What's in the security-testing tree for 2.6.31
From: James Morris
Date: Wed Jun 10 2009 - 19:50:02 EST
Here's what's queued in the 'next' branch for 2.6.31.
(Note that Linus has asked people to test 2.6.30 for a week before opening
the merge window).
Eric Paris (12):
SELinux: drop secondary_ops->sysctl
IMA: use current_cred() instead of current->cred
IMA: Handle dentry_open failures
IMA: open all files O_LARGEFILE
securityfs: securityfs_remove should handle IS_ERR pointers
TPM: get_event_name stack corruption
IMA: remove read permissions on the ima policy file
IMA: do not measure everything opened by root by default
SELinux: move SELINUX_MAGIC into magic.h
IMA: Minimal IMA policy and boot param for TCB IMA policy
IMA: Add __init notation to ima functions
SELinux: define audit permissions for audit tree netlink messages
Tetsuo Handa (9):
tomoyo: remove "undelete domain" command.
rootplug: Remove redundant initialization.
smack: Remove redundant initialization.
TOMOYO: Remove unused mutex.
TOMOYO: Remove redundant markers.
TOMOYO: Simplify policy reader.
TOMOYO: Remove unused parameter.
TOMOYO: Remove unused field.
TOMOYO: Add description of lists and structures.
Mimi Zohar (7):
integrity: lsm audit rule matching fix
integrity: use audit_log_string
integrity: remove __setup auditing msgs
integrity: path_check update
integrity: move ima_counts_get
integrity: nfsd imbalance bug fix
integrity: ima audit dentry_open failure
David Howells (3):
SELinux: Don't flush inherited SIGKILL during execve()
CRED: Rename cred_exec_mutex to reflect that it's a guard against ptrace
CRED: Guard the setprocattr security hook against ptrace
Etienne Basset (2):
smack: implement logging V3
smack: implement logging V3
Oleg Nesterov (2):
selinux: selinux_bprm_committed_creds() should wake up ->real_parent, not ->parent.
do_wait: do take security_task_wait() into account
Serge E. Hallyn (2):
don't raise all privs on setuid-root file with fE set (v2)
tomoyo: avoid get+put of task_struct
Christoph Lameter (1):
security: use mmap_min_addr indepedently of security models
KaiGai Kohei (1):
Permissive domain in userspace object manager
Kees Cook (1):
modules: sysctl to block module loading
Paul Mundt (1):
nommu: Provide mmap_min_addr definition.
Roel Kluin (1):
smack: do not beyond ARRAY_SIZE of data
Stephen Rothwell (1):
modules: Fix up build when CONFIG_MODULE_UNLOAD=n.
Stephen Smalley (1):
selinux: remove obsolete read buffer limit from sel_read_bool
Documentation/Smack.txt | 20 +
Documentation/kernel-parameters.txt | 6
Documentation/sysctl/kernel.txt | 11
drivers/char/tpm/tpm_bios.c | 3
fs/compat.c | 6
fs/exec.c | 15 -
fs/hugetlbfs/inode.c | 2
fs/namei.c | 6
fs/nfsd/vfs.c | 14 +
fs/proc/base.c | 6
include/linux/ima.h | 11
include/linux/init_task.h | 4
include/linux/lsm_audit.h | 111 +++++++++
include/linux/magic.h | 1
include/linux/mm.h | 2
include/linux/sched.h | 5
include/linux/security.h | 2
ipc/shm.c | 5
kernel/cred.c | 4
kernel/exit.c | 1
kernel/module.c | 13 -
kernel/ptrace.c | 9
kernel/signal.c | 11
kernel/sysctl.c | 14 +
mm/Kconfig | 19 +
mm/mmap.c | 3
mm/nommu.c | 3
mm/shmem.c | 4
security/Kconfig | 22 -
security/Makefile | 3
security/commoncap.c | 32 ++
security/inode.c | 2
security/integrity/ima/ima_audit.c | 32 --
security/integrity/ima/ima_crypto.c | 4
security/integrity/ima/ima_fs.c | 8
security/integrity/ima/ima_iint.c | 2
security/integrity/ima/ima_init.c | 4
security/integrity/ima/ima_main.c | 92 ++++----
security/integrity/ima/ima_policy.c | 50 +++-
security/lsm_audit.c | 386 ++++++++++++++++++++++++++++++++++
security/root_plug.c | 12 -
security/security.c | 3
security/selinux/avc.c | 2
security/selinux/hooks.c | 24 --
security/selinux/include/security.h | 7
security/selinux/nlmsgtab.c | 2
security/selinux/selinuxfs.c | 8
security/selinux/ss/services.c | 30 --
security/smack/smack.h | 108 +++++++++
security/smack/smack_access.c | 143 +++++++++++-
security/smack/smack_lsm.c | 405 ++++++++++++++++++++++++++----------
security/smack/smackfs.c | 68 +++++-
security/tomoyo/common.c | 126 +++++++----
security/tomoyo/common.h | 142 ++++++++++--
security/tomoyo/domain.c | 330 ++++++++++++++++++-----------
security/tomoyo/file.c | 156 +++++++++++--
security/tomoyo/realpath.c | 23 +-
security/tomoyo/tomoyo.c | 4
security/tomoyo/tomoyo.h | 13 -
59 files changed, 1965 insertions(+), 589 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/