lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <795b758412f3cb7dc64777a6fde9c16c@paul-moore.com>
Date: Sun, 23 Mar 2025 15:39:42 -0400
From: Paul Moore <paul@...l-moore.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] lsm/lsm-pr-20250323

Linus,

Here is the LSM framework pull request for the Linux v6.15 merge window,
the highlights are below:

- Various minor updates to the LSM Rust bindings

  Changes include marking trivial Rust bindings as inlines and comment
  tweaks to better reflect the LSM hooks.

- Add LSM/SELinux access controls to io_uring_allowed()

  Similar to the io_uring_disabled sysctl, add a LSM hook to
  io_uring_allowed() to enable LSMs a simple way to enforce security
  policy on the use of io_uring.  This pull request includes SELinux
  support for this new control using the io_uring/allowed permission.

- Remove an unused parameter from the security_perf_event_open() hook

  The perf_event_attr struct parameter was not used by any currently
  supported LSMs, remove it from the hook.

- Add an explicit MAINTAINERS entry for the credentials code

  We've seen problems in the past where patches to the credentials
  code sent by non-maintainers would often languish on the lists for
  multiple months as there was no one explicitly tasked with the
  responsibility of reviewing and/or merging credentials related code.

  Considering that most of the code under security/ has a vested
  interest in ensuring that the credentials code is well maintained,
  I'm volunteering to look after the credentials code and Serge Hallyn
  has also volunteered to step up as an official reviewer.  I posted
  the MAINTAINERS update as a RFC to LKML in hopes that someone else
  would jump up with an "I'll do it!", but beyond Serge it was all
  crickets.

- Update Stephen Smalley's old email address to prevent confusion

  This includes a corresponding update to the mailmap file.

Please merge,
-Paul

--
The following changes since commit 2014c95afecee3e76ca4a56956a936e23283f05b:

  Linux 6.14-rc1 (2025-02-02 15:39:26 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git
    tags/lsm-pr-20250323

for you to fetch changes up to 65b796acea1e5efc13eb29fdb4638fd26deabc17:

  mailmap: map Stephen Smalley's old email addresses
    (2025-03-10 16:06:24 -0400)

----------------------------------------------------------------
lsm/stable-6.15 PR 20250323
----------------------------------------------------------------

Alice Ryhl (3):
      lsm,rust: mark SecurityCtx methods inline
      lsm,rust: reword "destroy" -> "release" in SecurityCtx
      cred,rust: mark Credential methods inline

Hamza Mahfooz (2):
      io_uring: refactor io_uring_allowed()
      io_uring,lsm,selinux: add LSM hooks for io_uring_setup()

Luo Gengkun (1):
      perf: Remove unnecessary parameter of security check

Paul Moore (2):
      lsm: fix a missing security_uring_allowed() prototype
      MAINTAINERS: add an explicit credentials entry

Stephen Smalley (2):
      lsm: remove old email address for Stephen Smalley
      mailmap: map Stephen Smalley's old email addresses

sergeh@...nel.org (1):
      MAINTAINERS: add Serge Hallyn as a credentials reviewer

 .mailmap                            |    2 ++
 MAINTAINERS                         |   10 ++++++++++
 arch/x86/events/intel/bts.c         |    2 +-
 arch/x86/events/intel/core.c        |    2 +-
 arch/x86/events/intel/p4.c          |    2 +-
 drivers/perf/arm_spe_pmu.c          |    4 ++--
 include/linux/lsm_audit.h           |    2 +-
 include/linux/lsm_hook_defs.h       |    3 ++-
 include/linux/perf_event.h          |   10 +++++-----
 include/linux/security.h            |   10 +++++++---
 io_uring/io_uring.c                 |   21 ++++++++++++++-------
 kernel/events/core.c                |   14 +++++++-------
 kernel/trace/trace_event_perf.c     |    4 ++--
 rust/kernel/cred.rs                 |    5 +++++
 rust/kernel/security.rs             |   12 ++++++++----
 security/lsm_audit.c                |    2 +-
 security/security.c                 |   17 ++++++++++++++---
 security/selinux/hooks.c            |   16 +++++++++++++++-
 security/selinux/include/classmap.h |    2 +-
 19 files changed, 99 insertions(+), 41 deletions(-)

--
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