kernel/include/linux/lsm_hooks.h, branch linux-5.2.yHosts the 0x221E linux distro kernel.https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-5.2.y2019-05-08T03:17:51ZMerge branch 'work.mount-syscalls' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs2019-05-08T03:17:51ZLinus Torvaldstorvalds@linux-foundation.org2019-05-08T03:17:51Zurn:sha1:400913252d09f9cfb8cce33daee43167921fc343
Pull mount ABI updates from Al Viro:
"The syscalls themselves, finally.
That's not all there is to that stuff, but switching individual
filesystems to new methods is fortunately independent from everything
else, so e.g. NFS series can go through NFS tree, etc.
As those conversions get done, we'll be finally able to get rid of a
bunch of duplication in fs/super.c introduced in the beginning of the
entire thing. I expect that to be finished in the next window..."
* 'work.mount-syscalls' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
vfs: Add a sample program for the new mount API
vfs: syscall: Add fspick() to select a superblock for reconfiguration
vfs: syscall: Add fsmount() to create a mount for a superblock
vfs: syscall: Add fsconfig() for configuring and managing a context
vfs: Implement logging through fs_context
vfs: syscall: Add fsopen() to prepare for superblock creation
Make anon_inodes unconditional
teach move_mount(2) to work with OPEN_TREE_CLONE
vfs: syscall: Add move_mount(2) to move mounts around
vfs: syscall: Add open_tree(2) to reference or clone a mount
Merge tag 'selinux-pr-20190507' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux2019-05-08T01:48:09ZLinus Torvaldstorvalds@linux-foundation.org2019-05-08T01:48:09Zurn:sha1:f72dae20891d7bcc43e9263ab206960b6ae5209f
Pull selinux updates from Paul Moore:
"We've got a few SELinux patches for the v5.2 merge window, the
highlights are below:
- Add LSM hooks, and the SELinux implementation, for proper labeling
of kernfs. While we are only including the SELinux implementation
here, the rest of the LSM folks have given the hooks a thumbs-up.
- Update the SELinux mdp (Make Dummy Policy) script to actually work
on a modern system.
- Disallow userspace to change the LSM credentials via
/proc/self/attr when the task's credentials are already overridden.
The change was made in procfs because all the LSM folks agreed this
was the Right Thing To Do and duplicating it across each LSM was
going to be annoying"
* tag 'selinux-pr-20190507' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
proc: prevent changes to overridden credentials
selinux: Check address length before reading address family
kernfs: fix xattr name handling in LSM helpers
MAINTAINERS: update SELinux file patterns
selinux: avoid uninitialized variable warning
selinux: remove useless assignments
LSM: lsm_hooks.h - fix missing colon in docstring
selinux: Make selinux_kernfs_init_security static
kernfs: initialize security of newly created nodes
selinux: implement the kernfs_init_security hook
LSM: add new hook for kernfs node initialization
kernfs: use simple_xattrs for security attributes
selinux: try security xattr after genfs for kernfs filesystems
kernfs: do not alloc iattrs in kernfs_xattr_get
kernfs: clean up struct kernfs_iattrs
scripts/selinux: fix build
selinux: use kernel linux/socket.h for genheaders and mdp
scripts/selinux: modernize mdp
LSM: lsm_hooks.h: fix documentation format2019-03-26T23:46:22ZDenis Efremovefremov@ispras.ru2019-02-26T20:49:12Zurn:sha1:8d93e952fba216cd0811247f6360d97e0465d5fc
Fix for name mismatch and omitted colons in the
security_list_options documentation.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
LSM: fix documentation for the shm_* hooks2019-03-26T23:46:22ZDenis Efremovefremov@ispras.ru2019-02-26T20:49:11Zurn:sha1:9c53cb9d5648e9daacf6a21bcd8bb2919bed3536
The shm_* hooks were changed in the commit
"shm/security: Pass kern_ipc_perm not shmid_kernel into the
shm security hooks" (7191adff2a55). The type of the argument
shp was changed from shmid_kernel to kern_ipc_perm. This patch
updates the documentation for the hooks accordingly.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
LSM: fix documentation for the sem_* hooks2019-03-26T23:46:22ZDenis Efremovefremov@ispras.ru2019-02-26T20:49:10Zurn:sha1:e9220bc8b79aebfaa8bc4fee2e8785618daeb42a
The sem_* hooks were changed in the commit
"sem/security: Pass kern_ipc_perm not sem_array into the
sem security hooks" (aefad9593ec5). The type of the argument
sma was changed from sem_array to kern_ipc_perm. This patch
updates the documentation for the hooks accordingly.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
LSM: fix documentation for the msg_queue_* hooks2019-03-26T23:46:22ZDenis Efremovefremov@ispras.ru2019-02-26T20:49:09Zurn:sha1:ab012bc83615e843f14d6ba2556f52c60ecf121f
The msg_queue_* hooks were changed in the commit
"msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue
security hooks" (d8c6e8543294). The type of the argument msq was changed
from msq_queue to kern_ipc_perm. This patch updates the documentation
for the hooks accordingly.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
LSM: fix documentation for the audit_* hooks2019-03-26T23:46:21ZDenis Efremovefremov@ispras.ru2019-02-26T20:49:08Zurn:sha1:5fdd268f6eb8e84f04ae2458cc640f7c7331dd19
This patch updates the documentation for the audit_* hooks
to use the same arguments names as in the hook's declarations.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
LSM: fix documentation for the path_chmod hook2019-03-26T23:43:23ZDenis Efremovefremov@ispras.ru2019-02-26T20:49:07Zurn:sha1:6b6b6476a32f763843c9a3c91dff4d91faa1267e
The path_chmod hook was changed in the commit
"switch security_path_chmod() to struct path *" (cdcf116d44e7).
The argument @mnt was removed from the hook, @dentry was changed
to @path. This patch updates the documentation accordingly.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
LSM: fix documentation for the socket_getpeersec_dgram hook2019-03-26T23:43:23ZDenis Efremovefremov@ispras.ru2019-02-26T20:49:06Zurn:sha1:2f991d7ae86a81eba7e564a0f054d9e5dbfbfe34
The socket_getpeersec_dgram hook was changed in the commit
"[AF_UNIX]: Kernel memory leak fix for af_unix datagram
getpeersec patch" (dc49c1f94e34). The arguments @secdata
and @seclen were changed to @sock and @secid. This patch
updates the documentation accordingly.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
LSM: fix documentation for the task_setscheduler hook2019-03-26T23:43:23ZDenis Efremovefremov@ispras.ru2019-02-26T20:49:05Zurn:sha1:a890e6378201626d1723f4f2b92a017e141c1144
The task_setscheduler hook was changed in the commit
"security: remove unused parameter from security_task_setscheduler()"
(b0ae19811375). The arguments @policy, @lp were removed from the hook.
This patch updates the documentation accordingly.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.morris@microsoft.com>