On Mon, 16 May 2016, David Howells wrote:
> James Morris wrote:
>
> > I'm seeing this with the 4.6 kernel build:
> >
> > CHK include/generated/compile.h
> > make[1]: *** No rule to make target `signing_key.pem', needed by
> > `certs/signing_key.x509'.
I'm seeing this with the 4.6 kernel build:
CHK include/generated/compile.h
make[1]: *** No rule to make target `signing_key.pem', needed by
`certs/signing_key.x509'. Stop.
make: *** [certs] Error 2
--
James Morris
<jmor...@namei.org>
I'm seeing this with the 4.6 kernel build:
CHK include/generated/compile.h
make[1]: *** No rule to make target `signing_key.pem', needed by
`certs/signing_key.x509'. Stop.
make: *** [certs] Error 2
--
James Morris
/linux-fs.git
> tags/keys-next-20160505
>
> for you to fetch changes up to d55201ce08bfae40ae0062be126f49471a55bcad:
>
> Merge branch 'keys-trust' into keys-next (2016-05-04 17:20:20 +0100)
Pulled.
--
James Morris
<jmor...@namei.org>
/linux-fs.git
> tags/keys-next-20160505
>
> for you to fetch changes up to d55201ce08bfae40ae0062be126f49471a55bcad:
>
> Merge branch 'keys-trust' into keys-next (2016-05-04 17:20:20 +0100)
Pulled.
--
James Morris
se atomic allocations when reporting (2016-05-04 10:54:05 -0700)
>
Pulled to -next.
--
James Morris
<jmor...@namei.org>
se atomic allocations when reporting (2016-05-04 10:54:05 -0700)
>
Pulled to -next.
--
James Morris
dering used for displaying the IMA policy.
Fixes: d9ddf077bb85 ("ima: support for kexec image and initramfs")
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Tested-by: Eric Richter <eric...@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l
policy.
Fixes: d9ddf077bb85 ("ima: support for kexec image and initramfs")
Signed-off-by: Mimi Zohar
Tested-by: Eric Richter
Signed-off-by: James Morris
diff --git a/security/integrity/ima/ima_policy.c
b/security/integrity/ima/ima_policy.c
index be09e2c..3cd0
Smack will deny the writes for
> any user without global CAP_MAC_ADMIN, so loosening the
> capability check in commoncap is safe in this respect as well.
>
> Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
> Acked-by: Serge Hallyn <serge.hal...@canonical.com>
Acked-
Smack will deny the writes for
> any user without global CAP_MAC_ADMIN, so loosening the
> capability check in commoncap is safe in this respect as well.
>
> Signed-off-by: Seth Forshee
> Acked-by: Serge Hallyn
Acked-by: James Morris
--
James Morris
pplied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
--
James Morris
<jmor...@namei.org>
fiers]
> static inline const char * const kernel_read_file_id_str(enum
> kernel_read_file_id id)
>
> Reported-by: Andy Shevchenko
> Signed-off-by: Kees Cook
> ---
> This is for linux-security next
> ---
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
--
James Morris
e and firmware loading to the read-only crypto-verified dm-verity
> partition so that kernel module signing is not needed.
>
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
--
James Morris
<jmor...@namei.org>
e and firmware loading to the read-only crypto-verified dm-verity
> partition so that kernel module signing is not needed.
>
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
--
James Morris
://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
for-linus
Colin Ian King (1):
ASN.1: fix open failure check on headername
James Morris (1):
Merge tag 'keys-fixes-20160412' of
git://git.kernel.org/.../dhowells/linux-fs into for-linus
Jerome Marchand (1
://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
for-linus
Colin Ian King (1):
ASN.1: fix open failure check on headername
James Morris (1):
Merge tag 'keys-fixes-20160412' of
git://git.kernel.org/.../dhowells/linux-fs into for-linus
Jerome Marchand (1
e and firmware loading to the read-only crypto-verified dm-verity
> partition so that kernel module signing is not needed.
>
This all looks good to me, just waiting now for the const fix suggested by
Joe.
--
James Morris
<jmor...@namei.org>
e and firmware loading to the read-only crypto-verified dm-verity
> partition so that kernel module signing is not needed.
>
This all looks good to me, just waiting now for the const fix suggested by
Joe.
