| Message ID | 36dcbc7a-9534-a692-a2da-a3cd4be76158@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [Pull,ARTFUL] LSM stacking | expand |
On Thu, Sep 28, 2017 at 04:08:58PM -0400, John Johansen wrote: > The following changes since commit 80253b13f72f2637dafb4a63cde565e1ffb8e84d: > > UBUNTU: SAUCE: apparmor: fix apparmorfs DAC access permissions (2017-08-31 16:35:09 -0700) > > are available in the git repository at: > > git://kernel.ubuntu.com/jj/ubuntu-artful.git lsm-stacking-revised > > for you to fetch changes up to e4c8b7ce83f9d9b74396f35a4f8bcffd591e356e: > > UBUNTU: SAUCE: LSM stacking: add configs for LSM stacking (2017-09-28 14:25:37 -0400) Applied to artful/master-next, thanks. I tried cherry picking these onto our 4.14-rc2 unstable kernel too but hit conflicts. Should we be trying to get that in unstable now or wait for further updates? Seth
On 09/28/2017 04:43 PM, Seth Forshee wrote: > On Thu, Sep 28, 2017 at 04:08:58PM -0400, John Johansen wrote: >> The following changes since commit 80253b13f72f2637dafb4a63cde565e1ffb8e84d: >> >> UBUNTU: SAUCE: apparmor: fix apparmorfs DAC access permissions (2017-08-31 16:35:09 -0700) >> >> are available in the git repository at: >> >> git://kernel.ubuntu.com/jj/ubuntu-artful.git lsm-stacking-revised >> >> for you to fetch changes up to e4c8b7ce83f9d9b74396f35a4f8bcffd591e356e: >> >> UBUNTU: SAUCE: LSM stacking: add configs for LSM stacking (2017-09-28 14:25:37 -0400) > > Applied to artful/master-next, thanks. > > I tried cherry picking these onto our 4.14-rc2 unstable kernel too but > hit conflicts. Should we be trying to get that in unstable now or wait > for further updates? > I have a local 4.14 version I have just started a test build of, I'll shoot you the patches once they have been tested
The following changes since commit 80253b13f72f2637dafb4a63cde565e1ffb8e84d: UBUNTU: SAUCE: apparmor: fix apparmorfs DAC access permissions (2017-08-31 16:35:09 -0700) are available in the git repository at: git://kernel.ubuntu.com/jj/ubuntu-artful.git lsm-stacking-revised for you to fetch changes up to e4c8b7ce83f9d9b74396f35a4f8bcffd591e356e: UBUNTU: SAUCE: LSM stacking: add configs for LSM stacking (2017-09-28 14:25:37 -0400) ---------------------------------------------------------------- Casey Schaufler (7): UBUNTU: SAUCE: LSM stacking: procfs: add smack subdir to attrs UBUNTU: SAUCE: LSM stacking: LSM: manage credential security blobs UBUNTU: SAUCE: LSM stacking: LSM: Manage file security blobs UBUNTU: SAUCE: LSM stacking: LSM: manage task security blobs UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the remaining blobs UBUNTU: SAUCE: LSM stacking: LSM: general but not extreme module stacking UBUNTU: SAUCE: LSM stacking: LSM: Complete task_alloc hook John Johansen (17): UBUNTU: SAUCE: LSM stacking: fixup procsfs: add smack subdir to attrs UBUNTU: SAUCE: LSM stacking: fixup initialize task->security UBUNTU: SAUCE: LSM stacking: fixup: alloc_task_ctx is dead code UBUNTU: SAUCE: LSM stacking: add support for stacking getpeersec_stream UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor network hooks UBUNTU: SAUCE: LSM stacking: fixup apparmor stacking enablement UBUNTU: SAUCE: LSM stacking: fixup stacking kconfig UBUNTU: SAUCE: LSM stacking: allow selecting multiple LSMs using kernel boot params UBUNTU: SAUCE: LSM stacking: provide prctl interface for setting context UBUNTU: SAUCE: LSM stacking: inherit current display LSM UBUNTU: SAUCE: LSM stacking: keep an index for each registered LSM UBUNTU: SAUCE: LSM stacking: verify display LSM UBUNTU: SAUCE: LSM stacking: provide a way to specify the default display lsm UBUNTU: SAUCE: LSM stacking: make sure LSM blob align on 64 bit boundaries UBUNTU: SAUCE: LSM stacking: add /proc/<pid>/attr/display_lsm UBUNTU: SAUCE: LSM stacking: add Kconfig to set default display LSM UBUNTU: SAUCE: LSM stacking: add configs for LSM stacking Documentation/admin-guide/LSM/index.rst | 31 +- debian.master/config/annotations | 10 +- debian.master/config/config.common.ubuntu | 13 + fs/proc/base.c | 98 +++- fs/proc/internal.h | 1 + include/linux/lsm_hooks.h | 40 +- include/linux/security.h | 15 +- include/uapi/linux/prctl.h | 6 + kernel/cred.c | 13 - kernel/fork.c | 3 + security/Kconfig | 141 +++++ security/apparmor/context.c | 12 - security/apparmor/include/context.h | 25 +- security/apparmor/include/file.h | 2 +- security/apparmor/include/net.h | 12 +- security/apparmor/lsm.c | 118 ++-- security/security.c | 876 +++++++++++++++++++++++++++++- security/selinux/hooks.c | 513 ++++++----------- security/selinux/include/objsec.h | 87 ++- security/selinux/netlabel.c | 15 +- security/selinux/selinuxfs.c | 5 +- security/selinux/ss/services.c | 3 +- security/selinux/xfrm.c | 4 +- security/smack/smack.h | 90 ++- security/smack/smack_access.c | 2 +- security/smack/smack_lsm.c | 526 ++++++------------ security/smack/smack_netfilter.c | 8 +- security/smack/smackfs.c | 18 +- security/tomoyo/common.h | 30 +- security/tomoyo/domain.c | 4 +- security/tomoyo/securityfs_if.c | 13 +- security/tomoyo/tomoyo.c | 52 +- 32 files changed, 1929 insertions(+), 857 deletions(-)