[GIT PULL] apparmor changes for v5.20
John Johansen
john.johansen at canonical.com
Tue Aug 9 17:53:33 UTC 2022
Hi Linus,
This is mostly cleanups and bug fixes with the one bigger change
being Mathew Wilcox's patch to use XArrays instead of the IDR
from the "Linux 5.18-rc4" thread around the locking weirdness.
thanks
- john
The following changes since commit f2906aa863381afb0015a9eb7fefad885d4e5a56:
Linux 5.19-rc1 (2022-06-05 17:18:54 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2022-08-08
for you to fetch changes up to c269fca7b37a08b7eec6f6b79a0abf1d0a245acb:
apparmor: Update MAINTAINERS file with new email address (2022-08-06 12:08:39 -0700)
----------------------------------------------------------------
+ Features
- Convert secid mapping to XArrays instead of IDR
- Add a kernel label to use on kernel objects
- Extend policydb permission set by making use of the xbits
- Make export of raw binary profile to userspace optional
- Enable tuning of policy paranoid load for embedded systems
- Don't create raw_sha1 symlink if sha1 hashing is disabled
- Allow labels to carry debug flags
+ Cleanups
- Update MAINTAINERS file
- Use struct_size() helper in kmalloc()
- Move ptrace mediation to more logical task.{h,c}
- Resolve uninitialized symbol warnings
- Remove redundant ret variable
- Mark alloc_unconfined() as static
- Update help description of policy hash for introspection
- Remove some casts which are no-longer required
+ Bug Fixes
- Fix aa_label_asxprint return check
- Fix reference count leak in aa_pivotroot()
- Fix memleak in aa_simple_write_to_buffer()
- Fix kernel doc comments
- Fix absroot causing audited secids to begin with =
- Fix quiet_denied for file rules
- Fix failed mount permission check error message
- Disable showing the mode as part of a secid to secctx
- Fix setting unconfined mode on a loaded profile
- Fix overlapping attachment computation
- Fix undefined reference to `zlib_deflate_workspacesize'
----------------------------------------------------------------
David Gow (1):
apparmor: test: Remove some casts which are no-longer required
Gustavo A. R. Silva (1):
apparmor: Use struct_size() helper in kmalloc()
John Johansen (17):
apparmor: fix absroot causing audited secids to begin with =
apparmor: Update help description of policy hash for introspection
apparmor: make export of raw binary profile to userspace optional
apparmor: Enable tuning of policy paranoid load for embedded systems
apparmor: don't create raw_sha1 symlink if sha1 hashing is disabled
apparmor: Update MAINTAINERS file with the lastest information
apparmor: fix quiet_denied for file rules
apparmor: Fix failed mount permission check error message
apparmor: Fix undefined reference to `zlib_deflate_workspacesize'
apparmor: add a kernel label to use on kernel objects
apparmor: disable showing the mode as part of a secid to secctx
apparmor: fix setting unconfined mode on a loaded profile
apparmor: fix overlapping attachment computation
apparmor: allow label to carry debug flags
apparmor: extend policydb permission set by making use of the xbits
apparmor: move ptrace mediation to more logical task.{h,c}
apparmor: Update MAINTAINERS file with new email address
Lukas Bulwahn (1):
apparmor: correct config reference to intended one
Matthew Wilcox (1):
apparmor: Convert secid mapping to XArrays instead of IDR
Mike Salvatore (1):
apparmor: resolve uninitialized symbol warnings in policy_unpack_test.c
Minghao Chi (1):
security/apparmor: remove redundant ret variable
Souptick Joarder (HPE) (1):
apparmor: Mark alloc_unconfined() as static
Tom Rix (1):
apparmor: fix aa_label_asxprint return check
Xin Xiong (1):
apparmor: fix reference count leak in aa_pivotroot()
Xiu Jianfeng (1):
apparmor: Fix memleak in aa_simple_write_to_buffer()
Yang Li (7):
apparmor: Fix kernel-doc
lsm: Fix kernel-doc
apparmor: Fix match_mnt_path_str() and match_mnt() kernel-doc comment
apparmor: Fix some kernel-doc comments
apparmor: Fix some kernel-doc comments
apparmor: Fix some kernel-doc comments
apparmor: Fix some kernel-doc comments
MAINTAINERS | 8 ++-
security/apparmor/Kconfig | 86 +++++++++++++++-------
security/apparmor/apparmorfs.c | 103 +++++++++++++++------------
security/apparmor/audit.c | 2 +-
security/apparmor/domain.c | 5 +-
security/apparmor/include/apparmor.h | 1 +
security/apparmor/include/apparmorfs.h | 14 ++++
security/apparmor/include/file.h | 3 +
security/apparmor/include/ipc.h | 18 -----
security/apparmor/include/label.h | 2 +
security/apparmor/include/lib.h | 5 ++
security/apparmor/include/path.h | 4 +-
security/apparmor/include/policy.h | 6 +-
security/apparmor/include/policy_ns.h | 1 +
security/apparmor/include/policy_unpack.h | 2 +
security/apparmor/include/secid.h | 5 +-
security/apparmor/include/task.h | 18 +++++
security/apparmor/ipc.c | 110 ----------------------------
security/apparmor/label.c | 29 ++++----
security/apparmor/lib.c | 27 +++++--
security/apparmor/lsm.c | 38 +++++-----
security/apparmor/mount.c | 13 ++--
security/apparmor/net.c | 3 +-
security/apparmor/policy.c | 35 +++++----
security/apparmor/policy_ns.c | 53 ++++++++++----
security/apparmor/policy_unpack.c | 53 +++++++++-----
security/apparmor/policy_unpack_test.c | 28 ++++----
security/apparmor/procattr.c | 2 +-
security/apparmor/secid.c | 56 ++++++---------
security/apparmor/task.c | 114 ++++++++++++++++++++++++++++++
30 files changed, 498 insertions(+), 346 deletions(-)
More information about the Linux-security-module-archive
mailing list