[security-next] Pull request (merge window)

Tim Gardner tim.gardner at canonical.com
Tue Jun 17 12:01:07 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Kamal,

0430e49b6e7c6b5e076be8fefdee089958c9adad (ima: introduce
ima_kernel_read())
f9b2a735bdddf836214b5dca74f6ca7712e5a08c (ima: audit log files opened
with O_DIRECT flag)

Both of these commits are marked for stable. Please ensure that they
make it into 3.13 stable.

rtg

On 06/16/2014 12:39 PM, Dmitry Kasatkin wrote:
> On 16 June 2014 15:29, Tim Gardner <tim.gardner at canonical.com>
> wrote:
>> Serge,
>> 
>> Cherry-picked for now from
>> 0430e49b6e7c6b5e076be8fefdee089958c9adad for Utopic. We'd have
>> picked this up anyway when rebasing against 3.16.
>> 
> 
> Hi,
> 
> Thanks.
> 
> Please consider taking also this commit... It is also CC:stable
> 
> Following prevents deadlock when file is opened for direct-io with
> O_DIRECT..
> 
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9b2a735bdddf836214b5dca74f6ca7712e5a08c
>
>  Otherwise there is no other stability bugs.
> 
> What is Utopic?
> 
> Those fixes are good to see as Ubuntu 14.04 kernel update...
> 
> Thanks!
> 
> - Dmitry
> 
> 
>> rtg
>> 
>> 
>> On 06/13/2014 11:14 AM, Serge E. Hallyn wrote:
>>> 
>>> Hi,
>>> 
>>> I believe process is just to send it to
>>> kernel-team at lists.ubuntu.com (cc:d).
>>> 
>>> Tim/Andy, please see below, there is a patch
>>> 
>>> ima: introduce ima_kernel_read()"
>>> 
>>> in
>>> git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security
>>>
>>> 
serge-next-2 which fixes a potential bug in ima when used with apparmor
>>> which I assume is meant to be applied to the utopic kernel.
>>> 
>>> If you need any more information Dmitri should be able to
>>> answer.
>>> 
>>> thanks, -serge
>>> 
>>> Quoting Dmitry Kasatkin (dmitry.kasatkin at gmail.com):
>>>> 
>>>> Hi Serge,
>>>> 
>>>> Mimi CC pull request also to Ubuntu kernel team.
>>>> 
>>>> It is actually very important to apply "ima: introduce 
>>>> ima_kernel_read()" to Ubuntu kernels.
>>>> 
>>>> What is the process to manage it?
>>>> 
>>>> Thanks a lot.
>>>> 
>>>> - Dmitry
>>>> 
>>>> On 13 June 2014 17:19, Serge E. Hallyn <serge at hallyn.com>
>>>> wrote:
>>>>> 
>>>>> Hi Linus,
>>>>> 
>>>>> A few more commits had previously failed to make it
>>>>> through security-next into linux-next but this week made it
>>>>> into linxu-next.  At least commit "ima: introduce
>>>>> ima_kernel_read()" was deemed critical by Mimi to make this
>>>>> merge window.
>>>>> 
>>>>> This is a temporary tree just for this request.  Mimi has
>>>>> pointed me to some previous threads about keeping
>>>>> maintainer trees at the previous release, which I'll
>>>>> certainly do for anything long-term, after talking with
>>>>> James.
>>>>> 
> The following changes since commit 
> 0e04c641b199435f3779454055f6a7de258ecdfc:
> 
> Merge tag 'dm-3.16-changes' of 
> git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
>
> 
(2014-06-12 13:33:29 -0700)
> 
> are available in the git repository at:
> 
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security
>
> 
serge-next-2
> 
> for you to fetch changes up to
> 0430e49b6e7c6b5e076be8fefdee089958c9adad:
> 
> ima: introduce ima_kernel_read() (2014-06-12 17:58:08 -0400)
> 
> ---------------------------------------------------------------- 
> Dmitry Kasatkin (5): evm: replace HMAC version with attribute mask 
> evm: provide option to protect additional SMACK xattrs ima: prevent
> unnecessary policy checking ima: check inode integrity cache in
> violation check ima: introduce ima_kernel_read()
> 
> Mimi Zohar (2): ima: prevent new digsig xattr from being replaced 
> evm: prohibit userspace writing 'security.evm' HMAC value
> 
> security/integrity/evm/Kconfig        | 42 
> ++++++++++++++++++++++++++++------- security/integrity/evm/evm.h
> |  5 ++++- security/integrity/evm/evm_crypto.c   |  2 +- 
> security/integrity/evm/evm_main.c     | 29
> +++++++++++++++++++++--- security/integrity/ima/ima_appraise.c | 10
> ++++++--- security/integrity/ima/ima_crypto.c   | 32
> +++++++++++++++++++++++++- security/integrity/ima/ima_main.c     |
> 22 +++++++++--------- 7 files changed, 114 insertions(+), 28
> deletions(-)
>>>>> -- To unsubscribe from this list: send the line
>>>>> "unsubscribe linux-security-module" in the body of a
>>>>> message to majordomo at vger.kernel.org More majordomo info at
>>>>> http://vger.kernel.org/majordomo-info.html
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -- Thanks, Dmitry
>>> 
>>> 
>> 
>> -- Tim Gardner tim.gardner at canonical.com
> 
> 
> 

- -- 
Tim Gardner tim.gardner at canonical.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJToC4DAAoJED12yEX6FEfKhNgP/1/Hpp9fkjoJixm6w6raWlGi
/tgJ2oHaYL2dQNmw30YR+oi11D3DoBHQqJqQ9L57QmepvCb6LXCXWA4+qBHOcU1W
xmt1+GMasgTzRe6Dsc3JORi2kGA9xf8cJUedNqpmcQTs68y52WbSM3OwNoIFIJgF
ybhl4TR4qZSnzsZD4BY049WH4v03hV3VpFPzQLFoMzElj5APg4fh/Pz8go1oc0mo
3vG+CJ7FoSVz7c0cQZP7tmXzVtALnRXzy1KlEU+5tqgiSweP483VLcNTwoortpk5
3viNCsDpPpkwsOZ1Gc0w7iT63fpIJ+trXcmGdhfyzdwHYiS//fJ3FSGQWgoZP4sw
i+gTHoBiSLLt03LY9Y/lgivfsKbnj2uZCkJqmwzRIlOEnl5aZu8Jg+YfCXuXo/do
n/aPbovvaL/rKnNHgSe43VI1jefZpyYkurvNEBCvRFwa/V6OleSr89LRzD6r/b4W
CjLEw5b/use0WIOir8zEWlo38BDDiSO62J38n44Hrn3U4Ho0BVJ6Ms7YLj70eiSU
o/BlNWvZleogWq0Uoghp3qRhpJmUb4oCg6iU0tSTyBtvA7S8u0uMfvzq96NfF3ut
0/do8t7Wv3tG0TmLG2gSxWe2D+CofueuUTWjZt2k8uhqDdcx+7ALfK14wbqGGxgg
Ckg6tMD7W9nnrHJCrDUK
=YarI
-----END PGP SIGNATURE-----

More information about the kernel-team mailing list