lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <74f395ba13926ab0391bd8714abc6036@paul-moore.com>
Date: Tue, 03 Feb 2026 23:10:38 -0500
From: Paul Moore <paul@...l-moore.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: selinux@...r.kernel.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] selinux/selinux-pr-20260203

Linus,

This is a bit early, but due to some personal scheduling I'd rather send
this to you now, and you always mention you prefer to get pull requests
early (perhaps not this early?) so here is hoping this is a win-win.

Here are the highlights for the SELinux changes queued for the Linux v7.0
merge window:

- Add support for SELinux based access control of BPF tokens

We worked with the BPF devs to add the necessary LSM hooks when the BPF
token code was first introduced, but it took us a bit longer to add the
SELinux wiring and support.  In order to preserve existing token-unaware
SELinux policies, the new code is gated by the new "bpf_token_perms"
policy capability.

Additional details regarding the new permissions, and behaviors can be
found in the associated commit.

- Remove a BUG() from the SELinux capability code

We now perform a similar check during compile time so we can safely
remove the BUG() call.

Paul

--
The following changes since commit 8f0b4cce4481fb22653697cced8d0d04027cb1e8:

  Linux 6.19-rc1 (2025-12-14 16:05:07 +1200)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
    tags/selinux-pr-20260203

for you to fetch changes up to ea64aa57d596c4cbe518ffd043c52ef64089708d:

  selinux: drop the BUG() in cred_has_capability()
    (2026-01-14 16:26:21 -0500)

----------------------------------------------------------------
selinux/stable-7.0 PR 20260203
----------------------------------------------------------------

Eric Suen (1):
      selinux: add support for BPF token access control

Paul Moore (3):
      selinux: move the selinux_blob_sizes struct
      selinux: fix a capabilities parsing typo in
         selinux_bpf_token_capable()
      selinux: drop the BUG() in cred_has_capability()

 security/selinux/hooks.c                   |  163 +++++++++++++++++----
 security/selinux/include/classmap.h        |    2 
 security/selinux/include/objsec.h          |    3 
 security/selinux/include/policycap.h       |    1 
 security/selinux/include/policycap_names.h |    1 
 security/selinux/include/security.h        |    6 
 6 files changed, 151 insertions(+), 25 deletions(-)

--
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