[GIT PULL] SELinux patches for v6.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Linus,

A relatively small set of patches for SELinux this time, eight patches
in total with really only one significant change.  The highlights are
below:

- Add support for proper labeling of memfd_secret anonymous inodes.
This will allow LSMs that implement the anonymous inode hooks to apply
security policy to memfd_secret() fds.

- Various small improvements to memory management: fixed leaks, freed
memory when needed, boundary checks.

- Hardened the selinux_audit_data struct with __randomize_layout.

- A minor documentation tweak to fix a formatting/style issue.

Everything applies cleanly to your tree as of a few minutes ago,
please merge for v6.0.
-Paul

--
The following changes since commit f2906aa863381afb0015a9eb7fefad885d4e5a56:

 Linux 5.19-rc1 (2022-06-05 17:18:54 -0700)

are available in the Git repository at:

 git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
   tags/selinux-pr-20220801

for you to fetch changes up to ef54ccb61616d8293bc68220d88a8e74271141b5:

 selinux: selinux_add_opt() callers free memory
   (2022-06-20 21:05:40 -0400)

----------------------------------------------------------------
selinux/stable-6.0 PR 20220801

----------------------------------------------------------------
Christian Göttsche (2):
     selinux: drop unnecessary NULL check
     mm: create security context for memfd_secret inodes

GONG, Ruiqi (1):
     selinux: add __randomize_layout to selinux_audit_data

Jonas Lindner (1):
     selinux: fix typos in comments

Randy Dunlap (1):
     docs: selinux: add '=' signs to kernel boot options

Xiu Jianfeng (3):
     selinux: fix memleak in security_read_state_kernel()
     selinux: Add boundary check in put_entry()
     selinux: selinux_add_opt() callers free memory

Documentation/admin-guide/kernel-parameters.txt |  4 ++--
mm/secretmem.c                                  |  9 +++++++++
security/selinux/hooks.c                        | 17 +++++++----------
security/selinux/include/audit.h                |  2 +-
security/selinux/include/avc.h                  |  2 +-
security/selinux/ss/policydb.h                  |  2 ++
security/selinux/ss/services.c                  |  9 ++++++++-
7 files changed, 30 insertions(+), 15 deletions(-)

-- 
paul-moore.com




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux