      selinux: cleanup selinux_xfrm_policy_lookup() and         
               selinux_xfrm_state_pol_flow_match()
      selinux: cleanup selinux_xfrm_sock_rcv_skb() and
               selinux_xfrm_postroute_last()
      selinux: cleanup some comment and whitespace issues in the XFRM code
      selinux: cleanup selinux_xfrm_decode_session()
      selinux: cleanup the XFRM header
      selinux: remove the BUG_ON() from selinux_skb_xfrm_sid()
      selinux: fix problems in netnode when BUG() is compiled out
      Merge git://git.infradead.org/users/eparis/selinux
      selinux: add Paul Moore as a SELinux maintainer
      selinux: correct locking in selinux_netlbl_socket_connect)

Stephen Smalley (1):
      SELinux: Enable setting security contexts on rootfs inodes.

Waiman Long (2):
      SELinux: Reduce overhead of mls_level_isvalid() function call
      SELinux: Increase ebitmap_node size for 64-bit configuration

 MAINTAINERS                         |   3 +-
 include/linux/security.h            |  26 ++-
 security/capability.c               |  15 +-
 security/security.c                 |  13 +-
 security/selinux/hooks.c            | 146 +++++++-----
 security/selinux/include/objsec.h   |   4 +-
 security/selinux/include/security.h |  13 +-
 security/selinux/include/xfrm.h     |  45 ++--
 security/selinux/netlabel.c         |   6 +-
 security/selinux/netnode.c          |   2 +
 security/selinux/selinuxfs.c        |   4 +-
 security/selinux/ss/ebitmap.c       |  20 +-
 security/selinux/ss/ebitmap.h       |  10 +-
 security/selinux/ss/mls.c           |  22 +-
 security/selinux/ss/mls_types.h     |   2 +-
 security/selinux/ss/policydb.c      |   3 +-
 security/selinux/ss/services.c      |  66 ++++--
 security/selinux/xfrm.c             | 453 +++++++++++++++-------------------
 18 files changed, 452 insertions(+), 401 deletions(-)

-- 
paul moore
security and virtualization @ redhat


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [GIT PULL] SELinux updates for 3.12

[James Morris]

On Thu, 17 Oct 2013, Paul Moore wrote:

> Hi James,
> 
> Here are a collection of SELinux updates that should be included in 3.12.  
> This request contains mostly various cleanup patches with a few bugfixes and 
> performance improvements thrown in for good measure.  The bulk of these 
> patches were inherited from Eric's old tree, hence the merge/pull in the log.
> 
> Lastly, all of these patches have been in linux-next for some time now, and 
> they all pass the SELinux testsuite with flying colors.
> 
> Enjoy,
> -Paul
> 
> ---
> The following changes since commit 6e4664525b1db28f8c4e1130957f70a94c19213e:
> 
>   Linux 3.11 (2013-09-02 13:46:10 -0700)
> 
> are available in the git repository at:
> 
>   git://git.infradead.org/users/pcmoore/selinux
> 

Why is no branch specified?

git-pull fails in any case.


-- 
James Morris
<jmorris@namei.org>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [GIT PULL] SELinux updates for 3.12

[Paul Moore]

On Monday, October 21, 2013 09:49:54 AM James Morris wrote:
> On Thu, 17 Oct 2013, Paul Moore wrote:
> > Hi James,
> > 
> > Here are a collection of SELinux updates that should be included in 3.12.
> > This request contains mostly various cleanup patches with a few bugfixes
> > and performance improvements thrown in for good measure.  The bulk of
> > these patches were inherited from Eric's old tree, hence the merge/pull
> > in the log.
> > 
> > Lastly, all of these patches have been in linux-next for some time now,
> > and
> > they all pass the SELinux testsuite with flying colors.
> > 
> > Enjoy,
> > -Paul
> > 
> > ---
> > 
> > The following changes since commit 6e4664525b1db28f8c4e1130957f70....
> >   Linux 3.11 (2013-09-02 13:46:10 -0700)
> > 
> > are available in the git repository at:
> >   git://git.infradead.org/users/pcmoore/selinux
> 
> Why is no branch specified?

Why does a branch need to be specified?  The changes live in master and my 
understanding was that if a branch was not explicitly listed then master 
should be used.

> git-pull fails in any case.

Can you be more explicit?  It works for me ...

