[security-next] Pull request (merge window)
Kamal Mostafa
kamal at canonical.com
Tue Jun 17 15:47:34 UTC 2014
On Tue, 2014-06-17 at 06:01 -0600, Tim Gardner wrote:
> Kamal,
>
> 0430e49b6e7c6b5e076be8fefdee089958c9adad (ima: introduce
> ima_kernel_read())
> f9b2a735bdddf836214b5dca74f6ca7712e5a08c (ima: audit log files opened
> with O_DIRECT flag)
>
> Both of these commits are marked for stable. Please ensure that they
> make it into 3.13 stable.
>
> rtg
Thanks Tim, I'll pick up those two for the next 3.13-stable.
-Kamal
> On 06/16/2014 12:39 PM, Dmitry Kasatkin wrote:
> > On 16 June 2014 15:29, Tim Gardner <tim.gardner at canonical.com>
> > wrote:
> >> Serge,
> >>
> >> Cherry-picked for now from
> >> 0430e49b6e7c6b5e076be8fefdee089958c9adad for Utopic. We'd have
> >> picked this up anyway when rebasing against 3.16.
> >>
> >
> > Hi,
> >
> > Thanks.
> >
> > Please consider taking also this commit... It is also CC:stable
> >
> > Following prevents deadlock when file is opened for direct-io with
> > O_DIRECT..
> >
> > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9b2a735bdddf836214b5dca74f6ca7712e5a08c
> >
> > Otherwise there is no other stability bugs.
> >
> > What is Utopic?
> >
> > Those fixes are good to see as Ubuntu 14.04 kernel update...
> >
> > Thanks!
> >
> > - Dmitry
> >
> >
> >> rtg
> >>
> >>
> >> On 06/13/2014 11:14 AM, Serge E. Hallyn wrote:
> >>>
> >>> Hi,
> >>>
> >>> I believe process is just to send it to
> >>> kernel-team at lists.ubuntu.com (cc:d).
> >>>
> >>> Tim/Andy, please see below, there is a patch
> >>>
> >>> ima: introduce ima_kernel_read()"
> >>>
> >>> in
> >>> git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security
> >>>
> >>>
> serge-next-2 which fixes a potential bug in ima when used with apparmor
> >>> which I assume is meant to be applied to the utopic kernel.
> >>>
> >>> If you need any more information Dmitri should be able to
> >>> answer.
> >>>
> >>> thanks, -serge
> >>>
> >>> Quoting Dmitry Kasatkin (dmitry.kasatkin at gmail.com):
> >>>>
> >>>> Hi Serge,
> >>>>
> >>>> Mimi CC pull request also to Ubuntu kernel team.
> >>>>
> >>>> It is actually very important to apply "ima: introduce
> >>>> ima_kernel_read()" to Ubuntu kernels.
> >>>>
> >>>> What is the process to manage it?
> >>>>
> >>>> Thanks a lot.
> >>>>
> >>>> - Dmitry
> >>>>
> >>>> On 13 June 2014 17:19, Serge E. Hallyn <serge at hallyn.com>
> >>>> wrote:
> >>>>>
> >>>>> Hi Linus,
> >>>>>
> >>>>> A few more commits had previously failed to make it
> >>>>> through security-next into linux-next but this week made it
> >>>>> into linxu-next. At least commit "ima: introduce
> >>>>> ima_kernel_read()" was deemed critical by Mimi to make this
> >>>>> merge window.
> >>>>>
> >>>>> This is a temporary tree just for this request. Mimi has
> >>>>> pointed me to some previous threads about keeping
> >>>>> maintainer trees at the previous release, which I'll
> >>>>> certainly do for anything long-term, after talking with
> >>>>> James.
> >>>>>
> > The following changes since commit
> > 0e04c641b199435f3779454055f6a7de258ecdfc:
> >
> > Merge tag 'dm-3.16-changes' of
> > git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
> >
> >
> (2014-06-12 13:33:29 -0700)
> >
> > are available in the git repository at:
> >
> >
> > git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security
> >
> >
> serge-next-2
> >
> > for you to fetch changes up to
> > 0430e49b6e7c6b5e076be8fefdee089958c9adad:
> >
> > ima: introduce ima_kernel_read() (2014-06-12 17:58:08 -0400)
> >
> > ----------------------------------------------------------------
> > Dmitry Kasatkin (5): evm: replace HMAC version with attribute mask
> > evm: provide option to protect additional SMACK xattrs ima: prevent
> > unnecessary policy checking ima: check inode integrity cache in
> > violation check ima: introduce ima_kernel_read()
> >
> > Mimi Zohar (2): ima: prevent new digsig xattr from being replaced
> > evm: prohibit userspace writing 'security.evm' HMAC value
> >
> > security/integrity/evm/Kconfig | 42
> > ++++++++++++++++++++++++++++------- security/integrity/evm/evm.h
> > | 5 ++++- security/integrity/evm/evm_crypto.c | 2 +-
> > security/integrity/evm/evm_main.c | 29
> > +++++++++++++++++++++--- security/integrity/ima/ima_appraise.c | 10
> > ++++++--- security/integrity/ima/ima_crypto.c | 32
> > +++++++++++++++++++++++++- security/integrity/ima/ima_main.c |
> > 22 +++++++++--------- 7 files changed, 114 insertions(+), 28
> > deletions(-)
> >>>>> -- To unsubscribe from this list: send the line
> >>>>> "unsubscribe linux-security-module" in the body of a
> >>>>> message to majordomo at vger.kernel.org More majordomo info at
> >>>>> http://vger.kernel.org/majordomo-info.html
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> -- Thanks, Dmitry
> >>>
> >>>
> >>
> >> -- Tim Gardner tim.gardner at canonical.com
> >
> >
> >
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20140617/dc120f42/attachment.sig>
More information about the kernel-team
mailing list