diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-03 00:38:48 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-03 00:38:48 -0400 |
commit | 88265322c14cce39f7afbc416726ef4fac413298 (patch) | |
tree | e4956f905ef617971f87788d8f8a09dbb66b70a3 /include/linux/security.h | |
parent | 65b99c74fdd325d1ffa2e5663295888704712604 (diff) | |
parent | bf5308344527d015ac9a6d2bda4ad4d40fd7d943 (diff) |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"Highlights:
- Integrity: add local fs integrity verification to detect offline
attacks
- Integrity: add digital signature verification
- Simple stacking of Yama with other LSMs (per LSS discussions)
- IBM vTPM support on ppc64
- Add new driver for Infineon I2C TIS TPM
- Smack: add rule revocation for subject labels"
Fixed conflicts with the user namespace support in kernel/auditsc.c and
security/integrity/ima/ima_policy.c.
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits)
Documentation: Update git repository URL for Smack userland tools
ima: change flags container data type
Smack: setprocattr memory leak fix
Smack: implement revoking all rules for a subject label
Smack: remove task_wait() hook.
ima: audit log hashes
ima: generic IMA action flag handling
ima: rename ima_must_appraise_or_measure
audit: export audit_log_task_info
tpm: fix tpm_acpi sparse warning on different address spaces
samples/seccomp: fix 31 bit build on s390
ima: digital signature verification support
ima: add support for different security.ima data types
ima: add ima_inode_setxattr/removexattr function and calls
ima: add inode_post_setattr call
ima: replace iint spinblock with rwlock/read_lock
ima: allocating iint improvements
ima: add appraise action keywords and default rules
ima: integrity appraisal extension
vfs: move ima_file_free before releasing the file
...
Diffstat (limited to 'include/linux/security.h')
-rw-r--r-- | include/linux/security.h | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 145accee9236..5b50c4e1a7c2 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -3022,5 +3022,36 @@ static inline void free_secdata(void *secdata) | |||
3022 | { } | 3022 | { } |
3023 | #endif /* CONFIG_SECURITY */ | 3023 | #endif /* CONFIG_SECURITY */ |
3024 | 3024 | ||
3025 | #ifdef CONFIG_SECURITY_YAMA | ||
3026 | extern int yama_ptrace_access_check(struct task_struct *child, | ||
3027 | unsigned int mode); | ||
3028 | extern int yama_ptrace_traceme(struct task_struct *parent); | ||
3029 | extern void yama_task_free(struct task_struct *task); | ||
3030 | extern int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3, | ||
3031 | unsigned long arg4, unsigned long arg5); | ||
3032 | #else | ||
3033 | static inline int yama_ptrace_access_check(struct task_struct *child, | ||
3034 | unsigned int mode) | ||
3035 | { | ||
3036 | return 0; | ||
3037 | } | ||
3038 | |||
3039 | static inline int yama_ptrace_traceme(struct task_struct *parent) | ||
3040 | { | ||
3041 | return 0; | ||
3042 | } | ||
3043 | |||
3044 | static inline void yama_task_free(struct task_struct *task) | ||
3045 | { | ||
3046 | } | ||
3047 | |||
3048 | static inline int yama_task_prctl(int option, unsigned long arg2, | ||
3049 | unsigned long arg3, unsigned long arg4, | ||
3050 | unsigned long arg5) | ||
3051 | { | ||
3052 | return -ENOSYS; | ||
3053 | } | ||
3054 | #endif /* CONFIG_SECURITY_YAMA */ | ||
3055 | |||
3025 | #endif /* ! __LINUX_SECURITY_H */ | 3056 | #endif /* ! __LINUX_SECURITY_H */ |
3026 | 3057 | ||