The pull request you sent on Tue, 11 Aug 2020 04:55:33 +1000 (AEST):
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
> tags/for-v5.9
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/ce13266d97b198934e86166491bfa4938e96508f
Thank you!
--
A couple of minor documentation updates only for this release. Please
pull.
---
The following changes since commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162:
Linux 5.7 (2020-05-31 16:49:15 -0700)
are available in the Git repository at:
On Wed, 31 Jan 2018, Linus Torvalds wrote:
> On Sun, Jan 28, 2018 at 3:41 PM, James Morris wrote:
> >
> > Note that individual trees may also be pulled via:
> >
> > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
> > next-integrity
> >
On Wed, 31 Jan 2018, Linus Torvalds wrote:
> On Sun, Jan 28, 2018 at 3:41 PM, James Morris wrote:
> >
> > Note that individual trees may also be pulled via:
> >
> > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
> > next-integrity
> > next-smack
> >
On Sun, Jan 28, 2018 at 3:41 PM, James Morris wrote:
>
> Note that individual trees may also be pulled via:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
> next-integrity
> next-smack
> next-tpm
So I did that, because it
On Sun, Jan 28, 2018 at 3:41 PM, James Morris wrote:
>
> Note that individual trees may also be pulled via:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
> next-integrity
> next-smack
> next-tpm
So I did that, because it makes it easier and
Please pull these updates for the security subsystem.
Summary:
- Integrity (from Mimi Zohar)
"This pull request contains a mixture of bug fixes, code cleanup, and
new functionality. Of note is the integrity cache locking fix, file
change detection, and support for a new EVM portable and
Please pull these updates for the security subsystem.
Summary:
- Integrity (from Mimi Zohar)
"This pull request contains a mixture of bug fixes, code cleanup, and
new functionality. Of note is the integrity cache locking fix, file
change detection, and support for a new EVM portable and
On Sat, 2017-09-09 at 05:57 +1000, James Morris wrote:
> On Fri, 8 Sep 2017, Linus Torvalds wrote:
>
> > Now the whole security pull will be ignored because of this thing. I
> > refuse to pull garbage where I notice major fundamental problems in
> > code that has obviously never ever been tested.
On Sat, 2017-09-09 at 05:57 +1000, James Morris wrote:
> On Fri, 8 Sep 2017, Linus Torvalds wrote:
>
> > Now the whole security pull will be ignored because of this thing. I
> > refuse to pull garbage where I notice major fundamental problems in
> > code that has obviously never ever been tested.
On Thu, Sep 14, 2017 at 2:13 PM, James Morris wrote:
> On Thu, 14 Sep 2017, Kees Cook wrote:
>
>> How separable are the patches, normally?
>
> They're usually mostly separate, but may depend on some core LSM change,
> or similar.
>
> Casey has mentioned off-list that it is
On Thu, Sep 14, 2017 at 2:13 PM, James Morris wrote:
> On Thu, 14 Sep 2017, Kees Cook wrote:
>
>> How separable are the patches, normally?
>
> They're usually mostly separate, but may depend on some core LSM change,
> or similar.
>
> Casey has mentioned off-list that it is useful to have a
On Thu, 14 Sep 2017, Kees Cook wrote:
> How separable are the patches, normally?
They're usually mostly separate, but may depend on some core LSM change,
or similar.
Casey has mentioned off-list that it is useful to have a coherent up to
date security branch to work against when making core
On Thu, 14 Sep 2017, Kees Cook wrote:
> How separable are the patches, normally?
They're usually mostly separate, but may depend on some core LSM change,
or similar.
Casey has mentioned off-list that it is useful to have a coherent up to
date security branch to work against when making core
On Sat, Sep 9, 2017 at 9:32 PM, James Morris wrote:
> On Fri, 8 Sep 2017, Paul Moore wrote:
>
>> > This is also why I tend to prefer getting multiple branches for
>> > independent things.
>
> [...]
>
>>
>> Is it time to start sending pull request for each LSM and thing under
>>
On Sat, Sep 9, 2017 at 9:32 PM, James Morris wrote:
> On Fri, 8 Sep 2017, Paul Moore wrote:
>
>> > This is also why I tend to prefer getting multiple branches for
>> > independent things.
>
> [...]
>
>>
>> Is it time to start sending pull request for each LSM and thing under
>> security/
On Sun, Sep 10, 2017 at 12:32 AM, James Morris wrote:
> On Fri, 8 Sep 2017, Paul Moore wrote:
>
>> > This is also why I tend to prefer getting multiple branches for
>> > independent things.
>
> [...]
>
>>
>> Is it time to start sending pull request for each LSM and thing under
On Sun, Sep 10, 2017 at 12:32 AM, James Morris wrote:
> On Fri, 8 Sep 2017, Paul Moore wrote:
>
>> > This is also why I tend to prefer getting multiple branches for
>> > independent things.
>
> [...]
>
>>
>> Is it time to start sending pull request for each LSM and thing under
>> security/
On Sun, 2017-09-10 at 23:38 -0700, Christoph Hellwig wrote:
> On Sun, Sep 10, 2017 at 10:02:42AM -0400, Mimi Zohar wrote:
> > We need to differentiate between policies and x509 certificates. In
> > the policy case, they need to be signed and appraised, while in the
> > x509 certificate case, the
On Sun, 2017-09-10 at 23:38 -0700, Christoph Hellwig wrote:
> On Sun, Sep 10, 2017 at 10:02:42AM -0400, Mimi Zohar wrote:
> > We need to differentiate between policies and x509 certificates. In
> > the policy case, they need to be signed and appraised, while in the
> > x509 certificate case, the
On Sun, Sep 10, 2017 at 10:02:42AM -0400, Mimi Zohar wrote:
> We need to differentiate between policies and x509 certificates. In
> the policy case, they need to be signed and appraised, while in the
> x509 certificate case, the certificate itself is signed so the file
> doesn't need to be signed
On Sun, Sep 10, 2017 at 10:02:42AM -0400, Mimi Zohar wrote:
> We need to differentiate between policies and x509 certificates. In
> the policy case, they need to be signed and appraised, while in the
> x509 certificate case, the certificate itself is signed so the file
> doesn't need to be signed
On Sun, 2017-09-10 at 01:10 -0700, Christoph Hellwig wrote:
> On Fri, Sep 08, 2017 at 10:25:53AM -0700, Linus Torvalds wrote:
> > I don't think anybody actually tests linux-next kernels in any big
> > way, and the automated tests that do get run probably don't run with
> > any integrity checking
On Sun, 2017-09-10 at 01:10 -0700, Christoph Hellwig wrote:
> On Fri, Sep 08, 2017 at 10:25:53AM -0700, Linus Torvalds wrote:
> > I don't think anybody actually tests linux-next kernels in any big
> > way, and the automated tests that do get run probably don't run with
> > any integrity checking
On Sun, Sep 10, 2017 at 03:13:23AM -0400, Mimi Zohar wrote:
>
> From a file integrity perspective this would be interesting, but that
> only addresses IMA-appraisal, not IMA-integrity or IMA-audit. We
> would still need to calculate the file hash to be included in the
> measurement list and used
On Sun, Sep 10, 2017 at 03:13:23AM -0400, Mimi Zohar wrote:
>
> From a file integrity perspective this would be interesting, but that
> only addresses IMA-appraisal, not IMA-integrity or IMA-audit. We
> would still need to calculate the file hash to be included in the
> measurement list and used
On Fri, Sep 08, 2017 at 10:25:53AM -0700, Linus Torvalds wrote:
> I don't think anybody actually tests linux-next kernels in any big
> way, and the automated tests that do get run probably don't run with
> any integrity checking enabled.
Well, for the atual IMA deadlock issue I asked Mimi to
On Fri, Sep 08, 2017 at 10:25:53AM -0700, Linus Torvalds wrote:
> I don't think anybody actually tests linux-next kernels in any big
> way, and the automated tests that do get run probably don't run with
> any integrity checking enabled.
Well, for the atual IMA deadlock issue I asked Mimi to
On Fri, 2017-09-08 at 18:38 -0400, Theodore Ts'o wrote:
> On Fri, Sep 08, 2017 at 02:48:51PM +1000, James Morris wrote:
> >
> > Mimi and Christoph worked together on this over several iterations -- I'll
> > let them respond.
>
> Mimi --- we should chat next week in LA. I've been working on a
>
On Fri, 2017-09-08 at 18:38 -0400, Theodore Ts'o wrote:
> On Fri, Sep 08, 2017 at 02:48:51PM +1000, James Morris wrote:
> >
> > Mimi and Christoph worked together on this over several iterations -- I'll
> > let them respond.
>
> Mimi --- we should chat next week in LA. I've been working on a
>
On Thu, 2017-09-07 at 11:19 -0700, Linus Torvalds wrote:
> On Mon, Sep 4, 2017 at 3:29 AM, James Morris wrote:
> >
> > IMA:
> > - A new integrity_read file operation method, avoids races when
> > calculating file hashes
>
> Honestly, this seems really odd.
>
> It
On Thu, 2017-09-07 at 11:19 -0700, Linus Torvalds wrote:
> On Mon, Sep 4, 2017 at 3:29 AM, James Morris wrote:
> >
> > IMA:
> > - A new integrity_read file operation method, avoids races when
> > calculating file hashes
>
> Honestly, this seems really odd.
>
> It documents that it needs
On Sun, 10 Sep 2017, James Morris wrote:
> next-apparmor-next (JJ's next branch)
> next-integrity-next (Mimi's)
> next-tpm-next(Jarkko's)
without '-next' on the end... (editing while jetlagged).
--
James Morris
On Sun, 10 Sep 2017, James Morris wrote:
> next-apparmor-next (JJ's next branch)
> next-integrity-next (Mimi's)
> next-tpm-next(Jarkko's)
without '-next' on the end... (editing while jetlagged).
--
James Morris
On Fri, 8 Sep 2017, Paul Moore wrote:
> > This is also why I tend to prefer getting multiple branches for
> > independent things.
[...]
>
> Is it time to start sending pull request for each LSM and thing under
> security/ directly? I'm not sure I have a strong preference either
> way, I just
On Fri, 8 Sep 2017, Paul Moore wrote:
> > This is also why I tend to prefer getting multiple branches for
> > independent things.
[...]
>
> Is it time to start sending pull request for each LSM and thing under
> security/ directly? I'm not sure I have a strong preference either
> way, I just
On Fri, 8 Sep 2017, Theodore Ts'o wrote:
> On Fri, Sep 08, 2017 at 02:48:51PM +1000, James Morris wrote:
> >
> > Mimi and Christoph worked together on this over several iterations -- I'll
> > let them respond.
>
> Mimi --- we should chat next week in LA. I've been working on a
> design
On Fri, 8 Sep 2017, Theodore Ts'o wrote:
> On Fri, Sep 08, 2017 at 02:48:51PM +1000, James Morris wrote:
> >
> > Mimi and Christoph worked together on this over several iterations -- I'll
> > let them respond.
>
> Mimi --- we should chat next week in LA. I've been working on a
> design
On Fri, Sep 08, 2017 at 02:48:51PM +1000, James Morris wrote:
>
> Mimi and Christoph worked together on this over several iterations -- I'll
> let them respond.
Mimi --- we should chat next week in LA. I've been working on a
design internally at work which proposes a generic VFS-layer library
On Fri, Sep 08, 2017 at 02:48:51PM +1000, James Morris wrote:
>
> Mimi and Christoph worked together on this over several iterations -- I'll
> let them respond.
Mimi --- we should chat next week in LA. I've been working on a
design internally at work which proposes a generic VFS-layer library
On Fri, 8 Sep 2017, Linus Torvalds wrote:
> Now the whole security pull will be ignored because of this thing. I
> refuse to pull garbage where I notice major fundamental problems in
> code that has obviously never ever been tested.
If I revert the change from my my tree, will you pull it then?
