[GIT PULL] lsm/lsm-pr-20241112
Paul Moore
paul at paul-moore.com
Tue Nov 12 23:02:14 UTC 2024
Linus,
I'm expecting to have spotty network access later this week and early
into next so I'm sending my v6.13 merge window pull requests a bit
earlier than normal. While the LSM pull request is composed of thirteen
patches, they all focused on moving away from the current "secid" LSM
identifier to a richer "lsm_prop" structure. This move will help reduce
the translation that is necessary in many LSMs, offering better
performance, and make it easier to support different LSMs in the future.
-Paul
--
The following changes since commit 9852d85ec9d492ebef56dc5f229416c925758edc:
Linux 6.12-rc1 (2024-09-29 15:06:19 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git
tags/lsm-pr-20241112
for you to fetch changes up to 8afd8c8faa24249e48f5007aee46209299377588:
lsm: remove lsm_prop scaffolding (2024-10-11 14:34:16 -0400)
----------------------------------------------------------------
lsm/stable-6.13 PR 20241112
----------------------------------------------------------------
Casey Schaufler (13):
lsm: add the lsm_prop data structure
lsm: use lsm_prop in security_audit_rule_match
lsm: add lsmprop_to_secctx hook
audit: maintain an lsm_prop in audit_context
lsm: use lsm_prop in security_ipc_getsecid
audit: update shutdown LSM data
lsm: use lsm_prop in security_current_getsecid
lsm: use lsm_prop in security_inode_getsecid
audit: use an lsm_prop in audit_names
lsm: create new security_cred_getlsmprop LSM hook
audit: change context data from secid to lsm_prop
netlabel,smack: use lsm_prop for audit data
lsm: remove lsm_prop scaffolding
MAINTAINERS | 1
include/linux/lsm/apparmor.h | 17 ++++
include/linux/lsm/bpf.h | 16 ++++
include/linux/lsm/selinux.h | 16 ++++
include/linux/lsm/smack.h | 17 ++++
include/linux/lsm_hook_defs.h | 20 +++--
include/linux/security.h | 98 +++++++++++++++++++++-----
include/net/netlabel.h | 2
kernel/audit.c | 21 ++---
kernel/audit.h | 7 +
kernel/auditfilter.c | 9 +-
kernel/auditsc.c | 61 +++++++---------
net/netlabel/netlabel_unlabeled.c | 2
net/netlabel/netlabel_user.c | 7 -
net/netlabel/netlabel_user.h | 2
security/apparmor/audit.c | 4 -
security/apparmor/include/audit.h | 2
security/apparmor/include/secid.h | 2
security/apparmor/lsm.c | 17 ++--
security/apparmor/secid.c | 21 +++++
security/integrity/ima/ima.h | 8 +-
security/integrity/ima/ima_api.c | 6 -
security/integrity/ima/ima_appraise.c | 6 -
security/integrity/ima/ima_main.c | 60 +++++++--------
security/integrity/ima/ima_policy.c | 20 ++---
security/security.c | 96 +++++++++++++++++--------
security/selinux/hooks.c | 49 ++++++++-----
security/selinux/include/audit.h | 5 -
security/selinux/ss/services.c | 6 -
security/smack/smack_lsm.c | 96 ++++++++++++++++---------
security/smack/smackfs.c | 4 -
31 files changed, 470 insertions(+), 228 deletions(-)
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list