Re: linux-next: manual merge of the selinux tree with the security tree

2018-04-03 Thread Paul Moore 
On Tue, Apr 3, 2018 at 12:43 AM, Stephen Rothwell  wrote:
> Hi Paul,
>
> Today's linux-next merge of the selinux tree got a conflict in:
>
>   include/linux/lsm_hooks.h
>
> between commit:
>
>   22402b0b736d ("security: convert security hooks to use hlist")
>
> from the security tree and commit:
>
>   72e89f50084c ("security: Add support for SCTP security hooks")
>
> from the selinux tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.

That looks right, thanks Stephen.

-- 
paul moore
www.paul-moore.com

Re: linux-next: manual merge of the selinux tree with the security tree

2018-04-03 Thread Paul Moore 
On Tue, Apr 3, 2018 at 12:43 AM, Stephen Rothwell  wrote:
> Hi Paul,
>
> Today's linux-next merge of the selinux tree got a conflict in:
>
>   include/linux/lsm_hooks.h
>
> between commit:
>
>   22402b0b736d ("security: convert security hooks to use hlist")
>
> from the security tree and commit:
>
>   72e89f50084c ("security: Add support for SCTP security hooks")
>
> from the selinux tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.

That looks right, thanks Stephen.

-- 
paul moore
www.paul-moore.com

linux-next: manual merge of the selinux tree with the security tree

2018-04-02 Thread Stephen Rothwell 
Hi Paul,

Today's linux-next merge of the selinux tree got a conflict in:

  include/linux/lsm_hooks.h

between commit:

  22402b0b736d ("security: convert security hooks to use hlist")

from the security tree and commit:

  72e89f50084c ("security: Add support for SCTP security hooks")

from the selinux tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc include/linux/lsm_hooks.h
index b76897cbc42d,84c0b927ea85..
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@@ -1736,231 -1763,233 +1769,234 @@@ union security_list_options 
  };
  
  struct security_hook_heads {
 -  struct list_head binder_set_context_mgr;
 -  struct list_head binder_transaction;
 -  struct list_head binder_transfer_binder;
 -  struct list_head binder_transfer_file;
 -  struct list_head ptrace_access_check;
 -  struct list_head ptrace_traceme;
 -  struct list_head capget;
 -  struct list_head capset;
 -  struct list_head capable;
 -  struct list_head quotactl;
 -  struct list_head quota_on;
 -  struct list_head syslog;
 -  struct list_head settime;
 -  struct list_head vm_enough_memory;
 -  struct list_head bprm_set_creds;
 -  struct list_head bprm_check_security;
 -  struct list_head bprm_committing_creds;
 -  struct list_head bprm_committed_creds;
 -  struct list_head sb_alloc_security;
 -  struct list_head sb_free_security;
 -  struct list_head sb_copy_data;
 -  struct list_head sb_remount;
 -  struct list_head sb_kern_mount;
 -  struct list_head sb_show_options;
 -  struct list_head sb_statfs;
 -  struct list_head sb_mount;
 -  struct list_head sb_umount;
 -  struct list_head sb_pivotroot;
 -  struct list_head sb_set_mnt_opts;
 -  struct list_head sb_clone_mnt_opts;
 -  struct list_head sb_parse_opts_str;
 -  struct list_head dentry_init_security;
 -  struct list_head dentry_create_files_as;
 +  struct hlist_head binder_set_context_mgr;
 +  struct hlist_head binder_transaction;
 +  struct hlist_head binder_transfer_binder;
 +  struct hlist_head binder_transfer_file;
 +  struct hlist_head ptrace_access_check;
 +  struct hlist_head ptrace_traceme;
 +  struct hlist_head capget;
 +  struct hlist_head capset;
 +  struct hlist_head capable;
 +  struct hlist_head quotactl;
 +  struct hlist_head quota_on;
 +  struct hlist_head syslog;
 +  struct hlist_head settime;
 +  struct hlist_head vm_enough_memory;
 +  struct hlist_head bprm_set_creds;
 +  struct hlist_head bprm_check_security;
 +  struct hlist_head bprm_committing_creds;
 +  struct hlist_head bprm_committed_creds;
 +  struct hlist_head sb_alloc_security;
 +  struct hlist_head sb_free_security;
 +  struct hlist_head sb_copy_data;
 +  struct hlist_head sb_remount;
 +  struct hlist_head sb_kern_mount;
 +  struct hlist_head sb_show_options;
 +  struct hlist_head sb_statfs;
 +  struct hlist_head sb_mount;
 +  struct hlist_head sb_umount;
 +  struct hlist_head sb_pivotroot;
 +  struct hlist_head sb_set_mnt_opts;
 +  struct hlist_head sb_clone_mnt_opts;
 +  struct hlist_head sb_parse_opts_str;
 +  struct hlist_head dentry_init_security;
 +  struct hlist_head dentry_create_files_as;
  #ifdef CONFIG_SECURITY_PATH
 -  struct list_head path_unlink;
 -  struct list_head path_mkdir;
 -  struct list_head path_rmdir;
 -  struct list_head path_mknod;
 -  struct list_head path_truncate;
 -  struct list_head path_symlink;
 -  struct list_head path_link;
 -  struct list_head path_rename;
 -  struct list_head path_chmod;
 -  struct list_head path_chown;
 -  struct list_head path_chroot;
 +  struct hlist_head path_unlink;
 +  struct hlist_head path_mkdir;
 +  struct hlist_head path_rmdir;
 +  struct hlist_head path_mknod;
 +  struct hlist_head path_truncate;
 +  struct hlist_head path_symlink;
 +  struct hlist_head path_link;
 +  struct hlist_head path_rename;
 +  struct hlist_head path_chmod;
 +  struct hlist_head path_chown;
 +  struct hlist_head path_chroot;
  #endif
 -  struct list_head inode_alloc_security;
 -  struct list_head inode_free_security;
 -  struct list_head inode_init_security;
 -  struct list_head inode_create;
 -  struct list_head inode_link;
 -  struct list_head inode_unlink;
 -  struct list_head inode_symlink;
 -  struct list_head inode_mkdir;
 -  struct list_head inode_rmdir;
 -  struct list_head inode_mknod;
 -

linux-next: manual merge of the selinux tree with the security tree

2018-04-02 Thread Stephen Rothwell 
Hi Paul,

Today's linux-next merge of the selinux tree got a conflict in:

  include/linux/lsm_hooks.h

between commit:

  22402b0b736d ("security: convert security hooks to use hlist")

from the security tree and commit:

  72e89f50084c ("security: Add support for SCTP security hooks")

from the selinux tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc include/linux/lsm_hooks.h
index b76897cbc42d,84c0b927ea85..
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@@ -1736,231 -1763,233 +1769,234 @@@ union security_list_options 
  };
  
  struct security_hook_heads {
 -  struct list_head binder_set_context_mgr;
 -  struct list_head binder_transaction;
 -  struct list_head binder_transfer_binder;
 -  struct list_head binder_transfer_file;
 -  struct list_head ptrace_access_check;
 -  struct list_head ptrace_traceme;
 -  struct list_head capget;
 -  struct list_head capset;
 -  struct list_head capable;
 -  struct list_head quotactl;
 -  struct list_head quota_on;
 -  struct list_head syslog;
 -  struct list_head settime;
 -  struct list_head vm_enough_memory;
 -  struct list_head bprm_set_creds;
 -  struct list_head bprm_check_security;
 -  struct list_head bprm_committing_creds;
 -  struct list_head bprm_committed_creds;
 -  struct list_head sb_alloc_security;
 -  struct list_head sb_free_security;
 -  struct list_head sb_copy_data;
 -  struct list_head sb_remount;
 -  struct list_head sb_kern_mount;
 -  struct list_head sb_show_options;
 -  struct list_head sb_statfs;
 -  struct list_head sb_mount;
 -  struct list_head sb_umount;
 -  struct list_head sb_pivotroot;
 -  struct list_head sb_set_mnt_opts;
 -  struct list_head sb_clone_mnt_opts;
 -  struct list_head sb_parse_opts_str;
 -  struct list_head dentry_init_security;
 -  struct list_head dentry_create_files_as;
 +  struct hlist_head binder_set_context_mgr;
 +  struct hlist_head binder_transaction;
 +  struct hlist_head binder_transfer_binder;
 +  struct hlist_head binder_transfer_file;
 +  struct hlist_head ptrace_access_check;
 +  struct hlist_head ptrace_traceme;
 +  struct hlist_head capget;
 +  struct hlist_head capset;
 +  struct hlist_head capable;
 +  struct hlist_head quotactl;
 +  struct hlist_head quota_on;
 +  struct hlist_head syslog;
 +  struct hlist_head settime;
 +  struct hlist_head vm_enough_memory;
 +  struct hlist_head bprm_set_creds;
 +  struct hlist_head bprm_check_security;
 +  struct hlist_head bprm_committing_creds;
 +  struct hlist_head bprm_committed_creds;
 +  struct hlist_head sb_alloc_security;
 +  struct hlist_head sb_free_security;
 +  struct hlist_head sb_copy_data;
 +  struct hlist_head sb_remount;
 +  struct hlist_head sb_kern_mount;
 +  struct hlist_head sb_show_options;
