Re: [GIT PULL] Security subsystem updates for v5.9

The pull request you sent on Tue, 11 Aug 2020 04:55:33 +1000 (AEST): > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git > tags/for-v5.9 has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/ce13266d97b198934e86166491bfa4938e96508f Thank you! --

[GIT PULL] Security subsystem updates for v5.9

A couple of minor documentation updates only for this release. Please pull. --- The following changes since commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162: Linux 5.7 (2020-05-31 16:49:15 -0700) are available in the Git repository at:

Re: [GIT PULL] Security subsystem updates for v4.16

On Wed, 31 Jan 2018, Linus Torvalds wrote: > On Sun, Jan 28, 2018 at 3:41 PM, James Morris wrote: > > > > Note that individual trees may also be pulled via: > > > > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git > > next-integrity > >

Re: [GIT PULL] Security subsystem updates for v4.16

On Wed, 31 Jan 2018, Linus Torvalds wrote: > On Sun, Jan 28, 2018 at 3:41 PM, James Morris wrote: > > > > Note that individual trees may also be pulled via: > > > > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git > > next-integrity > > next-smack > >

Re: [GIT PULL] Security subsystem updates for v4.16

On Sun, Jan 28, 2018 at 3:41 PM, James Morris wrote: > > Note that individual trees may also be pulled via: > > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git > next-integrity > next-smack > next-tpm So I did that, because it

Re: [GIT PULL] Security subsystem updates for v4.16

On Sun, Jan 28, 2018 at 3:41 PM, James Morris wrote: > > Note that individual trees may also be pulled via: > > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git > next-integrity > next-smack > next-tpm So I did that, because it makes it easier and

[GIT PULL] Security subsystem updates for v4.16

Please pull these updates for the security subsystem. Summary: - Integrity (from Mimi Zohar) "This pull request contains a mixture of bug fixes, code cleanup, and new functionality. Of note is the integrity cache locking fix, file change detection, and support for a new EVM portable and

[GIT PULL] Security subsystem updates for v4.16

Please pull these updates for the security subsystem. Summary: - Integrity (from Mimi Zohar) "This pull request contains a mixture of bug fixes, code cleanup, and new functionality. Of note is the integrity cache locking fix, file change detection, and support for a new EVM portable and

Re: [GIT PULL] Security subsystem updates for 4.14

On Sat, 2017-09-09 at 05:57 +1000, James Morris wrote: > On Fri, 8 Sep 2017, Linus Torvalds wrote: > > > Now the whole security pull will be ignored because of this thing. I > > refuse to pull garbage where I notice major fundamental problems in > > code that has obviously never ever been tested.

Re: [GIT PULL] Security subsystem updates for 4.14

On Sat, 2017-09-09 at 05:57 +1000, James Morris wrote: > On Fri, 8 Sep 2017, Linus Torvalds wrote: > > > Now the whole security pull will be ignored because of this thing. I > > refuse to pull garbage where I notice major fundamental problems in > > code that has obviously never ever been tested.

Re: [GIT PULL] Security subsystem updates for 4.14

On Thu, Sep 14, 2017 at 2:13 PM, James Morris wrote: > On Thu, 14 Sep 2017, Kees Cook wrote: > >> How separable are the patches, normally? > > They're usually mostly separate, but may depend on some core LSM change, > or similar. > > Casey has mentioned off-list that it is

Re: [GIT PULL] Security subsystem updates for 4.14

On Thu, Sep 14, 2017 at 2:13 PM, James Morris wrote: > On Thu, 14 Sep 2017, Kees Cook wrote: > >> How separable are the patches, normally? > > They're usually mostly separate, but may depend on some core LSM change, > or similar. > > Casey has mentioned off-list that it is useful to have a

Re: [GIT PULL] Security subsystem updates for 4.14

On Thu, 14 Sep 2017, Kees Cook wrote: > How separable are the patches, normally? They're usually mostly separate, but may depend on some core LSM change, or similar. Casey has mentioned off-list that it is useful to have a coherent up to date security branch to work against when making core

Re: [GIT PULL] Security subsystem updates for 4.14

On Thu, 14 Sep 2017, Kees Cook wrote: > How separable are the patches, normally? They're usually mostly separate, but may depend on some core LSM change, or similar. Casey has mentioned off-list that it is useful to have a coherent up to date security branch to work against when making core