On Fri, 8 Sep 2017, Linus Torvalds wrote:
> Now the whole security pull will be ignored because of this thing. I
> refuse to pull garbage where I notice major fundamental problems in
> code that has obviously never ever been tested.
If I revert the change from my my tree, will you pull it then?
On Fri, Sep 8, 2017 at 1:25 PM, Linus Torvalds
wrote:
> On Fri, Sep 8, 2017 at 12:09 AM, Christoph Hellwig wrote:
>>
>> But yes, for the init-time integrity_read_file this is incorrect.
>> It never tripped up, and I explicitly added the lockdep
On Fri, Sep 8, 2017 at 1:25 PM, Linus Torvalds
wrote:
> On Fri, Sep 8, 2017 at 12:09 AM, Christoph Hellwig wrote:
>>
>> But yes, for the init-time integrity_read_file this is incorrect.
>> It never tripped up, and I explicitly added the lockdep annotations
>> so that anything would show up, and
On Fri, Sep 8, 2017 at 12:09 AM, Christoph Hellwig wrote:
>
> But yes, for the init-time integrity_read_file this is incorrect.
> It never tripped up, and I explicitly added the lockdep annotations
> so that anything would show up, and it's been half a year since
> I sent that
On Fri, Sep 8, 2017 at 12:09 AM, Christoph Hellwig wrote:
>
> But yes, for the init-time integrity_read_file this is incorrect.
> It never tripped up, and I explicitly added the lockdep annotations
> so that anything would show up, and it's been half a year since
> I sent that first RFC patch..
The reason why I send out the original version of this patch
is because IMA used to call ->read under i_rwsem, and that deadlocked
on XFS and NFS, or ext3/4 with DAX. The call path for that is
process_measurement (takes i_rwsem)
-> ima_collect_measurement
-> ima_calc_file_hash
->
The reason why I send out the original version of this patch
is because IMA used to call ->read under i_rwsem, and that deadlocked
on XFS and NFS, or ext3/4 with DAX. The call path for that is
process_measurement (takes i_rwsem)
-> ima_collect_measurement
-> ima_calc_file_hash
->
On Thu, 7 Sep 2017, Linus Torvalds wrote:
> On Mon, Sep 4, 2017 at 3:29 AM, James Morris wrote:
> >
> > IMA:
> > - A new integrity_read file operation method, avoids races when
> > calculating file hashes
>
> Honestly, this seems really odd.
>
> It documents that it
On Thu, 7 Sep 2017, Linus Torvalds wrote:
> On Mon, Sep 4, 2017 at 3:29 AM, James Morris wrote:
> >
> > IMA:
> > - A new integrity_read file operation method, avoids races when
> > calculating file hashes
>
> Honestly, this seems really odd.
>
> It documents that it needs to be called
On Mon, Sep 4, 2017 at 3:29 AM, James Morris wrote:
>
> IMA:
> - A new integrity_read file operation method, avoids races when
> calculating file hashes
Honestly, this seems really odd.
It documents that it needs to be called with i_rwsem held exclusively,
and even has
On Mon, Sep 4, 2017 at 3:29 AM, James Morris wrote:
>
> IMA:
> - A new integrity_read file operation method, avoids races when
> calculating file hashes
Honestly, this seems really odd.
It documents that it needs to be called with i_rwsem held exclusively,
and even has a lockdep assert to
Hi Linus,
Here are the security subsystem updates for 4.14. Highlights:
AppArmor:
- Add mediation of mountpoints and signals
- Add support for absolute root view based labels
- add base infastructure for socket mediation
LSM:
- Remove unused security_task_create() hook
TPM:
- Some
Hi Linus,
Here are the security subsystem updates for 4.14. Highlights:
AppArmor:
- Add mediation of mountpoints and signals
- Add support for absolute root view based labels
- add base infastructure for socket mediation
LSM:
- Remove unused security_task_create() hook
TPM:
- Some
Hi Linus,
Please pull these patches for the keys subsystem, which includes a minor
fix and documentation updates.