 +  struct hlist_head sb_statfs;
 +  struct hlist_head sb_mount;
 +  struct hlist_head sb_umount;
 +  struct hlist_head sb_pivotroot;
 +  struct hlist_head sb_set_mnt_opts;
 +  struct hlist_head sb_clone_mnt_opts;
 +  struct hlist_head sb_parse_opts_str;
 +  struct hlist_head dentry_init_security;
 +  struct hlist_head dentry_create_files_as;
  #ifdef CONFIG_SECURITY_PATH
 -  struct list_head path_unlink;
 -  struct list_head path_mkdir;
 -  struct list_head path_rmdir;
 -  struct list_head path_mknod;
 -  struct list_head path_truncate;
 -  struct list_head path_symlink;
 -  struct list_head path_link;
 -  struct list_head path_rename;
 -  struct list_head path_chmod;
 -  struct list_head path_chown;
 -  struct list_head path_chroot;
 +  struct hlist_head path_unlink;
 +  struct hlist_head path_mkdir;
 +  struct hlist_head path_rmdir;
 +  struct hlist_head path_mknod;
 +  struct hlist_head path_truncate;
 +  struct hlist_head path_symlink;
 +  struct hlist_head path_link;
 +  struct hlist_head path_rename;
 +  struct hlist_head path_chmod;
 +  struct hlist_head path_chown;
 +  struct hlist_head path_chroot;
  #endif
 -  struct list_head inode_alloc_security;
 -  struct list_head inode_free_security;
 -  struct list_head inode_init_security;
 -  struct list_head inode_create;
 -  struct list_head inode_link;
 -  struct list_head inode_unlink;
 -  struct list_head inode_symlink;
 -  struct list_head inode_mkdir;
 -  struct list_head inode_rmdir;
 -  struct list_head inode_mknod;
 -

Re: linux-next: manual merge of the selinux tree with the security tree

2018-03-21 Thread Paul Moore 
On Tue, Mar 20, 2018 at 11:31 PM, Stephen Rothwell  
wrote:
> Hi Paul,
>
> Today's linux-next merge of the selinux tree got a conflict in:
>
>   security/selinux/hooks.c
>
> between commit:
>
>   6b4f3d01052a ("usb, signal, security: only pass the cred, not the secid, to 
> kill_pid_info_as_cred and security_task_kill")
>
> from the security tree and commit:
>
>   6b6bc6205d98 ("selinux: wrap AVC state")
>
> from the selinux tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
>
> --
> Cheers,
> Stephen Rothwell
>
> diff --cc security/selinux/hooks.c
> index fdd523e575e3,21b377aef69a..
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@@ -4050,11 -4164,10 +4170,12 @@@ static int selinux_task_kill(struct tas
> perm = PROCESS__SIGNULL; /* null signal; existence test */
> else
> perm = signal_to_av(sig);
>  -  if (!secid)
>  +  if (!cred)
> secid = current_sid();
>  +  else
>  +  secid = cred_sid(cred);
> -   return avc_has_perm(secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
> +   return avc_has_perm(_state,
> +   secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
>   }
>
>   static void selinux_task_to_inode(struct task_struct *p,

Thanks Stephen, that looks correct to me.

