From patchwork Thu Sep 28 20:08:58 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Johansen X-Patchwork-Id: 819728 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 3y35PJ74jMz9s06; Fri, 29 Sep 2017 06:09:08 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1dxf7F-0003o8-Pc; Thu, 28 Sep 2017 20:09:01 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1dxf7D-0003nL-Kg for kernel-team@lists.ubuntu.com; Thu, 28 Sep 2017 20:08:59 +0000 Received: from rrcs-69-193-151-51.nyc.biz.rr.com ([69.193.151.51] helo=[10.155.61.55]) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1dxf7D-0007zN-BK for kernel-team@lists.ubuntu.com; Thu, 28 Sep 2017 20:08:59 +0000 To: Kernel team list From: John Johansen Subject: [Pull][ARTFUL] LSM stacking Organization: Canonical Message-ID: <36dcbc7a-9534-a692-a2da-a3cd4be76158@canonical.com> Date: Thu, 28 Sep 2017 16:08:58 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 Content-Language: en-GB X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" The following changes since commit 80253b13f72f2637dafb4a63cde565e1ffb8e84d: UBUNTU: SAUCE: apparmor: fix apparmorfs DAC access permissions (2017-08-31 16:35:09 -0700) are available in the git repository at: git://kernel.ubuntu.com/jj/ubuntu-artful.git lsm-stacking-revised for you to fetch changes up to e4c8b7ce83f9d9b74396f35a4f8bcffd591e356e: UBUNTU: SAUCE: LSM stacking: add configs for LSM stacking (2017-09-28 14:25:37 -0400) ---------------------------------------------------------------- Casey Schaufler (7): UBUNTU: SAUCE: LSM stacking: procfs: add smack subdir to attrs UBUNTU: SAUCE: LSM stacking: LSM: manage credential security blobs UBUNTU: SAUCE: LSM stacking: LSM: Manage file security blobs UBUNTU: SAUCE: LSM stacking: LSM: manage task security blobs UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the remaining blobs UBUNTU: SAUCE: LSM stacking: LSM: general but not extreme module stacking UBUNTU: SAUCE: LSM stacking: LSM: Complete task_alloc hook John Johansen (17): UBUNTU: SAUCE: LSM stacking: fixup procsfs: add smack subdir to attrs UBUNTU: SAUCE: LSM stacking: fixup initialize task->security UBUNTU: SAUCE: LSM stacking: fixup: alloc_task_ctx is dead code UBUNTU: SAUCE: LSM stacking: add support for stacking getpeersec_stream UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor network hooks UBUNTU: SAUCE: LSM stacking: fixup apparmor stacking enablement UBUNTU: SAUCE: LSM stacking: fixup stacking kconfig UBUNTU: SAUCE: LSM stacking: allow selecting multiple LSMs using kernel boot params UBUNTU: SAUCE: LSM stacking: provide prctl interface for setting context UBUNTU: SAUCE: LSM stacking: inherit current display LSM UBUNTU: SAUCE: LSM stacking: keep an index for each registered LSM UBUNTU: SAUCE: LSM stacking: verify display LSM UBUNTU: SAUCE: LSM stacking: provide a way to specify the default display lsm UBUNTU: SAUCE: LSM stacking: make sure LSM blob align on 64 bit boundaries UBUNTU: SAUCE: LSM stacking: add /proc//attr/display_lsm UBUNTU: SAUCE: LSM stacking: add Kconfig to set default display LSM UBUNTU: SAUCE: LSM stacking: add configs for LSM stacking Documentation/admin-guide/LSM/index.rst | 31 +- debian.master/config/annotations | 10 +- debian.master/config/config.common.ubuntu | 13 + fs/proc/base.c | 98 +++- fs/proc/internal.h | 1 + include/linux/lsm_hooks.h | 40 +- include/linux/security.h | 15 +- include/uapi/linux/prctl.h | 6 + kernel/cred.c | 13 - kernel/fork.c | 3 + security/Kconfig | 141 +++++ security/apparmor/context.c | 12 - security/apparmor/include/context.h | 25 +- security/apparmor/include/file.h | 2 +- security/apparmor/include/net.h | 12 +- security/apparmor/lsm.c | 118 ++-- security/security.c | 876 +++++++++++++++++++++++++++++- security/selinux/hooks.c | 513 ++++++----------- security/selinux/include/objsec.h | 87 ++- security/selinux/netlabel.c | 15 +- security/selinux/selinuxfs.c | 5 +- security/selinux/ss/services.c | 3 +- security/selinux/xfrm.c | 4 +- security/smack/smack.h | 90 ++- security/smack/smack_access.c | 2 +- security/smack/smack_lsm.c | 526 ++++++------------ security/smack/smack_netfilter.c | 8 +- security/smack/smackfs.c | 18 +- security/tomoyo/common.h | 30 +- security/tomoyo/domain.c | 4 +- security/tomoyo/securityfs_if.c | 13 +- security/tomoyo/tomoyo.c | 52 +- 32 files changed, 1929 insertions(+), 857 deletions(-)