---
The following changes since commit b86faee6d111294fa95a2e89b5f771b2da3c9782:
Merge tag 'nfs-for-4.13-1' of git://git.linux-nfs.org/projects/anna/linux-nfs
(2017-07-13
Hi Linus,
Please pull these patches for the keys subsystem, which includes a minor
fix and documentation updates.
---
The following changes since commit b86faee6d111294fa95a2e89b5f771b2da3c9782:
Merge tag 'nfs-for-4.13-1' of git://git.linux-nfs.org/projects/anna/linux-nfs
(2017-07-13
Hi Linus,
- This update includes a major update for AppArmor. From JJ:
" * several bug fixes and cleanups
* the patch to add symlink support to securityfs that was floated on
the list earlier and the apparmorfs changes that make use of
securityfs symlinks
* it introduces the domain
Hi Linus,
- This update includes a major update for AppArmor. From JJ:
" * several bug fixes and cleanups
* the patch to add symlink support to securityfs that was floated on
the list earlier and the apparmorfs changes that make use of
securityfs symlinks
* it introduces the domain
Hi Linus,
Here are the security subsystem updates for v4.12.
Highlights:
- IMA: provide ">" and "<" operators for fowner/uid/euid rules
- KEYS: add a system blacklist keyring
- KEYS: add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction
functionality to userland via
Hi Linus,
Here are the security subsystem updates for v4.12.
Highlights:
- IMA: provide ">" and "<" operators for fowner/uid/euid rules
- KEYS: add a system blacklist keyring
- KEYS: add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction
functionality to userland via
Two fixes for the security subsystem:
1) Keys: split both rcu_dereference_key() and user_key_payload() into
versions which can be called with or without holding the key semaphore.
2) SELinux: fix Android init(8) breakage due to new cgroup security
labeling support when using older policy.
Two fixes for the security subsystem:
1) Keys: split both rcu_dereference_key() and user_key_payload() into
versions which can be called with or without holding the key semaphore.
2) SELinux: fix Android init(8) breakage due to new cgroup security
labeling support when using older policy.
Hi Linus,
Highlights:
o major AppArmor update: policy namespaces & lots of fixes
o add /sys/kernel/security/lsm node for easy detection of loaded LSMs
o SELinux cgroupfs labeling support
o SELinux context mounts on tmpfs, ramfs, devpts within user namespaces
o improved TPM 2.0 support
Hi Linus,
Highlights:
o major AppArmor update: policy namespaces & lots of fixes
o add /sys/kernel/security/lsm node for easy detection of loaded LSMs
o SELinux cgroupfs labeling support
o SELinux context mounts on tmpfs, ramfs, devpts within user namespaces
o improved TPM 2.0 support
Generally pretty quiet for this release.
Highlights:
- Yama:
- allow ptrace access for original parent after re-parenting
- TPM:
- add documentation
- many bugfixes & cleanups
- define a generic open() method for ascii & bios measurements
- Integrity:
- Harden against malformed
Generally pretty quiet for this release.
Highlights:
- Yama:
- allow ptrace access for original parent after re-parenting
- TPM:
- add documentation
- many bugfixes & cleanups
- define a generic open() method for ascii & bios measurements
- Integrity:
- Harden against malformed
Summary:
o SELinux/LSM: overlayfs support, necessary for container filesystems
o LSM: finally remove the kernel_module_from_file hook
o Smack: treat signal delivery as an 'append' operation
o TPM: lots of bugfixes & updates
o Audit: new audit data type: LSM_AUDIT_DATA_FILE
Please pull.
---
Summary:
o SELinux/LSM: overlayfs support, necessary for container filesystems
o LSM: finally remove the kernel_module_from_file hook
o Smack: treat signal delivery as an 'append' operation
o TPM: lots of bugfixes & updates
o Audit: new audit data type: LSM_AUDIT_DATA_FILE
Please pull.
