[GIT PULL] SELinux patches for 4.5

[GIT PULL] SELinux patches for 4.5

[Paul Moore]

Hi James,

Nine patches for v4.5; there are a handful of minor fixes (constify 
parameters, warning rate-limits, etc.) but there are a couple of significant 
patches that invalidate/revalidate inode labels (needed for gfs2) and make 
validate_trans decisions visible via selinuxfs.  All the patches pass the 
selinux-testsuite and have been included in the pcmoore/kernel-secnext Fedora 
COPR repository[1] for some time now, all looks good.

As of about five minutes ago, selinux#upstream applied cleanly on top of 
linux-security#next so I don't expect you should have any problems merging the 
code.

Happy holidays and merry merging,
-Paul

[1] https://copr.fedoraproject.org/coprs/pcmoore/kernel-secnext

---
The following changes since commit ebd68df3f24b318d391d15c458d6f43f340ba36a:

  Sync to Linus v4.4-rc2 for LSM developers. (2015-11-23 22:46:28 +1100)

are available in the git repository at:

  git://git.infradead.org/users/pcmoore/selinux upstream

for you to fetch changes up to 76319946f321e30872dd72af7de867cb26e7a373:

  selinux: rate-limit netlink message warnings in selinux_nlmsg_perm() 
(2015-12-24 11:09:41 -0500)

----------------------------------------------------------------
Andreas Gruenbacher (7):
      selinux: Remove unused variable in selinux_inode_init_security
      security: Make inode argument of inode_getsecurity non-const
      security: Make inode argument of inode_getsecid non-const
      selinux: Add accessor functions for inode->i_security
      security: Add hook to invalidate inode security labels
      selinux: Revalidate invalid inode security labels
      gfs2: Invalid security labels of inodes when they go invalid

Andrew Perepechko (1):
      selinux: export validatetrans decisions

Vladis Dronov (1):
      selinux: rate-limit netlink message warnings in selinux_nlmsg_perm()

 fs/gfs2/glops.c                     |   2 +
 include/linux/audit.h               |   8 +-
 include/linux/lsm_hooks.h           |  10 +-
 include/linux/security.h            |  13 ++-
 kernel/audit.c                      |   2 +-
 kernel/audit.h                      |   2 +-
 kernel/auditsc.c                    |   6 +-
 security/security.c                 |  12 ++-
 security/selinux/hooks.c            | 206 ++++++++++++++++++++++++----------
 security/selinux/include/classmap.h |   2 +-
 security/selinux/include/objsec.h   |   6 ++
 security/selinux/include/security.h |   3 +
 security/selinux/selinuxfs.c        |  80 ++++++++++++++
 security/selinux/ss/services.c      |  34 ++++--
 security/smack/smack_lsm.c          |   4 +-
 15 files changed, 302 insertions(+), 88 deletions(-)

-- 
paul moore
security @ redhat

Re: [GIT PULL] SELinux patches for 4.5

[James Morris]

On Thu, 24 Dec 2015, Paul Moore wrote:

> Hi James,
> 
> Nine patches for v4.5; there are a handful of minor fixes (constify 
> parameters, warning rate-limits, etc.) but there are a couple of significant 
> patches that invalidate/revalidate inode labels (needed for gfs2) and make 
> validate_trans decisions visible via selinuxfs.  All the patches pass the 
> selinux-testsuite and have been included in the pcmoore/kernel-secnext Fedora 
> COPR repository[1] for some time now, all looks good.
> 
> As of about five minutes ago, selinux#upstream applied cleanly on top of 
> linux-security#next so I don't expect you should have any problems merging the 
> code.

Applied.

-- 
James Morris
<jmorris@namei.org>