diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-03-21 16:25:04 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-03-21 16:25:04 -0400 |
commit | 3556485f1595e3964ba539e39ea682acbb835cee (patch) | |
tree | 7f5ee254f425b1427ac0059b5f347a307f8538a1 /kernel | |
parent | b8716614a7cc2fc15ea2a518edd04755fb08d922 (diff) | |
parent | 09f61cdbb32a9d812c618d3922db533542736bb0 (diff) |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates for 3.4 from James Morris:
"The main addition here is the new Yama security module from Kees Cook,
which was discussed at the Linux Security Summit last year. Its
purpose is to collect miscellaneous DAC security enhancements in one
place. This also marks a departure in policy for LSM modules, which
were previously limited to being standalone access control systems.
Chromium OS is using Yama, and I believe there are plans for Ubuntu,
at least.
This patchset also includes maintenance updates for AppArmor, TOMOYO
and others."
Fix trivial conflict in <net/sock.h> due to the jumo_label->static_key
rename.
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits)
AppArmor: Fix location of const qualifier on generated string tables
TOMOYO: Return error if fails to delete a domain
AppArmor: add const qualifiers to string arrays
AppArmor: Add ability to load extended policy
TOMOYO: Return appropriate value to poll().
AppArmor: Move path failure information into aa_get_name and rename
AppArmor: Update dfa matching routines.
AppArmor: Minor cleanup of d_namespace_path to consolidate error handling
AppArmor: Retrieve the dentry_path for error reporting when path lookup fails
AppArmor: Add const qualifiers to generated string tables
AppArmor: Fix oops in policy unpack auditing
AppArmor: Fix error returned when a path lookup is disconnected
KEYS: testing wrong bit for KEY_FLAG_REVOKED
TOMOYO: Fix mount flags checking order.
security: fix ima kconfig warning
AppArmor: Fix the error case for chroot relative path name lookup
AppArmor: fix mapping of META_READ to audit and quiet flags
AppArmor: Fix underflow in xindex calculation
AppArmor: Fix dropping of allowed operations that are force audited
AppArmor: Add mising end of structure test to caps unpacking
...
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/cred.c | 1 | ||||
-rw-r--r-- | kernel/exit.c | 1 | ||||
-rw-r--r-- | kernel/fork.c | 3 | ||||
-rw-r--r-- | kernel/sched/core.c | 1 | ||||
-rw-r--r-- | kernel/sysctl.c | 1 |
5 files changed, 6 insertions, 1 deletions
diff --git a/kernel/cred.c b/kernel/cred.c index 5791612a4045..97b36eeca4c9 100644 --- a/kernel/cred.c +++ b/kernel/cred.c | |||
@@ -16,6 +16,7 @@ | |||
16 | #include <linux/keyctl.h> | 16 | #include <linux/keyctl.h> |
17 | #include <linux/init_task.h> | 17 | #include <linux/init_task.h> |
18 | #include <linux/security.h> | 18 | #include <linux/security.h> |
19 | #include <linux/binfmts.h> | ||
19 | #include <linux/cn_proc.h> | 20 | #include <linux/cn_proc.h> |
20 | 21 | ||
21 | #if 0 | 22 | #if 0 |
diff --git a/kernel/exit.c b/kernel/exit.c index 0ed15fed579f..7ad335c3045a 100644 --- a/kernel/exit.c +++ b/kernel/exit.c | |||
@@ -52,6 +52,7 @@ | |||
52 | #include <linux/hw_breakpoint.h> | 52 | #include <linux/hw_breakpoint.h> |
53 | #include <linux/oom.h> | 53 | #include <linux/oom.h> |
54 | #include <linux/writeback.h> | 54 | #include <linux/writeback.h> |
55 | #include <linux/shm.h> | ||
55 | 56 | ||
56 | #include <asm/uaccess.h> | 57 | #include <asm/uaccess.h> |
57 | #include <asm/unistd.h> | 58 | #include <asm/unistd.h> |
diff --git a/kernel/fork.c b/kernel/fork.c index c4f38a849436..26a7138bb849 100644 --- a/kernel/fork.c +++ b/kernel/fork.c | |||
@@ -193,6 +193,7 @@ void __put_task_struct(struct task_struct *tsk) | |||
193 | WARN_ON(atomic_read(&tsk->usage)); | 193 | WARN_ON(atomic_read(&tsk->usage)); |
194 | WARN_ON(tsk == current); | 194 | WARN_ON(tsk == current); |
195 | 195 | ||
196 | security_task_free(tsk); | ||
196 | exit_creds(tsk); | 197 | exit_creds(tsk); |
197 | delayacct_tsk_free(tsk); | 198 | delayacct_tsk_free(tsk); |
198 | put_signal_struct(tsk->signal); | 199 | put_signal_struct(tsk->signal); |
@@ -355,7 +356,7 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) | |||
355 | charge = 0; | 356 | charge = 0; |
356 | if (mpnt->vm_flags & VM_ACCOUNT) { | 357 | if (mpnt->vm_flags & VM_ACCOUNT) { |
357 | unsigned int len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; | 358 | unsigned int len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; |
358 | if (security_vm_enough_memory(len)) | 359 | if (security_vm_enough_memory_mm(oldmm, len)) /* sic */ |
359 | goto fail_nomem; | 360 | goto fail_nomem; |
360 | charge = len; | 361 | charge = len; |
361 | } | 362 | } |
diff --git a/kernel/sched/core.c b/kernel/sched/core.c index a35cb8dbd8c4..503d6426126d 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c | |||
@@ -71,6 +71,7 @@ | |||
71 | #include <linux/ftrace.h> | 71 | #include <linux/ftrace.h> |
72 | #include <linux/slab.h> | 72 | #include <linux/slab.h> |
73 | #include <linux/init_task.h> | 73 | #include <linux/init_task.h> |
74 | #include <linux/binfmts.h> | ||
74 | 75 | ||
75 | #include <asm/tlb.h> | 76 | #include <asm/tlb.h> |
76 | #include <asm/irq_regs.h> | 77 | #include <asm/irq_regs.h> |
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index f487f257e05e..11d53046b905 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
@@ -58,6 +58,7 @@ | |||
58 | #include <linux/oom.h> | 58 | #include <linux/oom.h> |
59 | #include <linux/kmod.h> | 59 | #include <linux/kmod.h> |
60 | #include <linux/capability.h> | 60 | #include <linux/capability.h> |
61 | #include <linux/binfmts.h> | ||
61 | 62 | ||
62 | #include <asm/uaccess.h> | 63 | #include <asm/uaccess.h> |
63 | #include <asm/processor.h> | 64 | #include <asm/processor.h> |