Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:
 "Apart from reordering the SELinux mmap code to ensure DAC is called
  before MAC, these are minor maintenance updates"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (23 commits)
  selinux: correctly label /proc inodes in use before the policy is loaded
  selinux: put the mmap() DAC controls before the MAC controls
  selinux: fix the output of ./scripts/get_maintainer.pl for SELinux
  evm: enable key retention service automatically
  ima: skip memory allocation for empty files
  evm: EVM does not use MD5
  ima: return d_name.name if d_path fails
  integrity: fix checkpatch errors
  ima: fix erroneous removal of security.ima xattr
  security: integrity: Use a more current logging style
  MAINTAINERS: email updates and other misc. changes
  ima: reduce memory usage when a template containing the n field is used
  ima: restore the original behavior for sending data with ima template
  Integrity: Pass commname via get_task_comm()
  fs: move i_readcount
  ima: use static const char array definitions
  security: have cap_dentry_init_security return error
  ima: new helper: file_inode(file)
  kernel: Mark function as static in kernel/seccomp.c
  capability: Use current logging styles
  ...

2 files changed, 11 insertions, 20 deletions

diff --git a/kernel/capability.c b/kernel/capability.c
index 34019c57888d..a8d63df0c322 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -7,6 +7,8 @@
  * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net>
  */
 
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
 #include <linux/audit.h>
 #include <linux/capability.h>
 #include <linux/mm.h>
@@ -42,15 +44,10 @@ __setup("no_file_caps", file_caps_disable);
 
 static void warn_legacy_capability_use(void)
 {
-        static int warned;
-        if (!warned) {
-                char name[sizeof(current->comm)];
-
-                printk(KERN_INFO "warning: `%s' uses 32-bit capabilities"
-                       " (legacy support in use)\n",
-                       get_task_comm(name, current));
-                warned = 1;
-        }
+        char name[sizeof(current->comm)];
+
+        pr_info_once("warning: `%s' uses 32-bit capabilities (legacy support in use)\n",
+                     get_task_comm(name, current));
 }
 
 /*
@@ -71,16 +68,10 @@ static void warn_legacy_capability_use(void)
 
 static void warn_deprecated_v2(void)
 {
-        static int warned;
+        char name[sizeof(current->comm)];
 
-        if (!warned) {
-                char name[sizeof(current->comm)];
-
-                printk(KERN_INFO "warning: `%s' uses deprecated v2"
-                       " capabilities in a way that may be insecure.\n",
-                       get_task_comm(name, current));
-                warned = 1;
-        }
+        pr_info_once("warning: `%s' uses deprecated v2 capabilities in a way that may be insecure\n",
+                     get_task_comm(name, current));
 }
 
 /*
@@ -380,7 +371,7 @@ bool has_capability_noaudit(struct task_struct *t, int cap)
 bool ns_capable(struct user_namespace *ns, int cap)
 {
         if (unlikely(!cap_valid(cap))) {
-                printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap);
+                pr_crit("capable() called with invalid cap=%u\n", cap);
                 BUG();
         }
 
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 4f18e754c23e..fd609bd9d6dd 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -290,7 +290,7 @@ free_prog:
  *
  * Returns 0 on success and non-zero otherwise.
  */
-long seccomp_attach_user_filter(char __user *user_filter)
+static long seccomp_attach_user_filter(char __user *user_filter)
 {
         struct sock_fprog fprog;
         long ret = -EFAULT;