• Linus Torvalds's avatar
    Merge tag 'apparmor-pr-2018-04-10' of... · 80a17a5f
    Linus Torvalds authored
    Merge tag 'apparmor-pr-2018-04-10' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
    
    Pull apparmor updates from John Johansen:
     "Features:
      - add base infrastructure for socket mediation. ABI bump and
        additional checks to ensure only v8 compliant policy uses socket af
        mediation.
      - improve and cleanup dfa verification
      - improve profile attachment logic
         - improve overlapping expression handling
         - add the xattr matching to the attachment logic
      - improve signal mediation handling with stacked labels
      - improve handling of no_new_privs in a label stack
    
      Cleanups and changes:
      - use dfa to parse string split
      - bounded version of label_parse
      - proper line wrap nulldfa.in
      - split context out into task and cred naming to better match usage
      - simplify code in aafs
    
      Bug fixes:
      - fix display of .ns_name for containers
      - fix resource audit messages when auditing peer
      - fix logging of the existence test for signals
      - fix resource audit messages when auditing peer
      - fix display of .ns_name for containers
      - fix an error code in verify_table_headers()
      - fix memory leak on buffer on error exit path
      - fix error returns checks by making size a ssize_t"
    
    * tag 'apparmor-pr-2018-04-10' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: (36 commits)
      apparmor: fix memory leak on buffer on error exit path
      apparmor: fix dangling symlinks to policy rawdata after replacement
      apparmor: Fix an error code in verify_table_headers()
      apparmor: fix error returns checks by making size a ssize_t
      apparmor: update MAINTAINERS file git and wiki locations
      apparmor: remove POLICY_MEDIATES_SAFE
      apparmor: add base infastructure for socket mediation
      apparmor: improve overlapping domain attachment resolution
      apparmor: convert attaching profiles via xattrs to use dfa matching
      apparmor: Add support for attaching profiles via xattr, presence and value
      apparmor: cleanup: simplify code to get ns symlink name
      apparmor: cleanup create_aafs() error path
      apparmor: dfa split verification of table headers
      apparmor: dfa add support for state differential encoding
      apparmor: dfa move character match into a macro
      apparmor: update domain transitions that are subsets of confinement at nnp
      apparmor: move context.h to cred.h
      apparmor: move task related defines and fns to task.X files
      apparmor: cleanup, drop unused fn __aa_task_is_confined()
      apparmor: cleanup fixup description of aa_replace_profiles
      ...
    80a17a5f
apparmorfs.c 62.9 KB