From: Kees Cook <keescook@chromium.org>
To: James Morris <jmorris@namei.org>
Cc: linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
"Casey Schaufler" <casey@schaufler-ca.com>,
"John Johansen" <john.johansen@canonical.com>,
"Mickaël Salaün" <mic@digikod.net>,
"Salvatore Mesoraca" <s.mesoraca16@gmail.com>
Subject: [GIT PULL] blob-stacking updates for security-next
Date: Tue, 8 Jan 2019 13:35:04 -0800 [thread overview]
Message-ID: <20190108213504.GA32901@beast> (raw)
Hi James,
Please pull these blob-stacking changes for security-next.
Thanks!
-Kees
The following changes since commit bfeffd155283772bbe78c6a05dec7c0128ee500c:
Linux 5.0-rc1 (2019-01-06 17:08:20 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/blob-stacking-security-next
for you to fetch changes up to a5e2fe7ede1268d2f80fe49ca1f717d0e3750995:
TOMOYO: Update LSM flags to no longer be exclusive (2019-01-08 13:18:45 -0800)
----------------------------------------------------------------
LSM: Module stacking for SARA and Landlock
The combined series of LSM refactoring and addition of blob-sharing for
SARA and Landlock.
----------------------------------------------------------------
Casey Schaufler (19):
LSM: Add all exclusive LSMs to ordered initialization
procfs: add smack subdir to attrs
Smack: Abstract use of cred security blob
SELinux: Abstract use of cred security blob
SELinux: Remove cred security blob poisoning
SELinux: Remove unused selinux_is_enabled
AppArmor: Abstract use of cred security blob
TOMOYO: Abstract use of cred security blob
Infrastructure management of the cred security blob
SELinux: Abstract use of file security blob
Smack: Abstract use of file security blob
LSM: Infrastructure management of the file security
SELinux: Abstract use of inode security blob
Smack: Abstract use of inode security blob
LSM: Infrastructure management of the inode security
LSM: Infrastructure management of the task security
SELinux: Abstract use of ipc security blobs
Smack: Abstract use of ipc security blobs
LSM: Infrastructure management of the ipc security blob
Kees Cook (19):
LSM: Introduce LSM_FLAG_LEGACY_MAJOR
LSM: Provide separate ordered initialization
LSM: Plumb visibility into optional "enabled" state
LSM: Lift LSM selection out of individual LSMs
LSM: Build ordered list of LSMs to initialize
LSM: Introduce CONFIG_LSM
LSM: Introduce "lsm=" for boottime LSM selection
LSM: Tie enabling logic to presence in ordered list
LSM: Prepare for reorganizing "security=" logic
LSM: Refactor "security=" in terms of enable/disable
LSM: Separate idea of "major" LSM from "exclusive" LSM
apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE
selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE
LSM: Split LSM preparation from initialization
LoadPin: Initialize as ordered LSM
Yama: Initialize as ordered LSM
LSM: Introduce enum lsm_order
capability: Initialize as LSM_ORDER_FIRST
TOMOYO: Update LSM flags to no longer be exclusive
Documentation/admin-guide/LSM/index.rst | 13 +-
Documentation/admin-guide/kernel-parameters.txt | 4 +
fs/proc/base.c | 64 ++-
fs/proc/internal.h | 1 +
include/linux/cred.h | 1 -
include/linux/lsm_hooks.h | 40 +-
include/linux/security.h | 15 +-
include/linux/selinux.h | 35 --
kernel/cred.c | 13 -
security/Kconfig | 41 +-
security/apparmor/Kconfig | 16 -
security/apparmor/domain.c | 2 +-
security/apparmor/include/cred.h | 16 +-
security/apparmor/include/file.h | 5 +-
security/apparmor/include/lib.h | 4 +
security/apparmor/include/task.h | 18 +-
security/apparmor/lsm.c | 65 ++-
security/apparmor/task.c | 6 +-
security/commoncap.c | 9 +-
security/loadpin/loadpin.c | 8 +-
security/security.c | 635 +++++++++++++++++++++---
security/selinux/Kconfig | 15 -
security/selinux/Makefile | 2 +-
security/selinux/exports.c | 23 -
security/selinux/hooks.c | 345 ++++---------
security/selinux/include/audit.h | 3 -
security/selinux/include/objsec.h | 38 +-
security/selinux/selinuxfs.c | 4 +-
security/selinux/ss/services.c | 1 -
security/selinux/xfrm.c | 4 +-
security/smack/smack.h | 44 +-
security/smack/smack_access.c | 4 +-
security/smack/smack_lsm.c | 316 ++++--------
security/smack/smackfs.c | 18 +-
security/tomoyo/common.h | 22 +-
security/tomoyo/domain.c | 4 +-
security/tomoyo/securityfs_if.c | 15 +-
security/tomoyo/tomoyo.c | 49 +-
security/yama/yama_lsm.c | 8 +-
39 files changed, 1133 insertions(+), 793 deletions(-)
delete mode 100644 include/linux/selinux.h
delete mode 100644 security/selinux/exports.c
--
Kees Cook
next reply other threads:[~2019-01-08 21:35 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-08 21:35 Kees Cook [this message]
2019-01-10 20:34 ` [GIT PULL] blob-stacking updates for security-next James Morris
2019-01-10 21:21 ` Paul Moore
2019-01-10 22:00 ` James Morris
2019-01-10 22:39 ` Paul Moore
2019-01-11 18:24 ` James Morris
2019-01-11 10:38 ` Tetsuo Handa
2019-01-11 17:29 ` Casey Schaufler
2019-01-11 17:44 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190108213504.GA32901@beast \
--to=keescook@chromium.org \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=s.mesoraca16@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.