[security-next] Pull request (merge window)
Serge E. Hallyn
serge at hallyn.com
Fri Jun 13 17:14:29 UTC 2014
Hi,
I believe process is just to send it to kernel-team at lists.ubuntu.com (cc:d).
Tim/Andy, please see below, there is a patch
ima: introduce ima_kernel_read()"
in git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security
serge-next-2 which fixes a potential bug in ima when used with apparmor
which I assume is meant to be applied to the utopic kernel.
If you need any more information Dmitri should be able to answer.
thanks,
-serge
Quoting Dmitry Kasatkin (dmitry.kasatkin at gmail.com):
> Hi Serge,
>
> Mimi CC pull request also to Ubuntu kernel team.
>
> It is actually very important to apply "ima: introduce
> ima_kernel_read()" to Ubuntu kernels.
>
> What is the process to manage it?
>
> Thanks a lot.
>
> - Dmitry
>
> On 13 June 2014 17:19, Serge E. Hallyn <serge at hallyn.com> wrote:
> > Hi Linus,
> >
> > A few more commits had previously failed to make it through security-next
> > into linux-next but this week made it into linxu-next. At least commit
> > "ima: introduce ima_kernel_read()" was deemed critical by Mimi to make
> > this merge window.
> >
> > This is a temporary tree just for this request. Mimi has pointed me to
> > some previous threads about keeping maintainer trees at the previous
> > release, which I'll certainly do for anything long-term, after talking
> > with James.
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > The following changes since commit 0e04c641b199435f3779454055f6a7de258ecdfc:
> >
> > Merge tag 'dm-3.16-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm (2014-06-12 13:33:29 -0700)
> >
> > are available in the git repository at:
> >
> >
> > git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security serge-next-2
> >
> > for you to fetch changes up to 0430e49b6e7c6b5e076be8fefdee089958c9adad:
> >
> > ima: introduce ima_kernel_read() (2014-06-12 17:58:08 -0400)
> >
> > - ----------------------------------------------------------------
> > Dmitry Kasatkin (5):
> > evm: replace HMAC version with attribute mask
> > evm: provide option to protect additional SMACK xattrs
> > ima: prevent unnecessary policy checking
> > ima: check inode integrity cache in violation check
> > ima: introduce ima_kernel_read()
> >
> > Mimi Zohar (2):
> > ima: prevent new digsig xattr from being replaced
> > evm: prohibit userspace writing 'security.evm' HMAC value
> >
> > security/integrity/evm/Kconfig | 42 ++++++++++++++++++++++++++++-------
> > security/integrity/evm/evm.h | 5 ++++-
> > security/integrity/evm/evm_crypto.c | 2 +-
> > security/integrity/evm/evm_main.c | 29 +++++++++++++++++++++---
> > security/integrity/ima/ima_appraise.c | 10 ++++++---
> > security/integrity/ima/ima_crypto.c | 32 +++++++++++++++++++++++++-
> > security/integrity/ima/ima_main.c | 22 +++++++++---------
> > 7 files changed, 114 insertions(+), 28 deletions(-)
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1
> >
> > iQEcBAEBAgAGBQJTmwUGAAoJELF1z6mPGSryM5EIAKrW054UihG58o+efleMBqpk
> > Tur6eoFyFOjRlU0iRRjSyZpvNjGVsaEe46rBfrXkdV4D6lgPhAwCyUVkQGyHjetd
> > MbK1o17I4gHqQK2rHa5fkIGmWEzoRART32WJuCHrniIZJ+fv2vn1S2Veb1ei0Q+a
> > PyUHsvWdcmSsqA0wCcAaBSNekjdi+Wrs35OrHI2+SMdpTbTGJJdgOLtNzBMYLid6
> > cSGoarLC+ST1rJWxSI5hsaDnzgURUWk9dElzQCcEeSa0924mKBa4t0EwUmeaUQC9
> > kB3RGMS3OJEFwTxJXfSRolprftWEYkKd+3ovLE+P/Kp+0ZsJ74ohCCbk/5x6CMQ=
> > =eBeq
> > -----END PGP SIGNATURE-----
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> > the body of a message to majordomo at vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
>
> --
> Thanks,
> Dmitry
More information about the kernel-team
mailing list