Here's what to expect in 2.6.30, currently carried in linux-next via the
security-testing tree[1].
Notable new features include IMA and TOMOYO, while SELinux gets some
cleanup love.
David P. Quigley (3):
SELinux: Condense super block security structure flags and cleanup necessary code.
SELinux: Add new security mount option to indicate security label support.
SELinux: Unify context mount and genfs behavior
Eric Paris (12):
SELinux: call capabilities code directory
SELinux: better printk when file with invalid label found
SELinux: NULL terminate al contexts from disk
SELinux: check seqno when updating an avc_node
SELinux: remove the unused ae.used
SELinux: more careful use of avd in avc_has_perm_noaudit
SELinux: remove unused av.decided field
SELinux: code readability with avc_cache
SELinux: convert the avc cache hash list to an hlist
SELinux: open perm for sock files
SELinux: new permission between tty audit and audit socket
SELinux: inode_doinit_with_dentry drop no dentry printk
James Morris (23):
maintainers: add security subsystem wiki
selinux: remove unused bprm_check_security hook
selinux: remove secondary ops call to bprm_committing_creds
selinux: remove secondary ops call to bprm_committed_creds
selinux: remove secondary ops call to sb_mount
selinux: remove secondary ops call to sb_umount
selinux: remove secondary ops call to inode_link
selinux: remove secondary ops call to inode_unlink
selinux: remove secondary ops call to inode_mknod
selinux: remove secondary ops call to inode_follow_link
selinux: remove secondary ops call to inode_permission
selinux: remove secondary ops call to inode_setattr
selinux: remove secondary ops call to file_mprotect
selinux: remove secondary ops call to task_create
selinux: remove unused cred_commit hook
selinux: remove secondary ops call to task_setrlimit
selinux: remove secondary ops call to task_kill
selinux: remove secondary ops call to unix_stream_connect
selinux: remove secondary ops call to shm_shmat
selinux: remove hooks which simply defer to capabilities
IMA: fix ima_delete_rules() definition
Merge branch 'master' into next
security: change link order of LSMs so security=tomoyo works
Kentaro Takeda (8):
Add in_execve flag into task_struct.
Memory and pathname management functions.
Common functions for TOMOYO Linux.
File operation restriction part.
Domain transition handler.
LSM adapter functions.
Kconfig and Makefile
MAINTAINERS info
Mimi Zohar (11):
integrity: IMA hooks
integrity: IMA as an integrity service provider
integrity: IMA display
integrity: IMA policy
integrity: IMA policy open
Integrity: IMA file free imbalance
Integrity: IMA update maintainers
integrity: shmem zero fix
integrity: audit update
integrity: ima scatterlist bug fix
integrity: ima iint radix_tree_lookup locking fix
Rajiv Andrade (3):
TPM: sysfs functions consolidation
TPM: integrity interface
TPM: integrity fix
Randy Dunlap (2):
ima: fix build error
smack: fix lots of kernel-doc notation
Serge E. Hallyn (5):
securityfs: fix long-broken securityfs_create_file comment
keys: distinguish per-uid keys in different namespaces
keys: consider user namespace in key_permission
keys: skip keys from another user namespace
keys: make procfiles per-user-namespace
Tetsuo Handa (4):
tomoyo: fix sparse warning
TOMOYO: Fix exception policy read failure.
TOMOYO: Don't create securityfs entries unless registered.
TOMOYO: Do not call tomoyo_realpath_init unless registered.
etienne (1):
smack: fixes for unlabeled host support
[1] git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
--
James Morris
<[email protected]>
James Morris wrote:
> IMA: fix ima_delete_rules() definition
Since the term IMA and the implementation are new and specialist, the
meaning of this TLA is not widely known. Hence it would be nice if you
prefixed IMA changes with "integrity: IMA:" like some of the other
pending IMA changes.
> Kentaro Takeda (8):
> Add in_execve flag into task_struct.
> Memory and pathname management functions.
> Common functions for TOMOYO Linux.
> File operation restriction part.
> Domain transition handler.
> LSM adapter functions.
> Kconfig and Makefile
> MAINTAINERS info
A "TOMOYO:" prefix would add a nice touch to these titles.
--
Stefan Richter
-=====-==--= --== =--=-
http://arcgraph.de/sr/
On Wed, 18 Mar 2009, Stefan Richter wrote:
> James Morris wrote:
> > IMA: fix ima_delete_rules() definition
>
> Since the term IMA and the implementation are new and specialist, the
> meaning of this TLA is not widely known. Hence it would be nice if you
> prefixed IMA changes with "integrity: IMA:" like some of the other
> pending IMA changes.
>
> > Kentaro Takeda (8):
> > Add in_execve flag into task_struct.
> > Memory and pathname management functions.
> > Common functions for TOMOYO Linux.
> > File operation restriction part.
> > Domain transition handler.
> > LSM adapter functions.
> > Kconfig and Makefile
> > MAINTAINERS info
>
> A "TOMOYO:" prefix would add a nice touch to these titles.
It's too late to change the existing commits, but there definitely should
have been 'tomoyo:' prefixes in the patch subjects.
--
James Morris
<[email protected]>