• Linus Torvalds's avatar
    Merge tag 'apparmor-pr-2017-09-22' of... · 79444df4
    Linus Torvalds authored
    Merge tag 'apparmor-pr-2017-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
    
    Pull apparmor updates from John Johansen:
     "This is the apparmor pull request, similar to SELinux and seccomp.
    
      It's the same series that I was sent to James' security tree + one
      regression fix that was found after the series was sent to James and
      would have been sent for v4.14-rc2.
    
      Features:
      - in preparation for secid mapping add support for absolute root view
        based labels
      - add base infastructure for socket mediation
      - add mount mediation
      - add signal mediation
    
      minor cleanups and changes:
      - be defensive, ensure unconfined profiles have dfas initialized
      - add more debug asserts to apparmorfs
      - enable policy unpacking to audit different reasons for failure
      - cleanup conditional check for label in label_print
      - Redundant condition: prev_ns. in [label.c:1498]
    
      Bug Fixes:
      - fix regression in apparmorfs DAC access permissions
      - fix build failure on sparc caused by undeclared signals
      - fix sparse report of incorrect type assignment when freeing label proxies
      - fix race condition in null profile creation
      - Fix an error code in aafs_create()
      - Fix logical error in verify_header()
      - Fix shadowed local variable in unpack_trans_table()"
    
    * tag 'apparmor-pr-2017-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
      apparmor: fix apparmorfs DAC access permissions
      apparmor: fix build failure on sparc caused by undeclared signals
      apparmor: fix incorrect type assignment when freeing proxies
      apparmor: ensure unconfined profiles have dfas initialized
      apparmor: fix race condition in null profile creation
      apparmor: move new_null_profile to after profile lookup fns()
      apparmor: add base infastructure for socket mediation
      apparmor: add more debug asserts to apparmorfs
      apparmor: make policy_unpack able to audit different info messages
      apparmor: add support for absolute root view based labels
      apparmor: cleanup conditional check for label in label_print
      apparmor: add mount mediation
      apparmor: add the ability to mediate signals
      apparmor: Redundant condition: prev_ns. in [label.c:1498]
      apparmor: Fix an error code in aafs_create()
      apparmor: Fix logical error in verify_header()
      apparmor: Fix shadowed local variable in unpack_trans_table()
    79444df4
domain.c 33.9 KB