This is an automated email from the git hooks/post-receive script.
unknown user pushed a change to branch master in repository linux.
from ad060dbbcfcf Merge tag 'selinux-pr-20240911' of git://git.kernel.org/pu [...] new 2aff9d20d50a lsm: infrastructure management of the sock security new 5f8d28f6d7d5 lsm: infrastructure management of the key security blob new 09001284eebf lsm: add helper for blob allocations new a39c0f77dbbe lsm: infrastructure management of the dev_tun blob new 66de33a0bbb5 lsm: infrastructure management of the infiniband blob new 61a1dcdceb44 lsm: infrastructure management of the perf_event security blob new be72a57527fd lsm: Refactor return value of LSM hook vm_enough_memory new 924e19c39e8f lsm: Refactor return value of LSM hook inode_copy_up_xattr new 711f5c5ce6c2 lsm: cleanup lsm_hooks.h new 63dff3e48871 lsm: add the inode_free_security_rcu() LSM implementation hook new 9ee688145434 lockdown: Make lockdown_lsmid static new 0311507792b5 lsm: add IPE lsm new 54a88cd25920 ipe: add policy parser new 05a351630b74 ipe: add evaluation loop new 52443cb60c35 ipe: add LSM hooks on execution and kernel read new 2fea0c26b82f initramfs,lsm: add a security hook to do_populate_rootfs() new a8a74df15083 ipe: introduce 'boot_verified' as a trust provider new 7138679ff2a2 lsm: add new securityfs delete function new 2261306f4a3c ipe: add userspace interface new f44554b5067b audit,ipe: add IPE auditing support new a68916eaedcd ipe: add permissive toggle new b55d26bd1891 block,lsm: add LSM blob and new LSM hooks for block devices new a6af7bc3d72f dm-verity: expose root hash digest and signature data to LSMs new e155858dd995 ipe: add support for dm-verity as a trust provider new fb55e177d593 lsm: add security_inode_setintegrity() hook new 7c373e4f1445 fsverity: expose verified fsverity built-in signatures to LSMs new 31f8c8682f30 ipe: enable support for fs-verity as a trust provider new ba199dc909a2 scripts: add boot policy generation program new 10ca05a76065 ipe: kunit test for parser new ac6731870ed9 documentation: add IPE documentation new e4b0b54f95fd MAINTAINERS: add IPE entry with Fan Wu as maintainer new 77b644c39d6a init/main.c: Initialize early LSMs after arch code, static [...] new 7cff549daa67 kernel: Add helper macros for loop unrolling new d51e783c17ba lsm: count the LSMs enabled at compile time new 417c5643cd67 lsm: replace indirect LSM hook calls with static calls new f5dafb8909dc ipe: Remove duplicated include in ipe.c new d6bd12e80bf9 lsm: remove LSM_COUNT and LSM_CONFIG_COUNT new ce4a60592ee0 lsm: Use IS_ERR_OR_NULL() helper function new 26f204380a3c fs: Fix file_set_fowner LSM hook inconsistencies new 19c9d55d72a9 security: Update file_set_fowner documentation new a430d95c5efa Merge tag 'lsm-pr-20240911' of git://git.kernel.org/pub/sc [...]
The 41 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference.
