Re: 4.6 compilation error when making signing key

On Mon, 16 May 2016, David Howells wrote: > James Morris wrote: > > > I'm seeing this with the 4.6 kernel build: > > > > CHK include/generated/compile.h > > make[1]: *** No rule to make target `signing_key.pem', needed by > > `certs/signing_key.x509'.

4.6 compilation error when making signing key

I'm seeing this with the 4.6 kernel build: CHK include/generated/compile.h make[1]: *** No rule to make target `signing_key.pem', needed by `certs/signing_key.x509'. Stop. make: *** [certs] Error 2 -- James Morris <jmor...@namei.org>

4.6 compilation error when making signing key

I'm seeing this with the 4.6 kernel build: CHK include/generated/compile.h make[1]: *** No rule to make target `signing_key.pem', needed by `certs/signing_key.x509'. Stop. make: *** [certs] Error 2 -- James Morris

Re: [GIT PULL] KEYS: Keyring changes for security/next

/linux-fs.git > tags/keys-next-20160505 > > for you to fetch changes up to d55201ce08bfae40ae0062be126f49471a55bcad: > > Merge branch 'keys-trust' into keys-next (2016-05-04 17:20:20 +0100) Pulled. -- James Morris <jmor...@namei.org>

Re: [GIT PULL] KEYS: Keyring changes for security/next

/linux-fs.git > tags/keys-next-20160505 > > for you to fetch changes up to d55201ce08bfae40ae0062be126f49471a55bcad: > > Merge branch 'keys-trust' into keys-next (2016-05-04 17:20:20 +0100) Pulled. -- James Morris

Re: [PULL] lsm-fixes update (next)

se atomic allocations when reporting (2016-05-04 10:54:05 -0700) > Pulled to -next. -- James Morris <jmor...@namei.org>

Re: [PULL] lsm-fixes update (next)

se atomic allocations when reporting (2016-05-04 10:54:05 -0700) > Pulled to -next. -- James Morris

[GIT PULL] Security subsystem - IMA fix for v4.6

dering used for displaying the IMA policy. Fixes: d9ddf077bb85 ("ima: support for kexec image and initramfs") Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Tested-by: Eric Richter <eric...@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l

[GIT PULL] Security subsystem - IMA fix for v4.6

policy. Fixes: d9ddf077bb85 ("ima: support for kexec image and initramfs") Signed-off-by: Mimi Zohar Tested-by: Eric Richter Signed-off-by: James Morris diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index be09e2c..3cd0

Re: [PATCH v4 17/21] capabilities: Allow privileged user in s_user_ns to set security.* xattrs

Smack will deny the writes for > any user without global CAP_MAC_ADMIN, so loosening the > capability check in commoncap is safe in this respect as well. > > Signed-off-by: Seth Forshee <seth.fors...@canonical.com> > Acked-by: Serge Hallyn <serge.hal...@canonical.com> Acked-

Re: [PATCH v4 17/21] capabilities: Allow privileged user in s_user_ns to set security.* xattrs

Smack will deny the writes for > any user without global CAP_MAC_ADMIN, so loosening the > capability check in commoncap is safe in this respect as well. > > Signed-off-by: Seth Forshee > Acked-by: Serge Hallyn Acked-by: James Morris -- James Morris

Re: [PATCH] fs: fix over-zealous use of "const"

pplied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris <jmor...@namei.org>

Re: [PATCH] fs: fix over-zealous use of "const"

fiers] > static inline const char * const kernel_read_file_id_str(enum > kernel_read_file_id id) > > Reported-by: Andy Shevchenko > Signed-off-by: Kees Cook > --- > This is for linux-security next > --- Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris

Re: [PATCH v5 0/6] LSM: LoadPin for kernel file loading restrictions

e and firmware loading to the read-only crypto-verified dm-verity > partition so that kernel module signing is not needed. > Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris <jmor...@namei.org>

Re: [PATCH v5 0/6] LSM: LoadPin for kernel file loading restrictions

e and firmware loading to the read-only crypto-verified dm-verity > partition so that kernel module signing is not needed. > Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris

[GIT PULL] Keys bugfixes for 4.6

://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus Colin Ian King (1): ASN.1: fix open failure check on headername James Morris (1): Merge tag 'keys-fixes-20160412' of git://git.kernel.org/.../dhowells/linux-fs into for-linus Jerome Marchand (1

[GIT PULL] Keys bugfixes for 4.6

://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus Colin Ian King (1): ASN.1: fix open failure check on headername James Morris (1): Merge tag 'keys-fixes-20160412' of git://git.kernel.org/.../dhowells/linux-fs into for-linus Jerome Marchand (1

Re: [PATCH v3 0/6] LSM: LoadPin for kernel file loading restrictions

e and firmware loading to the read-only crypto-verified dm-verity > partition so that kernel module signing is not needed. > This all looks good to me, just waiting now for the const fix suggested by Joe. -- James Morris <jmor...@namei.org>

Re: [PATCH v3 0/6] LSM: LoadPin for kernel file loading restrictions

e and firmware loading to the read-only crypto-verified dm-verity > partition so that kernel module signing is not needed. > This all looks good to me, just waiting now for the const fix suggested by Joe. -- James Morris

Re: [PATCH net-next] security: drop the unused hook skb_owned_by

to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris <jmor...@namei.org>

Re: [PATCH net-next] security: drop the unused hook skb_owned_by

pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris

[ANNOUNCE] Linux Security Summit 2016 - CFP

and operational practices * Emerging technologies, threats & techniques Proposals should be submitted via the event web site: http://events.linuxfoundation.org/events/linux-security-summit/program/cfp PROGRAM COMMITTEE The Linux Security Summit for 2016 is organized by: * J

[ANNOUNCE] Linux Security Summit 2016 - CFP

and operational practices * Emerging technologies, threats & techniques Proposals should be submitted via the event web site: http://events.linuxfoundation.org/events/linux-security-summit/program/cfp PROGRAM COMMITTEE The Linux Security Summit for 2016 is organized by: * J

[GIT PULL] Security subsystem updates for 4.6

): tpm_eventlog.c: fix binary_bios_measurements James Morris (4): Merge branch 'smack-for-4.6' of https://github.com/cschaufler/smack-next into next Merge branch 'next' of git://git.kernel.org/.../zohar/linux-integrity into next Merge branch 'stable-4.6' of git

[GIT PULL] Security subsystem updates for 4.6

): tpm_eventlog.c: fix binary_bios_measurements James Morris (4): Merge branch 'smack-for-4.6' of https://github.com/cschaufler/smack-next into next Merge branch 'next' of git://git.kernel.org/.../zohar/linux-integrity into next Merge branch 'stable-4.6' of git

Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)

On 03/08/2016 10:48 AM, James Morris wrote: On 03/08/2016 06:54 AM, Andy Lutomirski wrote: This makes sense, but I still think the design is poor. If the hacker gets code execution, then they can trivially brute force the ADI bits. ADI in this scenario is intended to prevent the attacker

Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)

On 03/08/2016 10:48 AM, James Morris wrote: On 03/08/2016 06:54 AM, Andy Lutomirski wrote: This makes sense, but I still think the design is poor. If the hacker gets code execution, then they can trivially brute force the ADI bits. ADI in this scenario is intended to prevent the attacker

Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)

On 03/08/2016 06:54 AM, Andy Lutomirski wrote: This makes sense, but I still think the design is poor. If the hacker gets code execution, then they can trivially brute force the ADI bits. ADI in this scenario is intended to prevent the attacker from gaining code execution in the first

Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)

On 03/08/2016 06:54 AM, Andy Lutomirski wrote: This makes sense, but I still think the design is poor. If the hacker gets code execution, then they can trivially brute force the ADI bits. ADI in this scenario is intended to prevent the attacker from gaining code execution in the first

Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)

On 03/08/2016 07:58 AM, David Miller wrote: From: Khalid Aziz Date: Mon, 7 Mar 2016 13:41:39 -0700 Shared data may not always be backed by a file. My understanding is one of the use cases is for in-memory databases. This shared space could also be used to hand off

Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)

On 03/08/2016 07:58 AM, David Miller wrote: From: Khalid Aziz Date: Mon, 7 Mar 2016 13:41:39 -0700 Shared data may not always be backed by a file. My understanding is one of the use cases is for in-memory databases. This shared space could also be used to hand off transactions in flight to

Re: [GIT PULL] KEYS: Miscellaneous bits for security/next

On Fri, 4 Mar 2016, David Howells wrote: > Hi James, > > Could you pull this into security/next, please? > Done. -- James Morris <jmor...@namei.org>

Re: [GIT PULL] KEYS: Miscellaneous bits for security/next

On Fri, 4 Mar 2016, David Howells wrote: > Hi James, > > Could you pull this into security/next, please? > Done. -- James Morris

Re: [PATCH] MAINTAINERS: update tpmdd urls

kernel/git/jmorris/linux-security.git next -- James Morris <jmor...@namei.org>

Re: [PATCH] MAINTAINERS: update tpmdd urls

On Tue, 1 Mar 2016, Jarkko Sakkinen wrote: > Updated GIT and patchwork location both of which were out-of-sync or > actually patchwork location was incorrect. > > Signed-off-by: Jarkko Sakkinen Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next

Re: log spammed with "loading xx failed with error -2" since commit e40ba6d56b [replace call to fw_read_file_contents() with kernel version]

to dev_dbg() > Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris <jmor...@namei.org>

Re: log spammed with "loading xx failed with error -2" since commit e40ba6d56b [replace call to fw_read_file_contents() with kernel version]

to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris

Re: [GIT PULL] tpmdd fix

t; tpm_tis: fix build warning with tpm_tis_resume (2016-02-26 11:32:07 +0200) > > > tpmdd fix > > > Jarkko Sakkinen (1): > tpm_tis: fix

Re: [GIT PULL] tpmdd fix

t; tpm_tis: fix build warning with tpm_tis_resume (2016-02-26 11:32:07 +0200) > > > tpmdd fix > > > Jarkko Sakkinen (1): > tpm_tis: fix build warning with tpm_tis_resume > Pulled to -next. -- James Morris

[GIT PULL] SELinux fix for 4.5

in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus Andreas Gruenbacher (1): selinux: Don't sleep inside inode_getsecid hook James Morris (1): Merge branch 'stable-4.5' of git://git.infradead.org/users/pcmoore/selinux

[GIT PULL] SELinux fix for 4.5

in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus Andreas Gruenbacher (1): selinux: Don't sleep inside inode_getsecid hook James Morris (1): Merge branch 'stable-4.5' of git://git.infradead.org/users/pcmoore/selinux

Re: [GIT PULL] remaining tpmdd fixes for Linux 4.5

things have worked well. > Send me a pull request just for the fix. I won't be pushing these changes to Linus for 4.5, they'll have to wait until the 4.6. -- James Morris <jmor...@namei.org>

Re: [GIT PULL] remaining tpmdd fixes for Linux 4.5

things have worked well. > Send me a pull request just for the fix. I won't be pushing these changes to Linus for 4.5, they'll have to wait until the 4.6. -- James Morris

Re: [tpmdd-devel] [GIT PULL] remaining tpmdd fixes for Linux 4.5

On Thu, 25 Feb 2016, Jerry Snitselaar wrote: > On Mon Feb 22 16, Jarkko Sakkinen wrote: > >On Mon, Feb 22, 2016 at 12:56:53PM +1100, James Morris wrote: > > > On Sat, 20 Feb 2016, Jarkko Sakkinen wrote: > > > > > > > Hi James, > > > >

Re: [tpmdd-devel] [GIT PULL] remaining tpmdd fixes for Linux 4.5

On Thu, 25 Feb 2016, Jerry Snitselaar wrote: > On Mon Feb 22 16, Jarkko Sakkinen wrote: > >On Mon, Feb 22, 2016 at 12:56:53PM +1100, James Morris wrote: > > > On Sat, 20 Feb 2016, Jarkko Sakkinen wrote: > > > > > > > Hi James, > > > >