--
James Morris
to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
--
James Morris
<jmor...@namei.org>
pub/scm/linux/kernel/git/jmorris/linux-security.git next
--
James Morris
and operational practices
* Emerging technologies, threats & techniques
Proposals should be submitted via the event web site:
http://events.linuxfoundation.org/events/linux-security-summit/program/cfp
PROGRAM COMMITTEE
The Linux Security Summit for 2016 is organized by:
* J
and operational practices
* Emerging technologies, threats & techniques
Proposals should be submitted via the event web site:
http://events.linuxfoundation.org/events/linux-security-summit/program/cfp
PROGRAM COMMITTEE
The Linux Security Summit for 2016 is organized by:
* J
):
tpm_eventlog.c: fix binary_bios_measurements
James Morris (4):
Merge branch 'smack-for-4.6' of https://github.com/cschaufler/smack-next
into next
Merge branch 'next' of git://git.kernel.org/.../zohar/linux-integrity
into next
Merge branch 'stable-4.6' of
git
):
tpm_eventlog.c: fix binary_bios_measurements
James Morris (4):
Merge branch 'smack-for-4.6' of https://github.com/cschaufler/smack-next
into next
Merge branch 'next' of git://git.kernel.org/.../zohar/linux-integrity
into next
Merge branch 'stable-4.6' of
git
On 03/08/2016 10:48 AM, James Morris wrote:
On 03/08/2016 06:54 AM, Andy Lutomirski wrote:
This makes sense, but I still think the design is poor. If the hacker
gets code execution, then they can trivially brute force the ADI bits.
ADI in this scenario is intended to prevent the attacker
On 03/08/2016 10:48 AM, James Morris wrote:
On 03/08/2016 06:54 AM, Andy Lutomirski wrote:
This makes sense, but I still think the design is poor. If the hacker
gets code execution, then they can trivially brute force the ADI bits.
ADI in this scenario is intended to prevent the attacker
On 03/08/2016 06:54 AM, Andy Lutomirski wrote:
This makes sense, but I still think the design is poor. If the hacker
gets code execution, then they can trivially brute force the ADI bits.
ADI in this scenario is intended to prevent the attacker from gaining
code execution in the first
On 03/08/2016 06:54 AM, Andy Lutomirski wrote:
This makes sense, but I still think the design is poor. If the hacker
gets code execution, then they can trivially brute force the ADI bits.
ADI in this scenario is intended to prevent the attacker from gaining
code execution in the first
On 03/08/2016 07:58 AM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 13:41:39 -0700
Shared data may not always be backed by a file. My understanding is
one of the use cases is for in-memory databases. This shared space
could also be used to hand off
On 03/08/2016 07:58 AM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 13:41:39 -0700
Shared data may not always be backed by a file. My understanding is
one of the use cases is for in-memory databases. This shared space
could also be used to hand off transactions in flight to
On Fri, 4 Mar 2016, David Howells wrote:
> Hi James,
>
> Could you pull this into security/next, please?
>
Done.
--
James Morris
<jmor...@namei.org>
On Fri, 4 Mar 2016, David Howells wrote:
> Hi James,
>
> Could you pull this into security/next, please?
>
Done.
--
James Morris
kernel/git/jmorris/linux-security.git next
--
James Morris
<jmor...@namei.org>
On Tue, 1 Mar 2016, Jarkko Sakkinen wrote:
> Updated GIT and patchwork location both of which were out-of-sync or
> actually patchwork location was incorrect.
>
> Signed-off-by: Jarkko Sakkinen
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
to dev_dbg()
>
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
--
James Morris
<jmor...@namei.org>
to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
--
James Morris
t; tpm_tis: fix build warning with tpm_tis_resume (2016-02-26 11:32:07 +0200)
>
>
> tpmdd fix
>
>
> Jarkko Sakkinen (1):
> tpm_tis: fix
t; tpm_tis: fix build warning with tpm_tis_resume (2016-02-26 11:32:07 +0200)
>
>
> tpmdd fix
>
>
> Jarkko Sakkinen (1):
> tpm_tis: fix build warning with tpm_tis_resume
>
Pulled to -next.
--
James Morris
in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
for-linus
Andreas Gruenbacher (1):
selinux: Don't sleep inside inode_getsecid hook
James Morris (1):
Merge branch 'stable-4.5' of
git://git.infradead.org/users/pcmoore/selinux
in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
for-linus
Andreas Gruenbacher (1):
selinux: Don't sleep inside inode_getsecid hook
James Morris (1):
Merge branch 'stable-4.5' of
git://git.infradead.org/users/pcmoore/selinux
things have worked well.
>
Send me a pull request just for the fix.
I won't be pushing these changes to Linus for 4.5, they'll have to wait
until the 4.6.
--
James Morris
<jmor...@namei.org>
things have worked well.
>
Send me a pull request just for the fix.
I won't be pushing these changes to Linus for 4.5, they'll have to wait
until the 4.6.
