• Linus Torvalds's avatar
    Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · f4f27d00
    Linus Torvalds authored
    Pull security subsystem updates from James Morris:
     "Highlights:
    
       - A new LSM, "LoadPin", from Kees Cook is added, which allows forcing
         of modules and firmware to be loaded from a specific device (this
         is from ChromeOS, where the device as a whole is verified
         cryptographically via dm-verity).
    
         This is disabled by default but can be configured to be enabled by
         default (don't do this if you don't know what you're doing).
    
       - Keys: allow authentication data to be stored in an asymmetric key.
         Lots of general fixes and updates.
    
       - SELinux: add restrictions for loading of kernel modules via
         finit_module().  Distinguish non-init user namespace capability
         checks.  Apply execstack check on thread stacks"
    
    * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (48 commits)
      LSM: LoadPin: provide enablement CONFIG
      Yama: use atomic allocations when reporting
      seccomp: Fix comment typo
      ima: add support for creating files using the mknodat syscall
      ima: fix ima_inode_post_setattr
      vfs: forbid write access when reading a file into memory
      fs: fix over-zealous use of "const"
      selinux: apply execstack check on thread stacks
      selinux: distinguish non-init user namespace capability checks
      LSM: LoadPin for kernel file loading restrictions
      fs: define a string representation of the kernel_read_file_id enumeration
      Yama: consolidate error reporting
      string_helpers: add kstrdup_quotable_file
      string_helpers: add kstrdup_quotable_cmdline
      string_helpers: add kstrdup_quotable
      selinux: check ss_initialized before revalidating an inode label
      selinux: delay inode label lookup as long as possible
      selinux: don't revalidate an inode's label when explicitly setting it
      selinux: Change bool variable name to index.
      KEYS: Add KEYCTL_DH_COMPUTE command
      ...
    f4f27d00
Name
Last commit
Last update
..
internal Loading commit data...
ablk_helper.h Loading commit data...
aead.h Loading commit data...
aes.h Loading commit data...
akcipher.h Loading commit data...
algapi.h Loading commit data...
authenc.h Loading commit data...
b128ops.h Loading commit data...
blowfish.h Loading commit data...
cast5.h Loading commit data...
cast6.h Loading commit data...
cast_common.h Loading commit data...
chacha20.h Loading commit data...
cryptd.h Loading commit data...
crypto_wq.h Loading commit data...
ctr.h Loading commit data...
des.h Loading commit data...
drbg.h Loading commit data...
gf128mul.h Loading commit data...
hash.h Loading commit data...
hash_info.h Loading commit data...
if_alg.h Loading commit data...
lrw.h Loading commit data...
mcryptd.h Loading commit data...
md5.h Loading commit data...
null.h Loading commit data...
padlock.h Loading commit data...
pcrypt.h Loading commit data...
pkcs7.h Loading commit data...
poly1305.h Loading commit data...
public_key.h Loading commit data...
rng.h Loading commit data...
scatterwalk.h Loading commit data...
serpent.h Loading commit data...
sha.h Loading commit data...
sha1_base.h Loading commit data...
sha256_base.h Loading commit data...
sha512_base.h Loading commit data...
skcipher.h Loading commit data...
twofish.h Loading commit data...
vmac.h Loading commit data...
xts.h Loading commit data...