[GIT PULL] Security susbsystem updates for v4.14 (v2)

James Morris jmorris at namei.org
Sun Sep 10 04:12:22 UTC 2017


Here's an updated pull request with the IMA integrity_read() patch 
reverted.  Note that this restores the orginal buggy behavior with XFS/IMA 
deadlock the builtin ima_tcb policy wand XFS rootfs.

Everything else is the same as the last pull request.

AppArmor:
  - Add mediation of mountpoints and signals
  - Add support for absolute root view based labels
  - add base infastructure for socket mediation

LSM:
  - Remove unused security_task_create() hook

TPM: 
  - Some constification and minor updates.

SELinux:
  - from Paul Moore:
  "A relatively quiet period for SELinux, 11 patches with only two/three
   having any substantive changes.  These noteworthy changes include 
   another tweak to the NNP/nosuid handling, per-file labeling for 
   cgroups, and an object class fix for AF_UNIX/SOCK_RAW sockets; the rest 
   of the changes are minor tweaks or administrative updates (Stephen's 
   email update explains the file explosion in the diffstat)."

Seccomp:
  - from Kees Cook:
  "Major additions:
   - sysctl and seccomp operation to discover available actions. (tyhicks) 
   - new per-filter configurable logging infrastructure and sysctl. (tyhicks) 
   - SECCOMP_RET_LOG to log allowed syscalls. (tyhicks) 
   - SECCOMP_RET_KILL_PROCESS as the new strictest possible action. 
   - self-tests for new behaviors."


And nothing for Smack, for the first time perhaps.


Please pull.


The following changes since commit 520eccdfe187591a51ea9ab4c1a024ae4d0f68d9:

  Linux 4.13-rc2 (2017-07-23 16:15:17 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next

for you to fetch changes up to 10e3781dda776f9bccb8aab31daa251dc149dd00:

  Revert "ima: use fs method to read integrity data" (2017-09-09 19:10:44 -0700)

----------------------------------------------------------------
Antonio Murdaca (1):
      selinux: allow per-file labeling for cgroupfs

Arvind Yadav (3):
      tpm: tpm_crb: constify acpi_device_id.
      tpm: vtpm: constify vio_device_id
      selinux: constify nf_hook_ops

Christoph Hellwig (1):
      ima: use fs method to read integrity data

Christos Gkekas (1):
      apparmor: Fix logical error in verify_header()

Dan Carpenter (1):
      apparmor: Fix an error code in aafs_create()

Enric Balletbo i Serra (1):
      Documentation: tpm: add powered-while-suspended binding documentation

Geert Uytterhoeven (1):
      apparmor: Fix shadowed local variable in unpack_trans_table()

Hamza Attak (1):
      tpm: replace msleep() with  usleep_range() in TPM 1.2/2.0 generic drivers

James Morris (4):
      sync to Linus v4.13-rc2 for subsystem developers to work against
      Merge tag 'seccomp-next' of git://git.kernel.org/.../kees/linux into next
      Merge tag 'selinux-pr-20170831' of git://git.kernel.org/.../pcmoore/selinux into next
      Revert "ima: use fs method to read integrity data"

John Johansen (13):
      apparmor: Redundant condition: prev_ns. in [label.c:1498]
      apparmor: add the ability to mediate signals
      apparmor: add mount mediation
      apparmor: cleanup conditional check for label in label_print
      apparmor: add support for absolute root view based labels
      apparmor: make policy_unpack able to audit different info messages
      apparmor: add more debug asserts to apparmorfs
      apparmor: add base infastructure for socket mediation
      apparmor: move new_null_profile to after profile lookup fns()
      apparmor: fix race condition in null profile creation
      apparmor: ensure unconfined profiles have dfas initialized
      apparmor: fix incorrect type assignment when freeing proxies
      apparmor: fix build failure on sparc caused by undeclared, signals

