From patchwork Tue Mar  5 22:17:30 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Moore <paul@paul-moore.com>
X-Patchwork-Id: 10840157
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3F24A1575
	for <patchwork-linux-security-module@patchwork.kernel.org>;
 Tue,  5 Mar 2019 22:17:47 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3033C2C4BF
	for <patchwork-linux-security-module@patchwork.kernel.org>;
 Tue,  5 Mar 2019 22:17:47 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2475A2CC1D; Tue,  5 Mar 2019 22:17:47 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C54942C4BF
	for <patchwork-linux-security-module@patchwork.kernel.org>;
 Tue,  5 Mar 2019 22:17:45 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726367AbfCEWRo (ORCPT
        <rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
        Tue, 5 Mar 2019 17:17:44 -0500
Received: from mail-lf1-f66.google.com ([209.85.167.66]:36241 "EHLO
        mail-lf1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728215AbfCEWRn (ORCPT
        <rfc822;linux-security-module@vger.kernel.org>);
        Tue, 5 Mar 2019 17:17:43 -0500
Received: by mail-lf1-f66.google.com with SMTP id x206so7383915lff.3
        for <linux-security-module@vger.kernel.org>;
 Tue, 05 Mar 2019 14:17:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:from:date:message-id:subject:to:cc;
        bh=gycZSpHeEzm9Bb+y6ZInD4EPay3X1lr+WOAbT2jGc3w=;
        b=jnz0IGkDAH3EbUDaoZRjIOIEFDuv5NkUhJiEvdccT9ZFXoGek84jVvPWz62nB56xzt
         u7jWaFQPXkmeXoHX3aJIwIoOl3odyEtLJ7AOWwB/Qe7xgOX/e9csreQ1Ix9r5lgjVlV+
         nELWXUq0Fb/BnX925sGYRn2GzV082ZO5evwAZFpw0pA9m8VusSmeW+TIlClYT3qZUV8/
         2PHujH5ycFO4yAihsmEmumLXVtdtq23UAGVLJXnzt0VRMO6llxqMPiBNT+SW76QFLaZR
         3YaoNBpMTvSN+lGWpW2AHN28OOqBqmS//AM4tYP8YnRRVdpo9/wDjrpO8GdKvmstBJup
         5Zhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc;
        bh=gycZSpHeEzm9Bb+y6ZInD4EPay3X1lr+WOAbT2jGc3w=;
        b=NLP1qVwPgypAGNDScd5w1xjyEnPgzVM2MrRSz16YbOQ+rwS90BE0PN3er3MkOjR6IR
         6lX+gfR74qNEGLvtjbaZhXDAxKGeHhClYcDehoOPMW4TvvDZaAPyvGwJTiu4qvUu7CFF
         meSq0/wQRlgVZVZkpNi2JO5GyT4eS5uwGC5wSlnj4kr04SOjtNAmelxe/8uGCcTYkHwE
         LkH4r/kSS89/nqpTlhXtm4S2FANFFb2vbt5FgmSGUyjd7WmDVfeGxgjF2p3G63A5hsKS
         BNKgAdL8sb9jKGQ3EXckknm9OIP2KikwFSxQZemGt8ntCq/UwMUjOobzDvWOwb9mEh/H
         Z1nQ==
X-Gm-Message-State: APjAAAX6SFLz6p9TuI/habSp5SpgdF9KdLJhcykMKrOrJDvFNvBzYLeT
        EkEdKzQvoB7lNnrJEAqIGzVbT3XLxhVaEU8CEsuR
X-Google-Smtp-Source: 
 APXvYqz+rQBVNGS/1z9Vj6Y6ApudFtOTIYLDjwQEImtklgp7JGieOFj+YbzWRUPkHSuW+sDikWUng7YJe8jq6KrE5Ek=
X-Received: by 2002:ac2:55b2:: with SMTP id y18mr2020169lfg.72.1551824261666;
 Tue, 05 Mar 2019 14:17:41 -0800 (PST)
MIME-Version: 1.0
From: Paul Moore <paul@paul-moore.com>
Date: Tue, 5 Mar 2019 17:17:30 -0500
Message-ID: 
 <CAHC9VhRbDONFkYe5J2KtFSRdKcz5Z3vdJFuiZCi_EQiJHFaNtA@mail.gmail.com>
Subject: [GIT PULL] SELinux patches for v5.1
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Hi Linus,

Nine SELinux patches for v5.1, all bug fixes.  As far as I'm
concerned, nothing really jumps out as risky or special to me, but
each commit has a decent description so you can judge for yourself.
As usual, everything passes the selinux-testsuite; please merge for
v5.1.

Thanks,
-Paul
---
The following changes since commit bfeffd155283772bbe78c6a05dec7c0128ee500c:

 Linux 5.0-rc1 (2019-01-06 17:08:20 -0800)

are available in the Git repository at:

 git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
   tags/selinux-pr-20190305

for you to fetch changes up to 45189a1998e00f6375ebd49d1e18161acddd73de:

 selinux: fix avc audit messages (2019-02-05 12:34:33 -0500)

----------------------------------------------------------------
selinux/stable-5.1 PR 20190305

----------------------------------------------------------------
Ondrej Mosnacek (6):
     selinux: never allow relabeling on context mounts
     selinux: do not override context on context mounts
     selinux: inline some AVC functions used only once
     selinux: replace some BUG_ON()s with a WARN_ON()
     selinux: log invalid contexts in AVCs
     selinux: replace BUG_ONs with WARN_ONs in avc.c

Stephen Smalley (3):
     selinux: avoid silent denials in permissive mode under RCU walk
     selinux: stop passing MAY_NOT_BLOCK to the AVC upon follow_link
     selinux: fix avc audit messages

security/selinux/avc.c              | 199 +++++++++++++++++-------------------
security/selinux/hooks.c            |  58 ++++++++---
security/selinux/include/avc.h      |   6 +-
security/selinux/include/security.h |   3 +
security/selinux/ss/services.c      |  37 ++++++-
5 files changed, 176 insertions(+), 127 deletions(-)