Re: [GIT PULL] Security subsystem updates for 4.14

On Sat, Sep 9, 2017 at 9:32 PM, James Morris wrote: > On Fri, 8 Sep 2017, Paul Moore wrote: > >> > This is also why I tend to prefer getting multiple branches for >> > independent things. > > [...] > >> >> Is it time to start sending pull request for each LSM and thing under >>

Re: [GIT PULL] Security subsystem updates for 4.14

On Sat, Sep 9, 2017 at 9:32 PM, James Morris wrote: > On Fri, 8 Sep 2017, Paul Moore wrote: > >> > This is also why I tend to prefer getting multiple branches for >> > independent things. > > [...] > >> >> Is it time to start sending pull request for each LSM and thing under >> security/

Re: [GIT PULL] Security subsystem updates for 4.14

On Sun, Sep 10, 2017 at 12:32 AM, James Morris wrote: > On Fri, 8 Sep 2017, Paul Moore wrote: > >> > This is also why I tend to prefer getting multiple branches for >> > independent things. > > [...] > >> >> Is it time to start sending pull request for each LSM and thing under

Re: [GIT PULL] Security subsystem updates for 4.14

On Sun, Sep 10, 2017 at 12:32 AM, James Morris wrote: > On Fri, 8 Sep 2017, Paul Moore wrote: > >> > This is also why I tend to prefer getting multiple branches for >> > independent things. > > [...] > >> >> Is it time to start sending pull request for each LSM and thing under >> security/

Re: [GIT PULL] Security subsystem updates for 4.14

On Sun, 2017-09-10 at 23:38 -0700, Christoph Hellwig wrote: > On Sun, Sep 10, 2017 at 10:02:42AM -0400, Mimi Zohar wrote: > > We need to differentiate between policies and x509 certificates.  In > > the policy case, they need to be signed and appraised, while in the > > x509 certificate case, the

Re: [GIT PULL] Security subsystem updates for 4.14

On Sun, 2017-09-10 at 23:38 -0700, Christoph Hellwig wrote: > On Sun, Sep 10, 2017 at 10:02:42AM -0400, Mimi Zohar wrote: > > We need to differentiate between policies and x509 certificates.  In > > the policy case, they need to be signed and appraised, while in the > > x509 certificate case, the

Re: [GIT PULL] Security subsystem updates for 4.14

On Sun, Sep 10, 2017 at 10:02:42AM -0400, Mimi Zohar wrote: > We need to differentiate between policies and x509 certificates.  In > the policy case, they need to be signed and appraised, while in the > x509 certificate case, the certificate itself is signed so the file > doesn't need to be signed

Re: [GIT PULL] Security subsystem updates for 4.14

On Sun, Sep 10, 2017 at 10:02:42AM -0400, Mimi Zohar wrote: > We need to differentiate between policies and x509 certificates.  In > the policy case, they need to be signed and appraised, while in the > x509 certificate case, the certificate itself is signed so the file > doesn't need to be signed

Re: [GIT PULL] Security subsystem updates for 4.14

On Sun, 2017-09-10 at 01:10 -0700, Christoph Hellwig wrote: > On Fri, Sep 08, 2017 at 10:25:53AM -0700, Linus Torvalds wrote: > > I don't think anybody actually tests linux-next kernels in any big > > way, and the automated tests that do get run probably don't run with > > any integrity checking

Re: [GIT PULL] Security subsystem updates for 4.14

On Sun, 2017-09-10 at 01:10 -0700, Christoph Hellwig wrote: > On Fri, Sep 08, 2017 at 10:25:53AM -0700, Linus Torvalds wrote: > > I don't think anybody actually tests linux-next kernels in any big > > way, and the automated tests that do get run probably don't run with > > any integrity checking

Re: [GIT PULL] Security subsystem updates for 4.14

On Sun, Sep 10, 2017 at 03:13:23AM -0400, Mimi Zohar wrote: > > From a file integrity perspective this would be interesting, but that > only addresses IMA-appraisal, not IMA-integrity or IMA-audit.  We > would still need to calculate the file hash to be included in the > measurement list and used

Re: [GIT PULL] Security subsystem updates for 4.14

On Sun, Sep 10, 2017 at 03:13:23AM -0400, Mimi Zohar wrote: > > From a file integrity perspective this would be interesting, but that > only addresses IMA-appraisal, not IMA-integrity or IMA-audit.  We > would still need to calculate the file hash to be included in the > measurement list and used

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, Sep 08, 2017 at 10:25:53AM -0700, Linus Torvalds wrote: > I don't think anybody actually tests linux-next kernels in any big > way, and the automated tests that do get run probably don't run with > any integrity checking enabled. Well, for the atual IMA deadlock issue I asked Mimi to

