What's coming in the security subsystem
From: James Morris
Date: Tue Mar 17 2009 - 19:14:30 EST
Here's what to expect in 2.6.30, currently carried in linux-next via the
security-testing tree[1].
Notable new features include IMA and TOMOYO, while SELinux gets some
cleanup love.
David P. Quigley (3):
SELinux: Condense super block security structure flags and cleanup necessary code.
SELinux: Add new security mount option to indicate security label support.
SELinux: Unify context mount and genfs behavior
Eric Paris (12):
SELinux: call capabilities code directory
SELinux: better printk when file with invalid label found
SELinux: NULL terminate al contexts from disk
SELinux: check seqno when updating an avc_node
SELinux: remove the unused ae.used
SELinux: more careful use of avd in avc_has_perm_noaudit
SELinux: remove unused av.decided field
SELinux: code readability with avc_cache
SELinux: convert the avc cache hash list to an hlist
SELinux: open perm for sock files
SELinux: new permission between tty audit and audit socket
SELinux: inode_doinit_with_dentry drop no dentry printk
James Morris (23):
maintainers: add security subsystem wiki
selinux: remove unused bprm_check_security hook
selinux: remove secondary ops call to bprm_committing_creds
selinux: remove secondary ops call to bprm_committed_creds
selinux: remove secondary ops call to sb_mount
selinux: remove secondary ops call to sb_umount
selinux: remove secondary ops call to inode_link
selinux: remove secondary ops call to inode_unlink
selinux: remove secondary ops call to inode_mknod
selinux: remove secondary ops call to inode_follow_link
selinux: remove secondary ops call to inode_permission
selinux: remove secondary ops call to inode_setattr
selinux: remove secondary ops call to file_mprotect
selinux: remove secondary ops call to task_create
selinux: remove unused cred_commit hook
selinux: remove secondary ops call to task_setrlimit
selinux: remove secondary ops call to task_kill
selinux: remove secondary ops call to unix_stream_connect
selinux: remove secondary ops call to shm_shmat
selinux: remove hooks which simply defer to capabilities
IMA: fix ima_delete_rules() definition
Merge branch 'master' into next
security: change link order of LSMs so security=tomoyo works
Kentaro Takeda (8):
Add in_execve flag into task_struct.
Memory and pathname management functions.
Common functions for TOMOYO Linux.
File operation restriction part.
Domain transition handler.
LSM adapter functions.
Kconfig and Makefile
MAINTAINERS info
Mimi Zohar (11):
integrity: IMA hooks
integrity: IMA as an integrity service provider
integrity: IMA display
integrity: IMA policy
integrity: IMA policy open
Integrity: IMA file free imbalance
Integrity: IMA update maintainers
integrity: shmem zero fix
integrity: audit update
integrity: ima scatterlist bug fix
integrity: ima iint radix_tree_lookup locking fix
Rajiv Andrade (3):
TPM: sysfs functions consolidation
TPM: integrity interface
TPM: integrity fix
Randy Dunlap (2):
ima: fix build error
smack: fix lots of kernel-doc notation
Serge E. Hallyn (5):
securityfs: fix long-broken securityfs_create_file comment
keys: distinguish per-uid keys in different namespaces
keys: consider user namespace in key_permission
keys: skip keys from another user namespace
keys: make procfiles per-user-namespace
Tetsuo Handa (4):
tomoyo: fix sparse warning
TOMOYO: Fix exception policy read failure.
TOMOYO: Don't create securityfs entries unless registered.
TOMOYO: Do not call tomoyo_realpath_init unless registered.
etienne (1):
smack: fixes for unlabeled host support
[1] git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/