Kernel repository updated to v4.11-rc1

Kernel repository updated to v4.11-rc1

[James Morris]

On Mon, 6 Mar 2017, Stephen Smalley wrote:

> On Mon, 2017-03-06 at 11:18 +1100, James Morris wrote:
> > FYI, I've merged security-next with v4.11-rc1 and then merged the?
> > following queued patches:
> > 
> > ca97d939db114c8d1619e10a3b82af8615372dae security: mark LSM hooks as
> > __ro_after_init
> > dd0859dccbe291cf8179a96390f5c0e45cb9af1d security: introduce
> > CONFIG_SECURITY_WRITABLE_HOOKS
> > 84e6885e9e6a818d1ca1eabb9b720b357ab07a8b selinux: fix kernel BUG on
> > prlimit(..., NULL, NULL)
> > 791ec491c372f49cea3ea7a7143454a9023ac9d4 prlimit,security,selinux:
> > add a security hook for prlimit
> > 
> > Please test!
> 
> Passes the SELinux testsuite for me, and correctly set or unset
> CONFIG_SECURITY_WRITABLE_HOOKS based on whether
> CONFIG_SECURITY_SELINUX_DISABLE is unset/set.

Thanks!

> 
> I noticed that CONFIG_SECURITY_SELINUX_DISABLE=y has crept into many
> defconfig files; might want to remove that at some point so that people
> don't enable it if they don't truly need it.

Ok, that's next.


-- 
James Morris
<jmorris@namei.org>

Kernel repository updated to v4.11-rc1 *** reverted ??? ***

[Mimi Zohar]

On Mon, 2017-03-06 at 11:18 +1100, James Morris wrote:
> FYI, I've merged security-next with v4.11-rc1 and then merged the 
> following queued patches:
> 
> ca97d939db114c8d1619e10a3b82af8615372dae security: mark LSM hooks as __ro_after_init
> dd0859dccbe291cf8179a96390f5c0e45cb9af1d security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
> 84e6885e9e6a818d1ca1eabb9b720b357ab07a8b selinux: fix kernel BUG on prlimit(..., NULL, NULL)
> 791ec491c372f49cea3ea7a7143454a9023ac9d4 prlimit,security,selinux: add a security hook for prlimit
> 
> Please test!

The current tip of the linux-security #next branch has been reverted to
commit 61841be6358c "tpm: declare tpm2_get_pcr_allocation() as static".
Was this intentional?

I'm seeing ...

$ git status
On branch security-next
Your branch is ahead of 'security/next' by 13176 commits.
  (use "git push" to publish your local commits)
Untracked files:
  (use "git add <file>..." to include in what will be committed)

	ca-cert.pem
	ca-cert.x509

nothing added to commit but untracked files present (use "git add" to
track)]
$ git log --oneline -5
ca97d939db11 security: mark LSM hooks as __ro_after_init
dd0859dccbe2 security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
84e6885e9e6a selinux: fix kernel BUG on prlimit(..., NULL, NULL)
791ec491c372 prlimit,security,selinux: add a security hook for prlimit
c1ae3cfa0e89 Linux 4.11-rc1

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Kernel repository updated to v4.11-rc1 *** reverted ??? ***

[James Morris]

On Mon, 13 Mar 2017, Mimi Zohar wrote:

> On Mon, 2017-03-06 at 11:18 +1100, James Morris wrote:
> > FYI, I've merged security-next with v4.11-rc1 and then merged the 
> > following queued patches:
> > 
> > ca97d939db114c8d1619e10a3b82af8615372dae security: mark LSM hooks as __ro_after_init
> > dd0859dccbe291cf8179a96390f5c0e45cb9af1d security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
> > 84e6885e9e6a818d1ca1eabb9b720b357ab07a8b selinux: fix kernel BUG on prlimit(..., NULL, NULL)
> > 791ec491c372f49cea3ea7a7143454a9023ac9d4 prlimit,security,selinux: add a security hook for prlimit
> > 
> > Please test!
> 
> The current tip of the linux-security #next branch has been reverted to
> commit 61841be6358c "tpm: declare tpm2_get_pcr_allocation() as static".
> Was this intentional?
> 

That's very odd.  It looks correct via git web:
https://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git/log/?h=next

(ca97d939)

but when I clone a new tree, I see what you see (61841be6358c).

Did you see a forced update message when you pulled?

Perhaps there was a disk restore at kernel.org?




