linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [GIT PULL] selinux/selinux-pr-20250121
@ 2025-01-21 23:40 Paul Moore
  2025-01-22  4:15 ` pr-tracker-bot
  0 siblings, 1 reply; 2+ messages in thread
From: Paul Moore @ 2025-01-21 23:40 UTC (permalink / raw)
  To: Linus Torvalds; +Cc: selinux, linux-security-module, linux-kernel

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 4095 bytes --]

Linus,

A lucky 13 SELinux patches for the v6.14 merge window, the summary is
below:

- Extended permissions supported in conditional policy

  The SELinux extended permissions, aka "xperms", allow security admins
  to target individuals ioctls, and recently netlink messages, with
  their SELinux policy.  Adding support for conditional policies allows
  admins to toggle the granular xperms using SELinux booleans, helping
  pave the way for greater use of xperms in general purpose SELinux
  policies.  This change bumps the maximum SELinux policy version to 34.

- Fix a SCTP/SELinux error return code inconsistency

  Depending on the loaded SELinux policy, specifically it's EXTSOCKCLASS
  support, the bind(2) LSM/SELinux hook could return different error
  codes due to the SELinux code checking the socket's SELinux object
  class (which can vary depending on EXTSOCKCLASS) and not the socket's
  sk_protocol field.  We fix this by doing the obvious, and looking at
  the sock->sk_protocol field instead of the object class.

- Makefile fixes to properly cleanup av_permissions.h

  Add av_permissions.h to "targets" so that it is properly cleaned up
  using the kbuild infrastructure.

- A number of smaller improvements by Christian Göttsche

  A variety of straightforward changes to reduce code duplication,
  reduce pointer lookups, migrate void pointers to defined types,
  simplify code, constify function parameters, and correct
  iterator types.

--
The following changes since commit 40384c840ea1944d7c5a392e8975ed088ecf0b37:

  Linux 6.13-rc1 (2024-12-01 14:28:56 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
    tags/selinux-pr-20250121

for you to fetch changes up to 01c2253a0fbdccb58cd79d4ff9ab39964bfb4474:

  selinux: make more use of str_read() when loading the policy
    (2025-01-07 23:14:40 -0500)

----------------------------------------------------------------
selinux/stable-6.14 PR 20250121
----------------------------------------------------------------

Christian Göttsche (10):
      selinux: use native iterator types
      selinux: add support for xperms in conditional policies
      selinux: supply missing field initializers
      selinux: avoid using types indicating user space interaction
      selinux: constify and reconcile function parameter names
      selinux: rework match_ipv6_addrmask()
      selinux: rename comparison functions for clarity
      selinux: use known type instead of void pointer
      selinux: avoid unnecessary indirection in struct level_datum
      selinux: make more use of str_read() when loading the policy

Mikhail Ivanov (1):
      selinux: Fix SCTP error inconsistency in selinux_socket_bind()

Thiébaud Weksteen (1):
      selinux: add netlink nlmsg_type audit message

Thomas Weißschuh (1):
      selinux: add generated av_permissions.h to targets

 include/linux/lsm_audit.h              |    2 
 security/lsm_audit.c                   |    3 
 security/selinux/Makefile              |    7 -
 security/selinux/hooks.c               |   10 -
 security/selinux/include/classmap.h    |    2 
 security/selinux/include/conditional.h |    2 
 security/selinux/include/security.h    |    7 -
 security/selinux/selinuxfs.c           |    4 
 security/selinux/ss/avtab.c            |   19 ++-
 security/selinux/ss/avtab.h            |   13 +-
 security/selinux/ss/conditional.c      |   24 +---
 security/selinux/ss/conditional.h      |    6 -
 security/selinux/ss/context.c          |    2 
 security/selinux/ss/context.h          |   14 +-
 security/selinux/ss/ebitmap.c          |   12 +-
 security/selinux/ss/ebitmap.h          |    7 -
 security/selinux/ss/mls.c              |    6 -
 security/selinux/ss/mls_types.h        |    2 
 security/selinux/ss/policydb.c         |  135 +++++++++++--------------
 security/selinux/ss/policydb.h         |   22 ++--
 security/selinux/ss/services.c         |   30 ++---
 security/selinux/ss/sidtab.c           |    6 -
 22 files changed, 170 insertions(+), 165 deletions(-)

--
paul-moore.com

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [GIT PULL] selinux/selinux-pr-20250121
  2025-01-21 23:40 [GIT PULL] selinux/selinux-pr-20250121 Paul Moore
@ 2025-01-22  4:15 ` pr-tracker-bot
  0 siblings, 0 replies; 2+ messages in thread
From: pr-tracker-bot @ 2025-01-22  4:15 UTC (permalink / raw)
  To: Paul Moore; +Cc: Linus Torvalds, selinux, linux-security-module, linux-kernel

The pull request you sent on Tue, 21 Jan 2025 18:40:24 -0500:

> https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20250121

has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/690ffcd817eaad3bd25a24dd8d63d9d97adf5cfe

Thank you!

-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-01-22  4:15 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-21 23:40 [GIT PULL] selinux/selinux-pr-20250121 Paul Moore
2025-01-22  4:15 ` pr-tracker-bot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).