[GIT PULL] lsm/lsm-pr-20241112

Paul Moore paul at paul-moore.com
Tue Nov 12 23:02:14 UTC 2024


Linus,

I'm expecting to have spotty network access later this week and early
into next so I'm sending my v6.13 merge window pull requests a bit
earlier than normal.  While the LSM pull request is composed of thirteen
patches, they all focused on moving away from the current "secid" LSM
identifier to a richer "lsm_prop" structure.  This move will help reduce
the translation that is necessary in many LSMs, offering better
performance, and make it easier to support different LSMs in the future.

-Paul

--
The following changes since commit 9852d85ec9d492ebef56dc5f229416c925758edc:

  Linux 6.12-rc1 (2024-09-29 15:06:19 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git
    tags/lsm-pr-20241112

for you to fetch changes up to 8afd8c8faa24249e48f5007aee46209299377588:

  lsm: remove lsm_prop scaffolding (2024-10-11 14:34:16 -0400)

----------------------------------------------------------------
lsm/stable-6.13 PR 20241112
----------------------------------------------------------------

Casey Schaufler (13):
      lsm: add the lsm_prop data structure
      lsm: use lsm_prop in security_audit_rule_match
      lsm: add lsmprop_to_secctx hook
      audit: maintain an lsm_prop in audit_context
      lsm: use lsm_prop in security_ipc_getsecid
      audit: update shutdown LSM data
      lsm: use lsm_prop in security_current_getsecid
      lsm: use lsm_prop in security_inode_getsecid
      audit: use an lsm_prop in audit_names
      lsm: create new security_cred_getlsmprop LSM hook
      audit: change context data from secid to lsm_prop
      netlabel,smack: use lsm_prop for audit data
      lsm: remove lsm_prop scaffolding

 MAINTAINERS                           |    1 
 include/linux/lsm/apparmor.h          |   17 ++++
 include/linux/lsm/bpf.h               |   16 ++++
 include/linux/lsm/selinux.h           |   16 ++++
 include/linux/lsm/smack.h             |   17 ++++
 include/linux/lsm_hook_defs.h         |   20 +++--
 include/linux/security.h              |   98 +++++++++++++++++++++-----
 include/net/netlabel.h                |    2 
 kernel/audit.c                        |   21 ++---
 kernel/audit.h                        |    7 +
 kernel/auditfilter.c                  |    9 +-
 kernel/auditsc.c                      |   61 +++++++---------
 net/netlabel/netlabel_unlabeled.c     |    2 
 net/netlabel/netlabel_user.c          |    7 -
 net/netlabel/netlabel_user.h          |    2 
 security/apparmor/audit.c             |    4 -
 security/apparmor/include/audit.h     |    2 
 security/apparmor/include/secid.h     |    2 
 security/apparmor/lsm.c               |   17 ++--
 security/apparmor/secid.c             |   21 +++++
 security/integrity/ima/ima.h          |    8 +-
 security/integrity/ima/ima_api.c      |    6 -
 security/integrity/ima/ima_appraise.c |    6 -
 security/integrity/ima/ima_main.c     |   60 +++++++--------
 security/integrity/ima/ima_policy.c   |   20 ++---
 security/security.c                   |   96 +++++++++++++++++--------
 security/selinux/hooks.c              |   49 ++++++++-----
 security/selinux/include/audit.h      |    5 -
 security/selinux/ss/services.c        |    6 -
 security/smack/smack_lsm.c            |   96 ++++++++++++++++---------
 security/smack/smackfs.c              |    4 -
 31 files changed, 470 insertions(+), 228 deletions(-)

--
paul-moore.com



More information about the Linux-security-module-archive mailing list