[GIT PULL] SELinux patches for 4.4

[GIT PULL] SELinux patches for 4.4

[Paul Moore]

Hi James,

Nine SELinux patches in total for v4.4, although six of those patches are 
either trivial, minor cleanups, or both.  The remaining three patches aren't 
too bad: one changes the CHECKREQPROT default to check the actual memory 
protections, one stops us from checking file:open on ftruncate() calls, and 
one converts the file_security_struct over to kmem_cache.

All pass the SELinux testsuite and should apply cleanly on top of your next 
branch.

Enjoy,
-Paul

---
The following changes since commit 09302fd19efbff9569eaad3f78ead8f411defd87:

  Merge branch 'smack-for-4.4' of https://github.com/cschaufler/smack-next 
    into next (2015-10-21 10:49:29 +1100)

are available in the git repository at:

  git://git.infradead.org/users/pcmoore/selinux upstream

for you to fetch changes up to 63205654c0e05e5ffa1c6eef2fbef21dcabd2185:

  selinux: Use a kmem_cache for allocation struct file_security_struct
    (2015-10-21 17:44:30 -0400)

----------------------------------------------------------------
Geliang Tang (1):
      selinux: ioctl_has_perm should be static

Jeff Vander Stoep (1):
      selinux: do not check open perm on ftruncate call

Paul Moore (1):
      selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default

Rasmus Villemoes (5):
      selinux: introduce security_context_str_to_sid
      selinux: remove pointless cast in selinux_inode_setsecurity()
      selinux: use kmemdup in security_sid_to_context_core()
      selinux: use kstrdup() in security_get_bools()
      selinux: use sprintf return value

Sangwoo (1):
      selinux: Use a kmem_cache for allocation struct file_security_struct

 security/selinux/Kconfig            |  4 ++--
 security/selinux/hooks.c            | 27 ++++++++++++++-------------
 security/selinux/include/security.h |  2 ++
 security/selinux/selinuxfs.c        | 26 +++++++++-----------------
 security/selinux/ss/services.c      | 22 +++++++++-------------
 5 files changed, 36 insertions(+), 45 deletions(-)

-- 
paul moore
security @ redhat

Re: [GIT PULL] SELinux patches for 4.4

[Paul Moore]

On Wednesday, October 21, 2015 05:57:27 PM Paul Moore wrote:
> Hi James,
> 
> Nine SELinux patches in total for v4.4 ...

Just a FYI, I've rebased the selinux#next and selinux#upstream branches; my 
apologies if this causes anyone some extra headache, but I need to keep the 
SELinux tree fairly close to James' LSM tree since he doesn't like to do any 
merging.

-- 
paul moore
security @ redhat

Re: [GIT PULL] SELinux patches for 4.4

[James Morris]

On Wed, 21 Oct 2015, Paul Moore wrote:

> Hi James,
> 
> Nine SELinux patches in total for v4.4, although six of those patches are 
> either trivial, minor cleanups, or both.  The remaining three patches aren't 
> too bad: one changes the CHECKREQPROT default to check the actual memory 
> protections, one stops us from checking file:open on ftruncate() calls, and 
> one converts the file_security_struct over to kmem_cache.
> 
> All pass the SELinux testsuite and should apply cleanly on top of your next 
> branch.
> 

Pulled, thanks.


-- 
James Morris
<jmorris@namei.org>