• Linus Torvalds's avatar
    Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 5807fcaa
    Linus Torvalds authored
    Pull security subsystem updates from James Morris:
    
     - EVM gains support for loading an x509 cert from the kernel
       (EVM_LOAD_X509), into the EVM trusted kernel keyring.
    
     - Smack implements 'file receive' process-based permission checking for
       sockets, rather than just depending on inode checks.
    
     - Misc enhancments for TPM & TPM2.
    
     - Cleanups and bugfixes for SELinux, Keys, and IMA.
    
    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (41 commits)
      selinux: Inode label revalidation performance fix
      KEYS: refcount bug fix
      ima: ima_write_policy() limit locking
      IMA: policy can be updated zero times
      selinux: rate-limit netlink message warnings in selinux_nlmsg_perm()
      selinux: export validatetrans decisions
      gfs2: Invalid security labels of inodes when they go invalid
      selinux: Revalidate invalid inode security labels
      security: Add hook to invalidate inode security labels
      selinux: Add accessor functions for inode->i_security
      security: Make inode argument of inode_getsecid non-const
      security: Make inode argument of inode_getsecurity non-const
      selinux: Remove unused variable in selinux_inode_init_security
      keys, trusted: seal with a TPM2 authorization policy
      keys, trusted: select hash algorithm for TPM2 chips
      keys, trusted: fix: *do not* allow duplicate key options
      tpm_ibmvtpm: properly handle interrupted packet receptions
      tpm_tis: Tighten IRQ auto-probing
      tpm_tis: Refactor the interrupt setup
      tpm_tis: Get rid of the duplicate IRQ probing code
      ...
    5807fcaa
keyctl.c 41.1 KB