--
James Morris
On Thu, 25 Feb 2016, Jerry Snitselaar wrote:
> On Mon Feb 22 16, Jarkko Sakkinen wrote:
> >On Mon, Feb 22, 2016 at 12:56:53PM +1100, James Morris wrote:
> > > On Sat, 20 Feb 2016, Jarkko Sakkinen wrote:
> > >
> > > > Hi James,
> > > >
On Thu, 25 Feb 2016, Jerry Snitselaar wrote:
> On Mon Feb 22 16, Jarkko Sakkinen wrote:
> >On Mon, Feb 22, 2016 at 12:56:53PM +1100, James Morris wrote:
> > > On Sat, 20 Feb 2016, Jarkko Sakkinen wrote:
> > >
> > > > Hi James,
> > > >
fixes. It means the code was not ready to be merged in the first place.
Also, any idea why I'm seeing this:
drivers/char/tpm/tpm_tis.c:838: warning: ‘tpm_tis_resume’ defined but not
used
--
James Morris
<jmor...@namei.org>
fixes. It means the code was not ready to be merged in the first place.
Also, any idea why I'm seeing this:
drivers/char/tpm/tpm_tis.c:838: warning: ‘tpm_tis_resume’ defined but not
used
--
James Morris
following changes since commit 388f7b1d6e8ca06762e2454d28d6c3c55ad0fe95:
>
> Linux 4.5-rc3 (2016-02-07 15:38:30 -0800)
>
> are available in the git repository at:
>
> https://github.com/jsakkine/linux-tpmdd.git tags/tpmdd-next-20160210
>
> for you to fetch changes up to 8e0ee3c9faed7ca68807ea4
following changes since commit 388f7b1d6e8ca06762e2454d28d6c3c55ad0fe95:
>
> Linux 4.5-rc3 (2016-02-07 15:38:30 -0800)
>
> are available in the git repository at:
>
> https://github.com/jsakkine/linux-tpmdd.git tags/tpmdd-next-20160210
>
> for you to fetch changes up to 8e0ee3c9faed7ca68807ea45141775856c438ac0:
Pulled to next.
--
James Morris
-off-by: Mimi Zohar
Signed-off-by: James Morris
diff --git a/security/integrity/evm/evm_main.c
b/security/integrity/evm/evm_main.c
index f716025..e6ea9d4 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -23,6 +23,7 @@
#include
#include
#include
off-by: Ryan Ware <w...@linux.intel.com>
Cc: sta...@vger.kernel.org
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l.mor...@oracle.com>
diff --git a/security/integrity/evm/evm_main.c
b/security/integrity/evm/evm_main.c
said that you'll
> > fix it up later. Sorry for the misunderstanding. Do you want me to
> > revert?
>
> If you can back them out, I'll apply them to my keys-next branch. Unless
> James is willing to rebase security/next on top of your crypto branch?
>
I don't want to rebase my tree.
--
James Morris
se or do you want to pull this first?
>
> I could rebase that new pull request to -rc3 to which security/next is
> now rebased.
>
The latter is probably best.
--
James Morris
se or do you want to pull this first?
>
> I could rebase that new pull request to -rc3 to which security/next is
> now rebased.
>
The latter is probably best.
--
James Morris
<jmor...@namei.org>
going in now as you said that you'll
> > fix it up later. Sorry for the misunderstanding. Do you want me to
> > revert?
>
> If you can back them out, I'll apply them to my keys-next branch. Unless
> James is willing to rebase security/next on top of your crypto branch?
>
I don't want to rebase my tree.
--
James Morris
<jmor...@namei.org>
Signed-off-by: Andreas Gruenbacher
> Cc: # 4.4
Acked-by: James Morris
--
James Morris
ed-off-by: Mateusz Guzik <mgu...@redhat.com>
> Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
> Cc: <sta...@vger.kernel.org> # 4.4
Acked-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<jmor...@namei.org>
On Wed, 27 Jan 2016, David Howells wrote:
> Hi James,
>
> Can you pass this onto Linus asap? The thing it fixes breaks kerberos and
> sssd.
>
I'd like to see some acks on this.
--
James Morris
On Wed, 27 Jan 2016, David Howells wrote:
> Hi James,
>
> Can you pass this onto Linus asap? The thing it fixes breaks kerberos and
> sssd.
>
I'd like to see some acks on this.
--
James Morris
<jmor...@namei.org>
> Partially revert commit 41c89b64d7184a780f12f2cccdabe65cb2408893:
>
> Author: Petko Manolov
> Date: Wed Dec 2 17:47:55 2015 +0200
> IMA: create machine owner and blacklist keyrings
>
If you need this applied to a tree, please state which.
