[security-next] Pull request (merge window)
Tim Gardner
tim.gardner at canonical.com
Mon Jun 16 12:29:00 UTC 2014
Serge,
Cherry-picked for now from 0430e49b6e7c6b5e076be8fefdee089958c9adad for
Utopic. We'd have picked this up anyway when rebasing against 3.16.
rtg
On 06/13/2014 11:14 AM, Serge E. Hallyn wrote:
> Hi,
>
> I believe process is just to send it to kernel-team at lists.ubuntu.com (cc:d).
>
> Tim/Andy, please see below, there is a patch
>
> ima: introduce ima_kernel_read()"
>
> in git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security
> serge-next-2 which fixes a potential bug in ima when used with apparmor
> which I assume is meant to be applied to the utopic kernel.
>
> If you need any more information Dmitri should be able to answer.
>
> thanks,
> -serge
>
> Quoting Dmitry Kasatkin (dmitry.kasatkin at gmail.com):
>> Hi Serge,
>>
>> Mimi CC pull request also to Ubuntu kernel team.
>>
>> It is actually very important to apply "ima: introduce
>> ima_kernel_read()" to Ubuntu kernels.
>>
>> What is the process to manage it?
>>
>> Thanks a lot.
>>
>> - Dmitry
>>
>> On 13 June 2014 17:19, Serge E. Hallyn <serge at hallyn.com> wrote:
>>> Hi Linus,
>>>
>>> A few more commits had previously failed to make it through security-next
>>> into linux-next but this week made it into linxu-next. At least commit
>>> "ima: introduce ima_kernel_read()" was deemed critical by Mimi to make
>>> this merge window.
>>>
>>> This is a temporary tree just for this request. Mimi has pointed me to
>>> some previous threads about keeping maintainer trees at the previous
>>> release, which I'll certainly do for anything long-term, after talking
>>> with James.
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> The following changes since commit 0e04c641b199435f3779454055f6a7de258ecdfc:
>>>
>>> Merge tag 'dm-3.16-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm (2014-06-12 13:33:29 -0700)
>>>
>>> are available in the git repository at:
>>>
>>>
>>> git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security serge-next-2
>>>
>>> for you to fetch changes up to 0430e49b6e7c6b5e076be8fefdee089958c9adad:
>>>
>>> ima: introduce ima_kernel_read() (2014-06-12 17:58:08 -0400)
>>>
>>> - ----------------------------------------------------------------
>>> Dmitry Kasatkin (5):
>>> evm: replace HMAC version with attribute mask
>>> evm: provide option to protect additional SMACK xattrs
>>> ima: prevent unnecessary policy checking
>>> ima: check inode integrity cache in violation check
>>> ima: introduce ima_kernel_read()
>>>
>>> Mimi Zohar (2):
>>> ima: prevent new digsig xattr from being replaced
>>> evm: prohibit userspace writing 'security.evm' HMAC value
>>>
>>> security/integrity/evm/Kconfig | 42 ++++++++++++++++++++++++++++-------
>>> security/integrity/evm/evm.h | 5 ++++-
>>> security/integrity/evm/evm_crypto.c | 2 +-
>>> security/integrity/evm/evm_main.c | 29 +++++++++++++++++++++---
>>> security/integrity/ima/ima_appraise.c | 10 ++++++---
>>> security/integrity/ima/ima_crypto.c | 32 +++++++++++++++++++++++++-
>>> security/integrity/ima/ima_main.c | 22 +++++++++---------
>>> 7 files changed, 114 insertions(+), 28 deletions(-)
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1
>>>
>>> iQEcBAEBAgAGBQJTmwUGAAoJELF1z6mPGSryM5EIAKrW054UihG58o+efleMBqpk
>>> Tur6eoFyFOjRlU0iRRjSyZpvNjGVsaEe46rBfrXkdV4D6lgPhAwCyUVkQGyHjetd
>>> MbK1o17I4gHqQK2rHa5fkIGmWEzoRART32WJuCHrniIZJ+fv2vn1S2Veb1ei0Q+a
>>> PyUHsvWdcmSsqA0wCcAaBSNekjdi+Wrs35OrHI2+SMdpTbTGJJdgOLtNzBMYLid6
>>> cSGoarLC+ST1rJWxSI5hsaDnzgURUWk9dElzQCcEeSa0924mKBa4t0EwUmeaUQC9
>>> kB3RGMS3OJEFwTxJXfSRolprftWEYkKd+3ovLE+P/Kp+0ZsJ74ohCCbk/5x6CMQ=
>>> =eBeq
>>> -----END PGP SIGNATURE-----
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
>>> the body of a message to majordomo at vger.kernel.org
>>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>>
>>
>> --
>> Thanks,
>> Dmitry
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list