Fwd: Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Wed Mar 21 20:46:59 UTC 2012

On 03/21/2012 01:38 PM, Tim Gardner wrote:
> John - is there anything in this pile we should cherry-pick ? Or perhaps
> replace some "UBUNTU: SAUCE:" patches with cherry-picks ?
> 
yes, I am putting together a pull request together for you.  It will
let us rebase away all but the last 3 sauce patches.

> rtg
> 
> -------- Original Message --------
> Subject: Merge branch 'next' of
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
> Date: Wed, 21 Mar 2012 20:31:52 +0000 (UTC)
> From: Linux Kernel Mailing List <linux-kernel at vger.kernel.org>
> To: git-commits-head at vger.kernel.org
> 
> Gitweb:
> http://git.kernel.org/linus/;a=commit;h=3556485f1595e3964ba539e39ea682acbb835cee
> Commit:     3556485f1595e3964ba539e39ea682acbb835cee
> Parent:     31f6765266417c0d99f0e922fe82848a7c9c2ae9
> Merge: b871661 09f61cd
> Author:     Linus Torvalds <torvalds at linux-foundation.org>
> AuthorDate: Wed Mar 21 13:25:04 2012 -0700
> Committer:  Linus Torvalds <torvalds at linux-foundation.org>
> CommitDate: Wed Mar 21 13:25:04 2012 -0700
> 
>     Merge branch 'next' of
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
> 
>     Pull security subsystem updates for 3.4 from James Morris:
>      "The main addition here is the new Yama security module from Kees Cook,
>       which was discussed at the Linux Security Summit last year.  Its
>       purpose is to collect miscellaneous DAC security enhancements in one
>       place.  This also marks a departure in policy for LSM modules, which
>       were previously limited to being standalone access control systems.
>       Chromium OS is using Yama, and I believe there are plans for Ubuntu,
>       at least.
> 
>       This patchset also includes maintenance updates for AppArmor, TOMOYO
>       and others."
> 
>     Fix trivial conflict in <net/sock.h> due to the jumo_label->static_key
>     rename.
> 
>     * 'next' of
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
> (38 commits)
>       AppArmor: Fix location of const qualifier on generated string tables
>       TOMOYO: Return error if fails to delete a domain
>       AppArmor: add const qualifiers to string arrays
>       AppArmor: Add ability to load extended policy
>       TOMOYO: Return appropriate value to poll().
>       AppArmor: Move path failure information into aa_get_name and rename
>       AppArmor: Update dfa matching routines.
>       AppArmor: Minor cleanup of d_namespace_path to consolidate error
> handling
>       AppArmor: Retrieve the dentry_path for error reporting when path
> lookup fails
>       AppArmor: Add const qualifiers to generated string tables
>       AppArmor: Fix oops in policy unpack auditing
>       AppArmor: Fix error returned when a path lookup is disconnected
>       KEYS: testing wrong bit for KEY_FLAG_REVOKED
>       TOMOYO: Fix mount flags checking order.
>       security: fix ima kconfig warning
>       AppArmor: Fix the error case for chroot relative path name lookup
>       AppArmor: fix mapping of META_READ to audit and quiet flags
>       AppArmor: Fix underflow in xindex calculation
>       AppArmor: Fix dropping of allowed operations that are force audited
>       AppArmor: Add mising end of structure test to caps unpacking
>       ...