Re: [GIT PULL] remaining tpmdd fixes for Linux 4.5

fixes. It means the code was not ready to be merged in the first place. Also, any idea why I'm seeing this: drivers/char/tpm/tpm_tis.c:838: warning: ‘tpm_tis_resume’ defined but not used -- James Morris <jmor...@namei.org>

Re: [GIT PULL] remaining tpmdd fixes for Linux 4.5

fixes. It means the code was not ready to be merged in the first place. Also, any idea why I'm seeing this: drivers/char/tpm/tpm_tis.c:838: warning: ‘tpm_tis_resume’ defined but not used -- James Morris

Re: [GIT PULL] tpmdd fixes for Linux 4.5 (updated)

following changes since commit 388f7b1d6e8ca06762e2454d28d6c3c55ad0fe95: > > Linux 4.5-rc3 (2016-02-07 15:38:30 -0800) > > are available in the git repository at: > > https://github.com/jsakkine/linux-tpmdd.git tags/tpmdd-next-20160210 > > for you to fetch changes up to 8e0ee3c9faed7ca68807ea4

Re: [GIT PULL] tpmdd fixes for Linux 4.5 (updated)

following changes since commit 388f7b1d6e8ca06762e2454d28d6c3c55ad0fe95: > > Linux 4.5-rc3 (2016-02-07 15:38:30 -0800) > > are available in the git repository at: > > https://github.com/jsakkine/linux-tpmdd.git tags/tpmdd-next-20160210 > > for you to fetch changes up to 8e0ee3c9faed7ca68807ea45141775856c438ac0: Pulled to next. -- James Morris

[GIT] EVM hmac security fix

-off-by: Mimi Zohar Signed-off-by: James Morris diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index f716025..e6ea9d4 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -23,6 +23,7 @@ #include #include #include

[GIT] EVM hmac security fix

off-by: Ryan Ware <w...@linux.intel.com> Cc: sta...@vger.kernel.org Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.mor...@oracle.com> diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c

Re: Transferring applied X.509 patches from crypto/next to security/next

said that you'll > > fix it up later. Sorry for the misunderstanding. Do you want me to > > revert? > > If you can back them out, I'll apply them to my keys-next branch. Unless > James is willing to rebase security/next on top of your crypto branch? > I don't want to rebase my tree. -- James Morris

Re: [GIT PULL] tpmdd fixes for Linux 4.5

se or do you want to pull this first? > > I could rebase that new pull request to -rc3 to which security/next is > now rebased. > The latter is probably best. -- James Morris

Re: [GIT PULL] tpmdd fixes for Linux 4.5

se or do you want to pull this first? > > I could rebase that new pull request to -rc3 to which security/next is > now rebased. > The latter is probably best. -- James Morris <jmor...@namei.org>

Re: Transferring applied X.509 patches from crypto/next to security/next

going in now as you said that you'll > > fix it up later. Sorry for the misunderstanding. Do you want me to > > revert? > > If you can back them out, I'll apply them to my keys-next branch. Unless > James is willing to rebase security/next on top of your crypto branch? > I don't want to rebase my tree. -- James Morris <jmor...@namei.org>

Re: [PATCH] xattr handlers: plug a lock leak in simple_xattr_list

Signed-off-by: Andreas Gruenbacher > Cc: # 4.4 Acked-by: James Morris -- James Morris

Re: [PATCH] xattr handlers: plug a lock leak in simple_xattr_list

ed-off-by: Mateusz Guzik <mgu...@redhat.com> > Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> > Cc: <sta...@vger.kernel.org> # 4.4 Acked-by: James Morris <james.l.mor...@oracle.com> -- James Morris <jmor...@namei.org>

Re: [PATCH] KEYS: Only apply KEY_FLAG_KEEP to a key if a parent keyring has it set

On Wed, 27 Jan 2016, David Howells wrote: > Hi James, > > Can you pass this onto Linus asap? The thing it fixes breaks kerberos and > sssd. > I'd like to see some acks on this. -- James Morris

Re: [PATCH] KEYS: Only apply KEY_FLAG_KEEP to a key if a parent keyring has it set

On Wed, 27 Jan 2016, David Howells wrote: > Hi James, > > Can you pass this onto Linus asap? The thing it fixes breaks kerberos and > sssd. > I'd like to see some acks on this. -- James Morris <jmor...@namei.org>

Re: [PATCH] X.509: Partially revert patch to add validation against IMA MOK keyring

> Partially revert commit 41c89b64d7184a780f12f2cccdabe65cb2408893: > > Author: Petko Manolov > Date: Wed Dec 2 17:47:55 2015 +0200 > IMA: create machine owner and blacklist keyrings > If you need this applied to a tree, please state which.