Summary of changes: Documentation/admin-guide/LSM/index.rst | 1 + Documentation/admin-guide/LSM/ipe.rst | 790 +++++++++++++++++++++ Documentation/admin-guide/kernel-parameters.txt | 12 + Documentation/filesystems/fsverity.rst | 27 +- Documentation/security/index.rst | 1 + Documentation/security/ipe.rst | 446 ++++++++++++ MAINTAINERS | 10 + block/bdev.c | 7 + drivers/md/dm-verity-target.c | 118 +++ drivers/md/dm-verity.h | 4 + fs/fcntl.c | 14 +- fs/overlayfs/copy_up.c | 6 +- fs/verity/signature.c | 18 +- include/linux/args.h | 6 +- include/linux/blk_types.h | 3 + include/linux/lsm_count.h | 135 ++++ include/linux/lsm_hook_defs.h | 20 +- include/linux/lsm_hooks.h | 129 ++-- include/linux/security.h | 55 +- include/linux/unroll.h | 36 + include/uapi/linux/audit.h | 3 + include/uapi/linux/lsm.h | 1 + init/initramfs.c | 3 + init/main.c | 6 +- scripts/Makefile | 1 + scripts/ipe/Makefile | 2 + scripts/ipe/polgen/.gitignore | 2 + scripts/ipe/polgen/Makefile | 5 + scripts/ipe/polgen/polgen.c | 145 ++++ security/Kconfig | 11 +- security/Makefile | 1 + security/apparmor/include/net.h | 3 +- security/apparmor/lsm.c | 17 +- security/apparmor/net.c | 2 +- security/commoncap.c | 11 +- security/inode.c | 27 +- security/integrity/evm/evm_main.c | 2 +- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_iint.c | 20 +- security/integrity/ima/ima_main.c | 2 +- security/ipe/.gitignore | 2 + security/ipe/Kconfig | 97 +++ security/ipe/Makefile | 31 + security/ipe/audit.c | 292 ++++++++ security/ipe/audit.h | 19 + security/ipe/digest.c | 118 +++ security/ipe/digest.h | 26 + security/ipe/eval.c | 393 ++++++++++ security/ipe/eval.h | 70 ++ security/ipe/fs.c | 247 +++++++ security/ipe/fs.h | 16 + security/ipe/hooks.c | 314 ++++++++ security/ipe/hooks.h | 52 ++ security/ipe/ipe.c | 98 +++ security/ipe/ipe.h | 26 + security/ipe/policy.c | 227 ++++++ security/ipe/policy.h | 98 +++ security/ipe/policy_fs.c | 472 ++++++++++++ security/ipe/policy_parser.c | 559 +++++++++++++++ security/ipe/policy_parser.h | 11 + security/ipe/policy_tests.c | 296 ++++++++ security/landlock/fs.c | 9 +- security/lockdown/lockdown.c | 2 +- security/security.c | 613 +++++++++++----- security/selinux/hooks.c | 176 ++--- security/selinux/include/objsec.h | 28 + security/selinux/netlabel.c | 23 +- security/smack/smack.h | 12 + security/smack/smack_lsm.c | 107 ++- security/smack/smack_netfilter.c | 4 +- .../testing/selftests/lsm/lsm_list_modules_test.c | 3 + 71 files changed, 6062 insertions(+), 483 deletions(-) create mode 100644 Documentation/admin-guide/LSM/ipe.rst create mode 100644 Documentation/security/ipe.rst create mode 100644 include/linux/lsm_count.h create mode 100644 include/linux/unroll.h create mode 100644 scripts/ipe/Makefile create mode 100644 scripts/ipe/polgen/.gitignore create mode 100644 scripts/ipe/polgen/Makefile create mode 100644 scripts/ipe/polgen/polgen.c create mode 100644 security/ipe/.gitignore create mode 100644 security/ipe/Kconfig create mode 100644 security/ipe/Makefile create mode 100644 security/ipe/audit.c create mode 100644 security/ipe/audit.h create mode 100644 security/ipe/digest.c create mode 100644 security/ipe/digest.h create mode 100644 security/ipe/eval.c create mode 100644 security/ipe/eval.h create mode 100644 security/ipe/fs.c create mode 100644 security/ipe/fs.h create mode 100644 security/ipe/hooks.c create mode 100644 security/ipe/hooks.h create mode 100644 security/ipe/ipe.c create mode 100644 security/ipe/ipe.h create mode 100644 security/ipe/policy.c create mode 100644 security/ipe/policy.h create mode 100644 security/ipe/policy_fs.c create mode 100644 security/ipe/policy_parser.c create mode 100644 security/ipe/policy_parser.h create mode 100644 security/ipe/policy_tests.c
-
git@git.linaro.org