Kees Cook (9):
      selftests/seccomp: Add tests for basic ptrace actions
      selftests/seccomp: Add simple seccomp overhead benchmark
      selftests/seccomp: Refactor RET_ERRNO tests
      seccomp: Provide matching filter for introspection
      seccomp: Rename SECCOMP_RET_KILL to SECCOMP_RET_KILL_THREAD
      seccomp: Introduce SECCOMP_RET_KILL_PROCESS
      seccomp: Implement SECCOMP_RET_KILL_PROCESS action
      selftests/seccomp: Test thread vs process killing
      samples: Unrename SECCOMP_RET_KILL

Luis Ressel (1):
      selinux: Assign proper class to PF_UNIX/SOCK_RAW sockets

Michal Hocko (1):
      selinux: use GFP_NOWAIT in the AVC kmem_caches

Michal Suchanek (1):
      tpm: ibmvtpm: simplify crq initialization and document crq format

Mimi Zohar (6):
      ima: don't remove the securityfs policy file
      libfs: define simple_read_iter_from_buffer
      efivarfs: replaces the read file operation with read_iter
      ima: always measure and audit files in policy
      ima: define "dont_failsafe" policy action rule
      ima: define "fs_unsafe" builtin policy

Paul Moore (4):
      credits: update Paul Moore's info
      selinux: update the selinux info in MAINTAINERS
      MAINTAINERS: update the NetLabel and Labeled Networking information
      MAINTAINERS: update the NetLabel and Labeled Networking information

Stefan Berger (1):
      security: fix description of values returned by cap_inode_need_killpriv

Stephen Smalley (4):
      selinux: genheaders should fail if too many permissions are defined
      selinux: Generalize support for NNP/nosuid SELinux domain transitions
      selinux: update my email address
      lsm_audit: update my email address

Tetsuo Handa (2):
      LSM: Remove security_task_create() hook.
      tomoyo: Update URLs in Documentation/admin-guide/LSM/tomoyo.rst

Tyler Hicks (6):
      seccomp: Sysctl to display available actions
      seccomp: Operation for checking if an action is available
      seccomp: Sysctl to configure actions that are allowed to be logged
      seccomp: Selftest for detection of filter flag support
      seccomp: Filter flag to log all actions except SECCOMP_RET_ALLOW
      seccomp: Action to log before allowing

