lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LRH.2.00.0912040030400.16314@tundra.namei.org>
Date:	Fri, 4 Dec 2009 00:32:37 +1100 (EST)
From:	James Morris <jmorris@...ei.org>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
cc:	linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: [GIT] Security subsystem changes for 2.6.33

Hi from FOSS.IN -- please pull.


The following changes since commit 22763c5cf3690a681551162c15d34d935308c8d7:
  Linus Torvalds (1):
        Linux 2.6.32

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 next

Alan Cox (1):
      selinux: Fix warnings

Andrew G. Morgan (1):
      Silence the existing API for capability version compatibility check.

Arjan van de Ven (1):
      capabilities: simplify bound checks for copy_from_user()

Eric Paris (5):
      SELinux: reset the security_ops before flushing the avc cache
      SELinux: add .gitignore files for dynamic classes
      security: report the module name to security_module_request
      SELinux: header generation may hit infinite loop
      SELinux: print denials for buggy kernel with unknown perms

James Morris (3):
      Merge branch 'master' into next
      security: remove root_plug
      Merge branch 'master' into next

John Johansen (1):
      Config option to set a default LSM

Kees Cook (1):
      sysctl: require CAP_SYS_RAWIO to set mmap_min_addr

Matt Domsch (1):
      tpm: autoload tpm_tis based on system PnP IDs

Mimi Zohar (2):
      LSM: imbed ima calls in the security hooks
      tpm add default function definitions

Rajiv Andrade (3):
      TPM: increase default TPM buffer
      TPM: fix pcrread
      tpm_tis: TPM_STS_DATA_EXPECT workaround

Randy Dunlap (1):
      tpm: fix header for modular build

Serge E. Hallyn (2):
      define convenient securebits masks for prctl users (v2)
      remove CONFIG_SECURITY_FILE_CAPABILITIES compile option

Stephen Hemminger (1):
      tomoyo: improve hash bucket dispersion

Stephen Smalley (4):
      selinux: dynamic class/perm discovery
      selinux: generate flask headers during kernel build
      selinux: drop remapping of netlink classes
      SELinux: fix locking issue introduced with c6d3aaa4e35c71a3

Tetsuo Handa (5):
      LSM: Add security_path_chmod() and security_path_chown().
      LSM: Add security_path_chroot().
      LSM: Pass original mount flags to security_sb_mount().
      LSM: Move security_path_chmod()/security_path_chown() to after mutex_lock().
      TOMOYO: Add recursive directory matching operator support.

 Documentation/dontdiff                           |    3 +
 Documentation/kernel-parameters.txt              |   10 -
 drivers/char/tpm/tpm.c                           |    2 +-
 drivers/char/tpm/tpm_tis.c                       |   11 +-
 fs/exec.c                                        |    4 -
 fs/file_table.c                                  |    2 -
 fs/inode.c                                       |   10 -
 fs/namespace.c                                   |   20 +-
 fs/open.c                                        |   27 +-
 include/linux/Kbuild                             |    1 +
 include/linux/capability.h                       |    2 -
 include/linux/init_task.h                        |    4 -
 include/linux/lsm_audit.h                        |   18 +-
 include/linux/securebits.h                       |   24 +-
 include/linux/security.h                         |   48 ++-
 include/linux/tpm.h                              |    9 +-
 kernel/capability.c                              |   15 +-
 kernel/kmod.c                                    |    8 +-
 mm/mmap.c                                        |    4 -
 scripts/selinux/Makefile                         |    4 +-
 scripts/selinux/genheaders/.gitignore            |    1 +
 scripts/selinux/genheaders/Makefile              |    5 +
 scripts/selinux/genheaders/genheaders.c          |  118 +++
 scripts/selinux/mdp/mdp.c                        |  151 +---
 security/Kconfig                                 |   54 +-
 security/Makefile                                |    1 -
 security/capability.c                            |   21 +-
 security/commoncap.c                             |   74 +--
 security/integrity/ima/Kconfig                   |    1 +
 security/lsm_audit.c                             |    4 +
 security/min_addr.c                              |    3 +
 security/root_plug.c                             |   90 ---
 security/security.c                              |   61 ++-
 security/selinux/.gitignore                      |    2 +
 security/selinux/Makefile                        |   10 +-
 security/selinux/avc.c                           |   78 +--
 security/selinux/hooks.c                         |   25 +-
 security/selinux/include/av_inherit.h            |   34 -
 security/selinux/include/av_perm_to_string.h     |  183 -----
 security/selinux/include/av_permissions.h        |  870 ----------------------
 security/selinux/include/avc_ss.h                |   21 +-
 security/selinux/include/class_to_string.h       |   80 --
 security/selinux/include/classmap.h              |  150 ++++
 security/selinux/include/common_perm_to_string.h |   58 --
 security/selinux/include/flask.h                 |   91 ---
 security/selinux/include/security.h              |   13 +-
 security/selinux/selinuxfs.c                     |    4 +-
 security/selinux/ss/Makefile                     |    2 +-
 security/selinux/ss/mls.c                        |    2 +-
 security/selinux/ss/policydb.c                   |   47 ++-
 security/selinux/ss/policydb.h                   |    7 +-
 security/selinux/ss/services.c                   |  562 ++++++++-------
 security/tomoyo/common.c                         |  200 +++--
 security/tomoyo/common.h                         |    4 -
 security/tomoyo/realpath.c                       |   13 +-
 55 files changed, 1083 insertions(+), 2183 deletions(-)
 create mode 100644 scripts/selinux/genheaders/.gitignore
 create mode 100644 scripts/selinux/genheaders/Makefile
 create mode 100644 scripts/selinux/genheaders/genheaders.c
 delete mode 100644 security/root_plug.c
 create mode 100644 security/selinux/.gitignore
 delete mode 100644 security/selinux/include/av_inherit.h
 delete mode 100644 security/selinux/include/av_perm_to_string.h
 delete mode 100644 security/selinux/include/av_permissions.h
 delete mode 100644 security/selinux/include/class_to_string.h
 create mode 100644 security/selinux/include/classmap.h
 delete mode 100644 security/selinux/include/common_perm_to_string.h
 delete mode 100644 security/selinux/include/flask.h


-- 
James Morris
<jmorris@...ei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