[PATCH 0/8][TRUSTY][GROUPER] Yama: Backport ptrace and link restriction features

[Tyler Hicks]

The Touch kernels based on v3.1 are missing Yama support. These patches
backport Yama to v3.1 Touch kernels. Additionally, the stacking patch is
backported to enable stacking of Yama and a traditional LSM.

I forward ported the link restrictions patch from Quantal. The upstream link
restrictions feature was rewritten to be contained in the VFS but it would have
been more difficult to port.

Note that the patch titled "Yama: higher restrictions should block
PTRACE_TRACEME" includes a snippet from upstream commit
f1c84dae0ecc51aa35c81f19a0ebcd6c0921ddcb. The Yama patch needed to call the
task_user_ns() macro on the parent process, but that macro was not defined. The
macro definition was unrelated to the rest of the f1c84dae0ecc51aa commit, so I
just pulled the macro defintion into the Yama patch.

I've applied these patches to the Ubuntu-grouper-3.1.10-6.25 kernel, while
running system-image 167, and verified that the unity8 autopilot tests,
webbrowser_app autopilot tests, calendar_app click tests, ubuntu_clock_app
click tests, and QRT test-kernel-security.py tests have the same results with
and without these Yama patches.

While I've tagged this set of patches for Grouper, this patch set should be
suitable for any v3.1 based Touch kernels.

Tyler