-- 
paul moore
www.paul-moore.com

Re: linux-next: manual merge of the selinux tree with the security tree

2018-03-21 Thread Paul Moore 
On Tue, Mar 20, 2018 at 11:31 PM, Stephen Rothwell  
wrote:
> Hi Paul,
>
> Today's linux-next merge of the selinux tree got a conflict in:
>
>   security/selinux/hooks.c
>
> between commit:
>
>   6b4f3d01052a ("usb, signal, security: only pass the cred, not the secid, to 
> kill_pid_info_as_cred and security_task_kill")
>
> from the security tree and commit:
>
>   6b6bc6205d98 ("selinux: wrap AVC state")
>
> from the selinux tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
>
> --
> Cheers,
> Stephen Rothwell
>
> diff --cc security/selinux/hooks.c
> index fdd523e575e3,21b377aef69a..
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@@ -4050,11 -4164,10 +4170,12 @@@ static int selinux_task_kill(struct tas
> perm = PROCESS__SIGNULL; /* null signal; existence test */
> else
> perm = signal_to_av(sig);
>  -  if (!secid)
>  +  if (!cred)
> secid = current_sid();
>  +  else
>  +  secid = cred_sid(cred);
> -   return avc_has_perm(secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
> +   return avc_has_perm(_state,
> +   secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
>   }
>
>   static void selinux_task_to_inode(struct task_struct *p,

Thanks Stephen, that looks correct to me.

-- 
paul moore
www.paul-moore.com

linux-next: manual merge of the selinux tree with the security tree

2018-03-20 Thread Stephen Rothwell 
Hi Paul,

Today's linux-next merge of the selinux tree got a conflict in:

  security/selinux/hooks.c

between commit:

  6b4f3d01052a ("usb, signal, security: only pass the cred, not the secid, to 
kill_pid_info_as_cred and security_task_kill")

from the security tree and commit:

  6b6bc6205d98 ("selinux: wrap AVC state")

from the selinux tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc security/selinux/hooks.c
index fdd523e575e3,21b377aef69a..
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@@ -4050,11 -4164,10 +4170,12 @@@ static int selinux_task_kill(struct tas
perm = PROCESS__SIGNULL; /* null signal; existence test */
else
perm = signal_to_av(sig);
 -  if (!secid)
 +  if (!cred)
secid = current_sid();
 +  else
 +  secid = cred_sid(cred);
-   return avc_has_perm(secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
+   return avc_has_perm(_state,
+   secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
  }
  
  static void selinux_task_to_inode(struct task_struct *p,


pgpTiiSz2x_TB.pgp
Description: OpenPGP digital signature

linux-next: manual merge of the selinux tree with the security tree

2018-03-20 Thread Stephen Rothwell 
Hi Paul,

Today's linux-next merge of the selinux tree got a conflict in:

  security/selinux/hooks.c

between commit:

  6b4f3d01052a ("usb, signal, security: only pass the cred, not the secid, to 
kill_pid_info_as_cred and security_task_kill")

from the security tree and commit:

  6b6bc6205d98 ("selinux: wrap AVC state")

from the selinux tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc security/selinux/hooks.c
index fdd523e575e3,21b377aef69a..
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@@ -4050,11 -4164,10 +4170,12 @@@ static int selinux_task_kill(struct tas
perm = PROCESS__SIGNULL; /* null signal; existence test */
else
perm = signal_to_av(sig);
 -  if (!secid)
 +  if (!cred)
secid = current_sid();
 +  else
 +  secid = cred_sid(cred);
-   return avc_has_perm(secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
+   return avc_has_perm(_state,
+   secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
  }
  
  static void selinux_task_to_inode(struct task_struct *p,


pgpTiiSz2x_TB.pgp
Description: OpenPGP digital signature