[Pull][ARTFUL] LSM stacking

John Johansen john.johansen at canonical.com
Thu Sep 28 20:08:58 UTC 2017


The following changes since commit 80253b13f72f2637dafb4a63cde565e1ffb8e84d:

  UBUNTU: SAUCE: apparmor: fix apparmorfs DAC access permissions (2017-08-31 16:35:09 -0700)

are available in the git repository at:

  git://kernel.ubuntu.com/jj/ubuntu-artful.git lsm-stacking-revised

for you to fetch changes up to e4c8b7ce83f9d9b74396f35a4f8bcffd591e356e:

  UBUNTU: SAUCE: LSM stacking: add configs for LSM stacking (2017-09-28 14:25:37 -0400)

----------------------------------------------------------------
Casey Schaufler (7):
      UBUNTU: SAUCE: LSM stacking: procfs: add smack subdir to attrs
      UBUNTU: SAUCE: LSM stacking: LSM: manage credential security blobs
      UBUNTU: SAUCE: LSM stacking: LSM: Manage file security blobs
      UBUNTU: SAUCE: LSM stacking: LSM: manage task security blobs
      UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the remaining blobs
      UBUNTU: SAUCE: LSM stacking: LSM: general but not extreme module stacking
      UBUNTU: SAUCE: LSM stacking: LSM: Complete task_alloc hook

John Johansen (17):
      UBUNTU: SAUCE: LSM stacking: fixup procsfs: add smack subdir to attrs
      UBUNTU: SAUCE: LSM stacking: fixup initialize task->security
      UBUNTU: SAUCE: LSM stacking: fixup: alloc_task_ctx is dead code
      UBUNTU: SAUCE: LSM stacking: add support for stacking getpeersec_stream
      UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor network hooks
      UBUNTU: SAUCE: LSM stacking: fixup apparmor stacking enablement
      UBUNTU: SAUCE: LSM stacking: fixup stacking kconfig
      UBUNTU: SAUCE: LSM stacking: allow selecting multiple LSMs using kernel boot params
      UBUNTU: SAUCE: LSM stacking: provide prctl interface for setting context
      UBUNTU: SAUCE: LSM stacking: inherit current display LSM
      UBUNTU: SAUCE: LSM stacking: keep an index for each registered LSM
      UBUNTU: SAUCE: LSM stacking: verify display LSM
      UBUNTU: SAUCE: LSM stacking: provide a way to specify the default display lsm
      UBUNTU: SAUCE: LSM stacking: make sure LSM blob align on 64 bit boundaries
      UBUNTU: SAUCE: LSM stacking: add /proc/<pid>/attr/display_lsm
      UBUNTU: SAUCE: LSM stacking: add Kconfig to set default display LSM
      UBUNTU: SAUCE: LSM stacking: add configs for LSM stacking

 Documentation/admin-guide/LSM/index.rst   |  31 +-
 debian.master/config/annotations          |  10 +-
 debian.master/config/config.common.ubuntu |  13 +
 fs/proc/base.c                            |  98 +++-
 fs/proc/internal.h                        |   1 +
 include/linux/lsm_hooks.h                 |  40 +-
 include/linux/security.h                  |  15 +-
 include/uapi/linux/prctl.h                |   6 +
 kernel/cred.c                             |  13 -
 kernel/fork.c                             |   3 +
 security/Kconfig                          | 141 +++++
 security/apparmor/context.c               |  12 -
 security/apparmor/include/context.h       |  25 +-
 security/apparmor/include/file.h          |   2 +-
 security/apparmor/include/net.h           |  12 +-
 security/apparmor/lsm.c                   | 118 ++--
 security/security.c                       | 876 +++++++++++++++++++++++++++++-
 security/selinux/hooks.c                  | 513 ++++++-----------
 security/selinux/include/objsec.h         |  87 ++-
 security/selinux/netlabel.c               |  15 +-
 security/selinux/selinuxfs.c              |   5 +-
 security/selinux/ss/services.c            |   3 +-
 security/selinux/xfrm.c                   |   4 +-
 security/smack/smack.h                    |  90 ++-
 security/smack/smack_access.c             |   2 +-
 security/smack/smack_lsm.c                | 526 ++++++------------
 security/smack/smack_netfilter.c          |   8 +-
 security/smack/smackfs.c                  |  18 +-
 security/tomoyo/common.h                  |  30 +-
 security/tomoyo/domain.c                  |   4 +-
 security/tomoyo/securityfs_if.c           |  13 +-
 security/tomoyo/tomoyo.c                  |  52 +-
 32 files changed, 1929 insertions(+), 857 deletions(-)




More information about the kernel-team mailing list