Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v5.2 2019-06-05T15:36:37Z 2019-06-05T15:36:37Z Thomas Gleixner tglx@linutronix.de 2019-05-29T14:17:56Z urn:sha1:9c92ab61914157664a2fbdf926df0eb937838e45 Based on 1 normalized pattern(s): this software is licensed under the terms of the gnu general public license version 2 as published by the free software foundation and may be copied distributed and modified under those terms this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 285 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Alexios Zavras <alexios.zavras@intel.com> Reviewed-by: Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190529141900.642774971@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-05-21T08:50:46Z Thomas Gleixner tglx@linutronix.de 2019-05-19T12:07:45Z urn:sha1:ec8f24b7faaf3d4799a7c3f4c1b87f6b02778ad1 Add SPDX license identifiers to all Make/Kconfig files which: - Have no license information of any form These files fall under the project license, GPL v2 only. The resulting SPDX license identifier is: GPL-2.0-only Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-01-08T21:18:43Z Kees Cook keescook@chromium.org 2018-09-14T22:26:37Z urn:sha1:70b62c25665f636c9f6c700b26af7df296b0887e This converts LoadPin from being a direct "minor" LSM into an ordered LSM. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> 2018-10-18T22:29:44Z Kees Cook keescook@chromium.org 2018-09-24T21:43:59Z urn:sha1:13523bef1e2154b6d02836cd0f6c0ffc89b2eae6 LoadPin's "enabled" setting is really about enforcement, not whether or not the LSM is using LSM hooks. Instead, split this out so that LSM enabling can be logically distinct from whether enforcement is happening (for example, the pinning happens when the LSM is enabled, but the pin is only checked when "enforce" is set). This allows LoadPin to continue to operate sanely in test environments once LSM enable/disable is centrally handled (i.e. we want LoadPin to be enabled separately from its enforcement). Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: John Johansen <john.johansen@canonical.com> 2018-10-18T22:29:44Z Kees Cook keescook@chromium.org 2018-10-04T00:38:37Z urn:sha1:f4b626d6de15149329332796e96709e0c4c84577 Instead of only reporting major/minor, include the actual block device name, at least as seen by the kernel. Signed-off-by: Kees Cook <keescook@chromium.org> 2018-07-16T19:31:57Z Mimi Zohar zohar@linux.vnet.ibm.com 2018-07-13T18:06:02Z urn:sha1:c77b8cdf745d91eca138e7bfa430dc6640b604a0 Both the init_module and finit_module syscalls call either directly or indirectly the security_kernel_read_file LSM hook. This patch replaces the direct call in init_module with a call to the new security_kernel_load_data hook and makes the corresponding changes in SELinux, LoadPin, and IMA. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Jeff Vander Stoep <jeffv@google.com> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: Kees Cook <keescook@chromium.org> Acked-by: Jessica Yu <jeyu@kernel.org> Acked-by: Paul Moore <paul@paul-moore.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com> 2018-02-22T19:28:50Z Al Viro viro@zeniv.linux.org.uk 2018-02-22T19:28:50Z urn:sha1:304ec482f562885b178b370cd50340447585d1c0 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2017-03-06T00:00:15Z James Morris jmorris@namei.org 2017-02-14T13:18:51Z urn:sha1:ca97d939db114c8d1619e10a3b82af8615372dae Mark all of the registration hooks as __ro_after_init (via the __lsm_ro_after_init macro). Signed-off-by: James Morris <james.l.morris@oracle.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Kees Cook <keescook@chromium.org> 2017-01-19T02:18:29Z Casey Schaufler casey@schaufler-ca.com 2017-01-19T01:09:05Z urn:sha1:d69dece5f5b6bc7a5e39d2b6136ddc69469331fe I am still tired of having to find indirect ways to determine what security modules are active on a system. I have added /sys/kernel/security/lsm, which contains a comma separated list of the active security modules. No more groping around in /proc/filesystems or other clever hacks. Unchanged from previous versions except for being updated to the latest security next branch. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Paul Moore <paul@paul-moore.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.l.morris@oracle.com> 2016-05-17T10:10:30Z Kees Cook keescook@chromium.org 2016-05-17T08:45:52Z urn:sha1:b937190c40de0f6f07f592042e3097b16c6b0130 Instead of being enabled by default when SECURITY_LOADPIN is selected, provide an additional (default off) config to determine the boot time behavior. As before, the "loadpin.enabled=0/1" kernel parameter remains available. Suggested-by: James Morris <jmorris@namei.org> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.l.morris@oracle.com>