# git pull git://git.infradead.org/users/pcmoore/selinux
remote: Counting objects: 238, done.
remote: Compressing objects: 100% (38/38), done.
remote: Total 199 (delta 169), reused 189 (delta 161)
Receiving objects: 100% (199/199), 31.38 KiB | 0 bytes/s, done.
Resolving deltas: 100% (169/169), completed with 38 local objects.
>From git://git.infradead.org/users/pcmoore/selinux
 * branch            HEAD       -> FETCH_HEAD
Auto-merging security/selinux/include/xfrm.h
Auto-merging security/selinux/hooks.c
Auto-merging security/security.c
Auto-merging security/capability.c
Auto-merging include/linux/security.h
Auto-merging MAINTAINERS
Merge made by the 'recursive' strategy.
 MAINTAINERS                         |   3 +-
 include/linux/security.h            |  26 ++-
 security/capability.c               |  15 +-
 security/security.c                 |  13 +-
 security/selinux/hooks.c            | 146 +++++++-----
 security/selinux/include/objsec.h   |   4 +-
 security/selinux/include/security.h |  13 +-
 security/selinux/include/xfrm.h     |  45 ++--
 security/selinux/netlabel.c         |   6 +-
 security/selinux/netnode.c          |   2 +
 security/selinux/selinuxfs.c        |   4 +-
 security/selinux/ss/ebitmap.c       |  20 +-
 security/selinux/ss/ebitmap.h       |  10 +-
 security/selinux/ss/mls.c           |  22 +-
 security/selinux/ss/mls_types.h     |   2 +-
 security/selinux/ss/policydb.c      |   3 +-
 security/selinux/ss/services.c      |  66 ++++--
 security/selinux/xfrm.c             | 453 +++++++++++++++-------------------
 18 files changed, 452 insertions(+), 401 deletions(-)

-- 
paul moore
security and virtualization @ redhat


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [GIT PULL] SELinux updates for 3.12

[James Morris]

On Mon, 21 Oct 2013, Paul Moore wrote:

> Why does a branch need to be specified?  The changes live in master and my 
> understanding was that if a branch was not explicitly listed then master 
> should be used.
> 

Ok, I'll do that.  I'm not going to assume it.

> > git-pull fails in any case.
> 
> Can you be more explicit?  It works for me ...

$ git pull git://git.infradead.org/users/pcmoore/selinux
You asked to pull from the remote 
'git://git.infradead.org/users/pcmoore/selinux', but did not specify
a branch. Because this is not the default configured remote
for your current branch, you must specify a branch on the command line.



-- 
James Morris
<jmorris@namei.org>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [GIT PULL] SELinux updates for 3.12

[Paul Moore]

On Tuesday, October 22, 2013 10:20:38 PM James Morris wrote:
> On Mon, 21 Oct 2013, Paul Moore wrote:
> > Why does a branch need to be specified?  The changes live in master and my
> > understanding was that if a branch was not explicitly listed then master
> > should be used.
> 
> Ok, I'll do that.  I'm not going to assume it.
> 
> > > git-pull fails in any case.
> > 
> > Can you be more explicit?  It works for me ...
> 
> $ git pull git://git.infradead.org/users/pcmoore/selinux
> You asked to pull from the remote
> 'git://git.infradead.org/users/pcmoore/selinux', but did not specify
> a branch. Because this is not the default configured remote
> for your current branch, you must specify a branch on the command line.

Looking at your next branch, it looks like you were able to pull successfully 
from my master branch ... are you set for 3.12?

-- 
paul moore
security and virtualization @ redhat


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [GIT PULL] SELinux updates for 3.12

[James Morris]

On Tue, 22 Oct 2013, Paul Moore wrote:

> On Tuesday, October 22, 2013 10:20:38 PM James Morris wrote:
> > On Mon, 21 Oct 2013, Paul Moore wrote:
> > > Why does a branch need to be specified?  The changes live in master and my
> > > understanding was that if a branch was not explicitly listed then master
> > > should be used.
> > 
> > Ok, I'll do that.  I'm not going to assume it.
> > 
> > > > git-pull fails in any case.
> > > 
> > > Can you be more explicit?  It works for me ...
> > 
> > $ git pull git://git.infradead.org/users/pcmoore/selinux
> > You asked to pull from the remote
> > 'git://git.infradead.org/users/pcmoore/selinux', but did not specify
> > a branch. Because this is not the default configured remote
> > for your current branch, you must specify a branch on the command line.
> 
> Looking at your next branch, it looks like you were able to pull successfully 
> from my master branch ... are you set for 3.12?

Yep, thanks.


-- 
James Morris
<jmorris@namei.org>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.