* [security-next] Pull request (merge window)
@ 2014-06-04 16:24 Serge E. Hallyn
0 siblings, 0 replies; 4+ messages in thread
From: Serge E. Hallyn @ 2014-06-04 16:24 UTC (permalink / raw)
To: torvalds; +Cc: linux-kernel, jmorris, zohar, akpm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is a merge of James Morris' security-next tree from 3.14 to yesterday's
master, plus 4 patches from Paul Moore which are in linux-next, plus one patch
from Mimi.
The following changes since commit c9482a5bdcc09be9096f40e858c5fe39c389cd52:
kernfs: move the last knowledge of sysfs out from kernfs (2014-06-03 08:11:18 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security serge-next-1
for you to fetch changes up to 2d7667f8d83ee059c2f792040bed255f716c634c:
Merge branch 'james-next-mimi-paul' into serge-next (2014-06-03 15:48:34 -0500)
- ----------------------------------------------------------------
Casey Schaufler (4):
Smack: Correctly remove SMACK64TRANSMUTE attribute
Smack: bidirectional UDS connect check
Smack: Verify read access on file open - v3
Smack: Label cgroup files for systemd
Dave Jones (2):
selinux: conditionally reschedule in mls_convert_context while loading selinux policy
selinux: conditionally reschedule in hashtab_insert while loading selinux policy
David Howells (1):
KEYS: Move the flags representing required permission to linux/key.h
Dmitry Kasatkin (1):
smack: fix key permission verification
James Morris (3):
Merge commit 'v3.14' into next
Merge tag 'keys-20140314' of git://git.kernel.org/.../dhowells/linux-fs into next
Merge branch 'smack-for-3.16' of git://git.gitorious.org/smack-next/kernel into next
Joe Perches (1):
security: Convert use of typedef ctl_table to struct ctl_table
José Bollo (2):
Minor improvement of 'smack_sb_kern_mount'
SMACK: Fix handling value==NULL in post setxattr
Lukasz Pawelczyk (3):
Smack: fix the subject/object order in smack_ptrace_traceme()
Smack: unify all ptrace accesses in the smack
Smack: adds smackfs/ptrace interface
Mimi Zohar (1):
ima: audit log files opened with O_DIRECT flag
Pankaj Kumar (1):
bugfix patch for SMACK
Paul Moore (1):
selinux: reject setexeccon() on MNT_NOSUID applications with -EACCES
Serge Hallyn (1):
Merge branch 'james-next-mimi-paul' into serge-next
Stephen Smalley (1):
selinux: Report permissive mode in avc: denied messages.
Toralf Förster (1):
Warning in scanf string typing
Documentation/ABI/testing/ima_policy | 2 +-
Documentation/security/Smack.txt | 10 ++
include/linux/key.h | 11 ++
include/linux/security.h | 6 +-
security/capability.c | 2 +-
security/integrity/ima/ima_api.c | 10 +-
security/integrity/ima/ima_main.c | 5 +-
security/integrity/ima/ima_policy.c | 6 +-
security/integrity/integrity.h | 1 +
security/keys/internal.h | 11 +-
security/keys/key.c | 6 +-
security/keys/keyctl.c | 44 +++----
security/keys/keyring.c | 8 +-
security/keys/permission.c | 4 +-
security/keys/persistent.c | 4 +-
security/keys/proc.c | 2 +-
security/keys/sysctl.c | 2 +-
security/security.c | 2 +-
security/selinux/avc.c | 7 +-
security/selinux/hooks.c | 13 +-
security/selinux/include/avc.h | 4 +-
security/selinux/ss/hashtab.c | 3 +
security/selinux/ss/mls.c | 2 +
security/smack/smack.h | 16 ++-
security/smack/smack_access.c | 38 ++++--
security/smack/smack_lsm.c | 249 ++++++++++++++++++++++++++---------
security/smack/smackfs.c | 76 ++++++++++-
27 files changed, 407 insertions(+), 137 deletions(-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJTj0gOAAoJELF1z6mPGSryVy4H/iqVDXUdDrW80Y2Eb1tdsDo/
mApSqV5seKID5QMlRKa2D7diuEbsyhheU/4nuzafm0H3adCnDJoBdjuU6a+XgRBr
m58xYpzR/BR3Wf0R7Bautoud/Vf0usMOqKok3e2fiVEK2JeEODuiINrgNsFA+N4h
FzbeA0SXpdKeT6gqxO7b1gun/FQyE/+L8D6ox8ZCZcVHjEFuaWxkDhL/z5bUkCXI
bjWYhTBPl4bL1ZrnfjV2uIaLR2yaOx2pDmclnmGgX+fNhWQi6dPdM6VRFbL4WMJf
368hpaJR1MWSF5npzu+CHT2Gb5piuCo/Jt5wJpW6GL3TFxoQayZkgpakXXohW2U=
=EiFM
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 4+ messages in thread
* [security-next] Pull request (merge window)
@ 2014-06-09 22:08 Serge E. Hallyn
0 siblings, 0 replies; 4+ messages in thread
From: Serge E. Hallyn @ 2014-06-09 22:08 UTC (permalink / raw)
To: torvalds; +Cc: linux-kernel, jmorris, zohar, akpm, linux-security-module
(Resending unchanged, as this still applies cleanly on top of current git
HEAD)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is a merge of James Morris' security-next tree from 3.14 to yesterday's
master, plus 4 patches from Paul Moore which are in linux-next, plus one patch
from Mimi.