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, Sep 08, 2017 at 10:25:53AM -0700, Linus Torvalds wrote: > I don't think anybody actually tests linux-next kernels in any big > way, and the automated tests that do get run probably don't run with > any integrity checking enabled. Well, for the atual IMA deadlock issue I asked Mimi to

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, 2017-09-08 at 18:38 -0400, Theodore Ts'o wrote: > On Fri, Sep 08, 2017 at 02:48:51PM +1000, James Morris wrote: > > > > Mimi and Christoph worked together on this over several iterations -- I'll > > let them respond. > > Mimi --- we should chat next week in LA. I've been working on a >

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, 2017-09-08 at 18:38 -0400, Theodore Ts'o wrote: > On Fri, Sep 08, 2017 at 02:48:51PM +1000, James Morris wrote: > > > > Mimi and Christoph worked together on this over several iterations -- I'll > > let them respond. > > Mimi --- we should chat next week in LA. I've been working on a >

Re: [GIT PULL] Security subsystem updates for 4.14

On Thu, 2017-09-07 at 11:19 -0700, Linus Torvalds wrote: > On Mon, Sep 4, 2017 at 3:29 AM, James Morris wrote: > > > > IMA: > > - A new integrity_read file operation method, avoids races when > > calculating file hashes > > Honestly, this seems really odd. > > It

Re: [GIT PULL] Security subsystem updates for 4.14

On Thu, 2017-09-07 at 11:19 -0700, Linus Torvalds wrote: > On Mon, Sep 4, 2017 at 3:29 AM, James Morris wrote: > > > > IMA: > > - A new integrity_read file operation method, avoids races when > > calculating file hashes > > Honestly, this seems really odd. > > It documents that it needs

Re: [GIT PULL] Security subsystem updates for 4.14

On Sun, 10 Sep 2017, James Morris wrote: > next-apparmor-next (JJ's next branch) > next-integrity-next (Mimi's) > next-tpm-next(Jarkko's) without '-next' on the end... (editing while jetlagged). -- James Morris

Re: [GIT PULL] Security subsystem updates for 4.14

On Sun, 10 Sep 2017, James Morris wrote: > next-apparmor-next (JJ's next branch) > next-integrity-next (Mimi's) > next-tpm-next(Jarkko's) without '-next' on the end... (editing while jetlagged). -- James Morris

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, 8 Sep 2017, Paul Moore wrote: > > This is also why I tend to prefer getting multiple branches for > > independent things. [...] > > Is it time to start sending pull request for each LSM and thing under > security/ directly? I'm not sure I have a strong preference either > way, I just

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, 8 Sep 2017, Paul Moore wrote: > > This is also why I tend to prefer getting multiple branches for > > independent things. [...] > > Is it time to start sending pull request for each LSM and thing under > security/ directly? I'm not sure I have a strong preference either > way, I just

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, 8 Sep 2017, Theodore Ts'o wrote: > On Fri, Sep 08, 2017 at 02:48:51PM +1000, James Morris wrote: > > > > Mimi and Christoph worked together on this over several iterations -- I'll > > let them respond. > > Mimi --- we should chat next week in LA. I've been working on a > design

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, 8 Sep 2017, Theodore Ts'o wrote: > On Fri, Sep 08, 2017 at 02:48:51PM +1000, James Morris wrote: > > > > Mimi and Christoph worked together on this over several iterations -- I'll > > let them respond. > > Mimi --- we should chat next week in LA. I've been working on a > design

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, Sep 08, 2017 at 02:48:51PM +1000, James Morris wrote: > > Mimi and Christoph worked together on this over several iterations -- I'll > let them respond. Mimi --- we should chat next week in LA. I've been working on a design internally at work which proposes a generic VFS-layer library

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, Sep 08, 2017 at 02:48:51PM +1000, James Morris wrote: > > Mimi and Christoph worked together on this over several iterations -- I'll > let them respond. Mimi --- we should chat next week in LA. I've been working on a design internally at work which proposes a generic VFS-layer library

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, 8 Sep 2017, Linus Torvalds wrote: > Now the whole security pull will be ignored because of this thing. I > refuse to pull garbage where I notice major fundamental problems in > code that has obviously never ever been tested. If I revert the change from my my tree, will you pull it then?

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, 8 Sep 2017, Linus Torvalds wrote: > Now the whole security pull will be ignored because of this thing. I > refuse to pull garbage where I notice major fundamental problems in > code that has obviously never ever been tested. If I revert the change from my my tree, will you pull it then?

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, Sep 8, 2017 at 1:25 PM, Linus Torvalds wrote: > On Fri, Sep 8, 2017 at 12:09 AM, Christoph Hellwig wrote: >> >> But yes, for the init-time integrity_read_file this is incorrect. >> It never tripped up, and I explicitly added the lockdep

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, Sep 8, 2017 at 1:25 PM, Linus Torvalds wrote: > On Fri, Sep 8, 2017 at 12:09 AM, Christoph Hellwig wrote: >> >> But yes, for the init-time integrity_read_file this is incorrect. >> It never tripped up, and I explicitly added the lockdep annotations >> so that anything would show up, and

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, Sep 8, 2017 at 12:09 AM, Christoph Hellwig wrote: > > But yes, for the init-time integrity_read_file this is incorrect. > It never tripped up, and I explicitly added the lockdep annotations > so that anything would show up, and it's been half a year since > I sent that

Re: [GIT PULL] Security subsystem updates for 4.14

On Fri, Sep 8, 2017 at 12:09 AM, Christoph Hellwig wrote: > > But yes, for the init-time integrity_read_file this is incorrect. > It never tripped up, and I explicitly added the lockdep annotations > so that anything would show up, and it's been half a year since > I sent that first RFC patch..

Re: [GIT PULL] Security subsystem updates for 4.14

The reason why I send out the original version of this patch is because IMA used to call ->read under i_rwsem, and that deadlocked on XFS and NFS, or ext3/4 with DAX. The call path for that is process_measurement (takes i_rwsem) -> ima_collect_measurement -> ima_calc_file_hash ->

Re: [GIT PULL] Security subsystem updates for 4.14

The reason why I send out the original version of this patch is because IMA used to call ->read under i_rwsem, and that deadlocked on XFS and NFS, or ext3/4 with DAX. The call path for that is process_measurement (takes i_rwsem) -> ima_collect_measurement -> ima_calc_file_hash ->

Re: [GIT PULL] Security subsystem updates for 4.14

On Thu, 7 Sep 2017, Linus Torvalds wrote: > On Mon, Sep 4, 2017 at 3:29 AM, James Morris wrote: > > > > IMA: > > - A new integrity_read file operation method, avoids races when > > calculating file hashes > > Honestly, this seems really odd. > > It documents that it

Re: [GIT PULL] Security subsystem updates for 4.14

On Thu, 7 Sep 2017, Linus Torvalds wrote: > On Mon, Sep 4, 2017 at 3:29 AM, James Morris wrote: > > > > IMA: > > - A new integrity_read file operation method, avoids races when > > calculating file hashes > > Honestly, this seems really odd. > > It documents that it needs to be called

Re: [GIT PULL] Security subsystem updates for 4.14

On Mon, Sep 4, 2017 at 3:29 AM, James Morris wrote: > > IMA: > - A new integrity_read file operation method, avoids races when > calculating file hashes Honestly, this seems really odd. It documents that it needs to be called with i_rwsem held exclusively, and even has

Re: [GIT PULL] Security subsystem updates for 4.14

On Mon, Sep 4, 2017 at 3:29 AM, James Morris wrote: > > IMA: > - A new integrity_read file operation method, avoids races when > calculating file hashes Honestly, this seems really odd. It documents that it needs to be called with i_rwsem held exclusively, and even has a lockdep assert to

[GIT PULL] Security subsystem updates for 4.14

Hi Linus, Here are the security subsystem updates for 4.14. Highlights: AppArmor: - Add mediation of mountpoints and signals - Add support for absolute root view based labels - add base infastructure for socket mediation LSM: - Remove unused security_task_create() hook TPM: - Some

[GIT PULL] Security subsystem updates for 4.14

Hi Linus, Here are the security subsystem updates for 4.14. Highlights: AppArmor: - Add mediation of mountpoints and signals - Add support for absolute root view based labels - add base infastructure for socket mediation LSM: - Remove unused security_task_create() hook TPM: - Some

[GIT PULL] security subsystem updates #3: keys fixes

Hi Linus, Please pull these patches for the keys subsystem, which includes a minor fix and documentation updates. --- The following changes since commit b86faee6d111294fa95a2e89b5f771b2da3c9782: Merge tag 'nfs-for-4.13-1' of git://git.linux-nfs.org/projects/anna/linux-nfs (2017-07-13

[GIT PULL] security subsystem updates #3: keys fixes

Hi Linus, Please pull these patches for the keys subsystem, which includes a minor fix and documentation updates. --- The following changes since commit b86faee6d111294fa95a2e89b5f771b2da3c9782: Merge tag 'nfs-for-4.13-1' of git://git.linux-nfs.org/projects/anna/linux-nfs (2017-07-13

[GIT PULL] security subsystem updates for v4.13

Hi Linus, - This update includes a major update for AppArmor. From JJ: " * several bug fixes and cleanups * the patch to add symlink support to securityfs that was floated on the list earlier and the apparmorfs changes that make use of securityfs symlinks * it introduces the domain

[GIT PULL] security subsystem updates for v4.13

Hi Linus, - This update includes a major update for AppArmor. From JJ: " * several bug fixes and cleanups * the patch to add symlink support to securityfs that was floated on the list earlier and the apparmorfs changes that make use of securityfs symlinks * it introduces the domain

[GIT PULL] Security subsystem updates for v4.12

Hi Linus, Here are the security subsystem updates for v4.12. Highlights: - IMA: provide ">" and "<" operators for fowner/uid/euid rules - KEYS: add a system blacklist keyring - KEYS: add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction functionality to userland via

[GIT PULL] Security subsystem updates for v4.12

Hi Linus, Here are the security subsystem updates for v4.12. Highlights: - IMA: provide ">" and "<" operators for fowner/uid/euid rules - KEYS: add a system blacklist keyring - KEYS: add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction functionality to userland via

[GIT PULL] Security subsystem updates for 4.11 (#2)

Two fixes for the security subsystem: 1) Keys: split both rcu_dereference_key() and user_key_payload() into versions which can be called with or without holding the key semaphore. 2) SELinux: fix Android init(8) breakage due to new cgroup security labeling support when using older policy.

[GIT PULL] Security subsystem updates for 4.11 (#2)

Two fixes for the security subsystem: 1) Keys: split both rcu_dereference_key() and user_key_payload() into versions which can be called with or without holding the key semaphore. 2) SELinux: fix Android init(8) breakage due to new cgroup security labeling support when using older policy.

[GIT PULL] Security subsystem updates for 4.11

Hi Linus, Highlights: o major AppArmor update: policy namespaces & lots of fixes o add /sys/kernel/security/lsm node for easy detection of loaded LSMs o SELinux cgroupfs labeling support o SELinux context mounts on tmpfs, ramfs, devpts within user namespaces o improved TPM 2.0 support

[GIT PULL] Security subsystem updates for 4.11

Hi Linus, Highlights: o major AppArmor update: policy namespaces & lots of fixes o add /sys/kernel/security/lsm node for easy detection of loaded LSMs o SELinux cgroupfs labeling support o SELinux context mounts on tmpfs, ramfs, devpts within user namespaces o improved TPM 2.0 support

[GIT PULL] Security subsystem updates for 4.10

Generally pretty quiet for this release. Highlights: - Yama: - allow ptrace access for original parent after re-parenting - TPM: - add documentation - many bugfixes & cleanups - define a generic open() method for ascii & bios measurements - Integrity: - Harden against malformed

[GIT PULL] Security subsystem updates for 4.10

Generally pretty quiet for this release. Highlights: - Yama: - allow ptrace access for original parent after re-parenting - TPM: - add documentation - many bugfixes & cleanups - define a generic open() method for ascii & bios measurements - Integrity: - Harden against malformed

[GIT PULL] Security subsystem updates for 4.9

Summary: o SELinux/LSM: overlayfs support, necessary for container filesystems o LSM: finally remove the kernel_module_from_file hook o Smack: treat signal delivery as an 'append' operation o TPM: lots of bugfixes & updates o Audit: new audit data type: LSM_AUDIT_DATA_FILE Please pull. ---

[GIT PULL] Security subsystem updates for 4.9

Summary: o SELinux/LSM: overlayfs support, necessary for container filesystems o LSM: finally remove the kernel_module_from_file hook o Smack: treat signal delivery as an 'append' operation o TPM: lots of bugfixes & updates o Audit: new audit data type: LSM_AUDIT_DATA_FILE Please pull. ---

Re: [GIT PULL] Security subsystem updates for 4.8

On Wed, 27 Jul 2016, David Miller wrote: > From: Linus Torvalds > Date: Wed, 27 Jul 2016 11:50:46 -0700 > > > On Wed, Jul 27, 2016 at 4:04 AM, James Morris wrote: > >> > >> Highlights: > >> > >> - TPM core and driver updates/fixes > >> - IPv6

Re: [GIT PULL] Security subsystem updates for 4.8

On Wed, 27 Jul 2016, David Miller wrote: > From: Linus Torvalds > Date: Wed, 27 Jul 2016 11:50:46 -0700 > > > On Wed, Jul 27, 2016 at 4:04 AM, James Morris wrote: > >> > >> Highlights: > >> > >> - TPM core and driver updates/fixes > >> - IPv6 security labeling (CALIPSO) > >> - Lots of Apparmor

Re: [GIT PULL] Security subsystem updates for 4.8

From: Linus Torvalds Date: Wed, 27 Jul 2016 11:50:46 -0700 > On Wed, Jul 27, 2016 at 4:04 AM, James Morris wrote: >> >> Highlights: >> >> - TPM core and driver updates/fixes >> - IPv6 security labeling (CALIPSO) >> - Lots of Apparmor fixes >> -

Re: [GIT PULL] Security subsystem updates for 4.8

From: Linus Torvalds Date: Wed, 27 Jul 2016 11:50:46 -0700 > On Wed, Jul 27, 2016 at 4:04 AM, James Morris wrote: >> >> Highlights: >> >> - TPM core and driver updates/fixes >> - IPv6 security labeling (CALIPSO) >> - Lots of Apparmor fixes >> - Seccomp: remove 2-phase API, close hole where

Re: [GIT PULL] Security subsystem updates for 4.8

On Wed, Jul 27, 2016 at 4:04 AM, James Morris wrote: > > Highlights: > > - TPM core and driver updates/fixes > - IPv6 security labeling (CALIPSO) > - Lots of Apparmor fixes > - Seccomp: remove 2-phase API, close hole where ptrace can change syscall # Have the networking

Re: [GIT PULL] Security subsystem updates for 4.8

On Wed, Jul 27, 2016 at 4:04 AM, James Morris wrote: > > Highlights: > > - TPM core and driver updates/fixes > - IPv6 security labeling (CALIPSO) > - Lots of Apparmor fixes > - Seccomp: remove 2-phase API, close hole where ptrace can change syscall # Have the networking changes been run by the

[GIT PULL] Security subsystem updates for 4.8

Please pull these changes for 4.8. Highlights: - TPM core and driver updates/fixes - IPv6 security labeling (CALIPSO) - Lots of Apparmor fixes - Seccomp: remove 2-phase API, close hole where ptrace can change syscall # --- The following changes since commit

[GIT PULL] Security subsystem updates for 4.8

Please pull these changes for 4.8. Highlights: - TPM core and driver updates/fixes - IPv6 security labeling (CALIPSO) - Lots of Apparmor fixes - Seccomp: remove 2-phase API, close hole where ptrace can change syscall # --- The following changes since commit

[GIT PULL] Security subsystem updates

Please pull these minor updates for the keys code. The following changes since commit 7639dad93a5564579987abded4ec05e3db13659d: Merge tag 'trace-v4.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace (2016-05-22 19:40:39 -0700) are available in the git repository at:

[GIT PULL] Security subsystem updates

Please pull these minor updates for the keys code. The following changes since commit 7639dad93a5564579987abded4ec05e3db13659d: Merge tag 'trace-v4.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace (2016-05-22 19:40:39 -0700) are available in the git repository at:

[GIT PULL] security subsystem updates for 4.7

Please pull these updates for the 4.7 kernel. Highlights: 1. A new LSM, "LoadPin", from Kees Cook is added, which allows forcing of modules and firmware to be loaded from a specific device (this is from ChromeOS, where the device as a whole is verified cryptographically via

[GIT PULL] security subsystem updates for 4.7

Please pull these updates for the 4.7 kernel. Highlights: 1. A new LSM, "LoadPin", from Kees Cook is added, which allows forcing of modules and firmware to be loaded from a specific device (this is from ChromeOS, where the device as a whole is verified cryptographically via

[GIT PULL] Security subsystem updates for 4.6

Please pull these changes for 4.6. There are a bunch of fixes to the TPM, IMA, and Keys code, with minor fixes scattered across the subsystem. IMA now requires signed policy, and that policy is also now measured and appraised. -- The following changes since commit

[GIT PULL] Security subsystem updates for 4.6

Please pull these changes for 4.6. There are a bunch of fixes to the TPM, IMA, and Keys code, with minor fixes scattered across the subsystem. IMA now requires signed policy, and that policy is also now measured and appraised. -- The following changes since commit