linux/security
Linus Torvalds ba33a49fcd One bugfix patch, one preparation patch, and one conversion patch.
TOMOYO is useful as an analysis tool for learning how a Linux system works.
 My boss was hoping that SELinux's policy is generated from what TOMOYO has
 observed. A translated paper describing it is available at
 https://master.dl.sourceforge.net/project/tomoyo/docs/nsf2003-en.pdf/nsf2003-en.pdf?viasf=1 .
 Although that attempt failed due to mapping problem between inode and pathname,
 TOMOYO remains as an access restriction tool due to ability to write custom
 policy by individuals.
 
 I was delivering pure LKM version of TOMOYO (named AKARI) to users who
 cannot afford rebuilding their distro kernels with TOMOYO enabled. But
 since the LSM framework was converted to static calls, it became more
 difficult to deliver AKARI to such users. Therefore, I decided to update
 TOMOYO so that people can use mostly LKM version of TOMOYO with minimal
 burden for both distributors and users.
 
 Tetsuo Handa (3):
   tomoyo: preparation step for building as a loadable LSM module
   tomoyo: allow building as a loadable LSM module
   tomoyo: fallback to realpath if symlink's pathname does not exist
 
  security/tomoyo/Kconfig         |   15 ++++++++
  security/tomoyo/Makefile        |   10 ++++-
  security/tomoyo/common.c        |   14 ++++++-
  security/tomoyo/common.h        |   72 ++++++++++++++++++++++++++++++++++++++
  security/tomoyo/domain.c        |    9 +++-
  security/tomoyo/gc.c            |    3 +
  security/tomoyo/hooks.h         |  110 -----------------------------------------------------------
  security/tomoyo/init.c          |  366 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  security/tomoyo/load_policy.c   |   12 ++++++
  security/tomoyo/proxy.c         |   82 ++++++++++++++++++++++++++++++++++++++++++++
  security/tomoyo/securityfs_if.c |   12 ++++--
  security/tomoyo/util.c          |    3 -
  12 files changed, 585 insertions(+), 123 deletions(-)
 -----BEGIN PGP SIGNATURE-----
 
 iQJXBAABCABBFiEEQ8gzaWI9etOpbC/HQl8SjQxk9SoFAmb2iQUjHHBlbmd1aW4t
 a2VybmVsQGktbG92ZS5zYWt1cmEubmUuanAACgkQQl8SjQxk9Soxaw/+N3CEsVbs
 npXTNsj515QWSd66Eg8UkAeE2YmwTnxQ5ZRR83SCHf65MVhhkwIKZvFy8VcnJnBu
 Xsl9p2Vme8klopTUXmjABzba2OyfU4qwHCBv6dJehTgKNUW1NVCAgliS0C20k//j
 63iGAWJ1cjQl6fbMXFS/JW/KR49EJLMKtybVdH0ldwo+fk3YivQCalxzB9FlnqKA
 LrhLI2BPq3CMDlC64572XiGQrLY31PR7WDwAUux4CYjE/cMubLpRzL/NjgGO2DJs
 V6fXwqRqdywZhM2ltzbWiSz5US0hvWO0E5Ql3dKX180LLlVGlhs0eCiuZGwPUY+j
 vjZEB5ygjOI4SO4AfWxJgqprjDAEPzfyo7+txENwW8q4c/li9woY9B8ma7S1VMGQ
 6vKx2N8kw0bCZi6FkBu6ymc4sQJcG1acWJT/1IEbcfHOHDAEbmPeHAtvJsn/JPLN
 yiKCfCXM7ecNuCyRlMvDssIK3qRh+E2cFC0WVUQc9MEEkCYneGqU1R2lUKZHqEsN
 94kdhjiUroQZjcQVrtJwDv5Baf2OgMw7DGuhUi0CwKm8Hs7NH5lZ+i+xtvnZCdG7
 GoF62GKGEc91WN9OzPmvWRAKZkr+KrfNvVm/GJE2P6l0MaCgyDztrn7xduuSD/Rr
 sazREZUXqmqltyzgAisth4/BPkqvhCSPMEM=
 =7347
 -----END PGP SIGNATURE-----

Merge tag 'tomoyo-pr-20240927' of git://git.code.sf.net/p/tomoyo/tomoyo

Pull tomoyo updates from Tetsuo Handa:
 "One bugfix patch, one preparation patch, and one conversion patch.

  TOMOYO is useful as an analysis tool for learning how a Linux system
  works. My boss was hoping that SELinux's policy is generated from what
  TOMOYO has observed. A translated paper describing it is available at

    https://master.dl.sourceforge.net/project/tomoyo/docs/nsf2003-en.pdf/nsf2003-en.pdf?viasf=1

  Although that attempt failed due to mapping problem between inode and
  pathname, TOMOYO remains as an access restriction tool due to ability
  to write custom policy by individuals.

  I was delivering pure LKM version of TOMOYO (named AKARI) to users who
  cannot afford rebuilding their distro kernels with TOMOYO enabled. But
  since the LSM framework was converted to static calls, it became more
  difficult to deliver AKARI to such users. Therefore, I decided to
  update TOMOYO so that people can use mostly LKM version of TOMOYO with
  minimal burden for both distributors and users"

* tag 'tomoyo-pr-20240927' of git://git.code.sf.net/p/tomoyo/tomoyo:
  tomoyo: fallback to realpath if symlink's pathname does not exist
  tomoyo: allow building as a loadable LSM module
  tomoyo: preparation step for building as a loadable LSM module
2024-09-27 12:03:48 -07:00
..
apparmor lsm/stable-6.12 PR 20240911 2024-09-16 18:19:47 +02:00
bpf
integrity struct fd layout change (and conversion to accessor helpers) 2024-09-23 09:35:36 -07:00
ipe ipe: Add missing terminator to list of unit tests 2024-09-23 15:53:37 -04:00
keys
landlock Landlock updates for v6.12-rc1 2024-09-24 10:40:11 -07:00
loadpin
lockdown
safesetid
selinux bpf-next-6.12-struct-fd 2024-09-24 14:54:26 -07:00
smack lsm/stable-6.12 PR 20240923 2024-09-24 10:18:15 -07:00
tomoyo tomoyo: fallback to realpath if symlink's pathname does not exist 2024-09-25 22:30:59 +09:00
yama
commoncap.c
device_cgroup.c
inode.c
Kconfig lsm/stable-6.12 PR 20240911 2024-09-16 18:19:47 +02:00
Kconfig.hardening
lsm_audit.c
lsm_syscalls.c
Makefile
min_addr.c
security.c bpf-next-6.12-struct-fd 2024-09-24 14:54:26 -07:00