[GIT PULL] Security subsystem: general updates for v4.18

From: James Morris
Date: Tue Jun 05 2018 - 14:21:47 EST

Next message: Thomas Backlund: "Re: building in 32bit chroot on x86_64 host broken"
Previous message: Kohli, Gaurav: "Re: [PATCH v1] kthread/smpboot: Serialize kthread parking against wakeup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Please pull these general security subsystem updates for v4.18.

Summary:

- Incorporate new socketpair() hook into LSM and wire up the SELinux and
Smack modules. From David Herrmann:

"The idea is to allow SO_PEERSEC to be called on AF_UNIX sockets
created via socketpair(2), and return the same information as if you
emulated socketpair(2) via a temporary listener socket. Right now
SO_PEERSEC will return the unlabeled credentials for a socketpair,
rather than the actual credentials of the creating process."

- Sargun Dhillon removed the unused security_settime LSM hook.

- Tycho Andersen removed some stack allocated arrays from the keys code.

---

The following changes since commit 6da6c0db5316275015e8cc2959f12a17584aeb64:

Linux v4.17-rc3 (2018-04-29 14:17:42 -0700)

are available in the Git repository at:

git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-general

for you to fetch changes up to 890e2abe1028c39e5399101a2c277219cd637aaa:

dh key: get rid of stack allocated array for zeroes (2018-05-11 13:07:49 -0700)

----------------------------------------------------------------
David Herrmann (3):
security: add hook for socketpair()
net: hook socketpair() into LSM
selinux: provide socketpair callback

James Morris (2):
Merge tag 'v4.17-rc2' into next-general
Merge tag 'v4.17-rc3' into next-general

Sargun Dhillon (1):
security: remove security_settime

Tom Gundersen (1):
smack: provide socketpair callback

Tycho Andersen (3):
big key: get rid of stack array allocation
dh key: get rid of stack allocated array
dh key: get rid of stack allocated array for zeroes

include/linux/lsm_hooks.h | 7 +++++++
include/linux/security.h | 21 +++++++--------------
net/socket.c | 7 +++++++
security/keys/big_key.c | 11 ++++++++++-
security/keys/dh.c | 35 +++++++++++++----------------------
security/security.c | 6 ++++++
security/selinux/hooks.c | 13 +++++++++++++
security/smack/smack_lsm.c | 22 ++++++++++++++++++++++
8 files changed, 85 insertions(+), 37 deletions(-)

Next message: Thomas Backlund: "Re: building in 32bit chroot on x86_64 host broken"
Previous message: Kohli, Gaurav: "Re: [PATCH v1] kthread/smpboot: Serialize kthread parking against wakeup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]