* [GIT PULL] security: general updates for v4.21 @ 2018-12-24 19:55 James Morris 2018-12-27 20:07 ` Linus Torvalds 2018-12-27 22:05 ` pr-tracker-bot 0 siblings, 2 replies; 11+ messages in thread From: James Morris @ 2018-12-24 19:55 UTC (permalink / raw) To: Linus Torvalds; +Cc: linux-kernel, linux-security-module Hi Linus, Please pull these general updates for the security subsystem for v4.21. The main changes here are Paul Gortmaker's removal of unneccesary module.h infrastructure. The following changes since commit 7566ec393f4161572ba6f11ad5171fd5d59b0fbd: Linux 4.20-rc7 (2018-12-16 15:46:55 -0800) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-general for you to fetch changes up to b49d564344f773d8afee982153c8493e5f2eaf38: security: integrity: partial revert of make ima_main explicitly non-modular (2018-12-20 09:59:12 -0800) ---------------------------------------------------------------- James Morris (2): Merge tag 'v4.20-rc2' into next-general Merge tag 'v4.20-rc7' into next-general Paul Gortmaker (6): security: integrity: make ima_main explicitly non-modular keys: remove needless modular infrastructure from ecryptfs_format security: integrity: make evm_main explicitly non-modular security: audit and remove any unnecessary uses of module.h security: fs: make inode explicitly non-modular security: integrity: partial revert of make ima_main explicitly non-modular Yangtao Li (1): tomoyo: fix small typo security/apparmor/apparmorfs.c | 2 +- security/commoncap.c | 1 - security/inode.c | 6 ++---- security/integrity/evm/evm_crypto.c | 2 +- security/integrity/evm/evm_main.c | 5 +---- security/integrity/evm/evm_posix_acl.c | 1 - security/integrity/evm/evm_secfs.c | 2 +- security/integrity/iint.c | 2 +- security/integrity/ima/ima_api.c | 1 - security/integrity/ima/ima_appraise.c | 2 +- security/integrity/ima/ima_fs.c | 2 +- security/integrity/ima/ima_init.c | 2 +- security/integrity/ima/ima_main.c | 5 ++--- security/integrity/ima/ima_policy.c | 2 +- security/integrity/ima/ima_queue.c | 1 - security/keys/encrypted-keys/ecryptfs_format.c | 5 ++--- security/keys/encrypted-keys/masterkey_trusted.c | 1 - security/keys/gc.c | 1 - security/keys/key.c | 2 +- security/keys/keyctl.c | 1 - security/keys/keyring.c | 2 +- security/keys/permission.c | 2 +- security/keys/proc.c | 1 - security/keys/process_keys.c | 1 - security/keys/request_key.c | 2 +- security/keys/request_key_auth.c | 1 - security/keys/user_defined.c | 2 +- security/security.c | 2 +- security/tomoyo/util.c | 2 +- 29 files changed, 22 insertions(+), 39 deletions(-) ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [GIT PULL] security: general updates for v4.21 2018-12-24 19:55 [GIT PULL] security: general updates for v4.21 James Morris @ 2018-12-27 20:07 ` Linus Torvalds 2018-12-29 3:11 ` James Morris 2018-12-27 22:05 ` pr-tracker-bot 1 sibling, 1 reply; 11+ messages in thread From: Linus Torvalds @ 2018-12-27 20:07 UTC (permalink / raw) To: James Morris; +Cc: Linux List Kernel Mailing, linux-security-module On Mon, Dec 24, 2018 at 11:55 AM James Morris <jmorris@namei.org> wrote: > > The main changes here are Paul Gortmaker's removal of unneccesary module.h > infrastructure. I will point out a merge with a horrible commit message: "Sync to Linux 4.20-rc2 for downstream developers" that tells nobody anything. Why was that merge done? If you can't explain the merge, just don't do the merge. Linus ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [GIT PULL] security: general updates for v4.21 2018-12-27 20:07 ` Linus Torvalds @ 2018-12-29 3:11 ` James Morris 2018-12-29 3:39 ` Linus Torvalds 0 siblings, 1 reply; 11+ messages in thread From: James Morris @ 2018-12-29 3:11 UTC (permalink / raw) To: Linus