• Linus Torvalds's avatar
    Merge tag 'selinux-pr-20210426' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux · f1c921fb
    Linus Torvalds authored
    Pull selinux updates from Paul Moore:
    
     - Add support for measuring the SELinux state and policy capabilities
       using IMA.
    
     - A handful of SELinux/NFS patches to compare the SELinux state of one
       mount with a set of mount options. Olga goes into more detail in the
       patch descriptions, but this is important as it allows more
       flexibility when using NFS and SELinux context mounts.
    
     - Properly differentiate between the subjective and objective LSM
       credentials; including support for the SELinux and Smack. My clumsy
       attempt at a proper fix for AppArmor didn't quite pass muster so John
       is working on a proper AppArmor patch, in the meantime this set of
       patches shouldn't change the behavior of AppArmor in any way. This
       change explains the bulk of the diffstat beyond security/.
    
     - Fix a problem where we were not properly terminating the permission
       list for two SELinux object classes.
    
    * tag 'selinux-pr-20210426' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
      selinux: add proper NULL termination to the secclass_map permissions
      smack: differentiate between subjective and objective task credentials
      selinux: clarify task subjective and objective credentials
      lsm: separate security_task_getsecid() into subjective and objective variants
      nfs: account for selinux security context when deciding to share superblock
      nfs: remove unneeded null check in nfs_fill_super()
      lsm,selinux: add new hook to compare new mount to an existing mount
      selinux: fix misspellings using codespell tool
      selinux: fix misspellings using codespell tool
      selinux: measure state and policy capabilities
      selinux: Allow context mounts for unpriviliged overlayfs
    f1c921fb
security.h 13.3 KB