Follow-up on the lblnet-next tree

Follow-up on the lblnet-next tree

[Paul Moore]

Just a quick follow-up to my emails from earlier today; I've built/booted the 
lblnet-next tree on Fedora Rawhide and didn't see anything catastrophic, but 
further testing is always welcome.  I also talked with Eric and he promised 
that once 3.11-rc1 is released he will do a push the tree to James.  If he 
doesn't, I promise to hunt him down and tar/feather him ;)

 * git://git.infradead.org/users/pcmoore/lblnet-2.6_next
 * http://git.infradead.org/users/pcmoore/lblnet-2.6_next

Paul Moore (9):
      selinux: fix problems in netnode when BUG() is compiled out
      lsm: split the xfrm_state_alloc_security() hook implementation
      selinux: cleanup and consolidate the XFRM alloc/clone/delete/free code
      selinux: cleanup selinux_xfrm_policy_lookup() and ...
      selinux: cleanup selinux_xfrm_sock_rcv_skb() and ...
      selinux: cleanup some comment and whitespace issues in the XFRM code
      selinux: cleanup selinux_xfrm_decode_session()
      selinux: cleanup the XFRM header
      selinux: remove the BUG_ON() from selinux_skb_xfrm_sid()

Stephen Smalley (1):
      SELinux: Enable setting security contexts on rootfs inodes.

Waiman Long (1):
      SELinux: Reduce overhead of mls_level_isvalid() function call


 include/linux/security.h        |   26 ++
 security/capability.c           |   15 +
 security/security.c             |   13 -
 security/selinux/hooks.c        |   18 +-
 security/selinux/include/xfrm.h |   45 ++--
 security/selinux/netnode.c      |    2
 security/selinux/ss/ebitmap.c   |   20 ++
 security/selinux/ss/ebitmap.h   |    2
 security/selinux/ss/mls.c       |   22 +-
 security/selinux/ss/mls_types.h |    2
 security/selinux/xfrm.c         |  453 ++++++++++++++++---------------------
 11 files changed, 298 insertions(+), 320 deletions(-)

-- 
paul moore
security and virtualization @ redhat


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Follow-up on the lblnet-next tree

[Paul Moore]

Just a quick follow-up to let you know that I've rebased the lblnet-next tree 
to Linus' post -rc2 tree from earlier today.  I did a quick build/boot/test 
cycle and everything looked sane to me, but additional testing is always 
welcome.

 * git://git.infradead.org/users/pcmoore/lblnet-2.6_next
 * http://git.infradead.org/users/pcmoore/lblnet-2.6_next

The lblnet-next tree contents:

Eric Paris (1):
      SELinux: fix selinuxfs policy file on big endian systems

Paul Moore (9):
      selinux: fix problems in netnode when BUG() is compiled out
      lsm: split the xfrm_state_alloc_security() hook implementation
      selinux: cleanup and consolidate the XFRM alloc/clone/delete/free code
      selinux: cleanup selinux_xfrm_policy_lookup() and 
selinux_xfrm_state_pol_flow_match()
      selinux: cleanup selinux_xfrm_sock_rcv_skb() and 
selinux_xfrm_postroute_last()
      selinux: cleanup some comment and whitespace issues in the XFRM code
      selinux: cleanup selinux_xfrm_decode_session()
      selinux: cleanup the XFRM header
      selinux: remove the BUG_ON() from selinux_skb_xfrm_sid()

Stephen Smalley (1):
      SELinux: Enable setting security contexts on rootfs inodes.

Waiman Long (2):
      SELinux: Reduce overhead of mls_level_isvalid() function call
      SELinux: Increase ebitmap_node size for 64-bit configuration


 include/linux/security.h        |   26 ++
 security/capability.c           |   15 +
 security/security.c             |   13 -
 security/selinux/hooks.c        |   18 +-
 security/selinux/include/xfrm.h |   45 ++--
 security/selinux/netnode.c      |    2 
 security/selinux/ss/ebitmap.c   |   20 ++
 security/selinux/ss/ebitmap.h   |   10 +
 security/selinux/ss/mls.c       |   22 +-
 security/selinux/ss/mls_types.h |    2 
 security/selinux/ss/policydb.c  |    3 
 security/selinux/xfrm.c         |  453 ++++++++++++++++---------------------
 12 files changed, 306 insertions(+), 323 deletions(-)

-- 
paul moore
security and virtualization @ redhat


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Follow-up on the lblnet-next tree

[Paul Moore]

On Monday, September 09, 2013 07:35:29 PM Waiman Long wrote:
> On 07/23/2013 06:05 PM, Paul Moore wrote:
> > Just a quick follow-up to let you know that I've rebased the lblnet-next
> > tree to Linus' post -rc2 tree from earlier today.  I did a quick
> > build/boot/test cycle and everything looked sane to me, but additional
> > testing is always welcome.
> > 
> >   * git://git.infradead.org/users/pcmoore/lblnet-2.6_next
> >   * http://git.infradead.org/users/pcmoore/lblnet-2.6_next
> 
> Just want to know if you are planning to push those patches into v3.12.

You and me both.

Your patches, as well as a number of others, should go in via Eric's SELinux 
tree, not my labeled networking tree; I was simply hosting the patches to get 
them some exposure in linux-next.  A few weeks back Eric merged the patches 
into his SELinux tree so I dropped them from lblnet-next to prevent conflicts.

Eric, push them patches up to James already.  It is absolutely ridiculous that 
we've got bug fixes that have missed *several* kernel releases because you 
aren't pushing fixes upstream.  This is *extremely* frustrating.

-- 
paul moore
security and virtualization @ redhat


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.