---
On Wed, 27 Jul 2016, David Miller wrote:
> From: Linus Torvalds
> Date: Wed, 27 Jul 2016 11:50:46 -0700
>
> > On Wed, Jul 27, 2016 at 4:04 AM, James Morris wrote:
> >>
> >> Highlights:
> >>
> >> - TPM core and driver updates/fixes
> >> - IPv6
On Wed, 27 Jul 2016, David Miller wrote:
> From: Linus Torvalds
> Date: Wed, 27 Jul 2016 11:50:46 -0700
>
> > On Wed, Jul 27, 2016 at 4:04 AM, James Morris wrote:
> >>
> >> Highlights:
> >>
> >> - TPM core and driver updates/fixes
> >> - IPv6 security labeling (CALIPSO)
> >> - Lots of Apparmor
From: Linus Torvalds
Date: Wed, 27 Jul 2016 11:50:46 -0700
> On Wed, Jul 27, 2016 at 4:04 AM, James Morris wrote:
>>
>> Highlights:
>>
>> - TPM core and driver updates/fixes
>> - IPv6 security labeling (CALIPSO)
>> - Lots of Apparmor fixes
>> -
From: Linus Torvalds
Date: Wed, 27 Jul 2016 11:50:46 -0700
> On Wed, Jul 27, 2016 at 4:04 AM, James Morris wrote:
>>
>> Highlights:
>>
>> - TPM core and driver updates/fixes
>> - IPv6 security labeling (CALIPSO)
>> - Lots of Apparmor fixes
>> - Seccomp: remove 2-phase API, close hole where
On Wed, Jul 27, 2016 at 4:04 AM, James Morris wrote:
>
> Highlights:
>
> - TPM core and driver updates/fixes
> - IPv6 security labeling (CALIPSO)
> - Lots of Apparmor fixes
> - Seccomp: remove 2-phase API, close hole where ptrace can change syscall #
Have the networking
On Wed, Jul 27, 2016 at 4:04 AM, James Morris wrote:
>
> Highlights:
>
> - TPM core and driver updates/fixes
> - IPv6 security labeling (CALIPSO)
> - Lots of Apparmor fixes
> - Seccomp: remove 2-phase API, close hole where ptrace can change syscall #
Have the networking changes been run by the
Please pull these changes for 4.8.
Highlights:
- TPM core and driver updates/fixes
- IPv6 security labeling (CALIPSO)
- Lots of Apparmor fixes
- Seccomp: remove 2-phase API, close hole where ptrace can change syscall #
---
The following changes since commit
Please pull these changes for 4.8.
Highlights:
- TPM core and driver updates/fixes
- IPv6 security labeling (CALIPSO)
- Lots of Apparmor fixes
- Seccomp: remove 2-phase API, close hole where ptrace can change syscall #
---
The following changes since commit
Please pull these minor updates for the keys code.
The following changes since commit 7639dad93a5564579987abded4ec05e3db13659d:
Merge tag 'trace-v4.7-2' of
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace (2016-05-22
19:40:39 -0700)
are available in the git repository at:
Please pull these minor updates for the keys code.
The following changes since commit 7639dad93a5564579987abded4ec05e3db13659d:
Merge tag 'trace-v4.7-2' of
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace (2016-05-22
19:40:39 -0700)
are available in the git repository at:
Please pull these updates for the 4.7 kernel.
Highlights:
1. A new LSM, "LoadPin", from Kees Cook is added, which allows forcing of
modules and firmware to be loaded from a specific device (this is from
ChromeOS, where the device as a whole is verified cryptographically via
Please pull these updates for the 4.7 kernel.
Highlights:
1. A new LSM, "LoadPin", from Kees Cook is added, which allows forcing of
modules and firmware to be loaded from a specific device (this is from
ChromeOS, where the device as a whole is verified cryptographically via
Please pull these changes for 4.6.
There are a bunch of fixes to the TPM, IMA, and Keys code, with minor
fixes scattered across the subsystem. IMA now requires signed policy, and
that policy is also now measured and appraised.
--
The following changes since commit
Please pull these changes for 4.6.
There are a bunch of fixes to the TPM, IMA, and Keys code, with minor
fixes scattered across the subsystem. IMA now requires signed policy, and
that policy is also now measured and appraised.
--
The following changes since commit
82 matches
Mail list logo