Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v5.3 2019-06-05T15:37:17Z 2019-06-05T15:37:17Z Thomas Gleixner tglx@linutronix.de 2019-06-01T08:08:55Z urn:sha1:b886d83c5b621abc84ff9616f14c529be3f6b147 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation version 2 of the license extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 315 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Armijn Hemel <armijn@tjaldur.nl> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-01-08T21:18:44Z Casey Schaufler casey@schaufler-ca.com 2018-11-12T20:02:49Z urn:sha1:33bf60cabcc7687b194a689b068b65e9ecd556be Move management of the file->f_security blob out of the individual security modules and into the infrastructure. The modules no longer allocate or free the data, instead they tell the infrastructure how much space they require. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org> 2017-08-01T19:03:06Z Kees Cook keescook@chromium.org 2017-07-18T22:25:24Z urn:sha1:993b3ab0642e57da5de6bef11dd50db7e2fc3b7e The AppArmor bprm_secureexec hook can be merged with the bprm_set_creds hook since it's dealing with the same information, and all of the details are finalized during the first call to the bprm_set_creds hook via prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored via bprm->called_set_creds). Here, all the comments describe how secureexec is actually calculated during bprm_set_creds, so this actually does it, drops the bprm flag that was being used internally by AppArmor, and drops the bprm_secureexec hook. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: John Johansen <john.johansen@canonical.com> Reviewed-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com> 2017-06-11T00:11:44Z John Johansen john.johansen@canonical.com 2017-06-09T23:06:21Z urn:sha1:8014370f1257619226b79cb6de8e28563fbbc070 Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-06-11T00:11:43Z John Johansen john.johansen@canonical.com 2017-06-09T23:02:25Z urn:sha1:aebd873e8d3e34757c9295eef074d1be229f5893 Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-06-11T00:11:43Z John Johansen john.johansen@canonical.com 2017-06-09T22:48:20Z urn:sha1:98c3d182321d489d8bfaa596127020ec3027edb2 Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-06-11T00:11:42Z John Johansen john.johansen@canonical.com 2017-06-09T21:59:51Z urn:sha1:190a95189eb9e2233ed71a85cd6dd0c8efc9d392 Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-06-11T00:11:37Z John Johansen john.johansen@canonical.com 2017-06-09T18:58:42Z urn:sha1:192ca6b55a866e838aee98d9cb6a0b5086467c03 Instead of running file revalidation lazily when read/write are called copy selinux and revalidate the file table on exec. This avoids extra mediation overhead in read/write and also prevents file handles being passed through to a grand child unchecked. Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-06-11T00:11:37Z John Johansen john.johansen@canonical.com 2017-06-09T18:43:45Z urn:sha1:2835a13bbdc09d330eafdf5e67eb407c90c01ab7 Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-06-11T00:11:30Z John Johansen john.johansen@canonical.com 2017-05-29T19:19:39Z urn:sha1:2d679f3cb0eaa6afa0dc97fe6ad3b797e1c1899a Signed-off-by: John Johansen <john.johansen@canonical.com>