linux-stable/security/apparmor
Linus Torvalds 1086eeac9c lsm/stable-6.6 PR 20230829
-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmTuKLcUHHBhdWxAcGF1
 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXM/Eg//cwaOu/ASS08Cz/tfXeKpzg9UpzbW
 uHqGtgdE9ZEvS71z+3dorOJVPEwPr+/yviq3FXYjYHFqvVhLZCvYM9rw+eNo/k4T
 I95UTchGUsMWwkw61YBDLythfXm2UL5nabjckO81i9UPtxUYOwF6xQMQXYyMcLL8
 6fm1vnCvK5FBEXi2HSUWy3Eb3wdviGdHrL6h19Aeew+q8u33asWSxn9vmBSSFEzZ
 492//Pgy0t3FA6paWXQRvoR+GvLgBXNOvHB68cAx9vS8Lq6mAwJJSCRrQtKGh2Gd
 YInr49f+TXOosD5Tm6ueWO4sr8RzQZ7nPyM+BLue4Yn2ZzdYgjwfHdkHWS1KeH5X
 qVqa9s6/QONvkSCzqHs/ne2qio1Q0/0uGgwOkx6N7oVWQWjE7iTYlADwM0CDJnd2
 UD7AHTOgpc88x1T1eW599MZttSCznBTSFXv4waaS5/5NT9n8Db1TpTtCTedOc1x2
 n+c+F5BHLy69vhSGCanvum/8i2gNoKVyYaHyaMsQxr5LRcLnvN6oOjWIv7jMKxe7
 GavUAxU7M5rxPUH44vrrrI+XztKJOdpCz4S0xp+7pSSSGAK5KkmVVLXjzrlGO1WS
 55ixxQWYTGK0KlWHp4Ofi6brE9a4ATKcd1XscPN+AtBYX2ufNHLskCZulu/lyrMx
 lAy9RRDe1hHWTvg=
 =dnm4
 -----END PGP SIGNATURE-----

Merge tag 'lsm-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm

Pull LSM updates from Paul Moore:

 - Add proper multi-LSM support for xattrs in the
   security_inode_init_security() hook

   Historically the LSM layer has only allowed a single LSM to add an
   xattr to an inode, with IMA/EVM measuring that and adding its own as
   well. As we work towards promoting IMA/EVM to a "proper LSM" instead
   of the special case that it is now, we need to better support the
   case of multiple LSMs each adding xattrs to an inode and after
   several attempts we now appear to have something that is working
   well. It is worth noting that in the process of making this change we
   uncovered a problem with Smack's SMACK64TRANSMUTE xattr which is also
   fixed in this pull request.

 - Additional LSM hook constification

   Two patches to constify parameters to security_capget() and
   security_binder_transfer_file(). While I generally don't make a
   special note of who submitted these patches, these were the work of
   an Outreachy intern, Khadija Kamran, and that makes me happy;
   hopefully it does the same for all of you reading this.

 - LSM hook comment header fixes

   One patch to add a missing hook comment header, one to fix a minor
   typo.

 - Remove an old, unused credential function declaration

   It wasn't clear to me who should pick this up, but it was trivial,
   obviously correct, and arguably the LSM layer has a vested interest
   in credentials so I merged it. Sadly I'm now noticing that despite my
   subject line cleanup I didn't cleanup the "unsued" misspelling, sigh

* tag 'lsm-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
  lsm: constify the 'file' parameter in security_binder_transfer_file()
  lsm: constify the 'target' parameter in security_capget()
  lsm: add comment block for security_sk_classify_flow LSM hook
  security: Fix ret values doc for security_inode_init_security()
  cred: remove unsued extern declaration change_create_files_as()
  evm: Support multiple LSMs providing an xattr
  evm: Align evm_inode_init_security() definition with LSM infrastructure
  smack: Set the SMACK64TRANSMUTE xattr in smack_inode_init_security()
  security: Allow all LSMs to provide xattrs for inode_init_security hook
  lsm: fix typo in security_file_lock() comment header
2023-08-30 09:07:09 -07:00
..
include apparmor: Free up __cleanup() name 2023-06-26 11:14:18 +02:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
apparmorfs.c apparmor: convert to ctime accessor functions 2023-07-24 10:30:08 +02:00
audit.c AppArmor: Fix kernel-doc 2022-10-25 00:15:18 -07:00
capability.c apparmor: rework profile->rules to be a list 2022-10-03 14:49:04 -07:00
crypto.c apparmor: Return directly after a failed kzalloc() in two functions 2023-07-06 10:58:49 -07:00
domain.c fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap 2023-01-19 09:24:29 +01:00
file.c + Bug Fixes 2023-07-07 09:55:31 -07:00
ipc.c AppArmor: Fix kernel-doc 2022-10-25 00:15:18 -07:00
Kconfig + Features 2022-12-14 13:42:09 -08:00
label.c apparmor: remove useless static inline functions 2022-10-24 22:35:11 -07:00
lib.c apparmor: rework profile->rules to be a list 2022-10-03 14:49:04 -07:00
lsm.c lsm: constify the 'target' parameter in security_capget() 2023-08-08 16:48:47 -04:00
Makefile + Features 2022-12-14 13:42:09 -08:00
match.c apparmor: Add __init annotation to aa_{setup/teardown}_dfa_engine() 2022-11-01 21:17:26 -07:00
mount.c apparmor: rework profile->rules to be a list 2022-10-03 14:49:04 -07:00
net.c apparmor: rework profile->rules to be a list 2022-10-03 14:49:04 -07:00
nulldfa.in apparmor: cleanup add proper line wrapping to nulldfa.in 2018-02-09 11:30:01 -08:00
path.c security: apparmor: delete repeated words in comments 2021-02-07 04:15:46 -08:00
policy.c apparmor: fix: kzalloc perms tables for shared dfas 2023-07-06 11:05:58 -07:00
policy_compat.c + Bug Fixes 2023-07-07 09:55:31 -07:00
policy_ns.c apparmor: Fix memleak in alloc_ns() 2022-11-01 05:32:13 -07:00
policy_unpack.c apparmor: convert to ctime accessor functions 2023-07-24 10:30:08 +02:00
policy_unpack_test.c apparmor: fix use of strcpy in policy_unpack_test 2023-07-06 10:58:49 -07:00
procattr.c apparmor: fix obsoleted comments for aa_getprocattr() and audit_resource() 2022-10-24 22:35:23 -07:00
resource.c apparmor: Fix spelling of function name in comment block 2022-10-25 00:15:19 -07:00
secid.c apparmor: fix kernel-doc complaints 2023-01-10 10:04:35 -08:00
stacksplitdfa.in apparmor: use the dfa to do label parse string splitting 2018-02-09 11:30:01 -08:00
task.c apparmor: Simplify obtain the newest label on a cred 2022-10-03 14:49:04 -07:00