[tomoyo-users 567] Fwd: What's coming in the security subsystem

Back to archive index

Toshiharu Harada harad****@gmail*****
2009年 3月 18日 (水) 08:25:35 JST


---------- Forwarded message ----------
From: James Morris <jmorr****@namei*****>
Date: 2009/3/18
Subject: What's coming in the security subsystem
To: linux****@vger*****
Cc: linux****@vger*****


Here's what to expect in 2.6.30, currently carried in linux-next via the
security-testing tree[1].

Notable new features include IMA and TOMOYO, while SELinux gets some
cleanup love.


David P. Quigley (3):
     SELinux: Condense super block security structure flags and
cleanup necessary code.
     SELinux: Add new security mount option to indicate security label support.
     SELinux: Unify context mount and genfs behavior

Eric Paris (12):
     SELinux: call capabilities code directory
     SELinux: better printk when file with invalid label found
     SELinux: NULL terminate al contexts from disk
     SELinux: check seqno when updating an avc_node
     SELinux: remove the unused ae.used
     SELinux: more careful use of avd in avc_has_perm_noaudit
     SELinux: remove unused av.decided field
     SELinux: code readability with avc_cache
     SELinux: convert the avc cache hash list to an hlist
     SELinux: open perm for sock files
     SELinux: new permission between tty audit and audit socket
     SELinux: inode_doinit_with_dentry drop no dentry printk

James Morris (23):
     maintainers: add security subsystem wiki
     selinux: remove unused bprm_check_security hook
     selinux: remove secondary ops call to bprm_committing_creds
     selinux: remove secondary ops call to bprm_committed_creds
     selinux: remove secondary ops call to sb_mount
     selinux: remove secondary ops call to sb_umount
     selinux: remove secondary ops call to inode_link
     selinux: remove secondary ops call to inode_unlink
     selinux: remove secondary ops call to inode_mknod
     selinux: remove secondary ops call to inode_follow_link
     selinux: remove secondary ops call to inode_permission
     selinux: remove secondary ops call to inode_setattr
     selinux: remove secondary ops call to file_mprotect
     selinux: remove secondary ops call to task_create
     selinux: remove unused cred_commit hook
     selinux: remove secondary ops call to task_setrlimit
     selinux: remove secondary ops call to task_kill
     selinux: remove secondary ops call to unix_stream_connect
     selinux: remove secondary ops call to shm_shmat
     selinux: remove hooks which simply defer to capabilities
     IMA: fix ima_delete_rules() definition
     Merge branch 'master' into next
     security: change link order of LSMs so security=tomoyo works

Kentaro Takeda (8):
     Add in_execve flag into task_struct.
     Memory and pathname management functions.
     Common functions for TOMOYO Linux.
     File operation restriction part.
     Domain transition handler.
     LSM adapter functions.
     Kconfig and Makefile
     MAINTAINERS info

Mimi Zohar (11):
     integrity: IMA hooks
     integrity: IMA as an integrity service provider
     integrity: IMA display
     integrity: IMA policy
     integrity: IMA policy open
     Integrity: IMA file free imbalance
     Integrity: IMA update maintainers
     integrity: shmem zero fix
     integrity: audit update
     integrity: ima scatterlist bug fix
     integrity: ima iint radix_tree_lookup locking fix

Rajiv Andrade (3):
     TPM: sysfs functions consolidation
     TPM: integrity interface
     TPM: integrity fix

Randy Dunlap (2):
     ima: fix build error
     smack: fix lots of kernel-doc notation

Serge E. Hallyn (5):
     securityfs: fix long-broken securityfs_create_file comment
     keys: distinguish per-uid keys in different namespaces
     keys: consider user namespace in key_permission
     keys: skip keys from another user namespace
     keys: make procfiles per-user-namespace

Tetsuo Handa (4):
     tomoyo: fix sparse warning
     TOMOYO: Fix exception policy read failure.
     TOMOYO: Don't create securityfs entries unless registered.
     TOMOYO: Do not call tomoyo_realpath_init unless registered.

etienne (1):
     smack: fixes for unlabeled host support



[1] git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

--
James Morris
<jmorr****@namei*****>
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to major****@vger*****
More majordomo info at  http://vger.kernel.org/majordomo-info.html



-- 
Toshiharu Harada
harad****@gmail*****




tomoyo-users メーリングリストの案内
Back to archive index