mbox series

[Bionic,request-pull] LSM stacking for bionic

Message ID 11ca541d-391c-48bd-9468-a9140be1cccc@canonical.com
State New
Headers show
Series [Bionic,request-pull] LSM stacking for bionic | expand

Pull-request

ssh://kernel.ubuntu.com/srv/kernel.ubuntu.com/git/jj/ubuntu-artful.git bionic-stacking

Message

John Johansen April 10, 2018, 5:01 p.m. UTC 
This is the LSM stacking patchset for bionic. It is based on the first five
patches of the most recent upstream revision (contains several bug fixes),
and the set of patches from artful ported to the revised base.

It includes a revision to the Kconfig, and Ubuntu config settings so that
it can share the same config enforcement rules as none stacking kernels.


The following changes since commit f02c5a422e9026ff83ca56dd6b1b1164f408ee8b:

  UBUNTU: Ubuntu-4.15.0-12.13 (2018-03-07 22:09:44 +0100)

are available in the git repository at:

  ssh://kernel.ubuntu.com/srv/kernel.ubuntu.com/git/jj/ubuntu-artful.git bionic-stacking

for you to fetch changes up to 082eeecf55bfcfdc3771f62d86d0c235428bca91:

  UBUNTU: SAUCE: LSM stacking: remove procfs context interface (2018-04-10 08:45:45 -0700)

----------------------------------------------------------------
Casey Schaufler (6):
      UBUNTU: SAUCE: LSM stacking: procfs: add smack subdir to attrs
      UBUNTU: SAUCE: LSM stacking: LSM: Manage credential security blobs
      UBUNTU: SAUCE: LSM stacking: LSM: Manage file security blobs
      UBUNTU: SAUCE: LSM stacking: LSM: Manage task security blobs
      UBUNTU: SAUCE: LSM stacking: LSM: Manage remaining security blobs
      UBUNTU: SAUCE: LSM stacking: LSM: General stacking

Colin Ian King (1):
      UBUNTU: SAUCE: LSM stacking: check for invalid zero sized writes

John Johansen (18):
      UBUNTU: SAUCE: LSM stacking: fixup initialize task->security
      UBUNTU: SAUCE: LSM stacking: fixup: alloc_task_ctx is dead code
      UBUNTU: SAUCE: LSM stacking: add support for stacking getpeersec_stream
      UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor network hooks
      UBUNTU: SAUCE: LSM stacking: fixup apparmor stacking enablement
      UBUNTU: SAUCE: LSM stacking: fixup stacking kconfig
      UBUNTU: SAUCE: LSM stacking: allow selecting multiple LSMs using kernel boot params
      UBUNTU: SAUCE: LSM stacking: provide prctl interface for setting context
      UBUNTU: SAUCE: LSM stacking: inherit current display LSM
      UBUNTU: SAUCE: LSM stacking: keep an index for each registered LSM
      UBUNTU: SAUCE: LSM stacking: verify display LSM
      UBUNTU: SAUCE: LSM stacking: provide a way to specify the default display lsm
      UBUNTU: SAUCE: LSM stacking: make sure LSM blob align on 64 bit boundaries
      UBUNTU: SAUCE: LSM stacking: add /proc/<pid>/attr/display_lsm
      UBUNTU: SAUCE: LSM stacking: add Kconfig to set default display LSM
      UBUNTU: SAUCE: LSM stacking: add configs for LSM stacking
      UBUNTU: SAUCE: LSM stacking: add apparmor and selinux proc dirs
      UBUNTU: SAUCE: LSM stacking: remove procfs context interface

 Documentation/admin-guide/LSM/index.rst   |  23 +-
 debian.master/config/annotations          |   5 +
 debian.master/config/config.common.ubuntu |  12 +-
 fs/proc/base.c                            |  96 +++-
 fs/proc/internal.h                        |   1 +
 include/linux/lsm_hooks.h                 |  40 +-
 include/linux/security.h                  |  15 +-
 include/uapi/linux/prctl.h                |   4 +
 kernel/cred.c                             |  13 -
 kernel/fork.c                             |   3 +
 security/Kconfig                          | 165 ++++++-
 security/apparmor/context.c               |  12 -
 security/apparmor/include/context.h       |  25 +-
 security/apparmor/include/file.h          |   2 +-
 security/apparmor/include/net.h           |  12 +-
 security/apparmor/lsm.c                   |  84 ++--
 security/security.c                       | 776 +++++++++++++++++++++++++++++-
 security/selinux/hooks.c                  | 490 ++++++-------------
 security/selinux/include/objsec.h         |  87 +++-
 security/selinux/netlabel.c               |  15 +-
 security/selinux/selinuxfs.c              |   5 +-
 security/selinux/ss/services.c            |   3 +-
 security/selinux/xfrm.c                   |   4 +-
 security/smack/smack.h                    |  90 +++-
 security/smack/smack_access.c             |   2 +-
 security/smack/smack_lsm.c                | 530 +++++++-------------
 security/smack/smack_netfilter.c          |   8 +-
 security/smack/smackfs.c                  |  18 +-
 security/tomoyo/common.h                  |  31 +-
 security/tomoyo/domain.c                  |   4 +-
 security/tomoyo/securityfs_if.c           |  15 +-
 security/tomoyo/tomoyo.c                  |  57 ++-
 32 files changed, 1777 insertions(+), 870 deletions(-)

Comments

Seth Forshee April 10, 2018, 6:07 p.m. UTC | #1 
On Tue, Apr 10, 2018 at 10:01:16AM -0700, John Johansen wrote:
> This is the LSM stacking patchset for bionic. It is based on the first five
> patches of the most recent upstream revision (contains several bug fixes),
> and the set of patches from artful ported to the revised base.
> 
> It includes a revision to the Kconfig, and Ubuntu config settings so that
> it can share the same config enforcement rules as none stacking kernels.
> 
> 
> The following changes since commit f02c5a422e9026ff83ca56dd6b1b1164f408ee8b:
> 
>   UBUNTU: Ubuntu-4.15.0-12.13 (2018-03-07 22:09:44 +0100)
> 
> are available in the git repository at:
> 
>   ssh://kernel.ubuntu.com/srv/kernel.ubuntu.com/git/jj/ubuntu-artful.git bionic-stacking
> 
> for you to fetch changes up to 082eeecf55bfcfdc3771f62d86d0c235428bca91:
> 
>   UBUNTU: SAUCE: LSM stacking: remove procfs context interface (2018-04-10 08:45:45 -0700)

Applied to bionic/master-next, thanks!