> 
>  Documentation/networking/dns_resolver.txt |    4 +
>  Documentation/security/00-INDEX           |    2 +
>  Documentation/security/Yama.txt           |   65 ++++++
>  Documentation/security/keys.txt           |    4 +
>  drivers/char/tpm/Kconfig                  |    1 -
>  drivers/char/tpm/tpm.c                    |    3 +-
>  drivers/char/tpm/tpm.h                    |    2 +
>  drivers/char/tpm/tpm_tis.c                |   17 +-
>  drivers/net/macvtap.c                     |    1 +
>  drivers/target/iscsi/iscsi_target.c       |    1 +
>  drivers/target/iscsi/iscsi_target_login.c |    1 +
>  fs/cifs/cifsacl.c                         |    1 +
>  fs/nfs/client.c                           |    1 +
>  fs/nfs/idmap.c                            |    1 +
>  fs/proc/proc_sysctl.c                     |    2 +
>  fs/quota/dquot.c                          |    1 +
>  fs/super.c                                |    1 +
>  include/linux/key.h                       |    1 +
>  include/linux/prctl.h                     |    7 +
>  include/linux/security.h                  |   80 ++++----
>  include/net/sock.h                        |    2 +
>  ipc/msgutil.c                             |    2 +
>  kernel/cred.c                             |    1 +
>  kernel/exit.c                             |    1 +
>  kernel/fork.c                             |    3 +-
>  kernel/sched/core.c                       |    1 +
>  kernel/sysctl.c                           |    1 +
>  mm/mmap.c                                 |   17 ++-
>  mm/mprotect.c                             |    2 +-
>  mm/mremap.c                               |    2 +-
>  mm/shmem.c                                |    4 +-
>  mm/swapfile.c                             |    4 +-
>  net/dns_resolver/dns_key.c                |    1 +
>  security/Kconfig                          |    6 +
>  security/Makefile                         |    2 +
>  security/apparmor/Makefile                |   27 ++-
>  security/apparmor/apparmorfs.c            |  195 ++++++++++++++----
>  security/apparmor/audit.c                 |    7 +-
>  security/apparmor/domain.c                |    5 +-
>  security/apparmor/file.c                  |   21 +--
>  security/apparmor/include/apparmor.h      |   15 ++-
>  security/apparmor/include/apparmorfs.h    |   44 ++++
>  security/apparmor/include/audit.h         |    9 +-
>  security/apparmor/include/file.h          |    2 +-
>  security/apparmor/include/match.h         |    3 +
>  security/apparmor/include/path.h          |    3 +-
>  security/apparmor/include/policy.h        |   15 ++-
>  security/apparmor/include/resource.h      |    4 +
>  security/apparmor/match.c                 |   80 +++++++-
>  security/apparmor/path.c                  |   56 +++--
>  security/apparmor/policy.c                |    3 +-
>  security/apparmor/policy_unpack.c         |   31 +++-
>  security/apparmor/resource.c              |    5 +
>  security/capability.c                     |    5 +
>  security/commoncap.c                      |    1 +
>  security/integrity/ima/Kconfig            |    4 +-
>  security/integrity/ima/ima_audit.c        |    2 +-
>  security/integrity/ima/ima_policy.c       |    3 +-
>  security/keys/keyctl.c                    |   15 ++-
>  security/keys/process_keys.c              |    3 +-
>  security/security.c                       |   21 +--
>  security/selinux/hooks.c                  |    2 +
>  security/smack/smack_lsm.c                |    3 +
>  security/tomoyo/audit.c                   |    4 +-
>  security/tomoyo/common.c                  |   63 ++----
>  security/tomoyo/common.h                  |    6 +-
>  security/tomoyo/mount.c                   |   38 ++--
>  security/tomoyo/securityfs_if.c           |    5 +-
>  security/yama/Kconfig                     |   13 ++
>  security/yama/Makefile                    |    3 +
>  security/yama/yama_lsm.c                  |  323
> +++++++++++++++++++++++++++++
>  71 files changed, 1034 insertions(+), 250 deletions(-)
> 
> diff --cc include/net/sock.h
> index f84be9e,27508f0..04bc0b3
> --- a/include/net/sock.h
> +++ b/include/net/sock.h
> @@@ -55,7 -55,9 +55,9 @@@
>   #include <linux/uaccess.h>
>   #include <linux/memcontrol.h>
>   #include <linux/res_counter.h>
>  -#include <linux/jump_label.h>
>  +#include <linux/static_key.h>
> + #include <linux/aio.h>
> + #include <linux/sched.h>
> 
>   #include <linux/filter.h>
>   #include <linux/rculist_nulls.h>
> --
> To unsubscribe from this list: send the line "unsubscribe
> git-commits-head" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html