All of lore.kernel.org
 help / color / mirror / Atom feed
From: Paul Moore <pmoore@redhat.com>
To: James Morris <jmorris@namei.org>
Cc: linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov
Subject: [GIT PULL] SELinux patches for 3.16
Date: Thu, 22 May 2014 11:25:33 -0400	[thread overview]
Message-ID: <5872296.eRu4qP8SMB@sifl> (raw)

Hi James,

Here are the SELinux patches for 3.16.  A total of four patches: two to fix a 
problem when loading policy on slow machines, one to make it easier to 
determine permissive mode in the AVC audit messages, and one to block cause 
setexeccon() to fail on filesystems mounted with nosuid.  None of the patches 
are very substantial (see the diffstat below), all pass the SELinux testsuite, 
and the branch applied cleanly on top of your current #next.

Enjoy,
-Paul

---
The following changes since commit 6d32c850621b0be75777b9102b14f6268bbd9f0f:

  Merge tag 'v3.14' into next (2014-03-31 09:49:07 -0400)

are available in the git repository at:

  git://git.infradead.org/users/pcmoore/selinux next

for you to fetch changes up to 47dd0b76ace953bd2c0479076db0d3e3b9594003:

  selinux: conditionally reschedule in hashtab_insert while loading selinux
           policy (2014-05-15 17:07:55 -0400)

----------------------------------------------------------------
Dave Jones (2):
      selinux: conditionally reschedule in mls_convert_context while loading 
               selinux policy
      selinux: conditionally reschedule in hashtab_insert while loading 
               selinux policy

Paul Moore (1):
      selinux: reject setexeccon() on MNT_NOSUID applications with -EACCES

Stephen Smalley (1):
      selinux:  Report permissive mode in avc: denied messages.

 security/selinux/avc.c         |  7 ++++++-
 security/selinux/hooks.c       | 11 +++++++----
 security/selinux/include/avc.h |  4 ++--
 security/selinux/ss/hashtab.c  |  3 +++                                        
 security/selinux/ss/mls.c      |  2 ++                                         
 5 files changed, 20 insertions(+), 7 deletions(-)

-- 
paul moore
security and virtualization @ redhat

             reply	other threads:[~2014-05-22 15:25 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-22 15:25 Paul Moore [this message]
2014-05-26 12:38 ` [GIT PULL] SELinux patches for 3.16 James Morris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5872296.eRu4qP8SMB@sifl \
    --to=pmoore@redhat.com \
    --cc=jmorris@namei.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.