* [GIT PULL] selinux/selinux-pr-20260615
@ 2026-06-16 2:55 Paul Moore
0 siblings, 0 replies; only message in thread
From: Paul Moore @ 2026-06-16 2:55 UTC (permalink / raw)
To: Linus Torvalds; +Cc: selinux, linux-security-module, linux-kernel
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 3477 bytes --]
Linus,
A number of SELinux patches for Linux v7.2, almost all of which are
either minor fixes or hardening patches.
- Additional verifications when loading new SELinux policy
Multiple patches by Christian Göttsche to add additional validations to
the code responsible for loading and parsing SELinux policy as it is
loaded into the kernel.
- Avoid nontransitive comparisons comparisons in our sorting code
Done to prevent unexpected sorting results due to overflow. Qualys
documented a similar issue with glibc:
https://www.qualys.com/2024/01/30/qsort.txt
- Consistently use u16 for SELinux security classes
- Move from page allocations to kmalloc() based allocations
Unfortunately one of these patches had to be reverted, but you should
see a fixed version during the next merge window.
- Move from kmalloc_objs() to kzalloc_objs() in the policy load code
- Reorder sel_kill_sb() slightly to match other pseudo filesystems
- Simplify things with QSTR() instead of QSTR_INIT()
- Minor comment typo fixes
Paul
--
The following changes since commit 254f49634ee16a731174d2ae34bc50bd5f45e731:
Linux 7.1-rc1 (2026-04-26 14:19:00 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
tags/selinux-pr-20260615
for you to fetch changes up to 033182baeab63ce96a6eb8aef1a6cd444fcf9519:
selinux: revert use of __getname() in selinux_genfs_get_sid()
(2026-05-29 11:24:37 -0400)
----------------------------------------------------------------
selinux/stable-7.2 PR 20260615
----------------------------------------------------------------
Christian Göttsche (9):
selinux: avoid nontransitive comparison
selinux: use u16 for security classes
selinux: more strict policy parsing
selinux: check length fields in policies
selinux: check type attr map overflows
selinux: reorder policydb_index()
selinux: beef up isvalid checks
selinux: more strict bounds check
selinux: check for simple types
Kalevi Kolttonen (2):
selinux: comment typo fix in selinuxfs.c
selinux: comment spelling fix in ibpkey.c
Mike Rapoport (Microsoft) (2):
selinux: use k[mz]alloc() to allocate temporary buffers
selinux: hooks: use __getname() to allocate path buffer
Paul Moore (1):
selinux: revert use of __getname() in selinux_genfs_get_sid()
Stephen Smalley (2):
selinux: fix sel_kill_sb()
selinux: switch two allocations to use kzalloc_objs()
Thorsten Blum (1):
selinux: use QSTR() instead of QSTR_INIT() in init_sel_fs
security/selinux/ibpkey.c | 2
security/selinux/include/security.h | 1
security/selinux/selinuxfs.c | 27 +-
security/selinux/ss/avtab.c | 49 +++
security/selinux/ss/avtab.h | 13 +
security/selinux/ss/conditional.c | 39 ++-
security/selinux/ss/constraint.h | 1
security/selinux/ss/ebitmap.c | 27 ++
security/selinux/ss/ebitmap.h | 1
security/selinux/ss/hashtab.h | 4
security/selinux/ss/mls.c | 66 +++--
security/selinux/ss/mls.h | 6
security/selinux/ss/policydb.c | 358 ++++++++++++++++++++++------
security/selinux/ss/policydb.h | 56 +++-
security/selinux/ss/services.c | 13 -
security/selinux/ss/symtab.c | 2
security/selinux/ss/symtab.h | 2
17 files changed, 512 insertions(+), 155 deletions(-)
--
paul-moore.com
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-16 2:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-16 2:55 [GIT PULL] selinux/selinux-pr-20260615 Paul Moore
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox