Please pull these general security subsystem updates for v4.18. Summary:
- Incorporate new socketpair() hook into LSM and wire up the SELinux and Smack modules. From David Herrmann: "The idea is to allow SO_PEERSEC to be called on AF_UNIX sockets created via socketpair(2), and return the same information as if you emulated socketpair(2) via a temporary listener socket. Right now SO_PEERSEC will return the unlabeled credentials for a socketpair, rather than the actual credentials of the creating process." - Sargun Dhillon removed the unused security_settime LSM hook. - Tycho Andersen removed some stack allocated arrays from the keys code. --- The following changes since commit 6da6c0db5316275015e8cc2959f12a17584aeb64: Linux v4.17-rc3 (2018-04-29 14:17:42 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-general for you to fetch changes up to 890e2abe1028c39e5399101a2c277219cd637aaa: dh key: get rid of stack allocated array for zeroes (2018-05-11 13:07:49 -0700) ---------------------------------------------------------------- David Herrmann (3): security: add hook for socketpair() net: hook socketpair() into LSM selinux: provide socketpair callback James Morris (2): Merge tag 'v4.17-rc2' into next-general Merge tag 'v4.17-rc3' into next-general Sargun Dhillon (1): security: remove security_settime Tom Gundersen (1): smack: provide socketpair callback Tycho Andersen (3): big key: get rid of stack array allocation dh key: get rid of stack allocated array dh key: get rid of stack allocated array for zeroes include/linux/lsm_hooks.h | 7 +++++++ include/linux/security.h | 21 +++++++-------------- net/socket.c | 7 +++++++ security/keys/big_key.c | 11 ++++++++++- security/keys/dh.c | 35 +++++++++++++---------------------- security/security.c | 6 ++++++ security/selinux/hooks.c | 13 +++++++++++++ security/smack/smack_lsm.c | 22 ++++++++++++++++++++++ 8 files changed, 85 insertions(+), 37 deletions(-)