* [GIT PULL] apparmor updates for 5.5
@ 2019-12-03 20:33 John Johansen
2019-12-03 21:00 ` Linus Torvalds
2019-12-03 21:05 ` pr-tracker-bot
0 siblings, 2 replies; 3+ messages in thread
From: John Johansen @ 2019-12-03 20:33 UTC (permalink / raw)
To: Linus Torvalds; +Cc: LKLM, open list:SECURITY SUBSYSTEM
Hi Linus,
Sorry I didn't manage to get these out before last weeks vacation.
Can you please pull the following changes for apparmor
Thanks!
- John
The following changes since commit 582549e3fbe137eb6ce9be591aca25c2222a36b4:
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma (2019-04-10 09:39:04 -1000)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2019-12-03
for you to fetch changes up to 341c1fda5e17156619fb71acfc7082b2669b4b72:
apparmor: make it so work buffers can be allocated from atomic context (2019-11-22 16:41:08 -0800)
----------------------------------------------------------------
+ Features
- increase left match history buffer size to provide inproved conflict
resolution in overlapping execution rules.
- switch buffer allocation to use a memory pool and GFP_KERNEL
where possible.
- add compression of policy blobs to reduce memory usage.
+ Cleanups
- fix spelling mistake "immutible" -> "immutable"
+ Bug fixes
- fix unsigned len comparison in update_for_len macro
- fix sparse warning for type-casting of current->real_cred
----------------------------------------------------------------
Bharath Vedartham (1):
apparmor: Force type-casting of current->real_cred
Chris Coulson (1):
apparmor: Initial implementation of raw policy blob compression
Colin Ian King (2):
apparmor: fix spelling mistake "immutible" -> "immutable"
apparmor: fix unsigned len comparison with less than zero
John Johansen (7):
apparmor: fix blob compression build failure on ppc
apparmor: fix missing ZLIB defines
apparmor: fix blob compression when ns is forced on a policy load
apparmor: increase left match history buffer size
apparmor: fix wrong buffer allocation in aa_new_mount
apparmor: reduce rcu_read_lock scope for aa_file_perm mediation
apparmor: make it so work buffers can be allocated from atomic context
Sebastian Andrzej Siewior (2):
apparmor: Use a memory pool instead per-CPU caches
apparmor: Switch to GFP_KERNEL where possible
security/apparmor/Kconfig | 2 +
security/apparmor/apparmorfs.c | 130 +++++++++++++++++++-
security/apparmor/domain.c | 46 +++----
security/apparmor/file.c | 45 ++++---
security/apparmor/include/apparmor.h | 1 +
security/apparmor/include/file.h | 2 +-
security/apparmor/include/match.h | 3 +-
security/apparmor/include/path.h | 50 +-------
security/apparmor/include/policy_unpack.h | 8 +-
security/apparmor/label.c | 12 +-
security/apparmor/lsm.c | 198 ++++++++++++++++++++++++------
security/apparmor/match.c | 6 +-
security/apparmor/mount.c | 67 +++++++---
security/apparmor/policy.c | 5 +-
security/apparmor/policy_unpack.c | 116 ++++++++++++++++-
15 files changed, 526 insertions(+), 165 deletions(-)
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [GIT PULL] apparmor updates for 5.5
2019-12-03 20:33 [GIT PULL] apparmor updates for 5.5 John Johansen
@ 2019-12-03 21:00 ` Linus Torvalds
2019-12-03 21:05 ` pr-tracker-bot
1 sibling, 0 replies; 3+ messages in thread
From: Linus Torvalds @ 2019-12-03 21:00 UTC (permalink / raw)
To: John Johansen; +Cc: LKLM, open list:SECURITY SUBSYSTEM
On Tue, Dec 3, 2019 at 12:33 PM John Johansen
<john.johansen@canonical.com> wrote:
>
> + Bug fixes
> - fix sparse warning for type-casting of current->real_cred
That fix is wrong.
Yes, it removes the warning.
It's still wrong.
The proper way to remove the warning is to use the proper accessor to
read the current real_cred. And that will point out that the cred
needs to be 'const'.
IOW, it should do
const struct cred *cred = current_real_cred();
instead.
I have done the pull without doing that change, but this is a REALLY
IMPORTANT issue! Don't just "fix warnings". The warnings had a reason,
you need to _think_ about them.
This is doubly true in code that claims to be about "security".
Seriously. apparmor can't just be a "let's do random things and hope
for the best".
Linus
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [GIT PULL] apparmor updates for 5.5
2019-12-03 20:33 [GIT PULL] apparmor updates for 5.5 John Johansen
2019-12-03 21:00 ` Linus Torvalds
@ 2019-12-03 21:05 ` pr-tracker-bot
1 sibling, 0 replies; 3+ messages in thread
From: pr-tracker-bot @ 2019-12-03 21:05 UTC (permalink / raw)
To: John Johansen; +Cc: Linus Torvalds, LKLM, open list:SECURITY SUBSYSTEM
The pull request you sent on Tue, 3 Dec 2019 12:33:43 -0800:
> git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2019-12-03
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/79e178a57dae819ae724065b47c25720494cc9f2
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.wiki.kernel.org/userdoc/prtracker
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-12-03 21:05 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-03 20:33 [GIT PULL] apparmor updates for 5.5 John Johansen
2019-12-03 21:00 ` Linus Torvalds
2019-12-03 21:05 ` pr-tracker-bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).