[security-next] Pull request (merge window)

Kamal Mostafa kamal at canonical.com
Tue Jun 17 15:47:34 UTC 2014


On Tue, 2014-06-17 at 06:01 -0600, Tim Gardner wrote:
> Kamal,
> 
> 0430e49b6e7c6b5e076be8fefdee089958c9adad (ima: introduce
> ima_kernel_read())
> f9b2a735bdddf836214b5dca74f6ca7712e5a08c (ima: audit log files opened
> with O_DIRECT flag)
> 
> Both of these commits are marked for stable. Please ensure that they
> make it into 3.13 stable.
> 
> rtg


Thanks Tim, I'll pick up those two for the next 3.13-stable.

 -Kamal


> On 06/16/2014 12:39 PM, Dmitry Kasatkin wrote:
> > On 16 June 2014 15:29, Tim Gardner <tim.gardner at canonical.com>
> > wrote:
> >> Serge,
> >> 
> >> Cherry-picked for now from
> >> 0430e49b6e7c6b5e076be8fefdee089958c9adad for Utopic. We'd have
> >> picked this up anyway when rebasing against 3.16.
> >> 
> > 
> > Hi,
> > 
> > Thanks.
> > 
> > Please consider taking also this commit... It is also CC:stable
> > 
> > Following prevents deadlock when file is opened for direct-io with
> > O_DIRECT..
> > 
> > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9b2a735bdddf836214b5dca74f6ca7712e5a08c
> >
> >  Otherwise there is no other stability bugs.
> > 
> > What is Utopic?
> > 
> > Those fixes are good to see as Ubuntu 14.04 kernel update...
> > 
> > Thanks!
> > 
> > - Dmitry
> > 
> > 
> >> rtg
> >> 
> >> 
> >> On 06/13/2014 11:14 AM, Serge E. Hallyn wrote:
> >>> 
> >>> Hi,
> >>> 
> >>> I believe process is just to send it to
> >>> kernel-team at lists.ubuntu.com (cc:d).
> >>> 
> >>> Tim/Andy, please see below, there is a patch
> >>> 
> >>> ima: introduce ima_kernel_read()"
> >>> 
> >>> in
> >>> git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security
> >>>
> >>> 
> serge-next-2 which fixes a potential bug in ima when used with apparmor
> >>> which I assume is meant to be applied to the utopic kernel.
> >>> 
> >>> If you need any more information Dmitri should be able to
> >>> answer.
> >>> 
> >>> thanks, -serge
> >>> 
> >>> Quoting Dmitry Kasatkin (dmitry.kasatkin at gmail.com):
> >>>> 
> >>>> Hi Serge,
> >>>> 
> >>>> Mimi CC pull request also to Ubuntu kernel team.
> >>>> 
> >>>> It is actually very important to apply "ima: introduce 
> >>>> ima_kernel_read()" to Ubuntu kernels.
> >>>> 
> >>>> What is the process to manage it?
> >>>> 
> >>>> Thanks a lot.
> >>>> 
> >>>> - Dmitry
> >>>> 
> >>>> On 13 June 2014 17:19, Serge E. Hallyn <serge at hallyn.com>
> >>>> wrote:
> >>>>> 
> >>>>> Hi Linus,
> >>>>> 
> >>>>> A few more commits had previously failed to make it
> >>>>> through security-next into linux-next but this week made it
> >>>>> into linxu-next.  At least commit "ima: introduce
> >>>>> ima_kernel_read()" was deemed critical by Mimi to make this
> >>>>> merge window.
> >>>>> 
> >>>>> This is a temporary tree just for this request.  Mimi has
> >>>>> pointed me to some previous threads about keeping
> >>>>> maintainer trees at the previous release, which I'll
> >>>>> certainly do for anything long-term, after talking with
> >>>>> James.
> >>>>> 
> > The following changes since commit 
> > 0e04c641b199435f3779454055f6a7de258ecdfc:
> > 
> > Merge tag 'dm-3.16-changes' of 
> > git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
> >
> > 
> (2014-06-12 13:33:29 -0700)
> > 
> > are available in the git repository at:
> > 
> > 
> > git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security
> >
> > 
> serge-next-2
> > 
> > for you to fetch changes up to
> > 0430e49b6e7c6b5e076be8fefdee089958c9adad:
> > 
> > ima: introduce ima_kernel_read() (2014-06-12 17:58:08 -0400)
> > 
> > ---------------------------------------------------------------- 
> > Dmitry Kasatkin (5): evm: replace HMAC version with attribute mask 
> > evm: provide option to protect additional SMACK xattrs ima: prevent
> > unnecessary policy checking ima: check inode integrity cache in
> > violation check ima: introduce ima_kernel_read()
> > 
> > Mimi Zohar (2): ima: prevent new digsig xattr from being replaced 
> > evm: prohibit userspace writing 'security.evm' HMAC value
> > 
> > security/integrity/evm/Kconfig        | 42 
> > ++++++++++++++++++++++++++++------- security/integrity/evm/evm.h
> > |  5 ++++- security/integrity/evm/evm_crypto.c   |  2 +- 
> > security/integrity/evm/evm_main.c     | 29
> > +++++++++++++++++++++--- security/integrity/ima/ima_appraise.c | 10
> > ++++++--- security/integrity/ima/ima_crypto.c   | 32
> > +++++++++++++++++++++++++- security/integrity/ima/ima_main.c     |
> > 22 +++++++++--------- 7 files changed, 114 insertions(+), 28
> > deletions(-)
> >>>>> -- To unsubscribe from this list: send the line
> >>>>> "unsubscribe linux-security-module" in the body of a
> >>>>> message to majordomo at vger.kernel.org More majordomo info at
> >>>>> http://vger.kernel.org/majordomo-info.html
> >>>> 
> >>>> 
> >>>> 
> >>>> 
> >>>> -- Thanks, Dmitry
> >>> 
> >>> 
> >> 
> >> -- Tim Gardner tim.gardner at canonical.com
> > 
> > 
> > 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20140617/dc120f42/attachment.sig>


More information about the kernel-team mailing list