mirror-linux/security
Linus Torvalds 76f01a4f22 lsm/stable-6.18 PR 20250926
-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCgAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmjWq9QUHHBhdWxAcGF1
 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXMHIQ//dYegdfQvUB/eD4rnnlNEgmGAFiAg
 pAdAA5F+6bINfm2X622cqxKa71f9hqhAgt+k7KPuZyr1dSOhv55HkO8ibCwpGj6G
 IIYnhf9PPQXH1hdHI0uLlaxNSCf2T3uJf5I261g1zS54XaVhgYZKzlwaMjvF1w/u
 6DmvOJleIOH+Qu8D6+B79XxTtmEbgdJ2yNpb6tSgUhbD3a1zBuM+8EBBRf6q1IaL
 xoCTBzkEWR2M2V1bwqPycSbSqKmOnQwROTICRCXjOCjOlxbXXKQtnfb+26mU3ZAy
 5hnNkGjopgrvLSDE8Y9uX3WmLr3o1JmJGcRPrmXseOdd+mxcmZiXeWnVA5ZG5rxI
 ObFbj4nnn1VnayU7zFl/FW5weezqIEUC1+bfGh1PUWHwlbdF1Z2+eObbTWGjx0ev
 T42OC9MnfzU8poGEi+Wudg9LixzWkto1J2rCnHatQ/9FMpQoMCbTPNWfkPnf7pGc
 stml9Xd/3pxm6ah3VVLPiNpQJYidLgAT2REYvYLaiJTyu+OPi2zAvzcov3KaGQHV
 bQ6NGhZ0NdoM5L00N2yfeEuzh/NNwdDvhcp5hlTBSjbNqdgU1XE/PD5TKwzH6291
 Fjy4U/9UkWTJclrGYCiN87lfVpjvtk5vc0+tjS/908Pi4pIAsLtLZ9tJ9d7yqH/7
 FFA5bwob7mQ08fk=
 =jK6L
 -----END PGP SIGNATURE-----

Merge tag 'lsm-pr-20250926' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm

Pull lsm updates from Paul Moore:

 - Move the management of the LSM BPF security blobs into the framework

   In order to enable multiple LSMs we need to allocate and free the
   various security blobs in the LSM framework and not the individual
   LSMs as they would end up stepping all over each other.

 - Leverage the lsm_bdev_alloc() helper in lsm_bdev_alloc()

   Make better use of our existing helper functions to reduce some code
   duplication.

 - Update the Rust cred code to use 'sync::aref'

   Part of a larger effort to move the Rust code over to the 'sync'
   module.

 - Make CONFIG_LSM dependent on CONFIG_SECURITY

   As the CONFIG_LSM Kconfig setting is an ordered list of the LSMs to
   enable a boot, it obviously doesn't make much sense to enable this
   when CONFIG_SECURITY is disabled.

 - Update the LSM and CREDENTIALS sections in MAINTAINERS with Rusty
   bits

   Add the Rust helper files to the associated LSM and CREDENTIALS
   entries int the MAINTAINERS file. We're trying to improve the
   communication between the two groups and making sure we're all aware
   of what is going on via cross-posting to the relevant lists is a good
   way to start.

* tag 'lsm-pr-20250926' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
  lsm: CONFIG_LSM can depend on CONFIG_SECURITY
  MAINTAINERS: add the associated Rust helper to the CREDENTIALS section
  MAINTAINERS: add the associated Rust helper to the LSM section
  rust,cred: update AlwaysRefCounted import to sync::aref
  security: use umax() to improve code
  lsm,selinux: Add LSM blob support for BPF objects
  lsm: use lsm_blob_alloc() in lsm_bdev_alloc()
2025-09-30 08:48:29 -07:00
..
apparmor audit/stable-6.18 PR 20250926 2025-09-30 08:22:16 -07:00
bpf bpf: lsm: Remove hook to bpf_task_storage_free 2024-12-16 12:32:31 -08:00
integrity integrity-v6.17 2025-07-31 11:42:11 -07:00
ipe ipe/stable-6.17 PR 20250728 2025-07-31 09:42:20 -07:00
keys KEYS: Invert FINAL_PUT bit 2025-06-11 11:57:14 -07:00
landlock fs: add an icount_read helper 2025-09-01 12:41:09 +02:00
loadpin loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported 2025-03-03 09:35:50 -08:00
lockdown lockdown: initialize local array before use to quiet static analysis 2025-01-05 12:48:43 -05:00
safesetid safesetid: check size of policy writes 2025-01-04 22:46:09 -05:00
selinux lsm/stable-6.18 PR 20250926 2025-09-30 08:48:29 -07:00
smack audit: add record for multiple object contexts 2025-08-30 10:15:30 -04:00
tomoyo copy_process: pass clone_flags as u64 across calltree 2025-09-01 15:31:34 +02:00
yama yama: don't abuse rcu_read_lock/get_task_struct in yama_task_prctl() 2025-03-07 19:58:05 -08:00
Kconfig lsm: CONFIG_LSM can depend on CONFIG_SECURITY 2025-09-11 16:32:04 -04:00
Kconfig.hardening kstack_erase: Support Clang stack depth tracking 2025-07-26 14:28:35 -07:00
Makefile lsm: Only build lsm_audit.c if CONFIG_SECURITY and CONFIG_AUDIT are set 2025-01-04 11:50:44 -05:00
commoncap.c exec: Correct the permission check for unsafe exec 2025-06-23 10:38:39 -05:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c make securityfs_remove() remove the entire subtree 2025-06-11 18:19:46 -04:00
lsm_audit.c net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
lsm_syscalls.c lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
min_addr.c security: use umax() to improve code 2025-08-18 15:41:47 -04:00
security.c lsm/stable-6.18 PR 20250926 2025-09-30 08:48:29 -07:00