Re: [PATCH] X.509: Partially revert patch to add validation against IMA MOK keyring

> Partially revert commit 41c89b64d7184a780f12f2cccdabe65cb2408893: > > Author: Petko Manolov <pet...@mip-labs.com> > Date: Wed Dec 2 17:47:55 2015 +0200 > IMA: create machine owner and blacklist keyrings > If you need this applied to a tree, please

[GIT PULL] keys bugfix

...@vger.kernel.org Signed-off-by: James Morris diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index fb111ea..1c3872a 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -751,16 +751,16 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_

[GIT PULL] keys bugfix

d Howells <dhowe...@redhat.com> Tested-by: Dmitry Vyukov <dvyu...@google.com> Cc: sta...@vger.kernel.org Signed-off-by: James Morris <james.l.mor...@oracle.com> diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index fb111ea..1c3872a 100644 --- a/security/k

Re: [GIT PULL] tpmdd updates for Linux 4.5

ption of small fix from Stefan to tpm_ibmvtpm, which I considered > trivial enough to be included. > Applied. -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at

Re: [GIT PULL] tpmdd updates for Linux 4.5

ption of small fix from Stefan to tpm_ibmvtpm, which I considered > trivial enough to be included. > Applied. -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger

Re: [PATCH 2/2] keys, trusted: seal with a policy

On Mon, 7 Dec 2015, Jarkko Sakkinen wrote: > On Fri, Nov 20, 2015 at 01:34:35PM +1100, James Morris wrote: > > On Wed, 18 Nov 2015, Jarkko Sakkinen wrote: > > > > > On Wed, Nov 18, 2015 at 11:21:01AM +1100, James Morris wrote: > > > > On Tue

Re: [PATCH 2/2] keys, trusted: seal with a policy

On Mon, 7 Dec 2015, Jarkko Sakkinen wrote: > On Fri, Nov 20, 2015 at 01:34:35PM +1100, James Morris wrote: > > On Wed, 18 Nov 2015, Jarkko Sakkinen wrote: > > > > > On Wed, Nov 18, 2015 at 11:21:01AM +1100, James Morris wrote: > > > > On Tue

Re: [PATCH 10/10] xattr handlers: Simplify list operation

gt; > *result += total_len; > > + /* FIXME: Not checking the ->list operation here ... */ > + What does this mean? -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org

Re: [PATCH 07/10] tmpfs: listxattr should include POSIX ACL xattrs

On Mon, 30 Nov 2015, Andreas Gruenbacher wrote: > When a file on tmpfs has an ACL or a Default ACL, listxattr should include the > corresponding xattr name. > > Signed-off-by: Andreas Gruenbacher > Cc: Hugh Dickins > Cc: linux...@kvack.org Reviewed-by: James Morris

Re: [PATCH 06/10] tmpfs: Use xattr handler infrastructure

to implement kernfs_iop_removexattr as well. > > Signed-off-by: Andreas Gruenbacher > Cc: Hugh Dickins > Cc: linux...@kvack.org Reviewed-by: James Morris -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message

Re: [PATCH 04/10] vfs: Distinguish between full xattr names and proper prefixes

x and with a non-empty suffix. > > This patch should avoid bugs like the one fixed in commit c361016a in > the future. > > Signed-off-by: Andreas Gruenbacher Is it worth making an inline wrapper for 'handler->prefix ?: handler->name' ? Reviewed-by: James Morris -- Jame

