diff options
author | Linus Torvalds | 2012-05-21 20:27:36 -0700 |
---|---|---|
committer | Linus Torvalds | 2012-05-21 20:27:36 -0700 |
commit | cb60e3e65c1b96a4d6444a7a13dc7dd48bc15a2b (patch) | |
tree | 4322be35db678f6299348a76ad60a2023954af7d /net | |
parent | 99262a3dafa3290866512ddfb32609198f8973e9 (diff) | |
parent | ff2bb047c4bce9742e94911eeb44b4d6ff4734ab (diff) |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"New notable features:
- The seccomp work from Will Drewry
- PR_{GET,SET}_NO_NEW_PRIVS from Andy Lutomirski
- Longer security labels for Smack from Casey Schaufler
- Additional ptrace restriction modes for Yama by Kees Cook"
Fix up trivial context conflicts in arch/x86/Kconfig and include/linux/filter.h
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (65 commits)
apparmor: fix long path failure due to disconnected path
apparmor: fix profile lookup for unconfined
ima: fix filename hint to reflect script interpreter name
KEYS: Don't check for NULL key pointer in key_validate()
Smack: allow for significantly longer Smack labels v4
gfp flags for security_inode_alloc()?
Smack: recursive tramsmute
Yama: replace capable() with ns_capable()
TOMOYO: Accept manager programs which do not start with / .
KEYS: Add invalidation support
KEYS: Do LRU discard in full keyrings
KEYS: Permit in-place link replacement in keyring list
KEYS: Perform RCU synchronisation on keys prior to key destruction
KEYS: Announce key type (un)registration
KEYS: Reorganise keys Makefile
KEYS: Move the key config into security/keys/Kconfig
KEYS: Use the compat keyctl() syscall wrapper on Sparc64 for Sparc32 compat
Yama: remove an unused variable
samples/seccomp: fix dependencies on arch macros
Yama: add additional ptrace scopes
...
Diffstat (limited to 'net')
-rw-r--r-- | net/compat.c | 8 | ||||
-rw-r--r-- | net/core/filter.c | 6 | ||||
-rw-r--r-- | net/dns_resolver/dns_key.c | 5 | ||||
-rw-r--r-- | net/xfrm/xfrm_policy.c | 1 |
4 files changed, 7 insertions, 13 deletions
diff --git a/net/compat.c b/net/compat.c index e240441a2317..1b96281892de 100644 --- a/net/compat.c +++ b/net/compat.c @@ -328,14 +328,6 @@ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm) __scm_destroy(scm); } -/* - * A struct sock_filter is architecture independent. - */ -struct compat_sock_fprog { - u16 len; - compat_uptr_t filter; /* struct sock_filter * */ -}; - static int do_set_attach_filter(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) { diff --git a/net/core/filter.c b/net/core/filter.c index 47a5f055e7f3..a3eddb515d1b 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -38,6 +38,7 @@ #include <linux/filter.h> #include <linux/reciprocal_div.h> #include <linux/ratelimit.h> +#include <linux/seccomp.h> /* No hurry in this branch * @@ -355,6 +356,11 @@ load_b: A = 0; continue; } +#ifdef CONFIG_SECCOMP_FILTER + case BPF_S_ANC_SECCOMP_LD_W: + A = seccomp_bpf_load(fentry->k); + continue; +#endif default: WARN_RATELIMIT(1, "Unknown code:%u jt:%u tf:%u k:%u\n", fentry->code, fentry->jt, diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c index 6f70ea935b0b..d9507dd05818 100644 --- a/net/dns_resolver/dns_key.c +++ b/net/dns_resolver/dns_key.c @@ -249,9 +249,6 @@ static int __init init_dns_resolver(void) struct key *keyring; int ret; - printk(KERN_NOTICE "Registering the %s key type\n", - key_type_dns_resolver.name); - /* create an override credential set with a special thread keyring in * which DNS requests are cached * @@ -301,8 +298,6 @@ static void __exit exit_dns_resolver(void) key_revoke(dns_resolver_cache->thread_keyring); unregister_key_type(&key_type_dns_resolver); put_cred(dns_resolver_cache); - printk(KERN_NOTICE "Unregistered %s key type\n", - key_type_dns_resolver.name); } module_init(init_dns_resolver) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 3c87a1c4066f..c53e8f42aa75 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -26,6 +26,7 @@ #include <linux/cache.h> #include <linux/audit.h> #include <net/dst.h> +#include <net/flow.h> #include <net/xfrm.h> #include <net/ip.h> #ifdef CONFIG_XFRM_STATISTICS |