[linux] branch master updated (1fc1cd8399ab -> be37f21a08ce) - Tcwg-commits

7 Mar 2019


      This is an automated email from the git hooks/post-receive script.
unknown user pushed a change to branch master
in repository linux.
from  1fc1cd8399ab Merge branch 'for-5.1' of git://git.kernel.org/pub/scm/lin [...]
       new  49e41801b335 Merge tag 'v5.0-rc1' into next-general
       new  47008e5161fa LSM: Introduce LSM_FLAG_LEGACY_MAJOR
       new  657d910b52a3 LSM: Provide separate ordered initialization
       new  c5459b829b71 LSM: Plumb visibility into optional "enabled" state
       new  f4941d75b9cb LSM: Lift LSM selection out of individual LSMs
       new  2d4d51198c73 LSM: Build ordered list of LSMs to initialize
       new  13e735c0e953 LSM: Introduce CONFIG_LSM
       new  79f7865d844c LSM: Introduce "lsm=" for boottime LSM selection
       new  a8027fb0d188 LSM: Tie enabling logic to presence in ordered list
       new  5ef4e41918b2 LSM: Prepare for reorganizing "security=" logic
       new  7e611486d905 LSM: Refactor "security=" in terms of enable/disable
       new  14bd99c821f7 LSM: Separate idea of "major" LSM from "exclusive" LSM
       new  0102fb83f900 apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE
       new  be6ec88f41ba selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE
       new  c91d8106b370 LSM: Add all exclusive LSMs to ordered initialization
       new  d8e9bbd4fa7f LSM: Split LSM preparation from initialization
       new  70b62c25665f LoadPin: Initialize as ordered LSM
       new  d6aed64b74b7 Yama: Initialize as ordered LSM
       new  e2bc445b66ca LSM: Introduce enum lsm_order
       new  d117a154e612 capability: Initialize as LSM_ORDER_FIRST
       new  6d9c939dbe4d procfs: add smack subdir to attrs
       new  b17103a8b8ae Smack: Abstract use of cred security blob
       new  0c6cfa622cf5 SELinux: Abstract use of cred security blob
       new  98c886513657 SELinux: Remove cred security blob poisoning
       new  3d252529480c SELinux: Remove unused selinux_is_enabled
       new  69b5a44a95bb AppArmor: Abstract use of cred security blob
       new  43fc460907dc TOMOYO: Abstract use of cred security blob
       new  bbd3662a8348 Infrastructure management of the cred security blob
       new  bb6c6b02ccb7 SELinux: Abstract use of file security blob
       new  f28952ac9008 Smack: Abstract use of file security blob
       new  33bf60cabcc7 LSM: Infrastructure management of the file security
       new  80788c229116 SELinux: Abstract use of inode security blob
       new  fb4021b6fb58 Smack: Abstract use of inode security blob
       new  afb1cbe37440 LSM: Infrastructure management of the inode security
       new  f4ad8f2c4076 LSM: Infrastructure management of the task security
       new  7c6538280ae9 SELinux: Abstract use of ipc security blobs
       new  019bcca4626a Smack: Abstract use of ipc security blobs
       new  ecd5f82e05dd LSM: Infrastructure management of the ipc security blob
       new  a5e2fe7ede12 TOMOYO: Update LSM flags to no longer be exclusive
       new  2233975cd792 Merge tag 'blob-stacking-security-next' of https://git.ker [...]
       new  c1a85a00ea66 LSM: generalize flag passing to security_capable
       new  1cfb2a512e74 LSM: Make lsm_early_cred() and lsm_early_task() local functions.
       new  3e8c73671244 LSM: Make some functions static
       new  9624d5c9c7ff Merge tag 'v5.0-rc3' into next-general
       new  6c2976b06f68 apparmor: Adjust offset when accessing task blob.
       new  39e83beb9109 capabilities:: annotate implicit fall through
       new  5b73262a5c5b security: keys: annotate implicit fall through
       new  0f949bcc7b4f security: keys: annotate implicit fall throughs
       new  23711df7f4a2 security: keys: annotate implicit fall throughs
       new  8c6cb983cd52 tomoyo: Swicth from cred->security to task_struct->security.
       new  cdcf6723add5 tomoyo: Coding style fix.
       new  4b42564181d6 tomoyo: Allow multiple use_group lines.
