mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-28 07:13:34 +00:00
Code Issues Releases Wiki Activity
linux-stable/security
History
Linus Torvalds 84bfcc0b69 integrity-v5.17 
-----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQQdXVVFGN5XqKr1Hj7LwZzRsCrn5QUCYdxh3xQcem9oYXJAbGlu
 dXguaWJtLmNvbQAKCRDLwZzRsCrn5bXsAP9xioC+sDpA+KgicrTxLQp2HBHVdkdj
 hnsSw7KE6d1YFwD/Zu1BPi/iX1HHcEvTm34x9jKWeU54VCyqsXJG+zArDA0=
 =/eFf
 -----END PGP SIGNATURE-----

Merge tag 'integrity-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

Pull integrity subsystem updates from Mimi Zohar:
 "The few changes are all kexec related:

   - The MOK keys are loaded onto the .platform keyring in order to
     verify the kexec kernel image signature.

     However, the MOK keys should only be trusted when secure boot is
     enabled. Before loading the MOK keys onto the .platform keyring,
     make sure the system is booted in secure boot mode.

   - When carrying the IMA measurement list across kexec, limit dumping
     the measurement list to when dynamic debug or CONFIG_DEBUG is
     enabled.

   - kselftest: add kexec_file_load selftest support for PowerNV and
     other cleanup"

* tag 'integrity-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  selftests/kexec: Enable secureboot tests for PowerPC
  ima: silence measurement list hexdump during kexec
  selftests/kexec: update searching for the Kconfig
  selftest/kexec: fix "ignored null byte in input" warning
  integrity: Do not load MOK and MOKx when secure boot be disabled
  ima: Fix undefined arch_ima_get_secureboot() and co
2022-01-11 13:11:10 -08:00
..
apparmor lsm: security_task_getsecid_subj() -> security_current_getsecid_subj() 2021-11-22 17:52:47 -05:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity integrity-v5.17 2022-01-11 13:11:10 -08:00
keys security: DH - use KDF implementation from crypto API 2021-11-26 16:25:17 +11:00
landlock landlock: Enable user space to infer supported features 2021-04-22 12:22:11 -07:00
loadpin LSM: Add "contents" flag to kernel_read_file hook 2020-10-05 13:37:03 +02:00
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid LSM: SafeSetID: Mark safesetid_initialized as __initdata 2021-06-10 09:52:32 -07:00
selinux selinux/stable-5.17 PR 20220110 2022-01-11 13:03:06 -08:00
smack lsm: security_task_getsecid_subj() -> security_current_getsecid_subj() 2021-11-22 17:52:47 -05:00
tomoyo tomoyo: use hwight16() in tomoyo_domain_quota_is_ok() 2021-12-15 20:13:55 +09:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
commoncap.c Miscellaneous minor fixes for v5.13. 2021-04-27 19:32:55 -07:00
device_cgroup.c add missing bpf-cgroup.h includes 2021-12-16 14:57:09 -08:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
Kconfig Merge branch 'akpm' (patches from Andrew) 2021-11-06 14:08:17 -07:00
Kconfig.hardening gcc-plugins: Explicitly document purpose and deprecation schedule 2021-10-21 08:41:38 -07:00
lsm_audit.c lsm_audit: avoid overloading the "key" audit field 2021-09-19 22:47:04 -04:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c security,selinux: remove security_add_mnt_opt() 2021-12-06 13:46:24 -05:00