> Partially revert commit 41c89b64d7184a780f12f2cccdabe65cb2408893:
>
> Author: Petko Manolov <pet...@mip-labs.com>
> Date: Wed Dec 2 17:47:55 2015 +0200
> IMA: create machine owner and blacklist keyrings
>
If you need this applied to a tree, please
...@vger.kernel.org
Signed-off-by: James Morris
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index fb111ea..1c3872a 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -751,16 +751,16 @@ long keyctl_read_key(key_serial_t keyid, char __user
*buffer, size_
d Howells <dhowe...@redhat.com>
Tested-by: Dmitry Vyukov <dvyu...@google.com>
Cc: sta...@vger.kernel.org
Signed-off-by: James Morris <james.l.mor...@oracle.com>
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index fb111ea..1c3872a 100644
--- a/security/k
ption of small fix from Stefan to tpm_ibmvtpm, which I considered
> trivial enough to be included.
>
Applied.
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at
ption of small fix from Stefan to tpm_ibmvtpm, which I considered
> trivial enough to be included.
>
Applied.
--
James Morris
<jmor...@namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger
On Mon, 7 Dec 2015, Jarkko Sakkinen wrote:
> On Fri, Nov 20, 2015 at 01:34:35PM +1100, James Morris wrote:
> > On Wed, 18 Nov 2015, Jarkko Sakkinen wrote:
> >
> > > On Wed, Nov 18, 2015 at 11:21:01AM +1100, James Morris wrote:
> > > > On Tue
On Mon, 7 Dec 2015, Jarkko Sakkinen wrote:
> On Fri, Nov 20, 2015 at 01:34:35PM +1100, James Morris wrote:
> > On Wed, 18 Nov 2015, Jarkko Sakkinen wrote:
> >
> > > On Wed, Nov 18, 2015 at 11:21:01AM +1100, James Morris wrote:
> > > > On Tue
gt;
> *result += total_len;
>
> + /* FIXME: Not checking the ->list operation here ... */
> +
What does this mean?
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
On Mon, 30 Nov 2015, Andreas Gruenbacher wrote:
> When a file on tmpfs has an ACL or a Default ACL, listxattr should include the
> corresponding xattr name.
>
> Signed-off-by: Andreas Gruenbacher
> Cc: Hugh Dickins
> Cc: linux...@kvack.org
Reviewed-by: James Morris
to implement kernfs_iop_removexattr as well.
>
> Signed-off-by: Andreas Gruenbacher
> Cc: Hugh Dickins
> Cc: linux...@kvack.org
Reviewed-by: James Morris
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message
x and with a non-empty suffix.
>
> This patch should avoid bugs like the one fixed in commit c361016a in
> the future.
>
> Signed-off-by: Andreas Gruenbacher
Is it worth making an inline wrapper for 'handler->prefix ?:
handler->name' ?
Reviewed-by: James Morris
--
Jame
On Mon, 30 Nov 2015, Andreas Gruenbacher wrote:
> Remove POSIX_ACL_XATTR_{ACCESS,DEFAULT} and GFS2_POSIX_ACL_{ACCESS,DEFAULT}
> and replace them with the definitions in .
>
> Signed-off-by: Andreas Gruenbacher
Reviewed-by: James Morris
--
James Morris
--
To unsubscribe fr
On Mon, 30 Nov 2015, Andreas Gruenbacher wrote:
> Function gfs2_xattr_acl_chmod is unused since commit e01580bf.
>
> Signed-off-by: Andreas Gruenbacher
> Cc: Steven Whitehouse
> Cc: Bob Peterson
> Cc: cluster-de...@redhat.com
Reviewed-by: James Morris
--
James Morris
On Mon, 30 Nov 2015, Andreas Gruenbacher wrote:
> This function was only briefly used in security/integrity/evm, between
> commits 66dbc325 and 15647eb3.
>
> Signed-off-by: Andreas Gruenbacher
Reviewed-by: James Morris
--
James Morris
--
To unsubscribe from this list: s
On Mon, 30 Nov 2015, Andreas Gruenbacher wrote:
> This function was only briefly used in security/integrity/evm, between
> commits 66dbc325 and 15647eb3.
>
> Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: James Morris <james.l.mor...@oracle.com>
t;
> Cc: cluster-de...@redhat.com
Reviewed-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<jmor...@namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info
On Mon, 30 Nov 2015, Andreas Gruenbacher wrote:
> Remove POSIX_ACL_XATTR_{ACCESS,DEFAULT} and GFS2_POSIX_ACL_{ACCESS,DEFAULT}
> and replace them with the definitions in .
>
> Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: James Morris <jame
x and with a non-empty suffix.