       new  40852275a94a LSM: add SafeSetID module that gates setid calls
       new  aeca4e2ca65c LSM: add SafeSetID module that gates setid calls
       new  f67e20d20f28 LSM: Add 'name' field for SafeSetID in DEFINE_LSM
       new  2f87324be773 LSM: SafeSetID: 'depend' on CONFIG_SECURITY
       new  2181e084b26b LSM: SafeSetID: remove unused include
       new  c67e8ec03f3f LSM: SafeSetID: add selftest
       new  e7a44cfd6399 LSM: fix return value check in safesetid_init_securityfs()
       new  861f4bcffcc9 tomoyo: Bump version.
       new  09186e503486 security: mark expected switch fall-throughs and add a mis [...]
       new  e88ed488af0a LSM: Update function documentation for cap_capable
       new  89a9684ea158 LSM: Ignore "security=" when "lsm=" is specified
       new  b102c11e1a10 LSM: Update list of SECURITYFS users in Kconfig
       new  468e91cecb32 keys: fix missing __user in KEYCTL_PKEY_QUERY
       new  ae5906ceee03 Merge branch 'next-general' of git://git.kernel.org/pub/sc [...]
       new  3a28cff3bd4b selinux: avoid silent denials in permissive mode under RCU walk
       new  e46e01eebbbc selinux: stop passing MAY_NOT_BLOCK to the AVC upon follow_link
       new  a83d6ddaebe5 selinux: never allow relabeling on context mounts
       new  53e0c2aa9a59 selinux: do not override context on context mounts
       new  a2c513835bb6 selinux: inline some AVC functions used only once
       new  994fb0651d02 selinux: replace some BUG_ON()s with a WARN_ON()
       new  fede148324c3 selinux: log invalid contexts in AVCs
       new  e6f2f381e401 selinux: replace BUG_ONs with WARN_ONs in avc.c
       new  45189a1998e0 selinux: fix avc audit messages
       new  3ac96c30ccfa Merge tag 'selinux-pr-20190305' of git://git.kernel.org/pu [...]
       new  53fc7a01df51 audit: give a clue what CONFIG_CHANGE op was involved
       new  9e36a5d49c3a audit: hand taken context to audit_kill_trees for syscall logging
       new  626abcd13d4e audit: add syscall information to CONFIG_CHANGE records
       new  4b7d248b3a1d audit: move loginuid and sessionid from CONFIG_AUDITSYSCAL [...]
       new  2fec30e245a3 audit: add support for fcaps v3
       new  a252f56a3c92 audit: more filter PATH records keyed on filesystem magic
       new  05c7a9cb2727 audit: clean up AUDITSYSCALL prototypes and stubs
       new  57d4657716ac audit: ignore fcaps on umount
       new  90462a5bd30c audit: remove unused actx param from audit_rule_match
       new  5f3d544f1671 audit: remove audit_context when CONFIG_ AUDIT and not AUD [...]
       new  18f5c1d567a5 audit: join tty records to their syscall
       new  cd108b5c51db audit: hide auditsc_get_stamp and audit_serial prototypes
       new  131d34cb0795 audit: mark expected switch fall-through
       new  be37f21a08ce Merge tag 'audit-pr-20190305' of git://git.kernel.org/pub/ [...]
The 90 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Summary of changes:
 Documentation/admin-guide/LSM/SafeSetID.rst        | 107 ++++
 Documentation/admin-guide/LSM/index.rst            |  14 +-
 Documentation/admin-guide/kernel-parameters.txt    |  12 +-
 MAINTAINERS                                        |  11 +-
 drivers/tty/tty_audit.c                            |   2 +-
 fs/namei.c                                         |   2 +-
 fs/namespace.c                                     |   2 +
 fs/proc/base.c                                     |  70 ++-
 fs/proc/internal.h                                 |   1 +
 include/linux/audit.h                              |  66 +--
 include/linux/capability.h                         |  10 +-
 include/linux/cred.h                               |   1 -
 include/linux/lsm_hooks.h                          |  49 +-
 include/linux/namei.h                              |   3 +
 include/linux/sched.h                              |   4 +-
 include/linux/security.h                           |  48 +-
 include/linux/selinux.h                            |  35 --
 init/init_task.c                                   |   2 +-
 kernel/audit.c                                     | 267 ++++-----
 kernel/audit.h                                     |  81 ++-
 kernel/audit_fsnotify.c                            |   2 +-
 kernel/audit_tree.c                                |  19 +-
 kernel/audit_watch.c                               |   2 +-
 kernel/auditfilter.c                               |   6 +-
 kernel/auditsc.c                                   | 320 ++++++----
 kernel/capability.c                                |  45 +-
 kernel/cred.c                                      |  13 -
 kernel/seccomp.c                                   |   4 +-
 kernel/sys.c                                       |  10 +-
 security/Kconfig                                   |  45 +-
 security/Makefile                                  |   2 +
 security/apparmor/Kconfig                          |  16 -