Torvalds; +Cc: Linux List Kernel Mailing, linux-security-module On Thu, 27 Dec 2018, Linus Torvalds wrote: > On Mon, Dec 24, 2018 at 11:55 AM James Morris <jmorris@namei.org> wrote: > > > > The main changes here are Paul Gortmaker's removal of unneccesary module.h > > infrastructure. > > I will point out a merge with a horrible commit message: > > "Sync to Linux 4.20-rc2 for downstream developers" > > that tells nobody anything. > > Why was that merge done? If you can't explain the merge, just don't do > the merge. I do this every development cycle, after requests from security subsystem maintainers to sync to -rc kernels. -- James Morris <jmorris@namei.org> ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [GIT PULL] security: general updates for v4.21 2018-12-29 3:11 ` James Morris @ 2018-12-29 3:39 ` Linus Torvalds 2018-12-29 4:09 ` James Morris 0 siblings, 1 reply; 11+ messages in thread From: Linus Torvalds @ 2018-12-29 3:39 UTC (permalink / raw) To: James Morris; +Cc: Linux List Kernel Mailing, linux-security-module On Fri, Dec 28, 2018 at 7:11 PM James Morris <jmorris@namei.org> wrote: > > I do this every development cycle, after requests from security subsystem > maintainers to sync to -rc kernels. Why? A merge should have a *reason*. Linus ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [GIT PULL] security: general updates for v4.21 2018-12-29 3:39 ` Linus Torvalds @ 2018-12-29 4:09 ` James Morris 2018-12-29 4:15 ` Linus Torvalds 0 siblings, 1 reply; 11+ messages in thread From: James Morris @ 2018-12-29 4:09 UTC (permalink / raw) To: Linus Torvalds Cc: Linux List Kernel Mailing, linux-security-module, Casey Schaufler, Mimi Zohar, Jarkko Sakkinen On Fri, 28 Dec 2018, Linus Torvalds wrote: > On Fri, Dec 28, 2018 at 7:11 PM James Morris <jmorris@namei.org> wrote: > > > > I do this every development cycle, after requests from security subsystem > > maintainers to sync to -rc kernels. > > Why? > > A merge should have a *reason*. Yep, I understand what you mean. I can't find the discussion from several years ago, but developers asked to be able to work with more current kernels, and I recall you saying that if you want to do this, merge to a specific -rc tag at least. I'm not personally fussed either way, and if anyone cc'd has an opinion, please comment. Otherwise, I'll go back to merging to Linus only as necessary. -- James Morris <jmorris@namei.org> ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [GIT PULL] security: general updates for v4.21 2018-12-29 4:09 ` James Morris @ 2018-12-29 4:15 ` Linus Torvalds 2018-12-29 18:34 ` Casey Schaufler 0 siblings, 1 reply; 11+ messages in thread From: Linus Torvalds @ 2018-12-29 4:15 UTC (permalink / raw) To: James Morris Cc: Linux List Kernel Mailing, linux-security-module, Casey Schaufler, Mimi Zohar, Jarkko Sakkinen On Fri, Dec 28, 2018 at 8:09 PM James Morris <jmorris@namei.org> wrote: > > Yep, I understand what you mean. I can't find the discussion from several > years ago, but developers asked to be able to work with more current > kernels, and I recall you saying that if you want to do this, merge to a > specific -rc tag at least. If people really want it, maybe the merge can state that explicit thing, as it is I'm trying to push back on empty merges that don't explain why they even exist. Linus ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [GIT PULL] security: general updates for v4.21 2018-12-29 4:15 ` Linus Torvalds @ 2018-12-29 18:34 ` Casey Schaufler 2018-12-30 2:44 ` Mimi Zohar 0 siblings, 1 reply; 11+ messages in thread From: Casey Schaufler @ 2018-12-29 18:34 UTC (permalink / raw) To: Linus Torvalds, James Morris Cc: Linux List Kernel Mailing, linux-security-module, Mimi