Linus, We've got a variety of SELinux patches queued for Linux v6.10, the highlights are below: - Attempt to pre-allocate the SELinux status page so it doesn't appear to userspace that we are skipping SELinux policy sequence numbers. - Reject invalid SELinux policy bitmaps with an error at policy load time. - Consistently use the same type, u32, for ebitmap offsets. - Improve the "symhash" hash function for better distribution on common policies. - Correct a number of printk format specifiers in the ebitmap code. - Improved error checking in sel_write_load(). - Ensure we have a proper return code in the filename_trans_read_helper_compat() function. - Make better use of the current_sid() helper function. - Allow for more hash table statistics when debugging is enabled. - Migrate from printk_ratelimit() to pr_warn_ratelimited(). - Miscellaneous cleanups and tweaks to selinux_lsm_getattr(). - More consitification work in the conditional policy space. Please merge, -Paul -- The following changes since commit 4cece764965020c22cff7665b18a012006359095: Linux 6.9-rc1 (2024-03-24 14:10:05 -0700) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20240513 for you to fetch changes up to 581646c3fb98494009671f6d347ea125bc0e663a: selinux: constify source policy in cond_policydb_dup() (2024-04-30 19:01:04 -0400) ---------------------------------------------------------------- selinux/stable-6.10 PR 20240513 ---------------------------------------------------------------- Christian Göttsche (9): selinux: reject invalid ebitmaps selinux: update numeric format specifiers for ebitmaps selinux: make more use of current_sid() selinux: dump statistics for more hash tables selinux: improve symtab string hashing selinux: use u32 as bit position type in ebitmap code selinux: pre-allocate the status page selinux: avoid printk_ratelimit() selinux: constify source policy in cond_policydb_dup() Ondrej Mosnacek (1): selinux: clarify return code in filename_trans_read_helper_compat() Paul Moore (2): selinux: cleanup selinux_lsm_getattr() selinux: improve error checking in sel_write_load() security/selinux/hooks.c | 58 ++++++++++++++--------------------- security/selinux/selinuxfs.c | 36 ++++++++++++++---------- security/selinux/ss/conditional.c | 18 +++++++----- security/selinux/ss/conditional.h | 2 +- security/selinux/ss/ebitmap.c | 50 +++++++++++++++++++++------------ security/selinux/ss/ebitmap.h | 38 ++++++++++++------------- security/selinux/ss/hashtab.c | 10 ++++--- security/selinux/ss/hashtab.h | 4 +-- security/selinux/ss/policydb.c | 24 +++++++++++----- security/selinux/ss/services.c | 3 +- security/selinux/ss/symtab.c | 20 +++++++------- security/selinux/xfrm.c | 7 ++--- 12 files changed, 145 insertions(+), 125 deletions(-) -- paul-moore.com