 CREDITS                                            |   8 +-
 Documentation/ABI/testing/ima_policy               |   3 +-
 Documentation/admin-guide/LSM/tomoyo.rst           |  24 +-
 Documentation/admin-guide/kernel-parameters.txt    |   8 +-
 .../devicetree/bindings/security/tpm/tpm-i2c.txt   |   6 +
 Documentation/networking/filter.txt                |   2 +-
 Documentation/sysctl/kernel.txt                    |   1 +
 Documentation/userspace-api/seccomp_filter.rst     |  52 +-
 MAINTAINERS                                        |  29 +-
 drivers/char/tpm/tpm-interface.c                   |  10 +-
 drivers/char/tpm/tpm.h                             |   9 +-
 drivers/char/tpm/tpm2-cmd.c                        |   2 +-
 drivers/char/tpm/tpm_crb.c                         |   2 +-
 drivers/char/tpm/tpm_ibmvtpm.c                     |  98 +--
 drivers/char/tpm/tpm_infineon.c                    |   6 +-
 drivers/char/tpm/tpm_tis_core.c                    |   8 +-
 fs/efivarfs/file.c                                 |  11 +-
 fs/libfs.c                                         |  32 +
 include/linux/audit.h                              |   6 +-
 include/linux/fs.h                                 |   2 +
 include/linux/lsm_audit.h                          |   2 +-
 include/linux/lsm_hooks.h                          |   7 -
 include/linux/seccomp.h                            |   3 +-
 include/linux/security.h                           |   6 -
 include/uapi/linux/seccomp.h                       |  23 +-
 kernel/fork.c                                      |   4 -
 kernel/seccomp.c                                   | 321 +++++++++-
 scripts/selinux/genheaders/genheaders.c            |   7 +-
 security/apparmor/.gitignore                       |   1 +
 security/apparmor/Makefile                         |  43 +-
 security/apparmor/apparmorfs.c                     |  37 +-
 security/apparmor/domain.c                         |   4 +-
 security/apparmor/file.c                           |  30 +
 security/apparmor/include/apparmor.h               |   2 +
 security/apparmor/include/audit.h                  |  39 +-
 security/apparmor/include/domain.h                 |   5 +
 security/apparmor/include/ipc.h                    |   6 +
 security/apparmor/include/label.h                  |   1 +
 security/apparmor/include/mount.h                  |  54 ++
 security/apparmor/include/net.h                    | 114 ++++
 security/apparmor/include/perms.h                  |   5 +-
 security/apparmor/include/policy.h                 |  13 +
 security/apparmor/include/sig_names.h              |  98 +++
 security/apparmor/ipc.c                            |  99 +++
 security/apparmor/label.c                          |  36 +-
 security/apparmor/lib.c                            |   5 +-
 security/apparmor/lsm.c                            | 472 ++++++++++++++
 security/apparmor/mount.c                          | 696 +++++++++++++++++++++
 security/apparmor/net.c                            | 184 ++++++
 security/apparmor/policy.c                         | 166 ++---
 security/apparmor/policy_ns.c                      |   2 +
 security/apparmor/policy_unpack.c                  | 105 +++-
 security/commoncap.c                               |   6 +-
 security/integrity/ima/ima.h                       |   1 +
 security/integrity/ima/ima_api.c                   |  67 +-
 security/integrity/ima/ima_crypto.c                |  10 +
 security/integrity/ima/ima_fs.c                    |   4 +-
 security/integrity/ima/ima_main.c                  |  19 +-
 security/integrity/ima/ima_policy.c                |  41 +-
 security/lsm_audit.c                               |   2 +-
 security/security.c                                |   5 -
 security/selinux/avc.c                             |  16 +-
 security/selinux/hooks.c                           |  56 +-
 security/selinux/include/avc.h                     |   2 +-
 security/selinux/include/avc_ss.h                  |   2 +-
 security/selinux/include/classmap.h                |   2 +
 security/selinux/include/objsec.h                  |   2 +-
 security/selinux/include/security.h                |   4 +-
 security/selinux/ss/avtab.c                        |   2 +-
 security/selinux/ss/avtab.h                        |   2 +-
 security/selinux/ss/constraint.h                   |   2 +-
 security/selinux/ss/context.h                      |   2 +-
 security/selinux/ss/ebitmap.c                      |   2 +-
 security/selinux/ss/ebitmap.h                      |   2 +-
 security/selinux/ss/hashtab.c                      |   2 +-
 security/selinux/ss/hashtab.h                      |   2 +-
 security/selinux/ss/mls.c                          |   2 +-
 security/selinux/ss/mls.h                          |   2 +-
 security/selinux/ss/mls_types.h                    |   2 +-
 security/selinux/ss/policydb.c                     |   2 +-
 security/selinux/ss/policydb.h                     |   2 +-
 security/selinux/ss/services.c                     |   9 +-
 security/selinux/ss/services.h                     |   2 +-
 security/selinux/ss/sidtab.c                       |   2 +-
 security/selinux/ss/sidtab.h                       |   2 +-
 security/selinux/ss/symtab.c                       |   2 +-
 security/selinux/ss/symtab.h                       |   2 +-
 tools/testing/selftests/seccomp/Makefile           |  18 +-
 .../testing/selftests/seccomp/seccomp_benchmark.c  |  99 +++
 tools/testing/selftests/seccomp/seccomp_bpf.c      | 610 +++++++++++++++---
 90 files changed, 3457 insertions(+), 463 deletions(-)
 create mode 100644 security/apparmor/include/mount.h
 create mode 100644 security/apparmor/include/net.h
 create mode 100644 security/apparmor/include/sig_names.h
 create mode 100644 security/apparmor/mount.c
 create mode 100644 security/apparmor/net.c
 create mode 100644 tools/testing/selftests/seccomp/seccomp_benchmark.c
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list