• Linus Torvalds's avatar
    Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 0302e28d
    Linus Torvalds authored
    Pull security subsystem updates from James Morris:
     "Highlights:
    
      IMA:
       - provide ">" and "<" operators for fowner/uid/euid rules
    
      KEYS:
       - add a system blacklist keyring
    
       - add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction
         functionality to userland via keyctl()
    
      LSM:
       - harden LSM API with __ro_after_init
    
       - add prlmit security hook, implement for SELinux
    
       - revive security_task_alloc hook
    
      TPM:
       - implement contextual TPM command 'spaces'"
    
    * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (98 commits)
      tpm: Fix reference count to main device
      tpm_tis: convert to using locality callbacks
      tpm: fix handling of the TPM 2.0 event logs
      tpm_crb: remove a cruft constant
      keys: select CONFIG_CRYPTO when selecting DH / KDF
      apparmor: Make path_max parameter readonly
      apparmor: fix parameters so that the permission test is bypassed at boot
      apparmor: fix invalid reference to index variable of iterator line 836
      apparmor: use SHASH_DESC_ON_STACK
      security/apparmor/lsm.c: set debug messages
      apparmor: fix boolreturn.cocci warnings
      Smack: Use GFP_KERNEL for smk_netlbl_mls().
      smack: fix double free in smack_parse_opts_str()
      KEYS: add SP800-56A KDF support for DH
      KEYS: Keyring asymmetric key restrict method with chaining
      KEYS: Restrict asymmetric key linkage using a specific keychain
      KEYS: Add a lookup_restriction function for the asymmetric key type
      KEYS: Add KEYCTL_RESTRICT_KEYRING
      KEYS: Consistent ordering for __key_link_begin and restrict check
      KEYS: Add an optional lookup_restriction hook to key_type
      ...
    0302e28d
keyctl.c 42.8 KB