Linux kernel source tree https://git.amat.us/linux/atom/security/apparmor?h=v3.3 2012-01-15T02:36:33Z 2012-01-15T02:36:33Z Linus Torvalds torvalds@linux-foundation.org 2012-01-15T02:36:33Z urn:sha1:c49c41a4134679cecb77362e7f6b59acb6320aa7 * 'for-linus' of git://selinuxproject.org/~jmorris/linux-security: capabilities: remove __cap_full_set definition security: remove the security_netlink_recv hook as it is equivalent to capable() ptrace: do not audit capability check when outputing /proc/pid/stat capabilities: remove task_ns_* functions capabitlies: ns_capable can use the cap helpers rather than lsm call capabilities: style only - move capable below ns_capable capabilites: introduce new has_ns_capabilities_noaudit capabilities: call has_ns_capability from has_capability capabilities: remove all _real_ interfaces capabilities: introduce security_capable_noaudit capabilities: reverse arguments to security_capable capabilities: remove the task from capable LSM hook entirely selinux: sparse fix: fix several warnings in the security server cod selinux: sparse fix: fix warnings in netlink code selinux: sparse fix: eliminate warnings for selinuxfs selinux: sparse fix: declare selinux_disable() in security.h selinux: sparse fix: move selinux_complete_init selinux: sparse fix: make selinux_secmark_refcount static SELinux: Fix RCU deref check warning in sel_netport_insert() Manually fix up a semantic mis-merge wrt security_netlink_recv(): - the interface was removed in commit fd7784615248 ("security: remove the security_netlink_recv hook as it is equivalent to capable()") - a new user of it appeared in commit a38f7907b926 ("crypto: Add userspace configuration API") causing no automatic merge conflict, but Eric Paris pointed out the issue. 2012-01-12T23:02:20Z Rusty Russell rusty@rustcorp.com.au 2012-01-12T23:02:20Z urn:sha1:90ab5ee94171b3e28de6bb42ee30b527014e0be7 module_param(bool) used to counter-intuitively take an int. In fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy trick. It's time to remove the int/unsigned int option. For this version it'll simply give a warning, but it'll break next kernel version. Acked-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2012-01-11T05:51:23Z Linus Torvalds torvalds@linux-foundation.org 2012-01-11T05:51:23Z urn:sha1:e7691a1ce341c80ed9504244a36b31c025217391 * 'for-linus' of git://selinuxproject.org/~jmorris/linux-security: (32 commits) ima: fix invalid memory reference ima: free duplicate measurement memory security: update security_file_mmap() docs selinux: Casting (void *) value returned by kmalloc is useless apparmor: fix module parameter handling Security: tomoyo: add .gitignore file tomoyo: add missing rcu_dereference() apparmor: add missing rcu_dereference() evm: prevent racing during tfm allocation evm: key must be set once during initialization mpi/mpi-mpow: NULL dereference on allocation failure digsig: build dependency fix KEYS: Give key types their own lockdep class for key->sem TPM: fix transmit_cmd error logic TPM: NSC and TIS drivers X86 dependency fix TPM: Export wait_for_stat for other vendor specific drivers TPM: Use vendor specific function for status probe tpm_tis: add delay after aborting command tpm_tis: Check return code from getting timeouts/durations tpm: Introduce function to poll for result of self test ... Fix up trivial conflict in lib/Makefile due to addition of CONFIG_MPI and SIGSIG next to CONFIG_DQL addition. 2012-01-09T01:16:48Z James Morris jmorris@namei.org 2012-01-09T01:16:48Z urn:sha1:8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8 Conflicts: security/integrity/evm/evm_crypto.c Resolved upstream fix vs. next conflict manually. Signed-off-by: James Morris <jmorris@namei.org> 2012-01-07T04:16:53Z Al Viro viro@zeniv.linux.org.uk 2011-12-08T15:51:53Z urn:sha1:cdcf116d44e78c7216ba9f8be9af1cdfca7af728 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-01-05T23:52:53Z Eric Paris eparis@redhat.com 2012-01-03T17:25:14Z urn:sha1:6a9de49115d5ff9871d953af1a5c8249e1585731 The capabilities framework is based around credentials, not necessarily the current task. Yet we still passed the current task down into LSMs from the security_capable() LSM hook as if it was a meaningful portion of the security decision. This patch removes the 'generic' passing of current and instead forces individual LSMs to use current explicitly if they think it is appropriate. In our case those LSMs are SELinux and AppArmor. I believe the AppArmor use of current is incorrect, but that is wholely unrelated to this patch. This patch does not change what AppArmor does, it just makes it clear in the AppArmor code that it is doing it. The SELinux code still uses current in it's audit message, which may also be wrong and needs further investigation. Again this is NOT a change, it may have always been wrong, this patch just makes it clear what is happening. Signed-off-by: Eric Paris <eparis@redhat.com> 2012-01-04T03:55:19Z Al Viro viro@zeniv.linux.org.uk 2011-11-21T19:58:38Z urn:sha1:04fc66e789a896e684bfdca30208e57eb832dd96 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-01-04T03:55:18Z Al Viro viro@zeniv.linux.org.uk 2011-11-21T19:56:21Z urn:sha1:4572befe248fd0d94aedc98775e3f0ddc8a26651 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-01-04T03:55:13Z Al Viro viro@zeniv.linux.org.uk 2011-07-26T08:30:04Z urn:sha1:52ef0c042bf06f6aef382fade175075627beebc1 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-01-04T03:55:13Z Al Viro viro@zeniv.linux.org.uk 2011-07-26T08:25:58Z urn:sha1:910f4ecef3f67714ebff69d0bc34313e48afaed2 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>