Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security (bea80318) · Commits · 戴 / test

MAINTAINERS

+13 −9

Original line number	Diff line number	Diff line
		@@ -3401,7 +3401,9 @@ F: Documentation/filesystems/ext4.txt
		F: fs/ext4/

		Extended Verification Module (EVM)
		M: Mimi Zohar <zohar@us.ibm.com>
		M: Mimi Zohar <zohar@linux.vnet.ibm.com>
		L: linux-ima-devel@lists.sourceforge.net
		L: linux-security-module@vger.kernel.org
		S: Supported
		F: security/integrity/evm/

		@@ -4423,8 +4425,11 @@ S: Maintained
		F: drivers/ipack/

		INTEGRITY MEASUREMENT ARCHITECTURE (IMA)
		M: Mimi Zohar <zohar@us.ibm.com>
		M: Mimi Zohar <zohar@linux.vnet.ibm.com>
		M: Dmitry Kasatkin <d.kasatkin@samsung.com>
		L: linux-ima-devel@lists.sourceforge.net
		L: linux-ima-user@lists.sourceforge.net
		L: linux-security-module@vger.kernel.org
		S: Supported
		F: security/integrity/ima/

		@@ -5092,8 +5097,8 @@ F: include/keys/
		F: security/keys/

		KEYS-TRUSTED
		M: David Safford <safford@watson.ibm.com>
		M: Mimi Zohar <zohar@us.ibm.com>
		M: David Safford <safford@us.ibm.com>
		M: Mimi Zohar <zohar@linux.vnet.ibm.com>
		L: linux-security-module@vger.kernel.org
		L: keyrings@linux-nfs.org
		S: Supported
		@@ -5103,8 +5108,8 @@ F: security/keys/trusted.c
		F: security/keys/trusted.h

		KEYS-ENCRYPTED
		M: Mimi Zohar <zohar@us.ibm.com>
		M: David Safford <safford@watson.ibm.com>
		M: Mimi Zohar <zohar@linux.vnet.ibm.com>
		M: David Safford <safford@us.ibm.com>
		L: linux-security-module@vger.kernel.org
		L: keyrings@linux-nfs.org
		S: Supported
		@@ -7787,11 +7792,10 @@ M: Security Officers <security@kernel.org>
		S: Supported

		SELINUX SECURITY MODULE
		M: Paul Moore <paul@paul-moore.com>
		M: Stephen Smalley <sds@tycho.nsa.gov>
		M: James Morris <james.l.morris@oracle.com>
		M: Eric Paris <eparis@parisplace.org>
		M: Paul Moore <paul@paul-moore.com>
		L: selinux@tycho.nsa.gov (subscribers-only, general discussion)
		L: selinux@tycho.nsa.gov (moderated for non-subscribers)
		W: http://selinuxproject.org
		T: git git://git.infradead.org/users/pcmoore/selinux
		S: Supported

include/linux/fs.h

+3 −3

Original line number	Diff line number	Diff line
		@@ -589,6 +589,9 @@ struct inode {
		atomic_t i_count;
		atomic_t i_dio_count;
		atomic_t i_writecount;
		#ifdef CONFIG_IMA
		atomic_t i_readcount; /* struct files open RO */
		#endif
		const struct file_operations i_fop; / former ->i_op->default_file_ops */
		struct file_lock *i_flock;
		struct address_space i_data;
		@@ -609,9 +612,6 @@ struct inode {
		struct hlist_head i_fsnotify_marks;
		#endif

		#ifdef CONFIG_IMA
		atomic_t i_readcount; /* struct files open RO */
		#endif
		void i_private; / fs or device private pointer */
		};

kernel/capability.c

+10 −19

Original line number	Diff line number	Diff line
		@@ -7,6 +7,8 @@
		* 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net>
		*/

		#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

		#include <linux/audit.h>
		#include <linux/capability.h>
		#include <linux/mm.h>
		@@ -42,15 +44,10 @@ __setup("no_file_caps", file_caps_disable);

		static void warn_legacy_capability_use(void)
		{
		static int warned;
		if (!warned) {
		char name[sizeof(current->comm)];

		printk(KERN_INFO "warning: `%s' uses 32-bit capabilities"
		" (legacy support in use)\n",
		pr_info_once("warning: `%s' uses 32-bit capabilities (legacy support in use)\n",
		get_task_comm(name, current));
		warned = 1;
		}
		}

		/*
		@@ -71,16 +68,10 @@ static void warn_legacy_capability_use(void)

		static void warn_deprecated_v2(void)
		{
		static int warned;

		if (!warned) {
		char name[sizeof(current->comm)];

		printk(KERN_INFO "warning: `%s' uses deprecated v2"
		" capabilities in a way that may be insecure.\n",
		pr_info_once("warning: `%s' uses deprecated v2 capabilities in a way that may be insecure\n",
		get_task_comm(name, current));
		warned = 1;
		}
		}

		/*
		@@ -380,7 +371,7 @@ bool has_capability_noaudit(struct task_struct *t, int cap)
		bool ns_capable(struct user_namespace *ns, int cap)
		{
		if (unlikely(!cap_valid(cap))) {
		printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap);
		pr_crit("capable() called with invalid cap=%u\n", cap);
		BUG();
		}

kernel/seccomp.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -290,7 +290,7 @@ free_prog:
		*
		* Returns 0 on success and non-zero otherwise.
		*/
		long seccomp_attach_user_filter(char __user *user_filter)
		static long seccomp_attach_user_filter(char __user *user_filter)
		{
		struct sock_fprog fprog;
		long ret = -EFAULT;

security/Makefile

+6 −6

Original line number	Diff line number	Diff line
		@@ -16,14 +16,14 @@ obj-$(CONFIG_MMU) += min_addr.o
		# Object file lists
		obj-$(CONFIG_SECURITY) += security.o capability.o
		obj-$(CONFIG_SECURITYFS) += inode.o
		obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
		obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o
		obj-$(CONFIG_SECURITY_SELINUX) += selinux/
		obj-$(CONFIG_SECURITY_SMACK) += smack/
		obj-$(CONFIG_AUDIT) += lsm_audit.o
		obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o
		obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/built-in.o
		obj-$(CONFIG_SECURITY_YAMA) += yama/built-in.o
		obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/
		obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/
		obj-$(CONFIG_SECURITY_YAMA) += yama/
		obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o

		# Object integrity file lists
		subdir-$(CONFIG_INTEGRITY) += integrity
		obj-$(CONFIG_INTEGRITY) += integrity/built-in.o
		obj-$(CONFIG_INTEGRITY) += integrity/

Admin message