History log of /openbmc/linux/security/Kconfig (Results 226 – 250 of 909)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 22d91ed3 18-Mar-2019 Mark Brown <broonie@kernel.org>

Merge tag 'v5.1-rc1' into asoc-5.1

Linux 5.1-rc1


Revision tags: v4.19.29, v5.0.2, v4.19.28, v5.0.1
# ae5906ce 07-Mar-2019 Linus Torvalds <torvalds@linux-foundation.org>

Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:

- Extend LSM stacking to allow sharing of cre

Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:

- Extend LSM stacking to allow sharing of cred, file, ipc, inode, and
task blobs. This paves the way for more full-featured LSMs to be
merged, and is specifically aimed at LandLock and SARA LSMs. This
work is from Casey and Kees.

- There's a new LSM from Micah Morton: "SafeSetID gates the setid
family of syscalls to restrict UID/GID transitions from a given
UID/GID to only those approved by a system-wide whitelist." This
feature is currently shipping in ChromeOS.

* 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (62 commits)
keys: fix missing __user in KEYCTL_PKEY_QUERY
LSM: Update list of SECURITYFS users in Kconfig
LSM: Ignore "security=" when "lsm=" is specified
LSM: Update function documentation for cap_capable
security: mark expected switch fall-throughs and add a missing break
tomoyo: Bump version.
LSM: fix return value check in safesetid_init_securityfs()
LSM: SafeSetID: add selftest
LSM: SafeSetID: remove unused include
LSM: SafeSetID: 'depend' on CONFIG_SECURITY
LSM: Add 'name' field for SafeSetID in DEFINE_LSM
LSM: add SafeSetID module that gates setid calls
LSM: add SafeSetID module that gates setid calls
tomoyo: Allow multiple use_group lines.
tomoyo: Coding style fix.
tomoyo: Swicth from cred->security to task_struct->security.
security: keys: annotate implicit fall throughs
security: keys: annotate implicit fall throughs
security: keys: annotate implicit fall through
capabilities:: annotate implicit fall through
...

show more ...


Revision tags: v4.19.27, v5.0
# b102c11e 28-Feb-2019 Petr Vorel <pvorel@suse.cz>

LSM: Update list of SECURITYFS users in Kconfig

Remove modules not using it (SELinux and SMACK aren't
the only ones not using it).

Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: James Mo

LSM: Update list of SECURITYFS users in Kconfig

Remove modules not using it (SELinux and SMACK aren't
the only ones not using it).

Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: James Morris <james.morris@microsoft.com>

show more ...


Revision tags: v4.19.26, v4.19.25, v4.19.24, v4.19.23, v4.19.22, v4.19.21
# 82ffd045 07-Feb-2019 Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>

Merge tag 'v5.0-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next

Linux 5.0-rc5

Sync with upstream (which now contains fbdev-v5.0-rc3 changes) to
prepare a

Merge tag 'v5.0-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next

Linux 5.0-rc5

Sync with upstream (which now contains fbdev-v5.0-rc3 changes) to
prepare a base for fbdev-v5.1 changes.

show more ...


Revision tags: v4.19.20, v4.19.19, v4.19.18, v4.19.17, v4.19.16
# aeca4e2c 16-Jan-2019 Micah Morton <mortonm@chromium.org>

LSM: add SafeSetID module that gates setid calls

SafeSetID gates the setid family of syscalls to restrict UID/GID
transitions from a given UID/GID to only those approved by a
system-wide whitelist.

LSM: add SafeSetID module that gates setid calls

SafeSetID gates the setid family of syscalls to restrict UID/GID
transitions from a given UID/GID to only those approved by a
system-wide whitelist. These restrictions also prohibit the given
UIDs/GIDs from obtaining auxiliary privileges associated with
CAP_SET{U/G}ID, such as allowing a user to set up user namespace UID
mappings. For now, only gating the set*uid family of syscalls is
supported, with support for set*gid coming in a future patch set.

Signed-off-by: Micah Morton <mortonm@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>

show more ...


# 3eb66e91 14-Jan-2019 Dmitry Torokhov <dmitry.torokhov@gmail.com>

Merge tag 'v4.20' into for-linus

Sync with mainline to get linux/overflow.h among other things.


# 4116941b 14-Jan-2019 Dmitry Torokhov <dmitry.torokhov@gmail.com>

Merge tag 'v4.20' into next

Merge with mainline to bring in the new APIs.


Revision tags: v4.19.15
# 23d19ba0 11-Jan-2019 Maxime Ripard <maxime.ripard@bootlin.com>

Merge drm/drm-next into drm-misc-next

drm-next has been forwarded to 5.0-rc1, and we need it to apply the damage
helper for dirtyfb series from Noralf Trønnes.

Signed-off-by: Maxime Ripard <maxime.

Merge drm/drm-next into drm-misc-next

drm-next has been forwarded to 5.0-rc1, and we need it to apply the damage
helper for dirtyfb series from Noralf Trønnes.

Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>

show more ...


# 2233975c 10-Jan-2019 James Morris <james.morris@microsoft.com>

Merge tag 'blob-stacking-security-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into next-general

LSM: Module stacking for SARA and Landlock

The combined series of LSM refacto

Merge tag 'blob-stacking-security-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into next-general

LSM: Module stacking for SARA and Landlock

The combined series of LSM refactoring and addition of blob-sharing for
SARA and Landlock.

From Casey:

v5: Include Kees Cook's rework of the lsm command
line interface.
v4: Finer granularity in the patches and other
cleanups suggested by Kees Cook.
Removed dead code created by the removal of SELinux
credential blob poisoning.
v3: Add ipc blob for SARA and task blob for Landlock.
Removing the SELinux cred blob pointer poisoning
results selinux_is_enabled() being unused, so it and
all it's overhead has been removed.
Broke up the cred infrastructure patch.
v2: Reduce the patchset to what is required to support
the proposed SARA and LandLock security modules

The SARA security module is intended to be used
in conjunction with other security modules. It requires
state to be maintained for the credential, which
in turn requires a mechanism for sharing the credential
security blob. It also uses the ipc security blob. The
module also requires mechanism for user space manipulation
of the credential information, hence an additional
subdirectory in /proc/.../attr.

The LandLock security module provides user configurable
policy in the secmark mechanism. It requires data in
the credential, file, inode and task security blobs. For
this to be used along side the existing "major" security
modules mechanism for sharing these blobs are provided.

A side effect of providing sharing of the crendential
security blob is that the TOMOYO module can be used at
the same time as the other "major" modules.

The mechanism for configuring which security modules are
enabled has to change when stacking in enabled. Any
module that uses just the security blobs that are shared
can be selected. Additionally, one other "major" module
can be selected.

The security module stacking issues around networking and
IPC are not addressed here as they are beyond what is
required for TOMOYO, SARA and LandLock.

show more ...


# 49e41801 10-Jan-2019 James Morris <james.morris@microsoft.com>

Merge tag 'v5.0-rc1' into next-general

Linux 5.0-rc1

Sync to pick up LSM stacking work (which is based on -rc1).


Revision tags: v4.19.14, v4.19.13, v4.19.12, v4.19.11, v4.19.10, v4.19.9, v4.19.8, v4.19.7, v4.19.6, v4.19.5, v4.19.4, v4.18.20, v4.19.3, v4.18.19, v4.19.2, v4.18.18, v4.18.17, v4.19.1, v4.19, v4.18.16, v4.18.15, v4.18.14, v4.18.13, v4.18.12, v4.18.11, v4.18.10, v4.18.9
# d6aed64b 14-Sep-2018 Kees Cook <keescook@chromium.org>

Yama: Initialize as ordered LSM

This converts Yama from being a direct "minor" LSM into an ordered LSM.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Casey Schaufler <casey@schaufle

Yama: Initialize as ordered LSM

This converts Yama from being a direct "minor" LSM into an ordered LSM.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>

show more ...