The following changes since commit c9482a5bdcc09be9096f40e858c5fe39c389cd52:
kernfs: move the last knowledge of sysfs out from kernfs (2014-06-03 08:11:18 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security serge-next-1
for you to fetch changes up to 2d7667f8d83ee059c2f792040bed255f716c634c:
Merge branch 'james-next-mimi-paul' into serge-next (2014-06-03 15:48:34 -0500)
- ----------------------------------------------------------------
Casey Schaufler (4):
Smack: Correctly remove SMACK64TRANSMUTE attribute
Smack: bidirectional UDS connect check
Smack: Verify read access on file open - v3
Smack: Label cgroup files for systemd
Dave Jones (2):
selinux: conditionally reschedule in mls_convert_context while loading selinux policy
selinux: conditionally reschedule in hashtab_insert while loading selinux policy
David Howells (1):
KEYS: Move the flags representing required permission to linux/key.h
Dmitry Kasatkin (1):
smack: fix key permission verification
James Morris (3):
Merge commit 'v3.14' into next
Merge tag 'keys-20140314' of git://git.kernel.org/.../dhowells/linux-fs into next
Merge branch 'smack-for-3.16' of git://git.gitorious.org/smack-next/kernel into next
Joe Perches (1):
security: Convert use of typedef ctl_table to struct ctl_table
José Bollo (2):
Minor improvement of 'smack_sb_kern_mount'
SMACK: Fix handling value==NULL in post setxattr
Lukasz Pawelczyk (3):
Smack: fix the subject/object order in smack_ptrace_traceme()
Smack: unify all ptrace accesses in the smack
Smack: adds smackfs/ptrace interface
Mimi Zohar (1):
ima: audit log files opened with O_DIRECT flag
Pankaj Kumar (1):
bugfix patch for SMACK
Paul Moore (1):
selinux: reject setexeccon() on MNT_NOSUID applications with -EACCES
Serge Hallyn (1):
Merge branch 'james-next-mimi-paul' into serge-next
Stephen Smalley (1):
selinux: Report permissive mode in avc: denied messages.
Toralf Förster (1):
Warning in scanf string typing
Documentation/ABI/testing/ima_policy | 2 +-
Documentation/security/Smack.txt | 10 ++
include/linux/key.h | 11 ++
include/linux/security.h | 6 +-
security/capability.c | 2 +-
security/integrity/ima/ima_api.c | 10 +-
security/integrity/ima/ima_main.c | 5 +-
security/integrity/ima/ima_policy.c | 6 +-
security/integrity/integrity.h | 1 +
security/keys/internal.h | 11 +-
security/keys/key.c | 6 +-
security/keys/keyctl.c | 44 +++----
security/keys/keyring.c | 8 +-
security/keys/permission.c | 4 +-
security/keys/persistent.c | 4 +-
security/keys/proc.c | 2 +-
security/keys/sysctl.c | 2 +-
security/security.c | 2 +-
security/selinux/avc.c | 7 +-
security/selinux/hooks.c | 13 +-
security/selinux/include/avc.h | 4 +-
security/selinux/ss/hashtab.c | 3 +
security/selinux/ss/mls.c | 2 +
security/smack/smack.h | 16 ++-
security/smack/smack_access.c | 38 ++++--
security/smack/smack_lsm.c | 249 ++++++++++++++++++++++++++---------
security/smack/smackfs.c | 76 ++++++++++-
27 files changed, 407 insertions(+), 137 deletions(-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJTj0gOAAoJELF1z6mPGSryVy4H/iqVDXUdDrW80Y2Eb1tdsDo/
mApSqV5seKID5QMlRKa2D7diuEbsyhheU/4nuzafm0H3adCnDJoBdjuU6a+XgRBr
m58xYpzR/BR3Wf0R7Bautoud/Vf0usMOqKok3e2fiVEK2JeEODuiINrgNsFA+N4h
FzbeA0SXpdKeT6gqxO7b1gun/FQyE/+L8D6ox8ZCZcVHjEFuaWxkDhL/z5bUkCXI
bjWYhTBPl4bL1ZrnfjV2uIaLR2yaOx2pDmclnmGgX+fNhWQi6dPdM6VRFbL4WMJf
368hpaJR1MWSF5npzu+CHT2Gb5piuCo/Jt5wJpW6GL3TFxoQayZkgpakXXohW2U=
=EiFM
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 4+ messages in thread
* [security-next] Pull request (merge window)
@ 2014-06-13 14:19 Serge E. Hallyn
0 siblings, 0 replies; 4+ messages in thread
From: Serge E. Hallyn @ 2014-06-13 14:19 UTC (permalink / raw)
To: torvalds; +Cc: linux-kernel, jmorris, zohar, akpm, linux-security-module
Hi Linus,
A few more commits had previously failed to make it through security-next
into linux-next but this week made it into linxu-next. At least commit
"ima: introduce ima_kernel_read()" was deemed critical by Mimi to make
this merge window.
