Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (90 commits)
  AppArmor: fix build warnings for non-const use of get_task_cred
  selinux: convert the policy type_attr_map to flex_array
  AppArmor: Enable configuring and building of the AppArmor security module
  TOMOYO: Use pathname specified by policy rather than execve()
  AppArmor: update path_truncate method to latest version
  AppArmor: core policy routines
  AppArmor: policy routines for loading and unpacking policy
  AppArmor: mediation of non file objects
  AppArmor: LSM interface, and security module initialization
  AppArmor: Enable configuring and building of the AppArmor security module
  AppArmor: update Maintainer and Documentation
  AppArmor: functions for domain transitions
  AppArmor: file enforcement routines
  AppArmor: userspace interfaces
  AppArmor: dfa match engine
  AppArmor: contexts used in attaching policy to system objects
  AppArmor: basic auditing infrastructure.
  AppArmor: misc. base functions and defines
  TOMOYO: Update version to 2.3.0
  TOMOYO: Fix quota check.
  ...

3 files changed, 52 insertions, 5 deletions

diff --git a/Documentation/apparmor.txt b/Documentation/apparmor.txt
new file mode 100644
index 000000000000..93c1fd7d0635
--- /dev/null
+++ b/Documentation/apparmor.txt
@@ -0,0 +1,39 @@
+--- What is AppArmor? ---
+
+AppArmor is MAC style security extension for the Linux kernel.  It implements
+a task centered policy, with task "profiles" being created and loaded
+from user space.  Tasks on the system that do not have a profile defined for
+them run in an unconfined state which is equivalent to standard Linux DAC
+permissions.
+
+--- How to enable/disable ---
+
+set CONFIG_SECURITY_APPARMOR=y
+
+If AppArmor should be selected as the default security module then
+   set CONFIG_DEFAULT_SECURITY="apparmor"
+   and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+
+Build the kernel
+
+If AppArmor is not the default security module it can be enabled by passing
+security=apparmor on the kernel's command line.
+
+If AppArmor is the default security module it can be disabled by passing
+apparmor=0, security=XXXX (where XXX is valid security module), on the
+kernel's command line
+
+For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
+policy must be loaded into the kernel from user space (see the Documentation
+and tools links).
+
+--- Documentation ---
+
+Documentation can be found on the wiki.
+
+--- Links ---
+
+Mailing List - apparmor@lists.ubuntu.com
+Wiki - http://apparmor.wiki.kernel.org/
+User space tools - https://launchpad.net/apparmor
+Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 2b2407d9a6d0..b61f89fa01c1 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -93,6 +93,7 @@ parameter is applicable:
                         Documentation/scsi/.
         SECURITY Different security models are enabled.
         SELINUX SELinux support is enabled.
+        APPARMOR AppArmor support is enabled.
         SERIAL  Serial support is enabled.
         SH      SuperH architecture is enabled.
         SMP     The kernel is an SMP kernel.
@@ -2312,6 +2313,13 @@ and is between 256 and 4096 characters. It is defined in the file
                         If enabled at boot time, /selinux/disable can be used
                         later to disable prior to initial policy load.
 
+        apparmor=       [APPARMOR] Disable or enable AppArmor at boot time
+                        Format: { "0" | "1" }
+                        See security/apparmor/Kconfig help text
+                        0 -- disable.
+                        1 -- enable.
+                        Default value is set via kernel config option.
+
         serialnumber    [BUGS=X86-32]
 
         shapers=        [NET]
diff --git a/Documentation/tomoyo.txt b/Documentation/tomoyo.txt
index b3a232cae7f8..200a2d37cbc8 100644
--- a/Documentation/tomoyo.txt
+++ b/Documentation/tomoyo.txt
@@ -3,8 +3,8 @@
 TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel.
 
 LiveCD-based tutorials are available at
-http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/ubuntu8.04-live/
-http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/centos5-live/ .
+http://tomoyo.sourceforge.jp/1.7/1st-step/ubuntu10.04-live/
+http://tomoyo.sourceforge.jp/1.7/1st-step/centos5-live/ .
 Though these tutorials use non-LSM version of TOMOYO, they are useful for you
 to know what TOMOYO is.
 
@@ -13,12 +13,12 @@ to know what TOMOYO is.
 Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on
 kernel's command line.
 
-Please see http://tomoyo.sourceforge.jp/en/2.2.x/ for details.
+Please see http://tomoyo.sourceforge.jp/2.3/ for details.
 
 --- Where is documentation? ---
 
 User <-> Kernel interface documentation is available at
-http://tomoyo.sourceforge.jp/en/2.2.x/policy-reference.html .
+http://tomoyo.sourceforge.jp/2.3/policy-reference.html .
 
 Materials we prepared for seminars and symposiums are available at
 http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 .
@@ -50,6 +50,6 @@ multiple LSM modules at the same time. We feel sorry that you have to give up
 SELinux/SMACK/AppArmor etc. when you want to use TOMOYO.
 
 We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM
-version of TOMOYO, available at http://tomoyo.sourceforge.jp/en/1.6.x/ .
+version of TOMOYO, available at http://tomoyo.sourceforge.jp/1.7/ .
 LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning
 to port non-LSM version's functionalities to LSM versions.