[GIT] Security related updates
From: James Morris
Date: Sun Oct 12 2008 - 19:17:17 EST
Hi Linus,
Some more security-related updates for 2.6.28, notably including an update
to Paul Moore's Netlabel code (DaveM asked for it to go via my tree, and
it is self-contained) and TPM updates. Please pull.
The following changes since commit f1b2a5ace996de339292d4035f9f5b294aecd11e:
Linus Torvalds (1):
Merge git://git.kernel.org/.../sfrench/cifs-2.6
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 for-linus
Andrew Morton (1):
ERROR: code indent should use tabs where possible
James Morris (2):
Merge branch 'master' of git://git.infradead.org/users/pcmoore/lblnet-2.6_next into next
Merge branch 'next' into for-linus
Mimi Zohar (1):
integrity: special fs magic
Paul Moore (17):
netlabel: Fix some sparse warnings
selinux: Cleanup the NetLabel glue code
selinux: Correctly handle IPv4 packets on IPv6 sockets in all cases
netlabel: Remove unneeded in-kernel API functions
selinux: Better local/forward check in selinux_ip_postroute()
selinux: Fix a problem in security_netlbl_sid_to_secattr()
selinux: Fix missing calls to netlbl_skbuff_err()
smack: Fix missing calls to netlbl_skbuff_err()
netlabel: Replace protocol/NetLabel linking with refrerence counts
netlabel: Add a generic way to create ordered linked lists of network addrs
netlabel: Add network address selectors to the NetLabel/LSM domain mapping
netlabel: Add functionality to set the security attributes of a packet
selinux: Set socket NetLabel based on connection endpoint
selinux: Cache NetLabel secattrs in the socket's security struct
netlabel: Changes to the NetLabel security attributes to allow LSMs to pass full contexts
cipso: Add support for native local labeling and fixup mapping names
netlabel: Add configuration support for local labeling
Rajiv Andrade (5):
Remove the BKL calls from the TPM driver, which were added in the overall
Renames num_open to is_open, as only one process can open the file at a time.
Protect tpm_chip_list when transversing it.
The tpm_dev_release function is only called for platform devices, not pnp
As pointed out by Jonathan Corbet, the timer must be deleted before
drivers/char/tpm/tpm.c | 96 +++---
drivers/char/tpm/tpm.h | 3 +-
drivers/char/tpm/tpm_tis.c | 14 +-
fs/debugfs/inode.c | 3 +-
include/linux/magic.h | 4 +
include/net/cipso_ipv4.h | 55 +++-
include/net/netlabel.h | 51 ++-
mm/shmem.c | 4 +-
net/ipv4/cipso_ipv4.c | 656 ++++++++++++++++++++++++-----------
net/ipv4/ip_options.c | 2 +-
net/netlabel/Makefile | 3 +-
net/netlabel/netlabel_addrlist.c | 388 +++++++++++++++++++++
net/netlabel/netlabel_addrlist.h | 189 ++++++++++
net/netlabel/netlabel_cipso_v4.c | 136 +++++---
net/netlabel/netlabel_cipso_v4.h | 10 +-
net/netlabel/netlabel_domainhash.c | 393 ++++++++++++++++-----
net/netlabel/netlabel_domainhash.h | 40 ++-
net/netlabel/netlabel_kapi.c | 272 ++++++++++-----
net/netlabel/netlabel_mgmt.c | 410 ++++++++++++++++------
net/netlabel/netlabel_mgmt.h | 59 +++-
net/netlabel/netlabel_unlabeled.c | 456 ++++++++----------------
security/inode.c | 3 +-
security/selinux/hooks.c | 229 +++++++++----
security/selinux/include/netlabel.h | 44 +++-
security/selinux/include/objsec.h | 9 +-
security/selinux/netlabel.c | 280 +++++++++++++---
security/selinux/ss/services.c | 13 +-
security/smack/smack_lsm.c | 5 +-
security/smack/smackfs.c | 4 +-
29 files changed, 2800 insertions(+), 1031 deletions(-)
create mode 100644 net/netlabel/netlabel_addrlist.c
create mode 100644 net/netlabel/netlabel_addrlist.h
--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/