[GIT PULL] SELinux patches for v5.14
Paul Moore
paul at paul-moore.com
Tue Jun 29 21:36:01 UTC 2021
Hi Linus,
Here is the SELinux pull request for v5.14, the highlights are below:
* The slow_avc_audit() function is now non-blocking so we can remove
the AVC_NONBLOCKING tricks; this also includes the 'flags' variant of
avc_has_perm().
* Use kmemdup() instead of kcalloc()+copy when copying parts of the
SELinux policydb.
* The InfiniBand device name is now passed by reference when possible
in the SELinux code, removing a strncpy().
* Minor cleanups including: constification of avtab function args,
removal of useless LSM/XFRM function args, SELinux kdoc fixes, and
removal of redundant assignments.
Everything has been tested against the selinux-testsuite and as of a
few moments ago the tag applies cleanly to your tree; please merge
this for v5.14.
Thanks,
-Paul
--
The following changes since commit 6efb943b8616ec53a5e444193dccf1af9ad627b5:
Linux 5.13-rc1 (2021-05-09 14:17:44 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
tags/selinux-pr-20210629
for you to fetch changes up to d99cf13f14200cdb5cbb704345774c9c0698612d:
selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit()
(2021-06-11 13:11:45 -0400)
----------------------------------------------------------------
selinux/stable-5.14 PR 20210629
----------------------------------------------------------------
Al Viro (2):
selinux: slow_avc_audit has become non-blocking
selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit()
Jiapeng Chong (1):
selinux: Remove redundant assignment to rc
Minchan Kim (1):
selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
Ondrej Mosnacek (3):
selinux: simplify duplicate_policydb_cond_list() by using kmemdup()
selinux: constify some avtab function arguments
lsm_audit,selinux: pass IB device name by reference
Souptick Joarder (1):
selinux: Corrected comment to match kernel-doc comment
Yang Li (1):
selinux: Fix kernel-doc
Zhongjun Tan (1):
selinux: delete selinux_xfrm_policy_lookup() useless argument
include/linux/lsm_audit.h | 8 ++---
include/linux/lsm_hook_defs.h | 3 +-
include/linux/security.h | 4 +--
net/xfrm/xfrm_policy.c | 6 ++--
security/security.c | 4 +--
security/selinux/avc.c | 61 ++++++++--------------------------
security/selinux/hooks.c | 22 ++++----------
security/selinux/include/avc.h | 13 +--------
security/selinux/include/xfrm.h | 2 +-
security/selinux/ss/avtab.c | 28 +++++++++---------
security/selinux/ss/avtab.h | 16 +++++-----
security/selinux/ss/conditional.c | 14 +++++----
security/selinux/ss/policydb.c | 1 -
security/selinux/ss/services.c | 27 +++++++++++++----
security/selinux/xfrm.c | 2 +-
15 files changed, 90 insertions(+), 121 deletions(-)
--
paul moore
www.paul-moore.com
More information about the Linux-security-module-archive
mailing list