mirror of
https://github.com/torvalds/linux.git
synced 2024-11-24 05:02:12 +00:00
f4f27d0028
Pull security subsystem updates from James Morris: "Highlights: - A new LSM, "LoadPin", from Kees Cook is added, which allows forcing of modules and firmware to be loaded from a specific device (this is from ChromeOS, where the device as a whole is verified cryptographically via dm-verity). This is disabled by default but can be configured to be enabled by default (don't do this if you don't know what you're doing). - Keys: allow authentication data to be stored in an asymmetric key. Lots of general fixes and updates. - SELinux: add restrictions for loading of kernel modules via finit_module(). Distinguish non-init user namespace capability checks. Apply execstack check on thread stacks" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (48 commits) LSM: LoadPin: provide enablement CONFIG Yama: use atomic allocations when reporting seccomp: Fix comment typo ima: add support for creating files using the mknodat syscall ima: fix ima_inode_post_setattr vfs: forbid write access when reading a file into memory fs: fix over-zealous use of "const" selinux: apply execstack check on thread stacks selinux: distinguish non-init user namespace capability checks LSM: LoadPin for kernel file loading restrictions fs: define a string representation of the kernel_read_file_id enumeration Yama: consolidate error reporting string_helpers: add kstrdup_quotable_file string_helpers: add kstrdup_quotable_cmdline string_helpers: add kstrdup_quotable selinux: check ss_initialized before revalidating an inode label selinux: delay inode label lookup as long as possible selinux: don't revalidate an inode's label when explicitly setting it selinux: Change bool variable name to index. KEYS: Add KEYCTL_DH_COMPUTE command ... |
||
---|---|---|
.. | ||
af_rxrpc.c | ||
ar-accept.c | ||
ar-ack.c | ||
ar-call.c | ||
ar-connection.c | ||
ar-connevent.c | ||
ar-error.c | ||
ar-input.c | ||
ar-internal.h | ||
ar-key.c | ||
ar-local.c | ||
ar-output.c | ||
ar-peer.c | ||
ar-proc.c | ||
ar-recvmsg.c | ||
ar-security.c | ||
ar-skbuff.c | ||
ar-transport.c | ||
insecure.c | ||
Kconfig | ||
Makefile | ||
misc.c | ||
rxkad.c | ||
sysctl.c |