# 70b62c25 14-Sep-2018 Kees Cook <keescook@chromium.org>

LoadPin: Initialize as ordered LSM

This converts LoadPin from being a direct "minor" LSM into an ordered LSM.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Casey Schaufler <casey@sc

LoadPin: Initialize as ordered LSM

This converts LoadPin from being a direct "minor" LSM into an ordered LSM.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>

show more ...


# 79f7865d 19-Sep-2018 Kees Cook <keescook@chromium.org>

LSM: Introduce "lsm=" for boottime LSM selection

Provide a way to explicitly choose LSM initialization order via the new
"lsm=" comma-separated list of LSMs.

Signed-off-by: Kees Cook <keescook@chro

LSM: Introduce "lsm=" for boottime LSM selection

Provide a way to explicitly choose LSM initialization order via the new
"lsm=" comma-separated list of LSMs.

Signed-off-by: Kees Cook <keescook@chromium.org>

show more ...


# 13e735c0 09-Oct-2018 Kees Cook <keescook@chromium.org>

LSM: Introduce CONFIG_LSM

This provides a way to declare LSM initialization order via the new
CONFIG_LSM. Currently only non-major LSMs are recognized. This will
be expanded in future patches.

Sign

LSM: Introduce CONFIG_LSM

This provides a way to declare LSM initialization order via the new
CONFIG_LSM. Currently only non-major LSMs are recognized. This will
be expanded in future patches.

Signed-off-by: Kees Cook <keescook@chromium.org>

show more ...


# 3eb0930a 08-Jan-2019 Jani Nikula <jani.nikula@intel.com>

Merge drm/drm-next into drm-intel-next-queued

Generally catch up with 5.0-rc1, and specifically get the changes:

96d4f267e40f ("Remove 'type' argument from access_ok() function")
0b2c8f8b6b0c ("i91

Merge drm/drm-next into drm-intel-next-queued

Generally catch up with 5.0-rc1, and specifically get the changes:

96d4f267e40f ("Remove 'type' argument from access_ok() function")
0b2c8f8b6b0c ("i915: fix missing user_access_end() in page fault exception case")
594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'")

Signed-off-by: Jani Nikula <jani.nikula@intel.com>

show more ...


# d538d94f 04-Jan-2019 Michael Ellerman <mpe@ellerman.id.au>

Merge branch 'master' into fixes

We have a fix to apply on top of commit 96d4f267e40f ("Remove 'type'
argument from access_ok() function"), so merge master to get it.


# 769e4709 29-Dec-2018 Linus Torvalds <torvalds@linux-foundation.org>

Merge tag 'kconfig-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

Pull Kconfig updates from Masahiro Yamada:

- support -y option for merge_config.sh to avoid downgr

Merge tag 'kconfig-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

Pull Kconfig updates from Masahiro Yamada:

- support -y option for merge_config.sh to avoid downgrading =y to =m

- remove S_OTHER symbol type, and touch include/config/*.h files correctly

- fix file name and line number in lexer warnings

- fix memory leak when EOF is encountered in quotation

- resolve all shift/reduce conflicts of the parser

- warn no new line at end of file

- make 'source' statement more strict to take only string literal

- rewrite the lexer and remove the keyword lookup table

- convert to SPDX License Identifier

- compile C files independently instead of including them from zconf.y

- fix various warnings of gconfig

- misc cleanups

* tag 'kconfig-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (39 commits)
kconfig: surround dbg_sym_flags with #ifdef DEBUG to fix gconf warning
kconfig: split images.c out of qconf.cc/gconf.c to fix gconf warnings
kconfig: add static qualifiers to fix gconf warnings
kconfig: split the lexer out of zconf.y
kconfig: split some C files out of zconf.y
kconfig: convert to SPDX License Identifier
kconfig: remove keyword lookup table entirely
kconfig: update current_pos in the second lexer
kconfig: switch to ASSIGN_VAL state in the second lexer
kconfig: stop associating kconf_id with yylval
kconfig: refactor end token rules
kconfig: stop supporting '.' and '/' in unquoted words
treewide: surround Kconfig file paths with double quotes
microblaze: surround string default in Kconfig with double quotes
kconfig: use T_WORD instead of T_VARIABLE for variables
kconfig: use specific tokens instead of T_ASSIGN for assignments
kconfig: refactor scanning and parsing "option" properties
kconfig: use distinct tokens for type and default properties
kconfig: remove redundant token defines
kconfig: rename depends_list to comment_option_list
...

show more ...