Re: [PATCH 03/10] posix acls: Remove duplicate xattr name definitions

On Mon, 30 Nov 2015, Andreas Gruenbacher wrote: > Remove POSIX_ACL_XATTR_{ACCESS,DEFAULT} and GFS2_POSIX_ACL_{ACCESS,DEFAULT} > and replace them with the definitions in . > > Signed-off-by: Andreas Gruenbacher Reviewed-by: James Morris -- James Morris -- To unsubscribe fr

Re: [PATCH 02/10] gfs2: Remove gfs2_xattr_acl_chmod

On Mon, 30 Nov 2015, Andreas Gruenbacher wrote: > Function gfs2_xattr_acl_chmod is unused since commit e01580bf. > > Signed-off-by: Andreas Gruenbacher > Cc: Steven Whitehouse > Cc: Bob Peterson > Cc: cluster-de...@redhat.com Reviewed-by: James Morris -- James Morris

Re: [PATCH 01/10] vfs: Remove vfs_xattr_cmp

On Mon, 30 Nov 2015, Andreas Gruenbacher wrote: > This function was only briefly used in security/integrity/evm, between > commits 66dbc325 and 15647eb3. > > Signed-off-by: Andreas Gruenbacher Reviewed-by: James Morris -- James Morris -- To unsubscribe from this list: s

Re: [PATCH 01/10] vfs: Remove vfs_xattr_cmp

On Mon, 30 Nov 2015, Andreas Gruenbacher wrote: > This function was only briefly used in security/integrity/evm, between > commits 66dbc325 and 15647eb3. > > Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: James Morris <james.l.mor...@oracle.com>

Re: [PATCH 02/10] gfs2: Remove gfs2_xattr_acl_chmod

t; > Cc: cluster-de...@redhat.com Reviewed-by: James Morris <james.l.mor...@oracle.com> -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info

Re: [PATCH 03/10] posix acls: Remove duplicate xattr name definitions

On Mon, 30 Nov 2015, Andreas Gruenbacher wrote: > Remove POSIX_ACL_XATTR_{ACCESS,DEFAULT} and GFS2_POSIX_ACL_{ACCESS,DEFAULT} > and replace them with the definitions in . > > Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: James Morris <jame

Re: [PATCH 04/10] vfs: Distinguish between full xattr names and proper prefixes

x and with a non-empty suffix. > > This patch should avoid bugs like the one fixed in commit c361016a in > the future. > > Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Is it worth making an inline wrapper for 'handler->prefix ?: handler->name' ? Rev

Re: [PATCH 07/10] tmpfs: listxattr should include POSIX ACL xattrs

linux...@kvack.org Reviewed-by: James Morris <james.l.mor...@oracle.com> -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vge

Re: [PATCH 06/10] tmpfs: Use xattr handler infrastructure

to implement kernfs_iop_removexattr as well. > > Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> > Cc: Hugh Dickins <hu...@google.com> > Cc: linux...@kvack.org Reviewed-by: James Morris <james.l.mor...@oracle.com> -- James Morris <jmor...@namei.org>

Re: [PATCH 10/10] xattr handlers: Simplify list operation

gt; > *result += total_len; > > + /* FIXME: Not checking the ->list operation here ... */ > + What does this mean? -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to ma

[GIT PULL] security: updated fixes for 4.4

handling of stored error in a negatively instantiated user key James Morris (1): Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into for-linus2 Stephen Smalley (1): selinux: fix bug in conditional rules handling security/keys/encrypted-keys/encrypted.c |2

[GIT PULL] security: KEYS: Fix handling of stored error in a negatively instantiated user key

David Howells Acked-by: Mimi Zohar Signed-off-by: James Morris diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index 927db9f..696ccfa 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c @@

[GIT PULL] security: KEYS: Fix handling of stored error in a negatively instantiated user key

Vyukov <dvyu...@google.com> Signed-off-by: David Howells <dhowe...@redhat.com> Acked-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.mor...@oracle.com> diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encryp

[GIT PULL] security: updated fixes for 4.4

handling of stored error in a negatively instantiated user key James Morris (1): Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into for-linus2 Stephen Smalley (1): selinux: fix bug in conditional rules handling security/keys/encrypted-keys/encrypted.c |2

