Fwd: Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
John Johansen
john.johansen at canonical.com
Wed Mar 21 20:46:59 UTC 2012
On 03/21/2012 01:38 PM, Tim Gardner wrote:
> John - is there anything in this pile we should cherry-pick ? Or perhaps
> replace some "UBUNTU: SAUCE:" patches with cherry-picks ?
>
yes, I am putting together a pull request together for you. It will
let us rebase away all but the last 3 sauce patches.
> rtg
>
> -------- Original Message --------
> Subject: Merge branch 'next' of
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
> Date: Wed, 21 Mar 2012 20:31:52 +0000 (UTC)
> From: Linux Kernel Mailing List <linux-kernel at vger.kernel.org>
> To: git-commits-head at vger.kernel.org
>
> Gitweb:
> http://git.kernel.org/linus/;a=commit;h=3556485f1595e3964ba539e39ea682acbb835cee
> Commit: 3556485f1595e3964ba539e39ea682acbb835cee
> Parent: 31f6765266417c0d99f0e922fe82848a7c9c2ae9
> Merge: b871661 09f61cd
> Author: Linus Torvalds <torvalds at linux-foundation.org>
> AuthorDate: Wed Mar 21 13:25:04 2012 -0700
> Committer: Linus Torvalds <torvalds at linux-foundation.org>
> CommitDate: Wed Mar 21 13:25:04 2012 -0700
>
> Merge branch 'next' of
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
>
> Pull security subsystem updates for 3.4 from James Morris:
> "The main addition here is the new Yama security module from Kees Cook,
> which was discussed at the Linux Security Summit last year. Its
> purpose is to collect miscellaneous DAC security enhancements in one
> place. This also marks a departure in policy for LSM modules, which
> were previously limited to being standalone access control systems.
> Chromium OS is using Yama, and I believe there are plans for Ubuntu,
> at least.
>
> This patchset also includes maintenance updates for AppArmor, TOMOYO
> and others."
>
> Fix trivial conflict in <net/sock.h> due to the jumo_label->static_key
> rename.
>
> * 'next' of
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
> (38 commits)
> AppArmor: Fix location of const qualifier on generated string tables
> TOMOYO: Return error if fails to delete a domain
> AppArmor: add const qualifiers to string arrays
> AppArmor: Add ability to load extended policy
> TOMOYO: Return appropriate value to poll().
> AppArmor: Move path failure information into aa_get_name and rename
> AppArmor: Update dfa matching routines.
> AppArmor: Minor cleanup of d_namespace_path to consolidate error
> handling
> AppArmor: Retrieve the dentry_path for error reporting when path
> lookup fails
> AppArmor: Add const qualifiers to generated string tables
> AppArmor: Fix oops in policy unpack auditing
> AppArmor: Fix error returned when a path lookup is disconnected
> KEYS: testing wrong bit for KEY_FLAG_REVOKED
> TOMOYO: Fix mount flags checking order.
> security: fix ima kconfig warning
> AppArmor: Fix the error case for chroot relative path name lookup
> AppArmor: fix mapping of META_READ to audit and quiet flags
> AppArmor: Fix underflow in xindex calculation
> AppArmor: Fix dropping of allowed operations that are force audited
> AppArmor: Add mising end of structure test to caps unpacking
> ...
>
> Documentation/networking/dns_resolver.txt | 4 +
> Documentation/security/00-INDEX | 2 +
> Documentation/security/Yama.txt | 65 ++++++
> Documentation/security/keys.txt | 4 +
> drivers/char/tpm/Kconfig | 1 -
> drivers/char/tpm/tpm.c | 3 +-
> drivers/char/tpm/tpm.h | 2 +
> drivers/char/tpm/tpm_tis.c | 17 +-
> drivers/net/macvtap.c | 1 +
> drivers/target/iscsi/iscsi_target.c | 1 +
> drivers/target/iscsi/iscsi_target_login.c | 1 +
> fs/cifs/cifsacl.c | 1 +
> fs/nfs/client.c | 1 +
> fs/nfs/idmap.c | 1 +
> fs/proc/proc_sysctl.c | 2 +
> fs/quota/dquot.c | 1 +
> fs/super.c | 1 +
> include/linux/key.h | 1 +
> include/linux/prctl.h | 7 +
> include/linux/security.h | 80 ++++----
> include/net/sock.h | 2 +
> ipc/msgutil.c | 2 +
> kernel/cred.c | 1 +
> kernel/exit.c | 1 +
> kernel/fork.c | 3 +-
> kernel/sched/core.c | 1 +
> kernel/sysctl.c | 1 +
> mm/mmap.c | 17 ++-
> mm/mprotect.c | 2 +-
> mm/mremap.c | 2 +-
> mm/shmem.c | 4 +-
> mm/swapfile.c | 4 +-
> net/dns_resolver/dns_key.c | 1 +
> security/Kconfig | 6 +
> security/Makefile | 2 +
> security/apparmor/Makefile | 27 ++-
> security/apparmor/apparmorfs.c | 195 ++++++++++++++----
> security/apparmor/audit.c | 7 +-
> security/apparmor/domain.c | 5 +-
> security/apparmor/file.c | 21 +--
> security/apparmor/include/apparmor.h | 15 ++-
> security/apparmor/include/apparmorfs.h | 44 ++++
> security/apparmor/include/audit.h | 9 +-
> security/apparmor/include/file.h | 2 +-
> security/apparmor/include/match.h | 3 +
> security/apparmor/include/path.h | 3 +-
> security/apparmor/include/policy.h | 15 ++-
> security/apparmor/include/resource.h | 4 +
> security/apparmor/match.c | 80 +++++++-
> security/apparmor/path.c | 56 +++--
> security/apparmor/policy.c | 3 +-
> security/apparmor/policy_unpack.c | 31 +++-
> security/apparmor/resource.c | 5 +
> security/capability.c | 5 +
> security/commoncap.c | 1 +
> security/integrity/ima/Kconfig | 4 +-
> security/integrity/ima/ima_audit.c | 2 +-
> security/integrity/ima/ima_policy.c | 3 +-
> security/keys/keyctl.c | 15 ++-
> security/keys/process_keys.c | 3 +-
> security/security.c | 21 +--
> security/selinux/hooks.c | 2 +
> security/smack/smack_lsm.c | 3 +
> security/tomoyo/audit.c | 4 +-
> security/tomoyo/common.c | 63 ++----
> security/tomoyo/common.h | 6 +-
> security/tomoyo/mount.c | 38 ++--
> security/tomoyo/securityfs_if.c | 5 +-
> security/yama/Kconfig | 13 ++
> security/yama/Makefile | 3 +
> security/yama/yama_lsm.c | 323
> +++++++++++++++++++++++++++++
> 71 files changed, 1034 insertions(+), 250 deletions(-)
>
> diff --cc include/net/sock.h
> index f84be9e,27508f0..04bc0b3
> --- a/include/net/sock.h
> +++ b/include/net/sock.h
> @@@ -55,7 -55,9 +55,9 @@@
> #include <linux/uaccess.h>
> #include <linux/memcontrol.h>
> #include <linux/res_counter.h>
> -#include <linux/jump_label.h>
> +#include <linux/static_key.h>
> + #include <linux/aio.h>
> + #include <linux/sched.h>
>
> #include <linux/filter.h>
> #include <linux/rculist_nulls.h>
> --
> To unsubscribe from this list: send the line "unsubscribe
> git-commits-head" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the kernel-team
mailing list