Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 638820d8 authored Oct 24, 2018 by Linus Torvalds

Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:
 "In this patchset, there are a couple of minor updates, as well as some
  reworking of the LSM initialization code from Kees Cook (these prepare
  the way for ordered stackable LSMs, but are a valuable cleanup on
  their own)"

* 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  LSM: Don't ignore initialization failures
  LSM: Provide init debugging infrastructure
  LSM: Record LSM name in struct lsm_info
  LSM: Convert security_initcall() into DEFINE_LSM()
  vmlinux.lds.h: Move LSM_TABLE into INIT_DATA
  LSM: Convert from initcall to struct lsm_info
  LSM: Remove initcall tracing
  LSM: Rename .security_initcall section to .lsm_info
  vmlinux.lds.h: Avoid copy/paste of security_init section
  LSM: Correctly announce start of LSM initialization
  security: fix LSM description location
  keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h
  seccomp: remove unnecessary unlikely()
  security: tomoyo: Fix obsolete function
  security/capabilities: remove check for -EINVAL

parents d5e4d81d 3f6caaf5

Documentation/admin-guide/kernel-parameters.txt

+2 −0

Original line number	Diff line number	Diff line
		@@ -2284,6 +2284,8 @@
		ltpc= [NET]
		Format: <io>,<irq>,<dma>

		lsm.debug [SECURITY] Enable LSM initialization debugging output.

		machvec= [IA-64] Force the use of a particular machine-vector
		(machvec) in a generic kernel.
		Example: machvec=hpzx1_swiotlb

Documentation/security/LSM.rst

+1 −1

Original line number	Diff line number	Diff line
		@@ -5,7 +5,7 @@ Linux Security Module Development
		Based on https://lkml.org/lkml/2007/10/26/215,
		a new LSM is accepted into the kernel when its intent (a description of
		what it tries to protect against and in what cases one would expect to
		use it) has been appropriately documented in ``Documentation/security/LSM.rst``.
		use it) has been appropriately documented in ``Documentation/admin-guide/LSM/``.
		This allows an LSM's code to be easily compared to its goals, and so
		that end users and distros can make a more informed decision about which
		LSMs suit their requirements.

arch/arc/kernel/vmlinux.lds.S

+0 −1

Original line number	Diff line number	Diff line
		@@ -71,7 +71,6 @@ SECTIONS
		INIT_SETUP(L1_CACHE_BYTES)
		INIT_CALLS
		CON_INITCALL
		SECURITY_INITCALL
		}

		.init.arch.info : {

arch/arm/kernel/vmlinux-xip.lds.S

+0 −1

Original line number	Diff line number	Diff line
		@@ -96,7 +96,6 @@ SECTIONS
		INIT_SETUP(16)
		INIT_CALLS
		CON_INITCALL
		SECURITY_INITCALL
		INIT_RAM_FS
		}

arch/arm64/kernel/vmlinux.lds.S

+0 −1

Original line number	Diff line number	Diff line
		@@ -183,7 +183,6 @@ SECTIONS
		INIT_SETUP(16)
		INIT_CALLS
		CON_INITCALL
		SECURITY_INITCALL
		INIT_RAM_FS
		(.init.rodata. .init.bss) /* from the EFI stub */
		}