Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp5248294pxb; Mon, 15 Feb 2021 14:02:06 -0800 (PST) X-Google-Smtp-Source: ABdhPJzmIaVrzWHv22cWDLXh8O1gGLvdSOrP+tsaPEq7d+RauOBZR/gau5KlD4h61iGYo+xqPjcl X-Received: by 2002:aa7:d34e:: with SMTP id m14mr17875718edr.223.1613426526121; Mon, 15 Feb 2021 14:02:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613426526; cv=none; d=google.com; s=arc-20160816; b=P9GR/6g8cv4aXXqeNE9Euj5KXOcLZO/XytJ4uIl9UvwE9KJtsFg0ekUeSfZpxAlnun qPKzCKxtKPmzoQz5/Zb1s0alXuzr+OTlY72szvlAsZBEvq8gpUQtHV/aVajJ39cPQpnF NtIdIA0NSrEcNxV4T7RtDapWQ62Y5HQ22+96kq+nbhPw7JR+DEzFNNdPltK7olbwlODm j/p46kj2NrwTfKCxBGvyziCF0WUum1H8Urg5ebE+uJmDbG+/Br9iwfL7FZjcUYteqZ82 DlacJ4gXtsRzAqLseuT0MxAIBhmsVP9ErHOCsu9vU7ay8uvFThiCvJ7bj8RfiOKfjzbK 1pHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:mime-version :dkim-signature; bh=wZJvIiq3Ed1jabdaDHfcdY3De/LneLLvMaYX01zmAAg=; b=KRLNckBOwU440cE05ibl4Ybn702PPuuF8GfTe5LeIm7OV9Hn1e4HiaDKJERInw2f1m MFESS4FQxYMz+EuGAhVsNFqvcQGFHGh9DwBoDuIfa/lnkAyiveUfjsjLFzhSgmiLG0Bf ds/B0F+YoDR92xH9Bzu8r9pdUkmQ4AU6vSOdKLYW8ZpTkJUvabZpyym6UTdDPV1QdGVe uR5Kk9hfVzqhVfVOu7kYIIk7n6Iu1DwLQauY8H0D2kdN9I4yR2VsrDoboieV3EIf1iuC sdZ7LTqnKEY3rwgc/qnUoTQmgNudfaZbzEGBJrd4Uo8iBcsmoTYTWJPAcL2XrmgvMrGZ KJSg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=vDM1O1mT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f9si12648987ejc.709.2021.02.15.14.01.42; Mon, 15 Feb 2021 14:02:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=vDM1O1mT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229871AbhBOV7A (ORCPT + 99 others); Mon, 15 Feb 2021 16:59:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37244 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229702AbhBOV67 (ORCPT ); Mon, 15 Feb 2021 16:58:59 -0500 Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C6120C061574 for ; Mon, 15 Feb 2021 13:57:50 -0800 (PST) Received: by mail-ej1-x62c.google.com with SMTP id hs11so13673620ejc.1 for ; Mon, 15 Feb 2021 13:57:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=wZJvIiq3Ed1jabdaDHfcdY3De/LneLLvMaYX01zmAAg=; b=vDM1O1mTMdZuKB3Fp7Vvkb8srDgTqgkArUaHOmqlpF8yhpkD1qNvfDQ3W4CVzgvgZs wNTGPTUUu0aCQ337Si+Ois2wh+Fxk6J43IUkQzE+tJgY/uZ3bTSNlN1Abvc9FnV0vp9y mAoT3QlUIz5AgoICh/2ehI0pYR9n6LQBnaUMmN6Xj7ikPcy+PXY8UjxqcOnHkXshl963 XpBBUMbnbv5UaqJv2+McxUR/tz5ynGSfC137aSl8W7Nnf9caZTnU/JI5e/Qp44j3BtGY Wfejbo6EXBCn+YMmYLzwOPrBs4XegDgFFSOHWY5xYyTm4pCVwZdip9HBK1xB+rc4A4TV MPOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=wZJvIiq3Ed1jabdaDHfcdY3De/LneLLvMaYX01zmAAg=; b=J6WLSTwNBHthEzTj8Q85xSBVvZPY/QGVr7rObtyZ1NPOqOCMzYe4i8+ITJKs280FgV EdKhDKTb1O93oVo/qEwCr0FChGxnemikBac7E95Sy3RCvqUqc+3nVYRXUWI994KxuHKp eVvsLIi1k2rfYxak7MskWOIGx2KLrTWd5M2yIFNnhKrgcPWBZrOOS/fAwA0UZvRuoqiY S+E23g1gxduyOyiKZZAkI/qR8dV8z2GO4UiLD81TgOAGrZvFvJ+6z7cJuelx2AnN52TC qqll2UQNJFRb0b/GD3UujKuCtFoQeLICkUgC95R9km7X1e79DhdqjPw4fAvkZ2wrG5s6 5xag== X-Gm-Message-State: AOAM530OuIXyHJ/LYE/4/QEaA47uUNaT8E7e2DoZN40i0sVD9SpH5UEd /0KAl+XdtqkAGklbhEErXUqfV0RJyE7HoOgzHdsW X-Received: by 2002:a17:906:8890:: with SMTP id ak16mr11761146ejc.398.1613426269419; Mon, 15 Feb 2021 13:57:49 -0800 (PST) MIME-Version: 1.0 From: Paul Moore Date: Mon, 15 Feb 2021 16:57:38 -0500 Message-ID: Subject: [GIT PULL] SELinux patches