Re: [PATCH] KEYS: Fix handling of stored error in a negatively instantiated user key

On Tue, 24 Nov 2015, David Howells wrote: > Hi James, > > Can this be passed straight to Linus please? Is this triggerable by normal users? -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@v

Re: [PATCH 3.2 46/52] fs: make dumpable=2 require fully qualified path

On Tue, 24 Nov 2015, Ben Hutchings wrote: > 3.2.74-rc1 review patch. If anyone has any objections, please let me know. > > -- > > From: Kees Cook > > commit 9520628e8ceb69fa9a4aee6b57f22675d9e1b709 upstream. > Reviewed-by: James M

Re: [PATCH 3.2 46/52] fs: make dumpable=2 require fully qualified path

On Tue, 24 Nov 2015, Ben Hutchings wrote: > 3.2.74-rc1 review patch. If anyone has any objections, please let me know. > > -- > > From: Kees Cook <keesc...@chromium.org> > > commit 9520628e8ceb69fa9a4aee6b57f22675d9e1b709 upstream. > Reviewed

Re: [PATCH] KEYS: Fix handling of stored error in a negatively instantiated user key

On Tue, 24 Nov 2015, David Howells wrote: > Hi James, > > Can this be passed straight to Linus please? Is this triggerable by normal users? -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the bo

Re: [PATCH 2/2] keys, trusted: seal with a policy

On Wed, 18 Nov 2015, Jarkko Sakkinen wrote: > On Wed, Nov 18, 2015 at 11:21:01AM +1100, James Morris wrote: > > On Tue, 17 Nov 2015, Jarkko Sakkinen wrote: > > > > > } > > > break; > > > + case Opt_polic

Re: [PATCH 2/2] keys, trusted: seal with a policy

On Wed, 18 Nov 2015, Jarkko Sakkinen wrote: > On Wed, Nov 18, 2015 at 11:21:01AM +1100, James Morris wrote: > > On Tue, 17 Nov 2015, Jarkko Sakkinen wrote: > > > > > } > > > break; > > > + case Opt_polic

Re: [PATCH v3 0/7] User namespace mount updates

; Because hosting companies sell containers as "full virtual machines" > and customers expect to be able mount stuff like disk images they upload. I don't think this is a valid reason for merging functionality into the kernel. -- James Morris -- To unsubscribe from this list: send the line &qu

Re: [PATCH v3 0/7] User namespace mount updates

GI... > > Because hosting companies sell containers as "full virtual machines" > and customers expect to be able mount stuff like disk images they upload. I don't think this is a valid reason for merging functionality into the kernel. -- James Morris <jmor...@namei.o

Re: [PATCH 2/2] keys, trusted: seal with a policy

return -EINVAL; Do you need to kfree it here on error? -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Re: [PATCH v3 7/7] Smack: Handle labels consistently in untrusted mounts

On Tue, 17 Nov 2015, Seth Forshee wrote: > + sbsp = inode->i_sb->s_security; > + if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && Where is SMK_SB_UNTRUSTED defined? I can't see it in this patch series, mainline or security next. -- James Morris -- To unsub

Re: [PATCH v3 6/7] userns: Replace in_userns with current_in_userns

f-by: Seth Forshee Nice cleanup. Acked-by: James Morris -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read th

Re: [PATCH v3 5/7] selinux: Add support for unprivileged mounts from user namespaces

; Acked-by: Stephen Smalley Acked-by: James Morris -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Re: [PATCH v3 4/7] fs: Treat foreign mounts as nosuid

caller's security context in a way that should not have been > possible, even inside the namespace in which the task is confined. > > As a hardening measure, this would have made CVE-2014-5207 much > more difficult to exploit. > > Signed-off-by: Andy Lutomirski > Signed-off-by: Se

Re: [PATCH 1/2] security: remove unused cap_is_fs_cap function

inux-security.git next -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Re: [PATCH 2/2] security/capability.h: cap_issubset/isclear can be boolean

ux/kernel/git/jmorris/linux-security.git next -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

<    5   6   7   8   9   10   11   12   13   14   >