Linus,
A relatively small set of patches for SELinux this time, eight patches
in total with really only one significant change. The highlights are
below:
- Add support for proper labeling of memfd_secret anonymous inodes.
This will allow LSMs that implement the anonymous inode hooks to apply
security policy to memfd_secret() fds.
- Various small improvements to memory management: fixed leaks, freed
memory when needed, boundary checks.
- Hardened the selinux_audit_data struct with __randomize_layout.
- A minor documentation tweak to fix a formatting/style issue.
Everything applies cleanly to your tree as of a few minutes ago,
please merge for v6.0.
-Paul
--
The following changes since commit f2906aa863381afb0015a9eb7fefad885d4e5a56:
Linux 5.19-rc1 (2022-06-05 17:18:54 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
tags/selinux-pr-20220801
for you to fetch changes up to ef54ccb61616d8293bc68220d88a8e74271141b5:
selinux: selinux_add_opt() callers free memory
(2022-06-20 21:05:40 -0400)
----------------------------------------------------------------
selinux/stable-6.0 PR 20220801
----------------------------------------------------------------
Christian Göttsche (2):
selinux: drop unnecessary NULL check
mm: create security context for memfd_secret inodes
GONG, Ruiqi (1):
selinux: add __randomize_layout to selinux_audit_data
Jonas Lindner (1):
selinux: fix typos in comments
Randy Dunlap (1):
docs: selinux: add '=' signs to kernel boot options
Xiu Jianfeng (3):
selinux: fix memleak in security_read_state_kernel()
selinux: Add boundary check in put_entry()
selinux: selinux_add_opt() callers free memory
Documentation/admin-guide/kernel-parameters.txt | 4 ++--
mm/secretmem.c | 9 +++++++++
security/selinux/hooks.c | 17 +++++++----------
security/selinux/include/audit.h | 2 +-
security/selinux/include/avc.h | 2 +-
security/selinux/ss/policydb.h | 2 ++
security/selinux/ss/services.c | 9 ++++++++-
7 files changed, 30 insertions(+), 15 deletions(-)
--
paul-moore.com