Zohar, Jarkko Sakkinen On 12/28/2018 8:15 PM, Linus Torvalds wrote: > On Fri, Dec 28, 2018 at 8:09 PM James Morris <jmorris@namei.org> wrote: >> Yep, I understand what you mean. I can't find the discussion from several >> years ago, but developers asked to be able to work with more current >> kernels, and I recall you saying that if you want to do this, merge to a >> specific -rc tag at least. > If people really want it, maybe the merge can state that explicit > thing, as it is I'm trying to push back on empty merges that don't > explain why they even exist. > > Linus The security tree tends to get changed from multiple directions, most of which aren't based out of the security sub-system. The mount rework from David is an excellent example. It gets hit just about any time there's a significant VFS or networking change. Keeping it current has helped find issues much earlier in the process. ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [GIT PULL] security: general updates for v4.21 2018-12-29 18:34 ` Casey Schaufler @ 2018-12-30 2:44 ` Mimi Zohar 2019-01-07 21:45 ` James Morris 0 siblings, 1 reply; 11+ messages in thread From: Mimi Zohar @ 2018-12-30 2:44 UTC (permalink / raw) To: Casey Schaufler, Linus Torvalds, James Morris Cc: Linux List Kernel Mailing, linux-security-module, Mimi Zohar, Jarkko Sakkinen On Sat, 2018-12-29 at 10:34 -0800, Casey Schaufler wrote: > On 12/28/2018 8:15 PM, Linus Torvalds wrote: > > On Fri, Dec 28, 2018 at 8:09 PM James Morris <jmorris@namei.org> wrote: > >> Yep, I understand what you mean. I can't find the discussion from several > >> years ago, but developers asked to be able to work with more current > >> kernels, and I recall you saying that if you want to do this, merge to a > >> specific -rc tag at least. > > If people really want it, maybe the merge can state that explicit > > thing, as it is I'm trying to push back on empty merges that don't > > explain why they even exist. > > > > Linus > > The security tree tends to get changed from multiple directions, > most of which aren't based out of the security sub-system. The mount > rework from David is an excellent example. It gets hit just about > any time there's a significant VFS or networking change. Keeping > it current has helped find issues much earlier in the process. Agreed, the security subsystem is different than other subsystems. In addition to VFS changes, are key changes. Changes in other subsystems do affect the LSMs/integrity. Included in this open window are a number of LSM changes, which were not posted on the LSM mailing list and are not being upstreamed via the LSMs. Mimi ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [GIT PULL] security: general updates for v4.21 2018-12-30 2:44 ` Mimi Zohar @ 2019-01-07 21:45 ` James Morris 2019-01-08 21:56 ` Mimi Zohar 0 siblings, 1 reply; 11+ messages in thread From: James Morris @ 2019-01-07 21:45 UTC (permalink / raw) To: Mimi Zohar Cc: Casey Schaufler, Linus Torvalds, Linux List Kernel Mailing, linux-security-module, Mimi Zohar, Jarkko Sakkinen [-- Attachment #1: Type: text/plain, Size: 2032 bytes --] On Sat, 29 Dec 2018, Mimi Zohar wrote: > On Sat, 2018-12-29 at 10:34 -0800, Casey Schaufler wrote: > > On 12/28/2018 8:15 PM, Linus Torvalds wrote: > > > On Fri, Dec 28, 2018 at 8:09 PM James Morris <jmorris@namei.org> wrote: > > >> Yep, I understand what you mean. I can't find the discussion from several > > >> years ago, but developers asked to be able to work with more current > > >> kernels, and I recall you saying that if you want to do this, merge to a > > >> specific -rc tag at least. > > > If people really want it, maybe the merge can state that explicit > > > thing, as it is I'm trying to push back