Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754148AbcJDIhL (ORCPT ); Tue, 4 Oct 2016 04:37:11 -0400 Received: from [65.99.196.166] ([65.99.196.166]:52576 "EHLO namei.org" rhost-flags-FAIL-FAIL-OK-OK) by vger.kernel.org with ESMTP id S1754086AbcJDIhJ (ORCPT ); Tue, 4 Oct 2016 04:37:09 -0400 Date: Tue, 4 Oct 2016 19:37:04 +1100 (AEDT) From: James Morris To: Linus Torvalds cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [GIT PULL] Security subsystem updates for 4.9 Message-ID: User-Agent: Alpine 2.20 (LRH 67 2015-01-07) MIME-Version: 1.0 Content-Type: multipart/mixed; BOUNDARY="1665246916-261082997-1475570224=:12954" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 6072 Lines: 142 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --1665246916-261082997-1475570224=:12954 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 8BIT Summary: o SELinux/LSM: overlayfs support, necessary for container filesystems o LSM: finally remove the kernel_module_from_file hook o Smack: treat signal delivery as an 'append' operation o TPM: lots of bugfixes & updates o Audit: new audit data type: LSM_AUDIT_DATA_FILE Please pull. --- The following changes since commit 29b4817d4018df78086157ea3a55c1d9424a7cfc: Linux 4.8-rc1 (2016-08-07 18:18:00 -0700) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next for you to fetch changes up to 1306d8e1c09fdc8ecb9ef235e2116352f810f9c5: Merge tag 'tpmdd-next-20160927' of git://git.infradead.org/users/jjs/linux-tpmdd into ra-next (2016-09-27 19:21:37 +1000) ---------------------------------------------------------------- Casey Schaufler (1): Smack: Signal delivery as an append operation James Morris (4): Merge branch 'smack-for-4.9' of http://github.com/cschaufler/smack-next into next Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/selinux into next Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/selinux into next Merge tag 'tpmdd-next-20160927' of git://git.infradead.org/users/jjs/linux-tpmdd into ra-next Jarkko Sakkinen (15): tpm: invalid self test error message tpm: fix a race condition in tpm2_unseal_trusted() tpm: remove unnecessary externs from tpm.h tpm: replace tpm_gen_interrupt() with tpm_tis_gen_interrupt() tpm: use tpm_transmit_cmd() in tpm2_probe() tpm: use tpm_pcr_read_dev() in tpm_do_selftest() tpm_crb: fix crb_req_canceled behavior tpm_crb: remove wmb()'s tpm_crb: refine the naming of constants tpm_crb: fix incorrect values of cmdReady and goIdle bits tpm: add check for minimum buffer size in tpm_transmit() Revert "tmp/tpm_crb: implement runtime pm for tpm_crb" Revert "tpm/tpm_crb: open code the crb_init into acpi_add" Revert "tmp/tpm_crb: fix Intel PTT hw bug during idle state" Revert "tpm/tpm_crb: implement tpm crb idle state" Jason Gunthorpe (1): tpm/st33zp24: Remove useless tpm_gen_interrupt Javier Martinez Canillas (1): security: Use IS_ENABLED() instead of checking for built-in or module Julia Lawall (1): tpm: constify TPM 1.x header structures Markus Elfring (1): Smack: Use memdup_user() rather than duplicating its implementation Micka?l Sala?n (4): module: Fully remove the kernel_module_from_file hook um/ptrace: Fix the syscall_trace_leave call um/ptrace: Fix the syscall number update after a ptrace seccomp: Remove 2-phase API documentation Tomas Winkler (5): tpm/tpm_tis: remove unused itpm variable tmp/tpm_crb: drop include to platform_device tpm/tpm_crb: cache cmd_size register value. tpm/tpm_crb: drop useless cpu_to_le32 when writing to registers tpm/tpm_crb: fix the over 80 characters checkpatch warring Vivek Goyal (8): security, overlayfs: provide copy up security hook for unioned files selinux: Implementation for inode_copy_up() hook security,overlayfs: Provide security hook for copy up of xattrs for overlay file selinux: Implementation for inode_copy_up_xattr() hook selinux: Pass security pointer to determine_inode_label() security, overlayfs: Provide hook to correctly label newly created files selinux: Implement dentry_create_files_as() hook lsm,audit,selinux: Introduce a new audit data type LSM_AUDIT_DATA_FILE Wei Yongjun (1): selinux: fix error return code in policydb_read() William Roberts (5): selinux: print leading 0x on ioctlcmd audits selinux: drop SECURITY_SELINUX_POLICYDB_VERSION_MAX selinux: detect invalid ebitmap selinux: initialize structures selinux: fix overflow and 0 length allocations Winkler, Tomas (4): tpm/tpm_crb: implement tpm crb idle state tmp/tpm_crb: fix Intel PTT hw bug during idle state tpm/tpm_crb: open code the crb_init into acpi_add tmp/tpm_crb: implement runtime pm for tpm_crb arch/Kconfig | 11 ---- arch/um/kernel/skas/syscall.c | 10 +-- arch/x86/um/ptrace_32.c | 3 + arch/x86/um/ptrace_64.c | 4 ++ drivers/char/tpm/st33zp24/st33zp24.c | 2 - drivers/char/tpm/tpm-dev.c | 2 +- drivers/char/tpm/tpm-interface.c | 84 +++++++++++------------- drivers/char/tpm/tpm-sysfs.c | 4 +- drivers/char/tpm/tpm.h | 46 ++++++------- drivers/char/tpm/tpm2-cmd.c | 124 +++++++++++++++++++---------------- drivers/char/tpm/tpm_crb.c | 50 +++++++------- drivers/char/tpm/tpm_tis_core.c | 24 ++++--- fs/overlayfs/copy_up.c | 22 +++++++ fs/overlayfs/dir.c | 10 +++ include/linux/lsm_audit.h | 2 + include/linux/lsm_hooks.h | 37 ++++++++++- include/linux/security.h | 25 ++++++- security/lsm_audit.c | 17 ++++- security/security.c | 27 ++++++++ security/selinux/Kconfig | 38 ----------- security/selinux/hooks.c | 106 +++++++++++++++++++++++------- security/selinux/include/security.h | 4 -- security/selinux/ss/conditional.c | 2 + security/selinux/ss/ebitmap.c | 3 + security/selinux/ss/policydb.c | 12 ++-- security/smack/Kconfig | 12 ++++ security/smack/smack.h | 10 +++ security/smack/smack_lsm.c | 14 ++-- security/smack/smack_netfilter.c | 4 +- security/smack/smackfs.c | 11 +--- 30 files changed, 447 insertions(+), 273 deletions(-) --1665246916-261082997-1475570224=:12954--