[GIT] Security subsystem changes for 3.14

[James Morris]

Changes for this kernel include maintenance updates for Smack, SELinux 
(and several networking fixes), IMA and TPM.

Please pull.


The following changes since commit d8ec26d7f8287f5788a494f56e8814210f0e64be:

  Linux 3.13 (2014-01-19 18:40:07 -0800)

are available in the git repository at:
  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus

Casey Schaufler (5):
      Smack: Prevent the * and @ labels from being used in SMACK64EXEC
      Smack: Make the syslog control configurable
      Smack: change rule cap check
      Smack: Rationalize mount restrictions
      Smack: File receive audit correction

Chad Hanson (1):
      selinux: fix broken peer recv check

Fengguang Wu (2):
      tpm/tpm_i2c_atmel: fix coccinelle warnings
      tpm/tpm-sysfs: active_show() can be static

Geyslan G. Bem (1):
      selinux: fix possible memory leak

James Morris (3):
      Merge to v3.13-rc7 for prerequisite changes in the Xen code for TPM
      Merge branch 'master' of git://git.infradead.org/users/pcmoore/selinux into next
      Merge branch 'master' of git://git.infradead.org/users/pcmoore/selinux into next

Jarkko Sakkinen (1):
      smack: fix: allow either entry be missing on access/access2 check (v2)

Jason Gunthorpe (7):
      tpm: Pull everything related to /dev/tpmX into tpm-dev.c
      tpm: Move sysfs functions from tpm-interface to tpm-sysfs
      tpm: Pull all driver sysfs code into tpm-sysfs.c
      tpm: Create a tpm_class_ops structure and use it in the drivers
      tpm: Use the ops structure instead of a copy in tpm_vendor_specific
      tpm: Make tpm-dev allocate a per-file structure
      tpm: tpm_tis: Fix compile problems with CONFIG_PM_SLEEP/CONFIG_PNP

Michal Nazarewicz (1):
      char: tpm: nuvoton: remove unused variable

Mimi Zohar (1):
      ima: update IMA-templates.txt documentation

Oleg Nesterov (1):
      selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()

Paul Moore (8):
      Merge tag 'v3.12'
      selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()
      selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()
      selinux: ensure that the cached NetLabel secattr matches the desired SID
      selinux: pull address family directly from the request_sock struct
      selinux: look for IPsec labels on both inbound and outbound packets
      selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()
      selinux: revert 102aefdda4d8275ce7d7100bc16c88c74272b260

Peter Huewe (5):
      tpm/tpm_ppi: Do not compare strcmp(a,b) == -1
      tpm/tpm_ppi: Check return value of acpi_get_name
      tpm/tpm_i2c_stm_st33: Check return code of get_burstcount
      tpm/tpm_ibmvtpm: fix unreachable code warning (smatch warning)
      tpm: MAINTAINERS: Cleanup TPM Maintainers file

Richard Haines (1):
      SELinux: Update policy version to support constraints info

Roberto Sassu (3):
      ima: change the default hash algorithm to SHA1 in ima_eventdigest_ng_init()
      ima: pass HASH_ALGO__LAST as hash algo in ima_eventdigest_init()
      ima: remove unneeded size_limit argument from ima_eventdigest_init_common()

Tetsuo Handa (1):
      SELinux: Fix memory leak upon loading policy

Tim Gardner (1):
      SELinux: security_load_policy: Silence frame-larger-than warning

Wei Yongjun (1):
      SELinux: remove duplicated include from hooks.c

 Documentation/security/IMA-templates.txt  |    6 +-
 MAINTAINERS                               |    8 +-
 drivers/char/tpm/Makefile                 |    2 +-
 drivers/char/tpm/tpm-dev.c                |  213 +++++++++++++
 drivers/char/tpm/tpm-interface.c          |  488 ++---------------------------
 drivers/char/tpm/tpm-sysfs.c              |  318 +++++++++++++++++++
 drivers/char/tpm/tpm.h                    |   83 +++---
 drivers/char/tpm/tpm_atmel.c              |   28 +--
 drivers/char/tpm/tpm_i2c_atmel.c          |   44 +---
 drivers/char/tpm/tpm_i2c_infineon.c       |   42 +---
 drivers/char/tpm/tpm_i2c_nuvoton.c        |   43 +---
 drivers/char/tpm/tpm_i2c_stm_st33.c       |   48 +---
 drivers/char/tpm/tpm_ibmvtpm.c            |   41 +---
 drivers/char/tpm/tpm_infineon.c           |   28 +--
 drivers/char/tpm/tpm_nsc.c                |   28 +--
 drivers/char/tpm/tpm_ppi.c                |   11 +-
 drivers/char/tpm/tpm_tis.c                |   49 +---
 drivers/char/tpm/xen-tpmfront.c           |   45 +---
 include/linux/tpm.h                       |   12 +
 security/integrity/ima/ima_template_lib.c |   18 +-
 security/selinux/hooks.c                  |    7 +-
 security/selinux/include/security.h       |    3 +-
 security/selinux/netlabel.c               |   31 ++-
 security/selinux/ss/constraint.h          |    1 +
 security/selinux/ss/policydb.c            |  110 ++++++-
 security/selinux/ss/policydb.h            |   11 +
 security/selinux/ss/services.c            |   54 ++--
 security/smack/smack.h                    |    5 +-
 security/smack/smack_lsm.c                |  140 ++++-----
 security/smack/smackfs.c                  |  134 +++++++--
 30 files changed, 1010 insertions(+), 1041 deletions(-)
 create mode 100644 drivers/char/tpm/tpm-dev.c
 create mode 100644 drivers/char/tpm/tpm-sysfs.c
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/