on empty merges that don't > > > explain why they even exist. > > > > > > Linus > > > > The security tree tends to get changed from multiple directions, > > most of which aren't based out of the security sub-system. The mount > > rework from David is an excellent example. It gets hit just about > > any time there's a significant VFS or networking change. Keeping > > it current has helped find issues much earlier in the process. > > Agreed, the security subsystem is different than other subsystems. In > addition to VFS changes, are key changes. Changes in other subsystems > do affect the LSMs/integrity. Yep, I agree that if we get too far behind Linus then changes in things like overlayfs (a recent example) may subtly break LSM and we don't see this in the actual security development trees. In theory these things will be picked up in next testing, although not everything spends long enough in next. And it's not necessarily changes to security code, it can be apparently unrelated changes in the VFS or other subsystems which impact security semantics. > Included in this open window are a number of LSM changes, which were > not posted on the LSM mailing list and are not being upstreamed via > the LSMs. If you see changes doing this, please call them out. Any changes to LSM need to be cc'd at least to the LSM mailing list. -- James Morris <jmorris@namei.org> ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [GIT PULL] security: general updates for v4.21 2019-01-07 21:45 ` James Morris @ 2019-01-08 21:56 ` Mimi Zohar 0 siblings, 0 replies; 11+ messages in thread From: Mimi Zohar @ 2019-01-08 21:56 UTC (permalink / raw) To: James Morris Cc: Casey Schaufler, Linus Torvalds, Linux List Kernel Mailing, linux-security-module, Mimi Zohar, Jarkko Sakkinen On Tue, 2019-01-08 at 08:45 +1100, James Morris wrote: > > Included in this open window are a number of LSM changes, which were > > not posted on the LSM mailing list and are not being upstreamed via > > the LSMs. > > If you see changes doing this, please call them out. Any changes to LSM > need to be cc'd at least to the LSM mailing list. Sure. I'm referring to Al's match_token() and other changes, which I only learned about when Linus reviewed Eric Bigger's patch "KEYS: fix parsing invalid pkey info string". 169d68efb03b selinux: switch away from match_token() c3300aaf95fb smack: get rid of match_token() Mimi ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [GIT PULL] security: general updates for v4.21 2018-12-24 19:55 [GIT PULL] security: general updates for v4.21 James Morris 2018-12-27 20:07 ` Linus Torvalds @ 2018-12-27 22:05 ` pr-tracker-bot 1 sibling, 0 replies; 11+ messages in thread From: pr-tracker-bot @ 2018-12-27 22:05 UTC (permalink / raw) To: James Morris; +Cc: Linus Torvalds, linux-kernel, linux-security-module The pull request you sent on Tue, 25 Dec 2018 06:55:00 +1100 (AEDT): > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-general has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/3f03bf93947fa2a2b84fac56e93c65d4fffed7f1 Thank you! -- Deet-doot-dot, I am a bot. https://korg.wiki.kernel.org/userdoc/prtracker ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2019-01-08 21:56 UTC | newest] Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-12-24 19:55 [GIT PULL] security: general updates for v4.21 James Morris 2018-12-27 20:07 ` Linus Torvalds 2018-12-29 3:11 ` James Morris 2018-12-29 3:39 ` Linus Torvalds 2018-12-29 4:09 ` James Morris 2018-12-29 4:15 ` Linus Torvalds 2018-12-29 18:34 ` Casey Schaufler 2018-12-30 2:44 ` Mimi Zohar 2019-01-07 21:45 ` James Morris 2019-01-08 21:56 ` Mimi Zohar 2018-12-27 22:05 ` pr-tracker-bot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).