[GIT PULL] SELinux patches for v5.14

Paul Moore paul at paul-moore.com
Tue Jun 29 21:36:01 UTC 2021


Hi Linus,

Here is the SELinux pull request for v5.14, the highlights are below:

* The slow_avc_audit() function is now non-blocking so we can remove
the AVC_NONBLOCKING tricks; this also includes the 'flags' variant of
avc_has_perm().

* Use kmemdup() instead of kcalloc()+copy when copying parts of the
SELinux policydb.

* The InfiniBand device name is now passed by reference when possible
in the SELinux code, removing a strncpy().

* Minor cleanups including: constification of avtab function args,
removal of useless LSM/XFRM function args, SELinux kdoc fixes, and
removal of redundant assignments.

Everything has been tested against the selinux-testsuite and as of a
few moments ago the tag applies cleanly to your tree; please merge
this for v5.14.

Thanks,
-Paul

--
The following changes since commit 6efb943b8616ec53a5e444193dccf1af9ad627b5:

 Linux 5.13-rc1 (2021-05-09 14:17:44 -0700)

are available in the Git repository at:

 git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
   tags/selinux-pr-20210629

for you to fetch changes up to d99cf13f14200cdb5cbb704345774c9c0698612d:

 selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit()
   (2021-06-11 13:11:45 -0400)

----------------------------------------------------------------
selinux/stable-5.14 PR 20210629

----------------------------------------------------------------
Al Viro (2):
     selinux: slow_avc_audit has become non-blocking
     selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit()

Jiapeng Chong (1):
     selinux: Remove redundant assignment to rc

Minchan Kim (1):
     selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC

Ondrej Mosnacek (3):
     selinux: simplify duplicate_policydb_cond_list() by using kmemdup()
     selinux: constify some avtab function arguments
     lsm_audit,selinux: pass IB device name by reference

Souptick Joarder (1):
     selinux: Corrected comment to match kernel-doc comment

Yang Li (1):
     selinux: Fix kernel-doc

Zhongjun Tan (1):
     selinux: delete selinux_xfrm_policy_lookup() useless argument

include/linux/lsm_audit.h         |  8 ++---
include/linux/lsm_hook_defs.h     |  3 +-
include/linux/security.h          |  4 +--
net/xfrm/xfrm_policy.c            |  6 ++--
security/security.c               |  4 +--
security/selinux/avc.c            | 61 ++++++++--------------------------
security/selinux/hooks.c          | 22 ++++----------
security/selinux/include/avc.h    | 13 +--------
security/selinux/include/xfrm.h   |  2 +-
security/selinux/ss/avtab.c       | 28 +++++++++---------
security/selinux/ss/avtab.h       | 16 +++++-----
security/selinux/ss/conditional.c | 14 +++++----
security/selinux/ss/policydb.c    |  1 -
security/selinux/ss/services.c    | 27 +++++++++++++----
security/selinux/xfrm.c           |  2 +-
15 files changed, 90 insertions(+), 121 deletions(-)

-- 
paul moore
www.paul-moore.com



More information about the Linux-security-module-archive mailing list