diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2026-06-17 12:41:00 +0100 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2026-06-17 12:41:00 +0100 |
| commit | 231e9d447ea97033ae8b8dff7b910e6269d7c5af (patch) | |
| tree | fe9189eb264ea2acf0319ffd4b42abc8419f31a0 /include/linux | |
| parent | 87599bd29856ea7bfdd62591c581c8be5a4719ee (diff) | |
| parent | 033182baeab63ce96a6eb8aef1a6cd444fcf9519 (diff) | |
Merge tag 'selinux-pr-20260615' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore:
"A number of SELinux patches, almost all of which are either minor
fixes or hardening patches:
- Additional verifications when loading new SELinux policy
Multiple patches by Christian Göttsche to add additional
validations to the code responsible for loading and parsing SELinux
policy as it is loaded into the kernel.
- Avoid nontransitive comparisons comparisons in our sorting code
Done to prevent unexpected sorting results due to overflow. Qualys
documented a similar issue with glibc
https://www.qualys.com/2024/01/30/qsort.txt
- Consistently use u16 for SELinux security classes
- Move from page allocations to kmalloc() based allocations
Unfortunately one of these patches had to be reverted, but you
should see a fixed version during the next merge window.
- Move from kmalloc_objs() to kzalloc_objs() in the policy load code
- Reorder sel_kill_sb() slightly to match other pseudo filesystems
- Simplify things with QSTR() instead of QSTR_INIT()
- Minor comment typo fixes"
* tag 'selinux-pr-20260615' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: revert use of __getname() in selinux_genfs_get_sid()
selinux: comment spelling fix in ibpkey.c
selinux: comment typo fix in selinuxfs.c
selinux: hooks: use __getname() to allocate path buffer
selinux: use k[mz]alloc() to allocate temporary buffers
selinux: check for simple types
selinux: more strict bounds check
selinux: beef up isvalid checks
selinux: reorder policydb_index()
selinux: check type attr map overflows
selinux: check length fields in policies
selinux: more strict policy parsing
selinux: use u16 for security classes
selinux: avoid nontransitive comparison
selinux: switch two allocations to use kzalloc_objs()
selinux: fix sel_kill_sb()
selinux: use QSTR() instead of QSTR_INIT() in init_sel_fs
Diffstat (limited to 'include/linux')
0 files changed, 0 insertions, 0 deletions