cdab10bf32
-----BEGIN PGP SIGNATURE----- iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmGANbAUHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXNaMBAAg+9gZr0F7xiafu8JFZqZfx/AQdJ2 G2cn3le+/tXGZmF8m/+82lOaR6LeQLatgSDJNSkXWkKr0nRwseQJDbtRfvYJdn0t Ax05/Fmz6OGxQ2wgRYgaFiSrKpE5p3NhDtiLFVdkCJaQNe/8DZOc7NhBl6EjZf3x ubhl2hUiJ4AmiXGwcYhr4uKgP4nhW8OM1/OkskVi+bBMmLA8KTY9kslmIDP5E3BW 29W4qhqeLNQupY5dGMEMVcyxY9ZUWpO39q4uOaQVZrUGE7xABkj/jhnxT5gFTSlI pu8VhsYXm9KuRVveIsv0L5SZfadwoM9YAl7ki1wD3W5rHqOAte3rBTm6VmNlQwfU MqxP65Jiyxudxet5Be3/dCRH/+MDQuwBxivgmZXbeVxor2SeznVb0GDaEUC5FSHu CJIgWtQzsPJMxgAEGXN4F3QGP0htTTJni56GUPOsrf4TIBW02TT+oLTLFRIokQQL INNOfwVSRXElnCsvxsHR4oB+JZ9pJyBaAmeupcQ6jmcKiWlbLj4s+W0U0pM5h91v hmMpz7KMxrX6gVL4gB2Jj4aN3r5YRbq26NBu6D+wdwwBTeTTocaHSpAqkv4buClf uNk3cG8Hkp8TTg9cM8jYgpxMyzKH/AI/Uw3VhEa1xCiq2Ck3DgfnZvnvcRRaZevU FPgmwgqePJXGi60= =sb8J -----END PGP SIGNATURE----- Merge tag 'selinux-pr-20211101' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux Pull selinux updates from Paul Moore: - Add LSM/SELinux/Smack controls and auditing for io-uring. As usual, the individual commit descriptions have more detail, but we were basically missing two things which we're adding here: + establishment of a proper audit context so that auditing of io-uring ops works similarly to how it does for syscalls (with some io-uring additions because io-uring ops are *not* syscalls) + additional LSM hooks to enable access control points for some of the more unusual io-uring features, e.g. credential overrides. The additional audit callouts and LSM hooks were done in conjunction with the io-uring folks, based on conversations and RFC patches earlier in the year. - Fixup the binder credential handling so that the proper credentials are used in the LSM hooks; the commit description and the code comment which is removed in these patches are helpful to understand the background and why this is the proper fix. - Enable SELinux genfscon policy support for securityfs, allowing improved SELinux filesystem labeling for other subsystems which make use of securityfs, e.g. IMA. * tag 'selinux-pr-20211101' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: security: Return xattr name from security_dentry_init_security() selinux: fix a sock regression in selinux_ip_postroute_compat() binder: use cred instead of task for getsecid binder: use cred instead of task for selinux checks binder: use euid from cred instead of using task LSM: Avoid warnings about potentially unused hook variables selinux: fix all of the W=1 build warnings selinux: make better use of the nf_hook_state passed to the NF hooks selinux: fix race condition when computing ocontext SIDs selinux: remove unneeded ipv6 hook wrappers selinux: remove the SELinux lockdown implementation selinux: enable genfscon labeling for securityfs Smack: Brutalist io_uring support selinux: add support for the io_uring access controls lsm,io_uring: add LSM hooks to io_uring io_uring: convert io_uring to the secure anon inode interface fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure() audit: add filtering for io_uring records audit,io_uring,io-wq: add some basic audit support to io_uring audit: prepare audit_context for use in calling contexts beyond syscalls |
||
---|---|---|
.. | ||
blocklayout | ||
filelayout | ||
flexfilelayout | ||
cache_lib.c | ||
cache_lib.h | ||
callback_proc.c | ||
callback_xdr.c | ||
callback.c | ||
callback.h | ||
client.c | ||
delegation.c | ||
delegation.h | ||
dir.c | ||
direct.c | ||
dns_resolve.c | ||
dns_resolve.h | ||
export.c | ||
file.c | ||
fs_context.c | ||
fscache-index.c | ||
fscache.c | ||
fscache.h | ||
getroot.c | ||
inode.c | ||
internal.h | ||
io.c | ||
iostat.h | ||
Kconfig | ||
Makefile | ||
mount_clnt.c | ||
namespace.c | ||
netns.h | ||
nfs2super.c | ||
nfs2xdr.c | ||
nfs3_fs.h | ||
nfs3acl.c | ||
nfs3client.c | ||
nfs3proc.c | ||
nfs3super.c | ||
nfs3xdr.c | ||
nfs4_fs.h | ||
nfs4client.c | ||
nfs4file.c | ||
nfs4getroot.c | ||
nfs4idmap.c | ||
nfs4idmap.h | ||
nfs4namespace.c | ||
nfs4proc.c | ||
nfs4renewd.c | ||
nfs4session.c | ||
nfs4session.h | ||
nfs4state.c | ||
nfs4super.c | ||
nfs4sysctl.c | ||
nfs4trace.c | ||
nfs4trace.h | ||
nfs4xdr.c | ||
nfs42.h | ||
nfs42proc.c | ||
nfs42xattr.c | ||
nfs42xdr.c | ||
nfs.h | ||
nfsroot.c | ||
nfstrace.c | ||
nfstrace.h | ||
pagelist.c | ||
pnfs_dev.c | ||
pnfs_nfs.c | ||
pnfs.c | ||
pnfs.h | ||
proc.c | ||
read.c | ||
super.c | ||
symlink.c | ||
sysctl.c | ||
sysfs.c | ||
sysfs.h | ||
unlink.c | ||
write.c |