>
> This patch should avoid bugs like the one fixed in commit c361016a in
> the future.
>
> Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Is it worth making an inline wrapper for 'handler->prefix ?:
handler->name' ?
Rev
linux...@kvack.org
Reviewed-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<jmor...@namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vge
to implement kernfs_iop_removexattr as well.
>
> Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
> Cc: Hugh Dickins <hu...@google.com>
> Cc: linux...@kvack.org
Reviewed-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<jmor...@namei.org>
gt;
> *result += total_len;
>
> + /* FIXME: Not checking the ->list operation here ... */
> +
What does this mean?
--
James Morris
<jmor...@namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to ma
handling of stored error in a negatively instantiated user key
James Morris (1):
Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux
into for-linus2
Stephen Smalley (1):
selinux: fix bug in conditional rules handling
security/keys/encrypted-keys/encrypted.c |2
David Howells
Acked-by: Mimi Zohar
Signed-off-by: James Morris
diff --git a/security/keys/encrypted-keys/encrypted.c
b/security/keys/encrypted-keys/encrypted.c
index 927db9f..696ccfa 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@
Vyukov <dvyu...@google.com>
Signed-off-by: David Howells <dhowe...@redhat.com>
Acked-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l.mor...@oracle.com>
diff --git a/security/keys/encrypted-keys/encrypted.c
b/security/keys/encryp
handling of stored error in a negatively instantiated user key
James Morris (1):
Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux
into for-linus2
Stephen Smalley (1):
selinux: fix bug in conditional rules handling
security/keys/encrypted-keys/encrypted.c |2
On Tue, 24 Nov 2015, David Howells wrote:
> Hi James,
>
> Can this be passed straight to Linus please?
Is this triggerable by normal users?
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@v
On Tue, 24 Nov 2015, Ben Hutchings wrote:
> 3.2.74-rc1 review patch. If anyone has any objections, please let me know.
>
> --
>
> From: Kees Cook
>
> commit 9520628e8ceb69fa9a4aee6b57f22675d9e1b709 upstream.
>
Reviewed-by: James M
On Tue, 24 Nov 2015, Ben Hutchings wrote:
> 3.2.74-rc1 review patch. If anyone has any objections, please let me know.
>
> --
>
> From: Kees Cook <keesc...@chromium.org>
>
> commit 9520628e8ceb69fa9a4aee6b57f22675d9e1b709 upstream.
>
Reviewed
On Tue, 24 Nov 2015, David Howells wrote:
> Hi James,
>
> Can this be passed straight to Linus please?
Is this triggerable by normal users?
--
James Morris
<jmor...@namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the bo
On Wed, 18 Nov 2015, Jarkko Sakkinen wrote:
> On Wed, Nov 18, 2015 at 11:21:01AM +1100, James Morris wrote:
> > On Tue, 17 Nov 2015, Jarkko Sakkinen wrote:
> >
> > > }
> > > break;
> > > + case Opt_polic
On Wed, 18 Nov 2015, Jarkko Sakkinen wrote:
> On Wed, Nov 18, 2015 at 11:21:01AM +1100, James Morris wrote:
> > On Tue, 17 Nov 2015, Jarkko Sakkinen wrote:
> >
> > > }
> > > break;
> > > + case Opt_polic
; Because hosting companies sell containers as "full virtual machines"
> and customers expect to be able mount stuff like disk images they upload.
I don't think this is a valid reason for merging functionality into the
kernel.
--
James Morris
--
To unsubscribe from this list: send the line &qu
GI...
>
> Because hosting companies sell containers as "full virtual machines"
> and customers expect to be able mount stuff like disk images they upload.
I don't think this is a valid reason for merging functionality into the
kernel.
--
James Morris
<jmor...@namei.o
return -EINVAL;
Do you need to kfree it here on error?
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
On Tue, 17 Nov 2015, Seth Forshee wrote:
> + sbsp = inode->i_sb->s_security;
> + if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
Where is SMK_SB_UNTRUSTED defined?
I can't see it in this patch series, mainline or security next.
--
James Morris
--
To unsub
f-by: Seth Forshee
Nice cleanup.
Acked-by: James Morris
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read th
; Acked-by: Stephen Smalley
Acked-by: James Morris
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
caller's security context in a way that should not have been
> possible, even inside the namespace in which the task is confined.
>
> As a hardening measure, this would have made CVE-2014-5207 much
> more difficult to exploit.
>
> Signed-off-by: Andy Lutomirski
> Signed-off-by: Se
inux-security.git next
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
ux/kernel/git/jmorris/linux-security.git next
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
901 - 1000 of 2193 matches
Mail list logo