Merge branch 'next' into for-linus

  <chapter id="security">

     <title>Security Framework</title>

!Isecurity/security.c

!Esecurity/inode.c

  </chapter>

  <chapter id="audit">

If you want to use SELinux, chances are you will want

to use the distro-provided policies, or install the

latest reference policy release from

	http://oss.tresys.com/projects/refpolicy

However, if you want to install a dummy policy for

testing, you can do using 'mdp' provided under

scripts/selinux.  Note that this requires the selinux

userspace to be installed - in particular you will

need checkpolicy to compile a kernel, and setfiles and

fixfiles to label the filesystem.

	1. Compile the kernel with selinux enabled.

	2. Type 'make' to compile mdp.

	3. Make sure that you are not running with

	   SELinux enabled and a real policy.  If

	   you are, reboot with selinux disabled

	   before continuing.

	4. Run install_policy.sh:

		cd scripts/selinux

		sh install_policy.sh

Step 4 will create a new dummy policy valid for your

kernel, with a single selinux user, role, and type.

It will compile the policy, will set your SELINUXTYPE to

dummy in /etc/selinux/config, install the compiled policy

as 'dummy', and relabel your filesystem.

M:	eparis@parisplace.org

L:	linux-kernel@vger.kernel.org (kernel issues)

L: 	selinux@tycho.nsa.gov (subscribers-only, general discussion)

W:	http://www.nsa.gov/selinux

W:	http://selinuxproject.org

T:	git kernel.org:pub/scm/linux/kernel/git/jmorris/security-testing-2.6.git

S:	Supported

SENSABLE PHANTOM

	tristate "TPM Hardware Support"

	depends on HAS_IOMEM

	depends on EXPERIMENTAL

	select SECURITYFS

	---help---

	  If you have a TPM security chip in your system, which

	  implements the Trusted Computing Group's specification,

extern int security_init(void);

extern int security_module_enable(struct security_operations *ops);

extern int register_security(struct security_operations *ops);

extern struct dentry *securityfs_create_file(const char *name, mode_t mode,

					     struct dentry *parent, void *data,

					     const struct file_operations *fops);

extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);

extern void securityfs_remove(struct dentry *dentry);

/* Security operations */

int security_ptrace_may_access(struct task_struct *child, unsigned int mode);

	return cap_netlink_recv(skb, cap);

}

static inline struct dentry *securityfs_create_dir(const char *name,

					struct dentry *parent)

{

	return ERR_PTR(-ENODEV);

}

static inline struct dentry *securityfs_create_file(const char *name,

						mode_t mode,

						struct dentry *parent,

						void *data,

						const struct file_operations *fops)

{

	return ERR_PTR(-ENODEV);

}

static inline void securityfs_remove(struct dentry *dentry)

{

}

static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)

{

	return -EOPNOTSUPP;

#endif /* CONFIG_SECURITY */

#endif /* CONFIG_AUDIT */

#ifdef CONFIG_SECURITYFS

extern struct dentry *securityfs_create_file(const char *name, mode_t mode,

					     struct dentry *parent, void *data,

					     const struct file_operations *fops);

extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);

extern void securityfs_remove(struct dentry *dentry);

#else /* CONFIG_SECURITYFS */

static inline struct dentry *securityfs_create_dir(const char *name,

						   struct dentry *parent)

{

	return ERR_PTR(-ENODEV);

}

static inline struct dentry *securityfs_create_file(const char *name,

						    mode_t mode,

						    struct dentry *parent,

						    void *data,

						    const struct file_operations *fops)

{

	return ERR_PTR(-ENODEV);

}

static inline void securityfs_remove(struct dentry *dentry)

{}

#endif

#endif /* ! __LINUX_SECURITY_H */