-- 
James Morris
<jmorris@namei.org>

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Kernel repository updated to v4.11-rc1 *** reverted ??? ***

[Konstantin Ryabitsev]

On Tue, Mar 14, 2017 at 01:40:14AM +1100, James Morris wrote:
>On Mon, 13 Mar 2017, Mimi Zohar wrote:
>
>> On Mon, 2017-03-06 at 11:18 +1100, James Morris wrote:
>> > FYI, I've merged security-next with v4.11-rc1 and then merged the
>> > following queued patches:
>> >
>> > ca97d939db114c8d1619e10a3b82af8615372dae security: mark LSM hooks as __ro_after_init
>> > dd0859dccbe291cf8179a96390f5c0e45cb9af1d security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
>> > 84e6885e9e6a818d1ca1eabb9b720b357ab07a8b selinux: fix kernel BUG on prlimit(..., NULL, NULL)
>> > 791ec491c372f49cea3ea7a7143454a9023ac9d4 prlimit,security,selinux: add a security hook for prlimit
>> >
>> > Please test!
>>
>> The current tip of the linux-security #next branch has been reverted to
>> commit 61841be6358c "tpm: declare tpm2_get_pcr_allocation() as static".
>> Was this intentional?
>>
>
>That's very odd.  It looks correct via git web:
>https://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git/log/?h=next
>
>(ca97d939)
>
>but when I clone a new tree, I see what you see (61841be6358c).
>
>Did you see a forced update message when you pulled?
>
>Perhaps there was a disk restore at kernel.org?

Can you tell me precise origin paths for where things are correct and 
where things are wrong?

-K
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Kernel repository updated to v4.11-rc1 *** reverted ??? ***

[Mimi Zohar]

On Mon, 2017-03-13 at 10:53 -0400, Konstantin Ryabitsev wrote:
> On Tue, Mar 14, 2017 at 01:40:14AM +1100, James Morris wrote:
> >On Mon, 13 Mar 2017, Mimi Zohar wrote:
> >
> >> On Mon, 2017-03-06 at 11:18 +1100, James Morris wrote:
> >> > FYI, I've merged security-next with v4.11-rc1 and then merged the
> >> > following queued patches:
> >> >
> >> > ca97d939db114c8d1619e10a3b82af8615372dae security: mark LSM hooks as __ro_after_init
> >> > dd0859dccbe291cf8179a96390f5c0e45cb9af1d security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
> >> > 84e6885e9e6a818d1ca1eabb9b720b357ab07a8b selinux: fix kernel BUG on prlimit(..., NULL, NULL)
> >> > 791ec491c372f49cea3ea7a7143454a9023ac9d4 prlimit,security,selinux: add a security hook for prlimit
> >> >
> >> > Please test!
> >>
> >> The current tip of the linux-security #next branch has been reverted to
> >> commit 61841be6358c "tpm: declare tpm2_get_pcr_allocation() as static".
> >> Was this intentional?
> >>
> >
> >That's very odd.  It looks correct via git web:
> >https://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git/log/?h=next
> >
> >(ca97d939)
> >

From
"https://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git", I'm seeing:

next	tpm: declare tpm2_get_pcr_allocation() as static	Jarkko Sakkinen	3 weeks

> >but when I clone a new tree, I see what you see (61841be6358c).
> >
> >Did you see a forced update message when you pulled?

> >Perhaps there was a disk restore at kernel.org?
> 
> Can you tell me precise origin paths for where things are correct and 
> where things are wrong?

For me, both the git repo and the URL are wrong:

git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
https://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Kernel repository updated to v4.11-rc1 *** reverted ??? ***

[Konstantin Ryabitsev]

On Mon, Mar 13, 2017 at 11:07:37AM -0400, Mimi Zohar wrote:
>For me, both the git repo and the URL are wrong:
>
>git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
>https://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git

Can you give me the output of 'host git.kernel.org'? It's geo-based now, 
so can be pointing to one of 4 different frontends.

-K

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Kernel repository updated to v4.11-rc1 *** reverted ??? ***

[Mimi Zohar]

On Mon, 2017-03-13 at 11:33 -0400, Konstantin Ryabitsev wrote:
> On Mon, Mar 13, 2017 at 11:07:37AM -0400, Mimi Zohar wrote:
> >For me, both the git repo and the URL are wrong:
> >
> >git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
> >https://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
> 
> Can you give me the output of 'host git.kernel.org'? It's geo-based now, 
> so can be pointing to one of 4 different frontends.

