[GIT PULL] apparmor changes for v5.20

John Johansen john.johansen at canonical.com
Tue Aug 9 17:53:33 UTC 2022


Hi Linus,


This is mostly cleanups and bug fixes with the one bigger change
being Mathew Wilcox's patch to use XArrays instead of the IDR
from the "Linux 5.18-rc4" thread around the locking weirdness.

thanks
- john


The following changes since commit f2906aa863381afb0015a9eb7fefad885d4e5a56:

   Linux 5.19-rc1 (2022-06-05 17:18:54 -0700)

are available in the Git repository at:

   git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2022-08-08

for you to fetch changes up to c269fca7b37a08b7eec6f6b79a0abf1d0a245acb:

   apparmor: Update MAINTAINERS file with new email address (2022-08-06 12:08:39 -0700)

----------------------------------------------------------------
+ Features
   - Convert secid mapping to XArrays instead of IDR
   - Add a kernel label to use on kernel objects
   - Extend policydb permission set by making use of the xbits
   - Make export of raw binary profile to userspace optional
   - Enable tuning of policy paranoid load for embedded systems
   - Don't create raw_sha1 symlink if sha1 hashing is disabled
   - Allow labels to carry debug flags

+ Cleanups
   - Update MAINTAINERS file
   - Use struct_size() helper in kmalloc()
   - Move ptrace mediation to more logical task.{h,c}
   - Resolve uninitialized symbol warnings
   - Remove redundant ret variable
   - Mark alloc_unconfined() as static
   - Update help description of policy hash for introspection
   - Remove some casts which are no-longer required

+ Bug Fixes
   - Fix aa_label_asxprint return check
   - Fix reference count leak in aa_pivotroot()
   - Fix memleak in aa_simple_write_to_buffer()
   - Fix kernel doc comments
   - Fix absroot causing audited secids to begin with =
   - Fix quiet_denied for file rules
   - Fix failed mount permission check error message
   - Disable showing the mode as part of a secid to secctx
   - Fix setting unconfined mode on a loaded profile
   - Fix overlapping attachment computation
   - Fix undefined reference to `zlib_deflate_workspacesize'

----------------------------------------------------------------
David Gow (1):
       apparmor: test: Remove some casts which are no-longer required

Gustavo A. R. Silva (1):
       apparmor: Use struct_size() helper in kmalloc()

John Johansen (17):
       apparmor: fix absroot causing audited secids to begin with =
       apparmor: Update help description of policy hash for introspection
       apparmor: make export of raw binary profile to userspace optional
       apparmor: Enable tuning of policy paranoid load for embedded systems
       apparmor: don't create raw_sha1 symlink if sha1 hashing is disabled
       apparmor: Update MAINTAINERS file with the lastest information
       apparmor: fix quiet_denied for file rules
       apparmor: Fix failed mount permission check error message
       apparmor: Fix undefined reference to `zlib_deflate_workspacesize'
       apparmor: add a kernel label to use on kernel objects
       apparmor: disable showing the mode as part of a secid to secctx
       apparmor: fix setting unconfined mode on a loaded profile
       apparmor: fix overlapping attachment computation
       apparmor: allow label to carry debug flags
       apparmor: extend policydb permission set by making use of the xbits
       apparmor: move ptrace mediation to more logical task.{h,c}
       apparmor: Update MAINTAINERS file with new email address

Lukas Bulwahn (1):
       apparmor: correct config reference to intended one

Matthew Wilcox (1):
       apparmor: Convert secid mapping to XArrays instead of IDR

Mike Salvatore (1):
       apparmor: resolve uninitialized symbol warnings in policy_unpack_test.c

Minghao Chi (1):
       security/apparmor: remove redundant ret variable

Souptick Joarder (HPE) (1):
       apparmor: Mark alloc_unconfined() as static

Tom Rix (1):
       apparmor: fix aa_label_asxprint return check

Xin Xiong (1):
       apparmor: fix reference count leak in aa_pivotroot()

Xiu Jianfeng (1):
       apparmor: Fix memleak in aa_simple_write_to_buffer()

Yang Li (7):
       apparmor: Fix kernel-doc
       lsm: Fix kernel-doc
       apparmor: Fix match_mnt_path_str() and match_mnt() kernel-doc comment
       apparmor: Fix some kernel-doc comments
       apparmor: Fix some kernel-doc comments
       apparmor: Fix some kernel-doc comments
       apparmor: Fix some kernel-doc comments

  MAINTAINERS                               |   8 ++-
  security/apparmor/Kconfig                 |  86 +++++++++++++++-------
  security/apparmor/apparmorfs.c            | 103 +++++++++++++++------------
  security/apparmor/audit.c                 |   2 +-
  security/apparmor/domain.c                |   5 +-
  security/apparmor/include/apparmor.h      |   1 +
  security/apparmor/include/apparmorfs.h    |  14 ++++
  security/apparmor/include/file.h          |   3 +
  security/apparmor/include/ipc.h           |  18 -----
  security/apparmor/include/label.h         |   2 +
  security/apparmor/include/lib.h           |   5 ++
  security/apparmor/include/path.h          |   4 +-
  security/apparmor/include/policy.h        |   6 +-
  security/apparmor/include/policy_ns.h     |   1 +
  security/apparmor/include/policy_unpack.h |   2 +
  security/apparmor/include/secid.h         |   5 +-
  security/apparmor/include/task.h          |  18 +++++
  security/apparmor/ipc.c                   | 110 ----------------------------
  security/apparmor/label.c                 |  29 ++++----
  security/apparmor/lib.c                   |  27 +++++--
  security/apparmor/lsm.c                   |  38 +++++-----
  security/apparmor/mount.c                 |  13 ++--
  security/apparmor/net.c                   |   3 +-
  security/apparmor/policy.c                |  35 +++++----
  security/apparmor/policy_ns.c             |  53 ++++++++++----
  security/apparmor/policy_unpack.c         |  53 +++++++++-----
  security/apparmor/policy_unpack_test.c    |  28 ++++----
  security/apparmor/procattr.c              |   2 +-
  security/apparmor/secid.c                 |  56 ++++++---------
  security/apparmor/task.c                  | 114 ++++++++++++++++++++++++++++++
  30 files changed, 498 insertions(+), 346 deletions(-)



More information about the Linux-security-module-archive mailing list