From patchwork Mon May 23 14:13:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 12859122 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0CCBEC433EF for ; Mon, 23 May 2022 14:13:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236929AbiEWONW (ORCPT ); Mon, 23 May 2022 10:13:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35854 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236881AbiEWONU (ORCPT ); Mon, 23 May 2022 10:13:20 -0400 Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2005148318 for ; Mon, 23 May 2022 07:13:16 -0700 (PDT) Received: by mail-wm1-x32b.google.com with SMTP id v191-20020a1cacc8000000b00397001398c0so11385727wme.5 for ; Mon, 23 May 2022 07:13:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=wMd3MAVGTEWvLDECRQj4k5EQPlSx82n3nZY69Crfbkk=; b=p2KwDuenh3ZqtcMrAp2PcV50hZl16VaDpOUHQfDrGTKFZo+sBapEL/vCFhO0fUJI00 2Gl33276R5kI/N/lATZXOvvaFKLG5EtAPp1YqX0WIkTYmo8A2HpkBQNULEQeoCLHjyEi CyGVdO+Spun3Fqzf3KcuqElqI5Phplf0f+nX2gRVrak35ZFX9pVhrhy+nvALMxN/0YcF Qi9hzvZgeoBLkXtP4DBCJehmuMgNVbXVAG4ZF7fKuCg7fnllo/mb/WU9CQ7PMB9qxcUw yVHLHPY8cuagGCiNtk+wjbDfpJN+zW6m0ykAPjS4no+aK+Ni8qQh8ZuHe4QNKBoAvSAr xBlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=wMd3MAVGTEWvLDECRQj4k5EQPlSx82n3nZY69Crfbkk=; b=s6QGkpAkLve0o0gMG4OAy8FzzZ3/eYgqYra54JZGpNtR/W/A7vkuJik0IJeAfgdTrj WXPLwC7oWbzlbkZ40YrXardIyrilxHFRflhmmdnLhYdUN7B2wDLPvL8vYVXnDrOcRpKE 6dYdVz2s4Qx00R0ZeeSQZWDF1GSWqDztgprCxzLcy/PtJbsmMwrPNWFahwRuePxbUsPv aCNYJvCr9NPEwCkfFjtXsOoHyzyw33soVnCCPGdp/oFhE1dcnbnCiCQP+Si/NAGcaKZW qZeJ6kvZPpuOh3hFbCUFwBota8+yWNTTB/NeCGgwwRCXlEjO/FVyGPiOO6wba5Esowj0 NZLQ== X-Gm-Message-State: AOAM531SeFauIEn8aO3Oy3ZkncypFYjdTO3rKSl5Z78dJX2rxJUO37bg eBCL4OQ2TPL7ItRLzCxE2GG2rAjH+69SJB9LAvi/rAxYZbUs X-Google-Smtp-Source: ABdhPJwWjOXbK0Xh4wF+Je/K9mbXv1GGVKfDI7BUiK8RXyiuAS+iMDEoxi0ZDPvFouhLymQvkgFVCtXkHM0ao9xLxGw= X-Received: by 2002:a7b:ce8a:0:b0:397:37c9:254a with SMTP id q10-20020a7bce8a000000b0039737c9254amr15349128wmj.96.1653315194616; Mon, 23 May 2022 07:13:14 -0700 (PDT) MIME-Version: 1.0 From: Paul Moore Date: Mon, 23 May 2022 10:13:04 -0400 Message-ID: Subject: [GIT PULL] SELinux patches for v5.19 To: Linus Torvalds Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: Linus, We've got twelve patches queued for v5.19, with most being fairly minor. The highlights are below: - The checkreqprot and runtime disable knobs have been deprecated for some time with no active users that we can find. In an effort to move things along we are adding a pause when the knobs are used to help make the deprecation more noticeable in case anyone is still using these hacks in the shadows. - We've added the anonymous inode class name to the AVC audit records when anonymous inodes are involved. This should make writing policy easier when anonymous inodes are involved. - More constification work. This is fairly straightforward and the source of most of the diffstat. - The usual minor cleanups: remove unnecessary assignments, assorted style/checkpatch fixes, kdoc fixes, macro while-loop encapsulations, #include tweaks, etc. Please merge for v5.19. -Paul --- The following changes since commit 3123109284176b1532874591f7c81f3837bbdc17: Linux 5.18-rc1 (2022-04-03 14:08:21 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20220523 for you to fetch changes up to 1af0e4a0233fea7e8226cb977d379dc20f9bbe11: security: declare member holding string literal const (2022-05-13 14:51:06 -0400) ---------------------------------------------------------------- selinux/stable-5.19 PR 20220523 ---------------------------------------------------------------- Christian Göttsche (8): selinux: resolve checkpatch errors selinux: update parameter documentation selinux: avoid extra semicolon selinux: include necessary headers in headers selinux: fix indentation level of mls_ops block selinux: declare data arrays const selinux: log anon inode class name security: declare member holding string literal const Michal Orzel (1): selinux: Remove redundant assignments Paul Moore (3): selinux: runtime disable is deprecated, add some ssleep() discomfort selinux: checkreqprot is deprecated, add some ssleep() discomfort selinux: don't sleep when CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE is true include/linux/lsm_audit.h | 2 + include/linux/lsm_hooks.h | 4 +- scripts/selinux/genheaders/genheaders.c | 75 ++++++++++++-------- scripts/selinux/mdp/mdp.c | 4 +- security/lsm_audit.c | 3 + security/security.c | 2 +- security/selinux/avc.c | 6 +- security/selinux/hooks.c | 9 +-- security/selinux/include/audit.h | 5 +- security/selinux/include/avc.h | 1 + security/selinux/include/avc_ss.h | 4 +- security/selinux/include/classmap.h | 2 +- security/selinux/include/ibpkey.h | 2 + security/selinux/include/initial_sid_to_string.h | 3 +- security/selinux/include/netnode.h | 2 + security/selinux/include/netport.h | 2 + security/selinux/include/policycap.h | 2 +- security/selinux/include/policycap_names.h | 2 +- security/selinux/include/security.h | 4 ++ security/selinux/include/xfrm.h | 2 + security/selinux/nlmsgtab.c | 12 ++-- security/selinux/selinuxfs.c | 8 ++- security/selinux/ss/avtab.c | 20 +++---- security/selinux/ss/policydb.c | 36 +++++------- security/selinux/ss/services.c | 47 ++++++++------- 25 files changed, 144 insertions(+), 115 deletions(-)