mbox series

[GIT,PULL] apparmor changes for v5.20

Message ID 8009201e-be46-a237-c6b1-e133dbc84137@canonical.com (mailing list archive)
State Handled Elsewhere
Headers show
Series [GIT,PULL] apparmor changes for v5.20 | expand

Pull-request

git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2022-08-08

Message

John Johansen Aug. 9, 2022, 5:53 p.m. UTC
Hi Linus,


This is mostly cleanups and bug fixes with the one bigger change
being Mathew Wilcox's patch to use XArrays instead of the IDR
from the "Linux 5.18-rc4" thread around the locking weirdness.

thanks
- john


The following changes since commit f2906aa863381afb0015a9eb7fefad885d4e5a56:

   Linux 5.19-rc1 (2022-06-05 17:18:54 -0700)

are available in the Git repository at:

   git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2022-08-08

for you to fetch changes up to c269fca7b37a08b7eec6f6b79a0abf1d0a245acb:

   apparmor: Update MAINTAINERS file with new email address (2022-08-06 12:08:39 -0700)

----------------------------------------------------------------
+ Features
   - Convert secid mapping to XArrays instead of IDR
   - Add a kernel label to use on kernel objects
   - Extend policydb permission set by making use of the xbits
   - Make export of raw binary profile to userspace optional
   - Enable tuning of policy paranoid load for embedded systems
   - Don't create raw_sha1 symlink if sha1 hashing is disabled
   - Allow labels to carry debug flags

+ Cleanups
   - Update MAINTAINERS file
   - Use struct_size() helper in kmalloc()
   - Move ptrace mediation to more logical task.{h,c}
   - Resolve uninitialized symbol warnings
   - Remove redundant ret variable
   - Mark alloc_unconfined() as static
   - Update help description of policy hash for introspection
   - Remove some casts which are no-longer required

+ Bug Fixes
   - Fix aa_label_asxprint return check
   - Fix reference count leak in aa_pivotroot()
   - Fix memleak in aa_simple_write_to_buffer()
   - Fix kernel doc comments
   - Fix absroot causing audited secids to begin with =
   - Fix quiet_denied for file rules
   - Fix failed mount permission check error message
   - Disable showing the mode as part of a secid to secctx
   - Fix setting unconfined mode on a loaded profile
   - Fix overlapping attachment computation
   - Fix undefined reference to `zlib_deflate_workspacesize'

----------------------------------------------------------------
David Gow (1):
       apparmor: test: Remove some casts which are no-longer required

Gustavo A. R. Silva (1):
       apparmor: Use struct_size() helper in kmalloc()

John Johansen (17):
       apparmor: fix absroot causing audited secids to begin with =
       apparmor: Update help description of policy hash for introspection
       apparmor: make export of raw binary profile to userspace optional
       apparmor: Enable tuning of policy paranoid load for embedded systems
       apparmor: don't create raw_sha1 symlink if sha1 hashing is disabled
       apparmor: Update MAINTAINERS file with the lastest information
       apparmor: fix quiet_denied for file rules
       apparmor: Fix failed mount permission check error message
       apparmor: Fix undefined reference to `zlib_deflate_workspacesize'
       apparmor: add a kernel label to use on kernel objects
       apparmor: disable showing the mode as part of a secid to secctx
       apparmor: fix setting unconfined mode on a loaded profile
       apparmor: fix overlapping attachment computation
       apparmor: allow label to carry debug flags
       apparmor: extend policydb permission set by making use of the xbits
       apparmor: move ptrace mediation to more logical task.{h,c}
       apparmor: Update MAINTAINERS file with new email address

Lukas Bulwahn (1):
       apparmor: correct config reference to intended one

Matthew Wilcox (1):
       apparmor: Convert secid mapping to XArrays instead of IDR

Mike Salvatore (1):
       apparmor: resolve uninitialized symbol warnings in policy_unpack_test.c

Minghao Chi (1):
       security/apparmor: remove redundant ret variable

Souptick Joarder (HPE) (1):
       apparmor: Mark alloc_unconfined() as static

Tom Rix (1):
       apparmor: fix aa_label_asxprint return check

Xin Xiong (1):
       apparmor: fix reference count leak in aa_pivotroot()

Xiu Jianfeng (1):
       apparmor: Fix memleak in aa_simple_write_to_buffer()

Yang Li (7):
       apparmor: Fix kernel-doc
       lsm: Fix kernel-doc
       apparmor: Fix match_mnt_path_str() and match_mnt() kernel-doc comment
       apparmor: Fix some kernel-doc comments
       apparmor: Fix some kernel-doc comments
       apparmor: Fix some kernel-doc comments
       apparmor: Fix some kernel-doc comments

  MAINTAINERS                               |   8 ++-
  security/apparmor/Kconfig                 |  86 +++++++++++++++-------
  security/apparmor/apparmorfs.c            | 103 +++++++++++++++------------
  security/apparmor/audit.c                 |   2 +-
  security/apparmor/domain.c                |   5 +-
  security/apparmor/include/apparmor.h      |   1 +
  security/apparmor/include/apparmorfs.h    |  14 ++++
  security/apparmor/include/file.h          |   3 +
  security/apparmor/include/ipc.h           |  18 -----
  security/apparmor/include/label.h         |   2 +
  security/apparmor/include/lib.h           |   5 ++
  security/apparmor/include/path.h          |   4 +-
  security/apparmor/include/policy.h        |   6 +-
  security/apparmor/include/policy_ns.h     |   1 +
  security/apparmor/include/policy_unpack.h |   2 +
  security/apparmor/include/secid.h         |   5 +-
  security/apparmor/include/task.h          |  18 +++++
  security/apparmor/ipc.c                   | 110 ----------------------------
  security/apparmor/label.c                 |  29 ++++----
  security/apparmor/lib.c                   |  27 +++++--
  security/apparmor/lsm.c                   |  38 +++++-----
  security/apparmor/mount.c                 |  13 ++--
  security/apparmor/net.c                   |   3 +-
  security/apparmor/policy.c                |  35 +++++----
  security/apparmor/policy_ns.c             |  53 ++++++++++----
  security/apparmor/policy_unpack.c         |  53 +++++++++-----
  security/apparmor/policy_unpack_test.c    |  28 ++++----
  security/apparmor/procattr.c              |   2 +-
  security/apparmor/secid.c                 |  56 ++++++---------
  security/apparmor/task.c                  | 114 ++++++++++++++++++++++++++++++
  30 files changed, 498 insertions(+), 346 deletions(-)

Comments

pr-tracker-bot@kernel.org Aug. 10, 2022, 6:33 p.m. UTC | #1
The pull request you sent on Tue, 9 Aug 2022 10:53:33 -0700:

> git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2022-08-08

has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/00aa9d0bbfec91dcf191dd7899a65ab28b6cc76d

Thank you!