This is an automated email from the git hooks/post-receive script.
unknown user pushed a change to branch master in repository linux.
from f1f2f614d535 Merge branch 'next-integrity' of git://git.kernel.org/pub/ [...] new e6b1db98cf4d security: Support early LSMs new 9e47d31d6a57 security: Add a "locked down" LSM hook new 000d388ed3bb security: Add a static lockdown policy LSM new 49fcf732bdae lockdown: Enforce module signatures if the kernel is locked down new 9b9d8dda1ed7 lockdown: Restrict /dev/{mem,kmem,port} when the kernel is [...] new 7d31f4602f8d kexec_load: Disable at runtime if the kernel is locked down new fef5dad98760 lockdown: Copy secure_boot flag in boot params across kexe [...] new 99d5cadfde2b kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXE [...] new 155bdd30af17 kexec_file: Restrict at runtime if the kernel is locked down new 38bd94b8a1bd hibernate: Disable when the kernel is locked down new eb627e17727e PCI: Lock down BAR access when the kernel is locked down new 96c4f67293e4 x86: Lock down IO port access when the kernel is locked down new 95f5e95f41df x86/msr: Restrict MSR access when the kernel is locked down new f474e1486b78 ACPI: Limit access to custom_method when the kernel is loc [...] new 41fa1ee9c6d6 acpi: Ignore acpi_rsdp kernel param when the kernel has be [...] new 6ea0e815fc5e acpi: Disable ACPI table override if the kernel is locked down new 3f19cad3fa0d lockdown: Prohibit PCMCIA CIS storage when the kernel is l [...] new 794edf30ee6c lockdown: Lock down TIOCSSERIAL new 20657f66ef52 lockdown: Lock down module params that specify hardware pa [...] new 906357f77a07 x86/mmiotrace: Lock down the testmmiotrace module new 02e935bf5b34 lockdown: Lock down /proc/kcore new a94549dd87f5 lockdown: Lock down tracing and perf kprobes when in confi [...] new 9d1f8be5cf42 bpf: Restrict bpf when kernel lockdown is in confidentiality mode new b0c8fdc7fdb7 lockdown: Lock down perf when in confidentiality mode new 29d3c1c8dfe7 kexec: Allow kexec_file() with appropriate IMA policy when [...] new 5496197f9b08 debugfs: Restrict debugfs when the kernel is locked down new ccbd54ff54e8 tracefs: Restrict tracefs when the kernel is locked down new 1957a85b0032 efi: Restrict efivar_ssdt_load when the kernel is locked down new b602614a8107 lockdown: Print current->comm in restriction messages new f8a9bc623a6d security: constify some arrays in lockdown LSM new 45893a0abee6 kexec: Fix file verification on S390 new aefcf2f4b581 Merge branch 'next-lockdown' of git://git.kernel.org/pub/s [...]
The 32 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference.
Summary of changes: Documentation/admin-guide/kernel-parameters.txt | 9 ++ arch/arm64/Kconfig | 6 +- arch/s390/Kconfig | 2 +- arch/s390/kernel/kexec_elf.c | 4 +- arch/s390/kernel/kexec_image.c | 4 +- arch/s390/kernel/machine_kexec_file.c | 4 +- arch/x86/Kconfig | 20 ++- arch/x86/boot/compressed/acpi.c | 19 ++- arch/x86/include/asm/acpi.h | 9 ++ arch/x86/include/asm/x86_init.h | 2 + arch/x86/kernel/acpi/boot.c | 5 + arch/x86/kernel/ima_arch.c | 4 +- arch/x86/kernel/ioport.c | 7 +- arch/x86/kernel/kexec-bzimage64.c | 1 + arch/x86/kernel/msr.c | 8 + arch/x86/kernel/x86_init.c | 1 + arch/x86/mm/testmmiotrace.c | 5 + crypto/asymmetric_keys/verify_pefile.c | 4 +- drivers/acpi/custom_method.c | 6 + drivers/acpi/osl.c | 14 +- drivers/acpi/tables.c | 6 + drivers/char/mem.c | 7 +- drivers/firmware/efi/efi.c | 6 + drivers/pci/pci-sysfs.c | 16 ++ drivers/pci/proc.c | 14 +- drivers/pci/syscall.c | 4 +- drivers/pcmcia/cistpl.c | 5 + drivers/tty/serial/serial_core.c | 5 + fs/debugfs/file.c | 30 ++++ fs/debugfs/inode.c | 32 +++- fs/proc/kcore.c | 6 + fs/tracefs/inode.c | 42 +++++- include/asm-generic/vmlinux.lds.h | 8 +- include/linux/acpi.h | 6 + include/linux/ima.h | 9 ++ include/linux/kexec.h | 4 +- include/linux/lsm_hooks.h | 13 ++ include/linux/security.h | 59 ++++++++ init/Kconfig | 5 + init/main.c | 1 + kernel/events/core.c | 7 + kernel/kexec.c | 8 + kernel/kexec_file.c | 68 +++++++-- kernel/module.c | 37 ++++- kernel/params.c | 21 ++- kernel/power/hibernate.c | 3 +- kernel/trace/bpf_trace.c | 10 ++ kernel/trace/trace_kprobe.c | 5 + security/Kconfig | 11 +- security/Makefile | 2 + security/integrity/ima/Kconfig | 2 +- security/integrity/ima/ima.h | 2 + security/integrity/ima/ima_main.c | 4 +- security/integrity/ima/ima_policy.c | 50 +++++++ security/lockdown/Kconfig | 47 ++++++ security/lockdown/Makefile | 1 + security/lockdown/lockdown.c | 191 ++++++++++++++++++++++++ security/security.c | 56 ++++++- 58 files changed, 861 insertions(+), 76 deletions(-) create mode 100644 security/lockdown/Kconfig create mode 100644 security/lockdown/Makefile create mode 100644 security/lockdown/lockdown.c