Hi James,
Another big set of SELinux patches for the 4.9 release. The most significant
patches are the seven from Vivek which add overlayfs support, but the other
seven patches do a lot of nice things including additional policy sanity
checking, bug fixing, and the removal of
SECURITY_SELINUX_POLICYDB_VERSION_MAX.
All of these patches pass the selinux-testsuite and merge cleanly with the
current linux-security#next branch, please apply.
Thanks,
-Paul
---
The following changes since commit 29b4817d4018df78086157ea3a55c1d9424a7cfc:
Linux 4.8-rc1 (2016-08-07 18:18:00 -0700)
are available in the git repository at:
git://git.infradead.org/users/pcmoore/selinux stable-4.9
for you to fetch changes up to 9b6a9ecc2d88ccdc57efc22d69436b9dd7e2eceb:
selinux: fix error return code in policydb_read()
(2016-09-13 17:14:43 -0400)
----------------------------------------------------------------
Javier Martinez Canillas (1):
security: Use IS_ENABLED() instead of checking for built-in or module
Vivek Goyal (7):
security, overlayfs: provide copy up security hook for unioned files
selinux: Implementation for inode_copy_up() hook
security,overlayfs: Provide security hook for copy up of xattrs
for overlay file
selinux: Implementation for inode_copy_up_xattr() hook
selinux: Pass security pointer to determine_inode_label()
security, overlayfs: Provide hook to correctly label newly created
files
selinux: Implement dentry_create_files_as() hook
Wei Yongjun (1):
selinux: fix error return code in policydb_read()
William Roberts (5):
selinux: print leading 0x on ioctlcmd audits
selinux: drop SECURITY_SELINUX_POLICYDB_VERSION_MAX
selinux: detect invalid ebitmap
selinux: initialize structures
selinux: fix overflow and 0 length allocations
fs/overlayfs/copy_up.c | 22 +++++++++
fs/overlayfs/dir.c | 10 +++++
include/linux/lsm_hooks.h | 36 +++++++++++++++
include/linux/security.h | 24 ++++++++++
security/lsm_audit.c | 4 +-
security/security.c | 27 +++++++++++
security/selinux/Kconfig | 38 ----------------
security/selinux/hooks.c | 90 +++++++++++++++++++++++++++------
security/selinux/include/security.h | 4 --
security/selinux/ss/conditional.c | 2 +
security/selinux/ss/ebitmap.c | 3 ++
security/selinux/ss/policydb.c | 12 +++--
security/smack/smack_netfilter.c | 4 +-
13 files changed, 211 insertions(+), 65 deletions(-)
--
paul moore
security @ redhat
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
