From patchwork Wed Dec 18 04:52:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 13913025 X-Patchwork-Delegate: paul@paul-moore.com Received: from mail-qt1-f180.google.com (mail-qt1-f180.google.com [209.85.160.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8EE9714B06E for ; Wed, 18 Dec 2024 04:52:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734497526; cv=none; b=Gx9n27xaYIl2h7c0WOz2F3VmO8R6ANwqTu/dY1CjmORX9KwWwm0g/1+BFPRNqi8shpe5B8BBsmCSWa9AV8L+8d5fQuAvaTFQrjlc25KQgaAop0xfhij/PGeQxymuzWSvYntdcpFPxDaGBYTevxrE+gNZqrHg+xgjiYJAaZzTHGY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734497526; c=relaxed/simple; bh=kok0zc3eMer5C1HhBdN/GHJdm0tzzDUEl4j2ZX8sZBI=; h=Date:Message-ID:From:To:Cc:Subject; b=sThsyFM8TZs/7swMdz+OT4VnqyMsfJ8dLDArhiwYcRQjLg7xc71zmQn+SZY4XI3IFd+P5AuQPUcnXrKlWCnLpt6EcMW2llaQkaPm1O88fuCgH4TsYoSMaZrwDs/EXWV9CE4sB7Lt23FANJAEcg5whIwQQXy5FloNrZY1XhIXdAg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=PYXWkFGV; arc=none smtp.client-ip=209.85.160.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="PYXWkFGV" Received: by mail-qt1-f180.google.com with SMTP id d75a77b69052e-46677ef6910so65823731cf.2 for ; Tue, 17 Dec 2024 20:52:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1734497523; x=1735102323; darn=vger.kernel.org; h=subject:cc:to:from:message-id:date:from:to:cc:subject:date :message-id:reply-to; bh=4u188fwwLz5ur+zRkfbW24ZR21SR4bFjDTgnLQvheOM=; b=PYXWkFGV9CVQ41RrZ8NRrKdl+L7bMjI+o4GSC+GKyCnJYmETwUN3mTbKnudiq9O63H qVRDvdZD2ZDVxJ6uI72+tnepZCiylO1gDgPljqTEF4ZvESur+HP4S9IRXvPNA0/DLCbg cxgp+gn53A2ZtyGQGqjmlMPUtsNoPwg5nHh2JZLl/fm37hK+yV4D36SWjVWZ2TdoE6+m 12EQuMk9ZoH6MmiPHOx717tAGBRX3uf0Zk5clG3Gki8G3uv6rkIaD0Ahr6tgMEfESFNY jJconiiKDbTHlePXiWi0mVgYT/kn/wBRUqdsJAtm0Ww6fyHrqC/IMTGXS/AiILcKQHfe eFaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734497523; x=1735102323; h=subject:cc:to:from:message-id:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4u188fwwLz5ur+zRkfbW24ZR21SR4bFjDTgnLQvheOM=; b=pI0uhQnFxB4dlvT9zodhEHBYphMELEj5V/Unj7J17YsubsfdaiZEkvb11ndzeurA48 G6K614sC+6KYm3udQyiX/3ySVHOLzUeO7xTf3W5UtUvmoseffIAdYXaNVDYC7PW4akd8 lYndAUluCJaOFCvYjM8lYaVOHWzGk4qAXHFfGR72P9p46MBNdYMMIhzZESWciXnRZQVo MBsL8cnAnYkmWLGpEfpCS7nYMvC4d7BQWWLG2Y9vLaGi8AXo7XHD+0+nm7GntSsCnKG8 Sx+H0f+yHEFlwleWbtEabaYGVWyXSJM6L7IQFegR+wuhHFrilaCc/9j/dJu9tI6MV0KV tx3Q== X-Forwarded-Encrypted: i=1; AJvYcCXWBuuoPEX3WoQZXBCB3tlMqvWZpcTB+cTjEymg8RZw+YsKpzrCCQE3bxzNKEZDRY57ttL61UhZWpPM8ZFCLUFKXXhqrMk=@vger.kernel.org X-Gm-Message-State: AOJu0YwSaAd/EtlZFB817P0295IIv8qV2XM1p/gTt5a8S7Cbw0nWDfj0 DxfDeY34C6SKhQLJJ4sW8nOoE2L2m9Qo6uCG3iHrnyXTw9XelaSBSL5P47NjmQ== X-Gm-Gg: ASbGnct2usMdtRncUTsQymgzfrcWE9myxw/K8pJqW4/2NB2es1MBi0eFw2qM/TfAG++ nUvjcScYVJKLSC7+2Gzw6a55Xcwqs4dW7ha0PQLOwTGrTS3/yhErHoPNaXjsggJPayCDd7/9x/b dEZMcDgT60zPCSztVD5IYeY7vXtBxu1x3Ei5WW5KzbZbdxdGk0n8ZlL72wavPiUA4eOws2asctj yclntr5qvG2XsTfBJWdKrSJYI7uEESXX58wr8jJU8o071yPnhA= X-Google-Smtp-Source: AGHT+IGpgRNZyn48P8+vL4Zxk5E5VsvTJHu1mGknTyiPBCmAlwrep5Urrrc9tA/AEzoXYDlUfki+4w== X-Received: by 2002:ad4:5fcf:0:b0:6d4:211c:dff0 with SMTP id 6a1803df08f44-6dd091ddcb6mr21927306d6.29.1734497523486; Tue, 17 Dec 2024 20:52:03 -0800 (PST) Received: from localhost ([70.22.175.108]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6dccd390fdasm46037696d6.124.2024.12.17.20.52.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Dec 2024 20:52:03 -0800 (PST) Date: Tue, 17 Dec 2024 23:52:02 -0500 Message-ID: From: Paul Moore To: Linus Torvalds Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [GIT PULL] selinux/selinux-pr-20241217 Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Linus, One small SELinux patch to get rid improve our handling of unknown extended permissions by safely ignoring them. Not only does this make it easier to support newer SELinux policy on older kernels in the future, it removes to BUG() calls from the SELinux code. -Paul --- The following changes since commit 40384c840ea1944d7c5a392e8975ed088ecf0b37: Linux 6.13-rc1 (2024-12-01 14:28:56 -0800) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20241217 for you to fetch changes up to 900f83cf376bdaf798b6f5dcb2eae0c822e908b6: selinux: ignore unknown extended permissions (2024-12-15 21:59:03 -0500) ---------------------------------------------------------------- selinux/stable-6.13 PR 20241217 ---------------------------------------------------------------- ThiƩbaud Weksteen (1): selinux: ignore unknown extended permissions security/selinux/ss/services.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) -- paul-moore.com