[GIT PULL] SELinux patches v4.21

From: Paul Moore
Date: Mon Dec 24 2018 - 12:02:41 EST

Hi Linus,

I already used my best holiday pull request lines in the audit pull
request, so this one is going to be a bit more boring, sorry about
that. To make up for this, we do have a birthday of sorts to
celebrate: SELinux turns 18 years old this December. Perhaps not the
most exciting thing in the world for most people, but I think it's
safe to say that anyone reading this email doesn't exactly fall into
the "most people" category.

Back to business and the pull request itself. Ondrej has five patches
in this pull request and I lump them into three categories: one patch
to always allow submounts (using similar logic to elsewhere in the
kernel), one to fix some issues with the SELinux policydb, and the
others to cleanup and improve the SELinux sidtab. The other patches
from Alexey and Petr and trivial fixes that are adequately described
in their respective subject lines. This is generally a pretty
standard set of patches, but there is one potential merge conflict
with the mount rework in the vfs tree. If needed, the fixup is pretty
small and documented in the linux-next post below; if you have any
questions about the merge let us know.

* https://lore.kernel.org/lkml/20181218144858.58d8d1f8@xxxxxxxxxxxxxxxx

With this last pull request of the year, I want to thank everyone who
has contributed patches, testing, and reviews to the SELinux project
this year, and the past 18 years. Like any good open source effort,
SELinux is only as good as the community which supports it, and I'm
very happy that we have the community we do - thank you all!

The following changes since commit 651022382c7f8da46cb4872a545ee1da6d097d2a:

Linux 4.20-rc1 (2018-11-04 15:37:52 -0800)

are available in the Git repository at:


for you to fetch changes up to ee1a84fdfeedfd7362e9a8a8f15fedc3482ade2d:

selinux: overhaul sidtab to fix bug and improve performance
(2018-12-05 16:12:32 -0500)

selinux/stable-4.21 PR 20181224

Alexey Dobriyan (1):
selinux: make "selinux_policycap_names[]" const char *

Ondrej Mosnacek (5):
selinux: policydb - fix byte order and alignment issues
selinux: refactor sidtab conversion
selinux: always allow mounting submounts
selinux: use separate table for initial SID lookup
selinux: overhaul sidtab to fix bug and improve performance

Petr Vorel (1):
Documentation: Update SELinux reference policy URL

Documentation/admin-guide/LSM/SELinux.rst | 2 +-
security/selinux/hooks.c | 2 +-
security/selinux/include/security.h | 2 +-
security/selinux/ss/mls.c | 24 +-
security/selinux/ss/mls.h | 3 +-
security/selinux/ss/policydb.c | 61 +++-
security/selinux/ss/services.c | 222 +++++------
security/selinux/ss/services.h | 2 +-
security/selinux/ss/sidtab.c | 609 ++++++++++++++++++---------
security/selinux/ss/sidtab.h | 96 +++--
10 files changed, 626 insertions(+), 397 deletions(-)

paul moore