[Bionic][request-pull] LSM stacking for bionic
John Johansen
john.johansen at canonical.com
Tue Apr 10 17:01:16 UTC 2018
This is the LSM stacking patchset for bionic. It is based on the first five
patches of the most recent upstream revision (contains several bug fixes),
and the set of patches from artful ported to the revised base.
It includes a revision to the Kconfig, and Ubuntu config settings so that
it can share the same config enforcement rules as none stacking kernels.
The following changes since commit f02c5a422e9026ff83ca56dd6b1b1164f408ee8b:
UBUNTU: Ubuntu-4.15.0-12.13 (2018-03-07 22:09:44 +0100)
are available in the git repository at:
ssh://kernel.ubuntu.com/srv/kernel.ubuntu.com/git/jj/ubuntu-artful.git bionic-stacking
for you to fetch changes up to 082eeecf55bfcfdc3771f62d86d0c235428bca91:
UBUNTU: SAUCE: LSM stacking: remove procfs context interface (2018-04-10 08:45:45 -0700)
----------------------------------------------------------------
Casey Schaufler (6):
UBUNTU: SAUCE: LSM stacking: procfs: add smack subdir to attrs
UBUNTU: SAUCE: LSM stacking: LSM: Manage credential security blobs
UBUNTU: SAUCE: LSM stacking: LSM: Manage file security blobs
UBUNTU: SAUCE: LSM stacking: LSM: Manage task security blobs
UBUNTU: SAUCE: LSM stacking: LSM: Manage remaining security blobs
UBUNTU: SAUCE: LSM stacking: LSM: General stacking
Colin Ian King (1):
UBUNTU: SAUCE: LSM stacking: check for invalid zero sized writes
John Johansen (18):
UBUNTU: SAUCE: LSM stacking: fixup initialize task->security
UBUNTU: SAUCE: LSM stacking: fixup: alloc_task_ctx is dead code
UBUNTU: SAUCE: LSM stacking: add support for stacking getpeersec_stream
UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor network hooks
UBUNTU: SAUCE: LSM stacking: fixup apparmor stacking enablement
UBUNTU: SAUCE: LSM stacking: fixup stacking kconfig
UBUNTU: SAUCE: LSM stacking: allow selecting multiple LSMs using kernel boot params
UBUNTU: SAUCE: LSM stacking: provide prctl interface for setting context
UBUNTU: SAUCE: LSM stacking: inherit current display LSM
UBUNTU: SAUCE: LSM stacking: keep an index for each registered LSM
UBUNTU: SAUCE: LSM stacking: verify display LSM
UBUNTU: SAUCE: LSM stacking: provide a way to specify the default display lsm
UBUNTU: SAUCE: LSM stacking: make sure LSM blob align on 64 bit boundaries
UBUNTU: SAUCE: LSM stacking: add /proc/<pid>/attr/display_lsm
UBUNTU: SAUCE: LSM stacking: add Kconfig to set default display LSM
UBUNTU: SAUCE: LSM stacking: add configs for LSM stacking
UBUNTU: SAUCE: LSM stacking: add apparmor and selinux proc dirs
UBUNTU: SAUCE: LSM stacking: remove procfs context interface
Documentation/admin-guide/LSM/index.rst | 23 +-
debian.master/config/annotations | 5 +
debian.master/config/config.common.ubuntu | 12 +-
fs/proc/base.c | 96 +++-
fs/proc/internal.h | 1 +
include/linux/lsm_hooks.h | 40 +-
include/linux/security.h | 15 +-
include/uapi/linux/prctl.h | 4 +
kernel/cred.c | 13 -
kernel/fork.c | 3 +
security/Kconfig | 165 ++++++-
security/apparmor/context.c | 12 -
security/apparmor/include/context.h | 25 +-
security/apparmor/include/file.h | 2 +-
security/apparmor/include/net.h | 12 +-
security/apparmor/lsm.c | 84 ++--
security/security.c | 776 +++++++++++++++++++++++++++++-
security/selinux/hooks.c | 490 ++++++-------------
security/selinux/include/objsec.h | 87 +++-
security/selinux/netlabel.c | 15 +-
security/selinux/selinuxfs.c | 5 +-
security/selinux/ss/services.c | 3 +-
security/selinux/xfrm.c | 4 +-
security/smack/smack.h | 90 +++-
security/smack/smack_access.c | 2 +-
security/smack/smack_lsm.c | 530 +++++++-------------
security/smack/smack_netfilter.c | 8 +-
security/smack/smackfs.c | 18 +-
security/tomoyo/common.h | 31 +-
security/tomoyo/domain.c | 4 +-
security/tomoyo/securityfs_if.c | 15 +-
security/tomoyo/tomoyo.c | 57 ++-
32 files changed, 1777 insertions(+), 870 deletions(-)
More information about the kernel-team
mailing list