[security-next] Pull request (merge window)
Dmitry Kasatkin
dmitry.kasatkin at gmail.com
Fri Jun 20 10:15:56 UTC 2014
On 17 June 2014 18:47, Kamal Mostafa <kamal at canonical.com> wrote:
> On Tue, 2014-06-17 at 06:01 -0600, Tim Gardner wrote:
>> Kamal,
>>
>> 0430e49b6e7c6b5e076be8fefdee089958c9adad (ima: introduce
>> ima_kernel_read())
>> f9b2a735bdddf836214b5dca74f6ca7712e5a08c (ima: audit log files opened
>> with O_DIRECT flag)
>>
>> Both of these commits are marked for stable. Please ensure that they
>> make it into 3.13 stable.
>>
>> rtg
>
>
> Thanks Tim, I'll pick up those two for the next 3.13-stable.
>
> -Kamal
>
Thanks.
>
>> On 06/16/2014 12:39 PM, Dmitry Kasatkin wrote:
>> > On 16 June 2014 15:29, Tim Gardner <tim.gardner at canonical.com>
>> > wrote:
>> >> Serge,
>> >>
>> >> Cherry-picked for now from
>> >> 0430e49b6e7c6b5e076be8fefdee089958c9adad for Utopic. We'd have
>> >> picked this up anyway when rebasing against 3.16.
>> >>
>> >
>> > Hi,
>> >
>> > Thanks.
>> >
>> > Please consider taking also this commit... It is also CC:stable
>> >
>> > Following prevents deadlock when file is opened for direct-io with
>> > O_DIRECT..
>> >
>> > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9b2a735bdddf836214b5dca74f6ca7712e5a08c
>> >
>> > Otherwise there is no other stability bugs.
>> >
>> > What is Utopic?
>> >
>> > Those fixes are good to see as Ubuntu 14.04 kernel update...
>> >
>> > Thanks!
>> >
>> > - Dmitry
>> >
>> >
>> >> rtg
>> >>
>> >>
>> >> On 06/13/2014 11:14 AM, Serge E. Hallyn wrote:
>> >>>
>> >>> Hi,
>> >>>
>> >>> I believe process is just to send it to
>> >>> kernel-team at lists.ubuntu.com (cc:d).
>> >>>
>> >>> Tim/Andy, please see below, there is a patch
>> >>>
>> >>> ima: introduce ima_kernel_read()"
>> >>>
>> >>> in
>> >>> git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security
>> >>>
>> >>>
>> serge-next-2 which fixes a potential bug in ima when used with apparmor
>> >>> which I assume is meant to be applied to the utopic kernel.
>> >>>
>> >>> If you need any more information Dmitri should be able to
>> >>> answer.
>> >>>
>> >>> thanks, -serge
>> >>>
>> >>> Quoting Dmitry Kasatkin (dmitry.kasatkin at gmail.com):
>> >>>>
>> >>>> Hi Serge,
>> >>>>
>> >>>> Mimi CC pull request also to Ubuntu kernel team.
>> >>>>
>> >>>> It is actually very important to apply "ima: introduce
>> >>>> ima_kernel_read()" to Ubuntu kernels.
>> >>>>
>> >>>> What is the process to manage it?
>> >>>>
>> >>>> Thanks a lot.
>> >>>>
>> >>>> - Dmitry
>> >>>>
>> >>>> On 13 June 2014 17:19, Serge E. Hallyn <serge at hallyn.com>
>> >>>> wrote:
>> >>>>>
>> >>>>> Hi Linus,
>> >>>>>
>> >>>>> A few more commits had previously failed to make it
>> >>>>> through security-next into linux-next but this week made it
>> >>>>> into linxu-next. At least commit "ima: introduce
>> >>>>> ima_kernel_read()" was deemed critical by Mimi to make this
>> >>>>> merge window.
>> >>>>>
>> >>>>> This is a temporary tree just for this request. Mimi has
>> >>>>> pointed me to some previous threads about keeping
>> >>>>> maintainer trees at the previous release, which I'll
>> >>>>> certainly do for anything long-term, after talking with
>> >>>>> James.
>> >>>>>
>> > The following changes since commit
>> > 0e04c641b199435f3779454055f6a7de258ecdfc:
>> >
>> > Merge tag 'dm-3.16-changes' of
>> > git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
>> >
>> >
>> (2014-06-12 13:33:29 -0700)
>> >
>> > are available in the git repository at:
>> >
>> >
>> > git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security
>> >
>> >
>> serge-next-2
>> >
>> > for you to fetch changes up to
>> > 0430e49b6e7c6b5e076be8fefdee089958c9adad:
>> >
>> > ima: introduce ima_kernel_read() (2014-06-12 17:58:08 -0400)
>> >
>> > ----------------------------------------------------------------
>> > Dmitry Kasatkin (5): evm: replace HMAC version with attribute mask
>> > evm: provide option to protect additional SMACK xattrs ima: prevent
>> > unnecessary policy checking ima: check inode integrity cache in
>> > violation check ima: introduce ima_kernel_read()
>> >
>> > Mimi Zohar (2): ima: prevent new digsig xattr from being replaced
>> > evm: prohibit userspace writing 'security.evm' HMAC value
>> >
>> > security/integrity/evm/Kconfig | 42
>> > ++++++++++++++++++++++++++++------- security/integrity/evm/evm.h
>> > | 5 ++++- security/integrity/evm/evm_crypto.c | 2 +-
>> > security/integrity/evm/evm_main.c | 29
>> > +++++++++++++++++++++--- security/integrity/ima/ima_appraise.c | 10
>> > ++++++--- security/integrity/ima/ima_crypto.c | 32
>> > +++++++++++++++++++++++++- security/integrity/ima/ima_main.c |
>> > 22 +++++++++--------- 7 files changed, 114 insertions(+), 28
>> > deletions(-)
>> >>>>> -- To unsubscribe from this list: send the line
>> >>>>> "unsubscribe linux-security-module" in the body of a
>> >>>>> message to majordomo at vger.kernel.org More majordomo info at
>> >>>>> http://vger.kernel.org/majordomo-info.html
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> -- Thanks, Dmitry
>> >>>
>> >>>
>> >>
>> >> -- Tim Gardner tim.gardner at canonical.com
>> >
>> >
>> >
>>
>
--
Thanks,
Dmitry
More information about the kernel-team
mailing list