# 8636a1f9 11-Dec-2018 Masahiro Yamada <yamada.masahiro@socionext.com>

treewide: surround Kconfig file paths with double quotes

The Kconfig lexer supports special characters such as '.' and '/' in
the parameter context. In my understanding, the reason is just to
suppor

treewide: surround Kconfig file paths with double quotes

The Kconfig lexer supports special characters such as '.' and '/' in
the parameter context. In my understanding, the reason is just to
support bare file paths in the source statement.

I do not see a good reason to complicate Kconfig for the room of
ambiguity.

The majority of code already surrounds file paths with double quotes,
and it makes sense since file paths are constant string literals.

Make it treewide consistent now.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Wolfram Sang <wsa@the-dreams.de>
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Ingo Molnar <mingo@kernel.org>

show more ...


# 26b76320 12-Nov-2018 James Morris <james.morris@microsoft.com>

Merge tag 'v4.20-rc2' into next-general

Sync to Linux 4.20-rc2 for downstream developers.


# 07fa3fa2 08-Nov-2018 Tony Lindgren <tony@atomide.com>

Merge tag 'v4.20-rc1' into omap-for-v4.21/dt-ti-sysc

Linux 4.20-rc1


# 91e43395 08-Nov-2018 Tony Lindgren <tony@atomide.com>

Merge branch 'fixes-dts' into omap-for-v4.20/fixes


# 7a085c3a 02-Nov-2018 Jani Nikula <jani.nikula@intel.com>

Merge drm/drm-next into drm-intel-next-queued

Although there's nothing crucial missing, it's been a long time since
the last backmerge. Catch up with drm-next.

Signed-off-by: Jani Nikula <jani.niku

Merge drm/drm-next into drm-intel-next-queued

Although there's nothing crucial missing, it's been a long time since
the last backmerge. Catch up with drm-next.

Signed-off-by: Jani Nikula <jani.nikula@intel.com>

show more ...


# a600ffe6 23-Oct-2018 Jiri Kosina <jkosina@suse.cz>

Merge branch 'for-4.20/google' into for-linus

Whisker device specific fixes to hid-google driver


# 5e3cdecf 22-Oct-2018 Takashi Iwai <tiwai@suse.de>

Merge tag 'asoc-v5.0' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Updates for v5.0/v4.20

As ever there's a lot of small and driver specific changes going o

Merge tag 'asoc-v5.0' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Updates for v5.0/v4.20

As ever there's a lot of small and driver specific changes going on
here, but we do also have some relatively large changes in the core
thanks to the hard work of Charles and Morimoto-san:

- More component transitions from Morimoto-san, I think we're about
finished with this. Thanks for all the hard work!
- Morimoto-san also added a bunch of for_each_foo macros
- A bunch of cleanups and fixes for DAPM from Charles.
- MCLK support for several different devices, including CS42L51, STM32
SAI, and MAX98373.
- Support for Allwinner A64 CODEC analog, Intel boards with DA7219 and
MAX98927, Meson AXG PDM inputs, Nuvoton NAU8822, Renesas R8A7744 and
TI PCM3060.

show more ...


# ec57e2f0 16-Oct-2018 Ingo Molnar <mingo@kernel.org>

Merge branch 'x86/build' into locking/core, to pick up dependent patches and unify jump-label work

Signed-off-by: Ingo Molnar <mingo@kernel.org>


12345678910>>...37