This is a temporary tree just for this request. Mimi has pointed me to
some previous threads about keeping maintainer trees at the previous
release, which I'll certainly do for anything long-term, after talking
with James.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The following changes since commit 0e04c641b199435f3779454055f6a7de258ecdfc:
Merge tag 'dm-3.16-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm (2014-06-12 13:33:29 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security serge-next-2
for you to fetch changes up to 0430e49b6e7c6b5e076be8fefdee089958c9adad:
ima: introduce ima_kernel_read() (2014-06-12 17:58:08 -0400)
- ----------------------------------------------------------------
Dmitry Kasatkin (5):
evm: replace HMAC version with attribute mask
evm: provide option to protect additional SMACK xattrs
ima: prevent unnecessary policy checking
ima: check inode integrity cache in violation check
ima: introduce ima_kernel_read()
Mimi Zohar (2):
ima: prevent new digsig xattr from being replaced
evm: prohibit userspace writing 'security.evm' HMAC value
security/integrity/evm/Kconfig | 42 ++++++++++++++++++++++++++++-------
security/integrity/evm/evm.h | 5 ++++-
security/integrity/evm/evm_crypto.c | 2 +-
security/integrity/evm/evm_main.c | 29 +++++++++++++++++++++---
security/integrity/ima/ima_appraise.c | 10 ++++++---
security/integrity/ima/ima_crypto.c | 32 +++++++++++++++++++++++++-
security/integrity/ima/ima_main.c | 22 +++++++++---------
7 files changed, 114 insertions(+), 28 deletions(-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJTmwUGAAoJELF1z6mPGSryM5EIAKrW054UihG58o+efleMBqpk
Tur6eoFyFOjRlU0iRRjSyZpvNjGVsaEe46rBfrXkdV4D6lgPhAwCyUVkQGyHjetd
MbK1o17I4gHqQK2rHa5fkIGmWEzoRART32WJuCHrniIZJ+fv2vn1S2Veb1ei0Q+a
PyUHsvWdcmSsqA0wCcAaBSNekjdi+Wrs35OrHI2+SMdpTbTGJJdgOLtNzBMYLid6
cSGoarLC+ST1rJWxSI5hsaDnzgURUWk9dElzQCcEeSa0924mKBa4t0EwUmeaUQC9
kB3RGMS3OJEFwTxJXfSRolprftWEYkKd+3ovLE+P/Kp+0ZsJ74ohCCbk/5x6CMQ=
=eBeq
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 4+ messages in thread
* [security-next] Pull request (merge window)
@ 2014-08-27 23:43 Serge E. Hallyn
0 siblings, 0 replies; 4+ messages in thread
From: Serge E. Hallyn @ 2014-08-27 23:43 UTC (permalink / raw)
To: torvalds; +Cc: linux-kernel, jmorris, linux-security-module, Tetsuo Handa
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The following changes since commit 52addcf9d6669fa439387610bc65c92fa0980cef:
Linux 3.17-rc2 (2014-08-25 15:36:20 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security sec-v3.17-rc2
for you to fetch changes up to 8fe7a268b18ebc89203c766b020b9e32f1cfeebf:
tomoyo: Fix pathname calculation breakage. (2014-08-26 21:52:09 -0500)
- ----------------------------------------------------------------
Tetsuo Handa (1):
tomoyo: Fix pathname calculation breakage.
security/tomoyo/realpath.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJT/mw0AAoJELF1z6mPGSryE80H/32KcZ50yKf8BdQ8TzcvNQQf
pOFkdJsekS6YUQDRN22Qcf2tBHGI2YjaALN0xiPfhHNbXFNzDzpklGXEz6NU58DT
t1i9jXB4Ks8+ydl5MU3zPpsuEdcOBuIPv40E5fWi7jS3X27RjerKgiD0h+nGtbpT
mbF2KskQx6oAF5MpKkb/2fYzopkcwwZtn8GNjU6mhz74ndenluuN6Z8t39RRjzkd
1lb+3yOefpMjQZ3KCjEddmcwHw8EFOL0UvUfV18FXV7FaUoNaeNGqWW6xIvm2PH1
clj9KifHg0D2RrKaxO1mKQRvfDkzwnFw/yTBtC+w3SXxtmXgQa+0iY/WVh02jXA=
=VO9O
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-08-27 23:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-06-09 22:08 [security-next] Pull request (merge window) Serge E. Hallyn
-- strict thread matches above, loose matches on Subject: below --
2014-08-27 23:43 Serge E. Hallyn
2014-06-13 14:19 Serge E. Hallyn
2014-06-04 16:24 Serge E. Hallyn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox