Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-5.2.y 2019-10-07T16:59:31Z 2019-10-07T16:59:31Z Stephen Smalley sds@tycho.nsa.gov 2019-09-04T14:32:48Z urn:sha1:400a250cc06f40548042561ce166505aff2fce11 [ Upstream commit 169ce0c081cd85f78388bb6c1638c1ad7b81bde7 ] We need to use selinux_cred() to fetch the SELinux cred blob instead of directly using current->security or current_security(). There were a couple of lingering uses of current_security() in the SELinux code that were apparently missed during the earlier conversions. IIUC, this would only manifest as a bug if multiple security modules including SELinux are enabled and SELinux is not first in the lsm order. After this change, there appear to be no other users of current_security() in-tree; perhaps we should remove it altogether. Fixes: bbd3662a8348 ("Infrastructure management of the cred security blob") Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: James Morris <jamorris@linux.microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2019-06-19T15:09:55Z Thomas Gleixner tglx@linutronix.de 2019-06-04T08:11:33Z urn:sha1:d2912cb15bdda8ba4a5dd73396ad62641af2f520 Based on 2 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license version 2 as published by the free software foundation this program is free software you can redistribute it and or modify it under the terms of the gnu general public license version 2 as published by the free software foundation # extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 4122 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Enrico Weigelt <info@metux.net> Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-01-08T21:18:45Z Casey Schaufler casey@schaufler-ca.com 2018-11-20T19:55:02Z urn:sha1:ecd5f82e05ddd9b06c258167ec7467ac79741d77 Move management of the kern_ipc_perm->security and msg_msg->security blobs out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org> 2019-01-08T21:18:45Z Casey Schaufler casey@schaufler-ca.com 2018-09-22T00:19:45Z urn:sha1:7c6538280ae99eaebd589a5c029e1ed1c063909c Don't use the ipc->security pointer directly. Don't use the msg_msg->security pointer directly. Provide helper functions that provides the security blob pointers. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org> 2019-01-08T21:18:45Z Casey Schaufler casey@schaufler-ca.com 2018-09-22T00:19:29Z urn:sha1:afb1cbe37440c7f38b9cf46fc331cc9dfd5cce21 Move management of the inode->i_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org> 2019-01-08T21:18:44Z Casey Schaufler casey@schaufler-ca.com 2018-09-22T00:19:11Z urn:sha1:80788c229116b28cc914d73c142f74bdee28ab57 Don't use the inode->i_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org> 2019-01-08T21:18:44Z Casey Schaufler casey@schaufler-ca.com 2018-11-12T20:02:49Z urn:sha1:33bf60cabcc7687b194a689b068b65e9ecd556be Move management of the file->f_security blob out of the individual security modules and into the infrastructure. The modules no longer allocate or free the data, instead they tell the infrastructure how much space they require. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org> 2019-01-08T21:18:44Z Casey Schaufler casey@schaufler-ca.com 2018-09-22T00:22:32Z urn:sha1:bb6c6b02ccb7d76f628c5dc6abe13f1115637cfd Don't use the file->f_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org> 2019-01-08T21:18:44Z Casey Schaufler casey@schaufler-ca.com 2018-11-12T17:30:56Z urn:sha1:bbd3662a834813730912a58efb44dd6df6d952e6 Move management of the cred security blob out of the security modules and into the security infrastructre. Instead of allocating and freeing space the security modules tell the infrastructure how much space they require. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org> 2019-01-08T21:18:44Z Casey Schaufler casey@schaufler-ca.com 2018-09-22T00:17:16Z urn:sha1:0c6cfa622cf57109607f3416b286b6b55561a2ea Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org>