From patchwork Fri Apr 9 17:44:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 12194603 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,INCLUDES_PULL_REQUEST, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A4ABC433ED for ; Fri, 9 Apr 2021 17:44:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 607D16113A for ; Fri, 9 Apr 2021 17:44:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233896AbhDIRpE (ORCPT ); Fri, 9 Apr 2021 13:45:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43182 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234358AbhDIRpD (ORCPT ); Fri, 9 Apr 2021 13:45:03 -0400 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 30711C061762 for ; Fri, 9 Apr 2021 10:44:50 -0700 (PDT) Received: by mail-ed1-x52e.google.com with SMTP id f8so7500988edd.11 for ; Fri, 09 Apr 2021 10:44:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=nSjCyqrsCYIpjIq/WPQfh7f6ppE3qyWXTgcaAHBDVZg=; b=M67BIZxSEjlJYNXW+eYXjjHCFHMsLzlnur4qfOKyVoYViCymy5iyguGUOgW0ofYGUz 1syAlaZIMoPTBeQNvtQTBCv9kQL1GoeshqJreljATES3rFADT5/4Ir/jgyJu8c9Jd2Qn taWv0sH3mtSirfyXSQPpT3nhNSsHJpPgjLbimB+7n5E0IAj4xJXhNmrWTCD0LcP3jIeX uF1PWlZdtsYpvxW5cv7QDbEN8SDksByWD3T2zjXXgWNOdtWwQyh98O1pHHS59Qp7ZlHp 4B8s57yeiXvcjmwQX85ASm0czIwVa1J51BMjfWHH4/tffHwxwUYQJyJa09+6sZBSzdFA bFGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=nSjCyqrsCYIpjIq/WPQfh7f6ppE3qyWXTgcaAHBDVZg=; b=nQz+Du3wk92c0MwRQvVgooASb4RaHUrMVdd7MbwmB0GesvErRvXqhMq5IbacTM1Zr6 J0GCncUWFAuYifl2ufm33i3AxQj+nZfTxbG78SBctw1i3bqnimdgJsE0bQTiG8cXqFQy BcUgKoZyO2FpIeQF8dk7y1h1/YbWUHATQ6htJ1BQk11hnocA265Y15xpoZgn1VAxDKPl xVznF1CyxY/LVZw1AiAJU0oa4jLrf4zlI+cXIyVeJEy1GNyC1pGaAPmJ/jU9yHvnjG5b 87uHWa4UIEW/Q9TEOV/ZGk/xdXuLpx+toLvdjI66RIWnQO5BPLy2OVT6lSH+vGAcZvVJ 98GA== X-Gm-Message-State: AOAM533vZsVgtpWopt5dlR5faVk+fXlzo0raDKrBXsbYPMO9gPIj/O0l 18+PY7GJ9Kz8WmhL4aUbiMki5kB6xoRj0HAR0Md1 X-Google-Smtp-Source: ABdhPJx90ZIIuFo2jn8xwq3lr2Xj/Vsuta9Az/QMVDn78N2gX3QFhsmKupUsjNpnaLqtCeEsRuNGFiJCt3olsd1KEvo= X-Received: by 2002:a05:6402:3c7:: with SMTP id t7mr18723463edw.196.1617990288812; Fri, 09 Apr 2021 10:44:48 -0700 (PDT) MIME-Version: 1.0 From: Paul Moore Date: Fri, 9 Apr 2021 13:44:38 -0400 Message-ID: Subject: [GIT PULL] SELinux fixes for v5.12 (#2) To: Linus Torvalds Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: Hi Linus, I realize we are getting late in the v5.12-rcX release cycle, but we have three SELinux patches which I believe should be merged before the proper v5.12 release. The patches fix known problems relating to (re)loading SELinux policy or changing the policy booleans, and pass our test suite without problem. As of a few minutes ago, the tag below also merged cleanly into your tree. Please pull for the next v5.12-rcX release, thanks. -Paul --- The following changes since commit ee5de60a08b7d8d255722662da461ea159c15538: selinuxfs: unify policy load error reporting (2021-03-18 23:26:59 -0400) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20210409 for you to fetch changes up to 9ad6e9cb39c66366bf7b9aece114aca277981a1f: selinux: fix race between old and new sidtab (2021-04-07 20:42:56 -0400) ---------------------------------------------------------------- selinux/stable-5.12 PR 20210409 ---------------------------------------------------------------- Ondrej Mosnacek (3): selinux: make nslot handling in avtab more robust selinux: fix cond_list corruption when changing booleans selinux: fix race between old and new sidtab security/selinux/ss/avtab.c | 101 ++++++++---------------- security/selinux/ss/avtab.h | 2 +- security/selinux/ss/conditional.c | 12 +-- security/selinux/ss/services.c | 157 +++++++++++++++++++++++++++------- security/selinux/ss/sidtab.c | 21 +++++ security/selinux/ss/sidtab.h | 4 + 6 files changed, 185 insertions(+), 112 deletions(-)