for v5.12 To: Linus Torvalds Cc: linux-kernel@vger.kernel.org, selinux@vger.kernel.org, linux-security-module@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Linus, We've got a good handful of patches for SELinux this time around; with everything passing the selinux-testsuite and applying cleanly to your tree as of a few minutes ago. The highlights are below: - Add support for labeling anonymous inodes, and extend this new support to userfaultfd. - Fallback to SELinux genfs file labeling if the filesystem does not have xattr support. This is useful for virtiofs which can vary in its xattr support depending on the backing filesystem. - Classify and handle MPTCP the same as TCP in SELinux. - Ensure consistent behavior between inode_getxattr and inode_listsecurity when the SELinux policy is not loaded. This fixes a known problem with overlayfs. - A couple of patches to prune some unused variables from the SELinux code, mark private variables as static, and mark other variables as __ro_after_init or __read_mostly. Thanks, -Paul -- The following changes since commit e71ba9452f0b5b2e8dc8aa5445198cd9214a6a62: Linux 5.11-rc2 (2021-01-03 15:55:30 -0800) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20210215 for you to fetch changes up to 365982aba1f264dba26f0908700d62bfa046918c: fs: anon_inodes: rephrase to appropriate kernel-doc (2021-01-15 12:17:25 -0500) ---------------------------------------------------------------- selinux/stable-5.12 PR 20210215 ---------------------------------------------------------------- Amir Goldstein (1): selinux: fix inconsistency between inode_getxattr and inode_listsecurity Daniel Colascione (3): fs: add LSM-supporting anon-inode interface selinux: teach SELinux about anonymous inodes userfaultfd: use secure anon inodes for userfaultfd Lokesh Gidra (1): security: add inode_init_security_anon() LSM hook Lukas Bulwahn (1): fs: anon_inodes: rephrase to appropriate kernel-doc Ondrej Mosnacek (6): selinux: remove unused global variables selinux: drop the unnecessary aurule_callback variable selinux: make selinuxfs_mount static selinux: mark some global variables __ro_after_init selinux: mark selinux_xfrm_refcount as __read_mostly selinux: fall back to SECURITY_FS_USE_GENFS if no xattr support Paolo Abeni (1): selinux: handle MPTCP consistently with TCP fs/anon_inodes.c | 157 +++++++++++++++++++++++++-------- fs/libfs.c | 5 -- fs/userfaultfd.c | 19 ++--- include/linux/anon_inodes.h | 5 ++ include/linux/lsm_hook_defs.h | 2 + include/linux/lsm_hooks.h | 9 +++ include/linux/security.h | 10 +++ security/security.c | 8 ++ security/selinux/avc.c | 10 +-- security/selinux/hooks.c | 141 ++++++++++++++++++++++++----- security/selinux/ibpkey.c | 1 - security/selinux/include/classmap.h | 2 + security/selinux/include/security.h | 1 - security/selinux/netif.c | 1 - security/selinux/netlink.c | 2 +- security/selinux/netnode.c | 1 - security/selinux/netport.c | 1 - security/selinux/selinuxfs.c | 4 +- security/selinux/ss/avtab.c | 4 +- security/selinux/ss/ebitmap.c | 2 +- security/selinux/ss/hashtab.c | 2 +- security/selinux/ss/services.c | 10 +-- security/selinux/xfrm.c | 2 +- 23 files changed, 294 insertions(+), 105 deletions(-) -- paul moore www.paul-moore.com