[security-next] Pull request (merge window)

Dmitry Kasatkin dmitry.kasatkin at gmail.com
Mon Jun 16 18:39:09 UTC 2014 

On 16 June 2014 15:29, Tim Gardner <tim.gardner at canonical.com> wrote:
> Serge,
>
> Cherry-picked for now from 0430e49b6e7c6b5e076be8fefdee089958c9adad for
> Utopic. We'd have picked this up anyway when rebasing against 3.16.
>

Hi,

Thanks.

Please consider taking also this commit... It is also CC:stable

Following prevents deadlock when file is opened for direct-io with O_DIRECT..

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9b2a735bdddf836214b5dca74f6ca7712e5a08c

Otherwise there is no other stability bugs.

What is Utopic?

Those fixes are good to see as Ubuntu 14.04 kernel update...

Thanks!

- Dmitry


> rtg
>
>
> On 06/13/2014 11:14 AM, Serge E. Hallyn wrote:
>>
>> Hi,
>>
>> I believe process is just to send it to kernel-team at lists.ubuntu.com
>> (cc:d).
>>
>> Tim/Andy, please see below, there is a patch
>>
>> ima: introduce ima_kernel_read()"
>>
>> in git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security
>> serge-next-2 which fixes a potential bug in ima when used with apparmor
>> which I assume is meant to be applied to the utopic kernel.
>>
>> If you need any more information Dmitri should be able to answer.
>>
>> thanks,
>> -serge
>>
>> Quoting Dmitry Kasatkin (dmitry.kasatkin at gmail.com):
>>>
>>> Hi Serge,
>>>
>>> Mimi CC pull request also to Ubuntu kernel team.
>>>
>>> It is actually very important to apply "ima: introduce
>>> ima_kernel_read()" to Ubuntu kernels.
>>>
>>> What is the process to manage it?
>>>
>>> Thanks a lot.
>>>
>>> - Dmitry
>>>
>>> On 13 June 2014 17:19, Serge E. Hallyn <serge at hallyn.com> wrote:
>>>>
>>>> Hi Linus,
>>>>
>>>> A few more commits had previously failed to make it through
>>>> security-next
>>>> into linux-next but this week made it into linxu-next.  At least commit
>>>> "ima: introduce ima_kernel_read()" was deemed critical by Mimi to make
>>>> this merge window.
>>>>
>>>> This is a temporary tree just for this request.  Mimi has pointed me to
>>>> some previous threads about keeping maintainer trees at the previous
>>>> release, which I'll certainly do for anything long-term, after talking
>>>> with James.
>>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> The following changes since commit
>>>> 0e04c641b199435f3779454055f6a7de258ecdfc:
>>>>
>>>>    Merge tag 'dm-3.16-changes' of
>>>> git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
>>>> (2014-06-12 13:33:29 -0700)
>>>>
>>>> are available in the git repository at:
>>>>
>>>>
>>>>    git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security
>>>> serge-next-2
>>>>
>>>> for you to fetch changes up to 0430e49b6e7c6b5e076be8fefdee089958c9adad:
>>>>
>>>>    ima: introduce ima_kernel_read() (2014-06-12 17:58:08 -0400)
>>>>
>>>> - ----------------------------------------------------------------
>>>> Dmitry Kasatkin (5):
>>>>        evm: replace HMAC version with attribute mask
>>>>        evm: provide option to protect additional SMACK xattrs
>>>>        ima: prevent unnecessary policy checking
>>>>        ima: check inode integrity cache in violation check
>>>>        ima: introduce ima_kernel_read()
>>>>
>>>> Mimi Zohar (2):
>>>>        ima: prevent new digsig xattr from being replaced
>>>>        evm: prohibit userspace writing 'security.evm' HMAC value
>>>>
>>>>   security/integrity/evm/Kconfig        | 42
>>>> ++++++++++++++++++++++++++++-------
>>>>   security/integrity/evm/evm.h          |  5 ++++-
>>>>   security/integrity/evm/evm_crypto.c   |  2 +-
>>>>   security/integrity/evm/evm_main.c     | 29 +++++++++++++++++++++---
>>>>   security/integrity/ima/ima_appraise.c | 10 ++++++---
>>>>   security/integrity/ima/ima_crypto.c   | 32 +++++++++++++++++++++++++-
>>>>   security/integrity/ima/ima_main.c     | 22 +++++++++---------
>>>>   7 files changed, 114 insertions(+), 28 deletions(-)
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v1
>>>>
>>>> iQEcBAEBAgAGBQJTmwUGAAoJELF1z6mPGSryM5EIAKrW054UihG58o+efleMBqpk
>>>> Tur6eoFyFOjRlU0iRRjSyZpvNjGVsaEe46rBfrXkdV4D6lgPhAwCyUVkQGyHjetd
>>>> MbK1o17I4gHqQK2rHa5fkIGmWEzoRART32WJuCHrniIZJ+fv2vn1S2Veb1ei0Q+a
>>>> PyUHsvWdcmSsqA0wCcAaBSNekjdi+Wrs35OrHI2+SMdpTbTGJJdgOLtNzBMYLid6
>>>> cSGoarLC+ST1rJWxSI5hsaDnzgURUWk9dElzQCcEeSa0924mKBa4t0EwUmeaUQC9
>>>> kB3RGMS3OJEFwTxJXfSRolprftWEYkKd+3ovLE+P/Kp+0ZsJ74ohCCbk/5x6CMQ=
>>>> =eBeq
>>>> -----END PGP SIGNATURE-----
>>>> --
>>>> To unsubscribe from this list: send the line "unsubscribe
>>>> linux-security-module" in
>>>> the body of a message to majordomo at vger.kernel.org
>>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>>
>>>
>>>
>>>
>>> --
>>> Thanks,
>>> Dmitry
>>
>>
>
> --
> Tim Gardner tim.gardner at canonical.com



-- 
Thanks,
Dmitry

More information about the kernel-team mailing list