 security/apparmor/audit.c                          |   3 +-
 security/apparmor/capability.c                     |  14 +-
 security/apparmor/domain.c                         |   4 +-
 security/apparmor/include/audit.h                  |   3 +-
 security/apparmor/include/capability.h             |   2 +-
 security/apparmor/include/cred.h                   |  16 +-
 security/apparmor/include/file.h                   |   5 +-
 security/apparmor/include/lib.h                    |   4 +
 security/apparmor/include/task.h                   |  18 +-
 security/apparmor/ipc.c                            |   3 +-
 security/apparmor/lsm.c                            |  67 +--
 security/apparmor/resource.c                       |   2 +-
 security/apparmor/task.c                           |   6 +-
 security/commoncap.c                               |  30 +-
 security/integrity/ima/ima.h                       |   3 +-
 security/integrity/ima/ima_appraise.c              |   1 +
 security/integrity/ima/ima_policy.c                |  10 +-
 security/integrity/ima/ima_template_lib.c          |   1 +
 security/keys/keyctl.c                             |   2 +-
 security/keys/keyring.c                            |   1 +
 security/keys/process_keys.c                       |   3 +
 security/keys/request_key.c                        |   4 +
 security/loadpin/loadpin.c                         |   8 +-
 security/safesetid/Kconfig                         |  14 +
 security/safesetid/Makefile                        |   7 +
 security/safesetid/lsm.c                           | 277 +++++++++
 security/safesetid/lsm.h                           |  33 ++
 security/safesetid/securityfs.c                    | 193 ++++++
 security/security.c                                | 654 ++++++++++++++++++---
 security/selinux/Kconfig                           |  15 -
 security/selinux/Makefile                          |   2 +-
 security/selinux/avc.c                             | 199 +++----
 security/selinux/exports.c                         |  23 -
 security/selinux/hooks.c                           | 420 +++++--------
 security/selinux/include/audit.h                   |   7 +-
 security/selinux/include/avc.h                     |   6 +-
 security/selinux/include/objsec.h                  |  38 +-
 security/selinux/include/security.h                |   3 +
 security/selinux/selinuxfs.c                       |   4 +-
 security/selinux/ss/services.c                     |  41 +-
 security/selinux/xfrm.c                            |   4 +-
 security/smack/smack.h                             |  44 +-
 security/smack/smack_access.c                      |   6 +-
 security/smack/smack_lsm.c                         | 321 ++++------
 security/smack/smackfs.c                           |  18 +-
 security/tomoyo/audit.c                            |  31 +-
 security/tomoyo/common.c                           | 199 +++++--
 security/tomoyo/common.h                           |  51 +-
 security/tomoyo/condition.c                        |  59 +-
 security/tomoyo/domain.c                           |  76 ++-
 security/tomoyo/file.c                             |  20 +
 security/tomoyo/gc.c                               |  19 +
 security/tomoyo/group.c                            |   5 +
 security/tomoyo/load_policy.c                      |   8 +-
 security/tomoyo/memory.c                           |   9 +-
 security/tomoyo/mount.c                            |   2 +
 security/tomoyo/realpath.c                         |  18 +-
 security/tomoyo/securityfs_if.c                    |  30 +-
 security/tomoyo/tomoyo.c                           | 160 +++--
 security/tomoyo/util.c                             |  23 +-
 security/yama/yama_lsm.c                           |   8 +-
 tools/testing/selftests/safesetid/.gitignore       |   1 +
 tools/testing/selftests/safesetid/Makefile         |   8 +
 tools/testing/selftests/safesetid/config           |   2 +
 tools/testing/selftests/safesetid/safesetid-test.c | 334 +++++++++++
 .../testing/selftests/safesetid/safesetid-test.sh  |  26 +
 98 files changed, 3290 insertions(+), 1609 deletions(-)
 create mode 100644 Documentation/admin-guide/LSM/SafeSetID.rst
 delete mode 100644 include/linux/selinux.h
 create mode 100644 security/safesetid/Kconfig
 create mode 100644 security/safesetid/Makefile
 create mode 100644 security/safesetid/lsm.c
 create mode 100644 security/safesetid/lsm.h
 create mode 100644 security/safesetid/securityfs.c
 delete mode 100644 security/selinux/exports.c
 create mode 100644 tools/testing/selftests/safesetid/.gitignore
 create mode 100644 tools/testing/selftests/safesetid/Makefile
 create mode 100644 tools/testing/selftests/safesetid/config
 create mode 100644 tools/testing/selftests/safesetid/safesetid-test.c
 create mode 100755 tools/testing/selftests/safesetid/safesetid-test.sh
-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.