[GIT PULL] selinux/selinux-pr-20240513

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Linus,

We've got a variety of SELinux patches queued for Linux v6.10, the
highlights are below:

- Attempt to pre-allocate the SELinux status page so it doesn't appear
  to userspace that we are skipping SELinux policy sequence numbers.

- Reject invalid SELinux policy bitmaps with an error at policy load
  time.

- Consistently use the same type, u32, for ebitmap offsets.

- Improve the "symhash" hash function for better distribution on common
  policies.

- Correct a number of printk format specifiers in the ebitmap code.

- Improved error checking in sel_write_load().

- Ensure we have a proper return code in the
  filename_trans_read_helper_compat() function.

- Make better use of the current_sid() helper function.

- Allow for more hash table statistics when debugging is enabled.

- Migrate from printk_ratelimit() to pr_warn_ratelimited().

- Miscellaneous cleanups and tweaks to selinux_lsm_getattr().

- More consitification work in the conditional policy space.

Please merge,
-Paul

--
The following changes since commit 4cece764965020c22cff7665b18a012006359095:

  Linux 6.9-rc1 (2024-03-24 14:10:05 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
    tags/selinux-pr-20240513

for you to fetch changes up to 581646c3fb98494009671f6d347ea125bc0e663a:

  selinux: constify source policy in cond_policydb_dup()
    (2024-04-30 19:01:04 -0400)

----------------------------------------------------------------
selinux/stable-6.10 PR 20240513

----------------------------------------------------------------
Christian Göttsche (9):
      selinux: reject invalid ebitmaps
      selinux: update numeric format specifiers for ebitmaps
      selinux: make more use of current_sid()
      selinux: dump statistics for more hash tables
      selinux: improve symtab string hashing
      selinux: use u32 as bit position type in ebitmap code
      selinux: pre-allocate the status page
      selinux: avoid printk_ratelimit()
      selinux: constify source policy in cond_policydb_dup()

Ondrej Mosnacek (1):
      selinux: clarify return code in filename_trans_read_helper_compat()

Paul Moore (2):
      selinux: cleanup selinux_lsm_getattr()
      selinux: improve error checking in sel_write_load()

 security/selinux/hooks.c          | 58 ++++++++++++++---------------------
 security/selinux/selinuxfs.c      | 36 ++++++++++++++----------
 security/selinux/ss/conditional.c | 18 +++++++-----
 security/selinux/ss/conditional.h |  2 +-
 security/selinux/ss/ebitmap.c     | 50 +++++++++++++++++++++------------
 security/selinux/ss/ebitmap.h     | 38 ++++++++++++-------------
 security/selinux/ss/hashtab.c     | 10 ++++---
 security/selinux/ss/hashtab.h     |  4 +--
 security/selinux/ss/policydb.c    | 24 +++++++++++-----
 security/selinux/ss/services.c    |  3 +-
 security/selinux/ss/symtab.c      | 20 +++++++-------
 security/selinux/xfrm.c           |  7 ++---
 12 files changed, 145 insertions(+), 125 deletions(-)

--
paul-moore.com




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux