| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 May 2024 17:23:02 -0400
From: Paul Moore <paul@...l-moore.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: selinux@...r.kernel.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] selinux/selinux-pr-20240513
Linus,
We've got a variety of SELinux patches queued for Linux v6.10, the
highlights are below:
- Attempt to pre-allocate the SELinux status page so it doesn't appear
to userspace that we are skipping SELinux policy sequence numbers.
- Reject invalid SELinux policy bitmaps with an error at policy load
time.
- Consistently use the same type, u32, for ebitmap offsets.
- Improve the "symhash" hash function for better distribution on common
policies.
- Correct a number of printk format specifiers in the ebitmap code.
- Improved error checking in sel_write_load().
- Ensure we have a proper return code in the
filename_trans_read_helper_compat() function.
- Make better use of the current_sid() helper function.
- Allow for more hash table statistics when debugging is enabled.
- Migrate from printk_ratelimit() to pr_warn_ratelimited().
- Miscellaneous cleanups and tweaks to selinux_lsm_getattr().
- More consitification work in the conditional policy space.
Please merge,
-Paul
--
The following changes since commit 4cece764965020c22cff7665b18a012006359095:
Linux 6.9-rc1 (2024-03-24 14:10:05 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
tags/selinux-pr-20240513
for you to fetch changes up to 581646c3fb98494009671f6d347ea125bc0e663a:
selinux: constify source policy in cond_policydb_dup()
(2024-04-30 19:01:04 -0400)
----------------------------------------------------------------
selinux/stable-6.10 PR 20240513
----------------------------------------------------------------
Christian Göttsche (9):
selinux: reject invalid ebitmaps
selinux: update numeric format specifiers for ebitmaps
selinux: make more use of current_sid()
selinux: dump statistics for more hash tables
selinux: improve symtab string hashing
selinux: use u32 as bit position type in ebitmap code
selinux: pre-allocate the status page
selinux: avoid printk_ratelimit()
selinux: constify source policy in cond_policydb_dup()
Ondrej Mosnacek (1):
selinux: clarify return code in filename_trans_read_helper_compat()
Paul Moore (2):
selinux: cleanup selinux_lsm_getattr()
selinux: improve error checking in sel_write_load()
security/selinux/hooks.c | 58 ++++++++++++++---------------------
security/selinux/selinuxfs.c | 36 ++++++++++++++----------
security/selinux/ss/conditional.c | 18 +++++++-----
security/selinux/ss/conditional.h | 2 +-
security/selinux/ss/ebitmap.c | 50 +++++++++++++++++++++------------
security/selinux/ss/ebitmap.h | 38 ++++++++++++-------------
security/selinux/ss/hashtab.c | 10 ++++---
security/selinux/ss/hashtab.h | 4 +--
security/selinux/ss/policydb.c | 24 +++++++++++-----
security/selinux/ss/services.c | 3 +-
security/selinux/ss/symtab.c | 20 +++++++-------
security/selinux/xfrm.c | 7 ++---
12 files changed, 145 insertions(+), 125 deletions(-)
--
paul-moore.com
Powered by blists - more mailing lists