diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-11-01 21:06:18 -0700 | 
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-11-01 21:06:18 -0700 | 
| commit | cdab10bf3285ee354e8f50254aa799631b7a95e0 (patch) | |
| tree | e0b622a649d301346132b4e5ae91966856449fad /include/linux/fpga/fpga-bridge.h | |
| parent | 6fedc28076bbbb32edb722e80f9406a3d1d668a8 (diff) | |
| parent | 15bf32398ad488c0df1cbaf16431422c87e4feea (diff) | |
Merge tag 'selinux-pr-20211101' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore:
 - Add LSM/SELinux/Smack controls and auditing for io-uring.
   As usual, the individual commit descriptions have more detail, but we
   were basically missing two things which we're adding here:
      + establishment of a proper audit context so that auditing of
        io-uring ops works similarly to how it does for syscalls (with
        some io-uring additions because io-uring ops are *not* syscalls)
      + additional LSM hooks to enable access control points for some of
        the more unusual io-uring features, e.g. credential overrides.
   The additional audit callouts and LSM hooks were done in conjunction
   with the io-uring folks, based on conversations and RFC patches
   earlier in the year.
 - Fixup the binder credential handling so that the proper credentials
   are used in the LSM hooks; the commit description and the code
   comment which is removed in these patches are helpful to understand
   the background and why this is the proper fix.
 - Enable SELinux genfscon policy support for securityfs, allowing
   improved SELinux filesystem labeling for other subsystems which make
   use of securityfs, e.g. IMA.
* tag 'selinux-pr-20211101' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  security: Return xattr name from security_dentry_init_security()
  selinux: fix a sock regression in selinux_ip_postroute_compat()
  binder: use cred instead of task for getsecid
  binder: use cred instead of task for selinux checks
  binder: use euid from cred instead of using task
  LSM: Avoid warnings about potentially unused hook variables
  selinux: fix all of the W=1 build warnings
  selinux: make better use of the nf_hook_state passed to the NF hooks
  selinux: fix race condition when computing ocontext SIDs
  selinux: remove unneeded ipv6 hook wrappers
  selinux: remove the SELinux lockdown implementation
  selinux: enable genfscon labeling for securityfs
  Smack: Brutalist io_uring support
  selinux: add support for the io_uring access controls
  lsm,io_uring: add LSM hooks to io_uring
  io_uring: convert io_uring to the secure anon inode interface
  fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure()
  audit: add filtering for io_uring records
  audit,io_uring,io-wq: add some basic audit support to io_uring
  audit: prepare audit_context for use in calling contexts beyond syscalls
Diffstat (limited to 'include/linux/fpga/fpga-bridge.h')
0 files changed, 0 insertions, 0 deletions