$ host git.kernel.org
git.kernel.org is an alias for pub.kernel.org.
pub.kernel.org is an alias for pub.ewr.kernel.org.
pub.ewr.kernel.org has address 147.75.196.57
pub.ewr.kernel.org has IPv6 address 2604:1380:1:3600::3

$ git branch -rv | grep "security/next"
  security/next                                            61841be6358c tpm: declare tpm2_get_pcr_allocation() as static

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Kernel repository updated to v4.11-rc1 *** reverted ??? ***

[Konstantin Ryabitsev]

On Mon, Mar 13, 2017 at 11:40:50AM -0400, Mimi Zohar wrote:
>$ host git.kernel.org
>git.kernel.org is an alias for pub.kernel.org.
>pub.kernel.org is an alias for pub.ewr.kernel.org.
>pub.ewr.kernel.org has address 147.75.196.57
>pub.ewr.kernel.org has IPv6 address 2604:1380:1:3600::3

The EWR frontend was the culprit. There were hardware problems with the 
first EWR system we brought up, so I had to resync the replacement 
system from it. The origin for some of the repositories was still 
pointing at the dead box, so the updates did not properly propagate to 
EWR.

It should be in a happier place now.

-Konstantin
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Kernel repository updated to v4.11-rc1 *** reverted ??? ***

[Mimi Zohar]

On Mon, 2017-03-13 at 12:05 -0400, Konstantin Ryabitsev wrote:
> On Mon, Mar 13, 2017 at 11:40:50AM -0400, Mimi Zohar wrote:
> >$ host git.kernel.org
> >git.kernel.org is an alias for pub.kernel.org.
> >pub.kernel.org is an alias for pub.ewr.kernel.org.
> >pub.ewr.kernel.org has address 147.75.196.57
> >pub.ewr.kernel.org has IPv6 address 2604:1380:1:3600::3
> 
> The EWR frontend was the culprit. There were hardware problems with the 
> first EWR system we brought up, so I had to resync the replacement 
> system from it. The origin for some of the repositories was still 
> pointing at the dead box, so the updates did not properly propagate to 
> EWR.
> 
> It should be in a happier place now.

Yes, thanks!

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Kernel repository updated to v4.11-rc1 *** reverted ??? ***

[James Morris]

On Mon, 13 Mar 2017, Konstantin Ryabitsev wrote:

> On Mon, Mar 13, 2017 at 11:07:37AM -0400, Mimi Zohar wrote:
> >For me, both the git repo and the URL are wrong:
> >
> >git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
> >https://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
> 
> Can you give me the output of 'host git.kernel.org'? It's geo-based now, so
> can be pointing to one of 4 different frontends.

>From the system I did a fresh clone on:

$ host  git.kernel.org
git.kernel.org is an alias for pub.kernel.org.
pub.kernel.org is an alias for pub.ewr.kernel.org.
pub.ewr.kernel.org has address 147.75.196.57
pub.ewr.kernel.org has IPv6 address 2604:1380:1:3600::3


>From my local network:

$ host git.kernel.org
git.kernel.org is an alias for pub.kernel.org.
pub.kernel.org is an alias for pub.nrt.kernel.org.
pub.nrt.kernel.org has address 147.75.110.187
pub.nrt.kernel.org has IPv6 address 2604:1380:3000:3500::3


I'm still seeing the correct head at 
https://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git/log/?h=next


-- 
James Morris
<jmorris@namei.org>

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Kernel repository updated to v4.11-rc1 *** reverted ??? ***

[James Morris]

On Mon, 13 Mar 2017, Konstantin Ryabitsev wrote:

> Can you tell me precise origin paths for where things are correct and where
> things are wrong?

Correct: ca97d939db114c8d1619e10a3b82af8615372dae
Incorrect: 61841be6358c03e864ad4c386c9a102edbba9cb8
-- 
James Morris
<jmorris@namei.org>

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Kernel repository updated to v4.11-rc1 *** reverted ??? ***

[James Morris]

On Mon, 13 Mar 2017, Konstantin Ryabitsev wrote:

> On Mon, Mar 13, 2017 at 11:40:50AM -0400, Mimi Zohar wrote:
> >$ host git.kernel.org
> >git.kernel.org is an alias for pub.kernel.org.
> >pub.kernel.org is an alias for pub.ewr.kernel.org.
> >pub.ewr.kernel.org has address 147.75.196.57
> >pub.ewr.kernel.org has IPv6 address 2604:1380:1:3600::3
> 
> The EWR frontend was the culprit. There were hardware problems with the first
> EWR system we brought up, so I had to resync the replacement system from it.
> The origin for some of the repositories was still pointing at the dead box, so
> the updates did not properly propagate to EWR.
> 
> It should be in a happier place now.

Looks good for me too now, thanks!


-- 
James Morris
<jmorris@namei.org>

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html