f4f27d0028
Pull security subsystem updates from James Morris:
"Highlights:
- A new LSM, "LoadPin", from Kees Cook is added, which allows forcing
of modules and firmware to be loaded from a specific device (this
is from ChromeOS, where the device as a whole is verified
cryptographically via dm-verity).
This is disabled by default but can be configured to be enabled by
default (don't do this if you don't know what you're doing).
- Keys: allow authentication data to be stored in an asymmetric key.
Lots of general fixes and updates.
- SELinux: add restrictions for loading of kernel modules via
finit_module(). Distinguish non-init user namespace capability
checks. Apply execstack check on thread stacks"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (48 commits)
LSM: LoadPin: provide enablement CONFIG
Yama: use atomic allocations when reporting
seccomp: Fix comment typo
ima: add support for creating files using the mknodat syscall
ima: fix ima_inode_post_setattr
vfs: forbid write access when reading a file into memory
fs: fix over-zealous use of "const"
selinux: apply execstack check on thread stacks
selinux: distinguish non-init user namespace capability checks
LSM: LoadPin for kernel file loading restrictions
fs: define a string representation of the kernel_read_file_id enumeration
Yama: consolidate error reporting
string_helpers: add kstrdup_quotable_file
string_helpers: add kstrdup_quotable_cmdline
string_helpers: add kstrdup_quotable
selinux: check ss_initialized before revalidating an inode label
selinux: delay inode label lookup as long as possible
selinux: don't revalidate an inode's label when explicitly setting it
selinux: Change bool variable name to index.
KEYS: Add KEYCTL_DH_COMPUTE command
...
|
||
|---|---|---|
| .. | ||
| asymmetric_keys | ||
| async_tx | ||
| .gitignore | ||
| 842.c | ||
| Kconfig | ||
| Makefile | ||
| ablk_helper.c | ||
| ablkcipher.c | ||
| aead.c | ||
| aes_generic.c | ||
| af_alg.c | ||
| ahash.c | ||
| akcipher.c | ||
| algapi.c | ||
| algboss.c | ||
| algif_aead.c | ||
| algif_hash.c | ||
| algif_rng.c | ||
| algif_skcipher.c | ||
| ansi_cprng.c | ||
| anubis.c | ||
| api.c | ||
| arc4.c | ||
| authenc.c | ||
| authencesn.c | ||
| blkcipher.c | ||
| blowfish_common.c | ||
| blowfish_generic.c | ||
| camellia_generic.c | ||
| cast5_generic.c | ||
| cast6_generic.c | ||
| cast_common.c | ||
| cbc.c | ||
| ccm.c | ||
| chacha20_generic.c | ||
| chacha20poly1305.c | ||
| chainiv.c | ||
| cipher.c | ||
| cmac.c | ||
| compress.c | ||
| crc32_generic.c | ||
| crc32c_generic.c | ||
| crct10dif_common.c | ||
| crct10dif_generic.c | ||
| cryptd.c | ||
| crypto_engine.c | ||
| crypto_null.c | ||
| crypto_user.c | ||
| crypto_wq.c | ||
| ctr.c | ||
| cts.c | ||
| deflate.c | ||
| des_generic.c | ||
| drbg.c | ||
| ecb.c | ||
| echainiv.c | ||
| eseqiv.c | ||
| fcrypt.c | ||
| fips.c | ||
| gcm.c | ||
| gf128mul.c | ||
| ghash-generic.c | ||
| hash_info.c | ||
| hmac.c | ||
| internal.h | ||
| jitterentropy-kcapi.c | ||
| jitterentropy.c | ||
| keywrap.c | ||
| khazad.c | ||
| lrw.c | ||
| lz4.c | ||
| lz4hc.c | ||
| lzo.c | ||
| mcryptd.c | ||
| md4.c | ||
| md5.c | ||
| memneq.c | ||
| michael_mic.c | ||
| pcbc.c | ||
| pcrypt.c | ||
| poly1305_generic.c | ||
| proc.c | ||
| ripemd.h | ||
| rmd128.c | ||
| rmd160.c | ||
| rmd256.c | ||
| rmd320.c | ||
| rng.c | ||
| rsa-pkcs1pad.c | ||
| rsa.c | ||
| rsa_helper.c | ||
| rsaprivkey.asn1 | ||
| rsapubkey.asn1 | ||
| salsa20_generic.c | ||
| scatterwalk.c | ||
| seed.c | ||
| seqiv.c | ||
| serpent_generic.c | ||
| sha1_generic.c | ||
| sha256_generic.c | ||
| sha512_generic.c | ||
| shash.c | ||
| skcipher.c | ||
| tcrypt.c | ||
| tcrypt.h | ||
| tea.c | ||
| testmgr.c | ||
| testmgr.h | ||
| tgr192.c | ||
| twofish_common.c | ||
| twofish_generic.c | ||
| vmac.c | ||
| wp512.c | ||
| xcbc.c | ||
| xor.c | ||
| xts.c | ||