[GIT PULL] selinux/selinux-pr-20240911
Paul Moore
paul at paul-moore.com
Fri Sep 13 01:18:33 UTC 2024
Linus,
A number of small SELinux patches for the v6.12 merge window:
* Ensure that both IPv4 and IPv6 connections are properly initialized
While we always properly initialized IPv4 connections early in their
life, we missed the necessary IPv6 change when we were adding IPv6
support.
* Annotate the SELinux inode revalidation function to quiet KCSAN
KCSAN correctly identifyies a race in __inode_security_revalidate() when
we check to see if an inode's SELinux has been properly initialized.
While KCSAN is correct, it is an intentional choice made for performance
reasons; if necessary, we check the state a second time, this time with a
lock held, before initializing the inode's state.
* Code cleanups, simplification, etc.
A handful of individual patches to simplify some SELinux kernel logic,
improve return code granularity via ERR_PTR(), follow the guidance on
using KMEM_CACHE(), and correct some minor style problems.
-Paul
--
The following changes since commit 8400291e289ee6b2bf9779ff1c83a291501f017b:
Linux 6.11-rc1 (2024-07-28 14:19:55 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
tags/selinux-pr-20240911
for you to fetch changes up to d19a9e25a722d629041ac8fd320a86c016e349d1:
selinux: fix style problems in security/selinux/include/audit.h
(2024-09-03 18:54:38 -0400)
----------------------------------------------------------------
selinux/stable-6.12 PR 20240911
----------------------------------------------------------------
Canfeng Guo (1):
selinux: Streamline type determination in security_compute_sid
Eric Suen (1):
selinux: replace kmem_cache_create() with KMEM_CACHE()
Gaosheng Cui (1):
selinux: refactor code to return ERR_PTR in
selinux_netlbl_sock_genattr
Guido Trentalancia (1):
selinux: mark both IPv4 and IPv6 accepted connection sockets as
labeled
Paul Moore (1):
selinux: fix style problems in security/selinux/include/audit.h
Stephen Smalley (1):
selinux: annotate false positive data race to avoid KCSAN warnings
Zhen Lei (1):
selinux: simplify avc_xperms_audit_required()
security/selinux/avc.c | 20 ++++---------
security/selinux/hooks.c | 7 ++++
security/selinux/include/audit.h | 46 +++++++++++++++----------------
security/selinux/netlabel.c | 20 ++++++-------
security/selinux/ss/avtab.c | 7 +---
security/selinux/ss/ebitmap.c | 4 --
security/selinux/ss/hashtab.c | 4 --
security/selinux/ss/services.c | 36 ++++++++++++------------
8 files changed, 68 insertions(+), 76 deletions(-)
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list