linux_dsm_epyc7002/security/selinux
Linus Torvalds f8cf2f16a7 Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull integrity updates from James Morris:
 "A mixture of bug fixes, code cleanup, and continues to close
  IMA-measurement, IMA-appraisal, and IMA-audit gaps.

  Also note the addition of a new cred_getsecid LSM hook by Matthew
  Garrett:

     For IMA purposes, we want to be able to obtain the prepared secid
     in the bprm structure before the credentials are committed. Add a
     cred_getsecid hook that makes this possible.

  which is used by a new CREDS_CHECK target in IMA:

     In ima_bprm_check(), check with both the existing process
     credentials and the credentials that will be committed when the new
     process is started. This will not change behaviour unless the
     system policy is extended to include CREDS_CHECK targets -
     BPRM_CHECK will continue to check the same credentials that it did
     previously"

* 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  ima: Fallback to the builtin hash algorithm
  ima: Add smackfs to the default appraise/measure list
  evm: check for remount ro in progress before writing
  ima: Improvements in ima_appraise_measurement()
  ima: Simplify ima_eventsig_init()
  integrity: Remove unused macro IMA_ACTION_RULE_FLAGS
  ima: drop vla in ima_audit_measurement()
  ima: Fix Kconfig to select TPM 2.0 CRB interface
  evm: Constify *integrity_status_msg[]
  evm: Move evm_hmac and evm_hash from evm_main.c to evm_crypto.c
  fuse: define the filesystem as untrusted
  ima: fail signature verification based on policy
  ima: clear IMA_HASH
  ima: re-evaluate files on privileged mounted filesystems
  ima: fail file signature verification on non-init mounted filesystems
  IMA: Support using new creds in appraisal policy
  security: Add a cred_getsecid hook
2018-04-07 16:53:59 -07:00
..
include selinux/stable-4.17 PR 20180403 2018-04-06 15:39:26 -07:00
ss selinux: wrap AVC state 2018-03-20 16:58:17 -04:00
.gitignore SELinux: add .gitignore files for dynamic classes 2009-10-24 09:42:27 +08:00
avc.c selinux: wrap AVC state 2018-03-20 16:58:17 -04:00
exports.c selinux: sparse fix: include selinux.h in exports.c 2011-09-09 16:56:32 -07:00
hooks.c Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2018-04-07 16:53:59 -07:00
ibpkey.c selinux: wrap global selinux state 2018-03-01 18:48:02 -05:00
Kconfig security: introduce CONFIG_SECURITY_WRITABLE_HOOKS 2017-03-06 11:00:12 +11:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
netif.c selinux: wrap global selinux state 2018-03-01 18:48:02 -05:00
netlabel.c selinux: wrap AVC state 2018-03-20 16:58:17 -04:00
netlink.c selinux: replace obsolete NLMSG_* with type safe nlmsg_* 2013-03-28 14:25:49 -04:00
netnode.c selinux: wrap global selinux state 2018-03-01 18:48:02 -05:00
netport.c selinux: wrap global selinux state 2018-03-01 18:48:02 -05:00
nlmsgtab.c rtnetlink: add NEWCACHEREPORT message type 2017-06-21 11:22:52 -04:00
selinuxfs.c selinux: wrap AVC state 2018-03-20 16:58:17 -04:00
xfrm.c selinux: wrap AVC state 2018-03-20 16:58:17 -04:00