2016-10-04 08:37:11

by James Morris

[permalink] [raw]
Subject: [GIT PULL] Security subsystem updates for 4.9

Summary:

o SELinux/LSM: overlayfs support, necessary for container filesystems
o LSM: finally remove the kernel_module_from_file hook
o Smack: treat signal delivery as an 'append' operation
o TPM: lots of bugfixes & updates
o Audit: new audit data type: LSM_AUDIT_DATA_FILE


Please pull.

---

The following changes since commit 29b4817d4018df78086157ea3a55c1d9424a7cfc:

Linux 4.8-rc1 (2016-08-07 18:18:00 -0700)

are available in the git repository at:

git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next

for you to fetch changes up to 1306d8e1c09fdc8ecb9ef235e2116352f810f9c5:

Merge tag 'tpmdd-next-20160927' of git://git.infradead.org/users/jjs/linux-tpmdd into ra-next (2016-09-27 19:21:37 +1000)

----------------------------------------------------------------
Casey Schaufler (1):
Smack: Signal delivery as an append operation

James Morris (4):
Merge branch 'smack-for-4.9' of http://github.com/cschaufler/smack-next into next
Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/selinux into next
Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/selinux into next
Merge tag 'tpmdd-next-20160927' of git://git.infradead.org/users/jjs/linux-tpmdd into ra-next

Jarkko Sakkinen (15):
tpm: invalid self test error message
tpm: fix a race condition in tpm2_unseal_trusted()
tpm: remove unnecessary externs from tpm.h
tpm: replace tpm_gen_interrupt() with tpm_tis_gen_interrupt()
tpm: use tpm_transmit_cmd() in tpm2_probe()
tpm: use tpm_pcr_read_dev() in tpm_do_selftest()
tpm_crb: fix crb_req_canceled behavior
tpm_crb: remove wmb()'s
tpm_crb: refine the naming of constants
tpm_crb: fix incorrect values of cmdReady and goIdle bits
tpm: add check for minimum buffer size in tpm_transmit()
Revert "tmp/tpm_crb: implement runtime pm for tpm_crb"
Revert "tpm/tpm_crb: open code the crb_init into acpi_add"
Revert "tmp/tpm_crb: fix Intel PTT hw bug during idle state"
Revert "tpm/tpm_crb: implement tpm crb idle state"

Jason Gunthorpe (1):
tpm/st33zp24: Remove useless tpm_gen_interrupt

Javier Martinez Canillas (1):
security: Use IS_ENABLED() instead of checking for built-in or module

Julia Lawall (1):
tpm: constify TPM 1.x header structures

Markus Elfring (1):
Smack: Use memdup_user() rather than duplicating its implementation

Micka?l Sala?n (4):
module: Fully remove the kernel_module_from_file hook
um/ptrace: Fix the syscall_trace_leave call
um/ptrace: Fix the syscall number update after a ptrace
seccomp: Remove 2-phase API documentation

Tomas Winkler (5):
tpm/tpm_tis: remove unused itpm variable
tmp/tpm_crb: drop include to platform_device
tpm/tpm_crb: cache cmd_size register value.
tpm/tpm_crb: drop useless cpu_to_le32 when writing to registers
tpm/tpm_crb: fix the over 80 characters checkpatch warring

Vivek Goyal (8):
security, overlayfs: provide copy up security hook for unioned files
selinux: Implementation for inode_copy_up() hook
security,overlayfs: Provide security hook for copy up of xattrs for overlay file
selinux: Implementation for inode_copy_up_xattr() hook
selinux: Pass security pointer to determine_inode_label()
security, overlayfs: Provide hook to correctly label newly created files
selinux: Implement dentry_create_files_as() hook
lsm,audit,selinux: Introduce a new audit data type LSM_AUDIT_DATA_FILE

Wei Yongjun (1):
selinux: fix error return code in policydb_read()

William Roberts (5):
selinux: print leading 0x on ioctlcmd audits
selinux: drop SECURITY_SELINUX_POLICYDB_VERSION_MAX
selinux: detect invalid ebitmap
selinux: initialize structures
selinux: fix overflow and 0 length allocations

Winkler, Tomas (4):
tpm/tpm_crb: implement tpm crb idle state
tmp/tpm_crb: fix Intel PTT hw bug during idle state
tpm/tpm_crb: open code the crb_init into acpi_add
tmp/tpm_crb: implement runtime pm for tpm_crb

arch/Kconfig | 11 ----
arch/um/kernel/skas/syscall.c | 10 +--
arch/x86/um/ptrace_32.c | 3 +
arch/x86/um/ptrace_64.c | 4 ++
drivers/char/tpm/st33zp24/st33zp24.c | 2 -
drivers/char/tpm/tpm-dev.c | 2 +-
drivers/char/tpm/tpm-interface.c | 84 +++++++++++-------------
drivers/char/tpm/tpm-sysfs.c | 4 +-
drivers/char/tpm/tpm.h | 46 ++++++-------
drivers/char/tpm/tpm2-cmd.c | 124 +++++++++++++++++++----------------
drivers/char/tpm/tpm_crb.c | 50 +++++++-------
drivers/char/tpm/tpm_tis_core.c | 24 ++++---
fs/overlayfs/copy_up.c | 22 +++++++
fs/overlayfs/dir.c | 10 +++
include/linux/lsm_audit.h | 2 +
include/linux/lsm_hooks.h | 37 ++++++++++-
include/linux/security.h | 25 ++++++-
security/lsm_audit.c | 17 ++++-
security/security.c | 27 ++++++++
security/selinux/Kconfig | 38 -----------
security/selinux/hooks.c | 106 +++++++++++++++++++++++-------
security/selinux/include/security.h | 4 --
security/selinux/ss/conditional.c | 2 +
security/selinux/ss/ebitmap.c | 3 +
security/selinux/ss/policydb.c | 12 ++--
security/smack/Kconfig | 12 ++++
security/smack/smack.h | 10 +++
security/smack/smack_lsm.c | 14 ++--
security/smack/smack_netfilter.c | 4 +-
security/smack/smackfs.c | 11 +---
30 files changed, 447 insertions(+), 273 deletions(-)