This is an automated email from the git hooks/post-receive script.
unknown user pushed a change to branch master in repository linux.
from a6b450573b91 Merge tag 'execve-v5.19-rc1' of git://git.kernel.org/pub/s [...] new 0a9876f36b08 selinux: Remove redundant assignments new 43b666622c60 selinux: runtime disable is deprecated, add some ssleep() [...] new 81200b0265b1 selinux: checkreqprot is deprecated, add some ssleep() discomfort new 6a9e261cbbee selinux: don't sleep when CONFIG_SECURITY_SELINUX_CHECKREQ [...] new ede17552b1e7 selinux: resolve checkpatch errors new 759205151c09 selinux: update parameter documentation new 1d4e8036cb2b selinux: avoid extra semicolon new 4ad37de49642 selinux: include necessary headers in headers new a9029d970454 selinux: fix indentation level of mls_ops block new ded34574d4d3 selinux: declare data arrays const new c29722fad4aa selinux: log anon inode class name new 1af0e4a0233f security: declare member holding string literal const new efd1df1982e9 Merge tag 'selinux-pr-20220523' of git://git.kernel.org/pu [...] new 6cc2df8e3a39 landlock: Add clang-format exceptions new 06a1c40a09a8 landlock: Format with clang-format new 4598d9abf421 selftests/landlock: Add clang-format exceptions new 135464f9d29c selftests/landlock: Normalize array assignment new 371183fa578a selftests/landlock: Format with clang-format new 9805a722db07 samples/landlock: Add clang-format exceptions new 81709f3dccac samples/landlock: Format with clang-format new a13e248ff90e landlock: Fix landlock_add_rule(2) documentation new 87129ef13603 selftests/landlock: Make tests build with old libc new 291865bd7e8b selftests/landlock: Extend tests for minimal valid attribute size new c56b3bf566da selftests/landlock: Add tests for unknown access rights new d18955d094d0 selftests/landlock: Extend access right tests to directories new 6a1bdd4a0bfc selftests/landlock: Fully test file rename with "remove" access new d1788ad99087 selftests/landlock: Add tests for O_PATH new 589172e5636c landlock: Change landlock_add_rule(2) argument check ordering new eba39ca4b155 landlock: Change landlock_restrict_self(2) check ordering new 6533d0c3a86e selftests/landlock: Test landlock_create_ruleset(2) argume [...] new 5f2ff33e1084 landlock: Define access_mask_t to enforce a consistent acc [...] new 75c542d6c6cc landlock: Reduce the maximum number of layers to 16 new 2cd7cd6eed88 landlock: Create find_rule() from unmask_layers() new 8ba0005ff418 landlock: Fix same-layer rule unions new 9da82b20fde9 landlock: Move filesystem helpers and add a new one new 100f59d96405 LSM: Remove double path_rename hook calls for RENAME_EXCHANGE new b91c3e4ea756 landlock: Add support for file reparenting with LANDLOCK_A [...] new f4056b9266b5 selftests/landlock: Add 11 new test suites dedicated to fi [...] new 76b902f874ff samples/landlock: Add support for file reparenting new 6f59abfae35f landlock: Document LANDLOCK_ACCESS_FS_REFER and ABI versioning new 09340cf4135f landlock: Document good practices about filesystem policies new 9e0c76b9f1fa landlock: Add design choices documentation for filesystem [...] new 5e469829baa1 landlock: Explain how to support Landlock new cb44e4f061e1 Merge tag 'landlock-5.19-rc1' of git://git.kernel.org/pub/ [...] new eaff451d4b7c smack: Remove redundant assignments new a9d1046a8465 Merge tag 'Smack-for-5.19' of https://github.com/cschaufle [...] new 58d416351e6d tools/certs: Add print-cert-tbs-hash.sh new 141e523914f7 certs: Factor out the blacklist hash creation new bf21dc591bb5 certs: Make blacklist_vet_description() more strict new addf466389d9 certs: Check that builtin blacklist hashes are valid new 6364d106e041 certs: Allow root user to append signed hashes to the blac [...] new 4d99750106ad certs: Explain the rationale to call panic() new 80b8a39777a9 tpm/tpm_ftpm_tee: Return true/false (not 1/0) from bool functions new d0dc1a7100f1 tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() new 6422cbd3c52d tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops new 9c438fdef890 tpm: cr50: Add new device/vendor ID 0x504a6666 new e0687fe958f7 char: tpm: cr50_i2c: Suppress duplicated error message in [...] new e57b2523bd37 tpm: Fix buffer access in tpm2_get_tpm_pt() new af402ee3c045 tpm: Add field upgrade mode support for Infineon TPM2 modules new be07858fbf81 KEYS: trusted: allow use of TEE as backend without TCG_TPM [...] new fcd7c26901c8 KEYS: trusted: allow use of kernel RNG for key material new 7a0e7d5265f5 crypto: caam - determine whether CAAM supports blob encap/decap new 007c3ff11f38 crypto: caam - add in-kernel interface for blob generator new e9c5048c2de1 KEYS: trusted: Introduce support for NXP CAAM-based trusted keys new 5002426e4261 doc: trusted-encrypted: describe new CAAM trust source new 7f3113e3b9f7 MAINTAINERS: add KEYS-TRUSTED-CAAM new 7cf6a8a17f5b Merge tag 'tpmdd-next-v5.19-rc1' of git://git.kernel.org/p [...]
The 67 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference.
Summary of changes: Documentation/admin-guide/kernel-parameters.txt | 11 + Documentation/security/keys/trusted-encrypted.rst | 60 +- Documentation/security/landlock.rst | 17 +- Documentation/userspace-api/landlock.rst | 180 ++- MAINTAINERS | 11 + certs/.gitignore | 1 + certs/Kconfig | 17 +- certs/Makefile | 14 +- certs/blacklist.c | 227 ++- crypto/asymmetric_keys/x509_public_key.c | 3 +- drivers/char/tpm/tpm2-cmd.c | 17 +- drivers/char/tpm/tpm_ftpm_tee.c | 2 +- drivers/char/tpm/tpm_ibmvtpm.c | 1 + drivers/char/tpm/tpm_tis.c | 67 +- drivers/char/tpm/tpm_tis_core.h | 58 +- drivers/char/tpm/tpm_tis_i2c_cr50.c | 11 +- drivers/char/tpm/tpm_tis_spi.h | 4 - drivers/char/tpm/tpm_tis_spi_cr50.c | 7 +- drivers/char/tpm/tpm_tis_spi_main.c | 45 +- drivers/char/tpm/tpm_tis_synquacer.c | 98 +- drivers/crypto/caam/Kconfig | 3 + drivers/crypto/caam/Makefile | 1 + drivers/crypto/caam/blob_gen.c | 182 +++ drivers/crypto/caam/ctrl.c | 17 +- drivers/crypto/caam/intern.h | 1 + drivers/crypto/caam/regs.h | 4 +- include/keys/system_keyring.h | 14 +- include/keys/trusted-type.h | 2 +- include/keys/trusted_caam.h | 11 + include/linux/lsm_audit.h | 2 + include/linux/lsm_hook_defs.h | 2 +- include/linux/lsm_hooks.h | 5 +- include/soc/fsl/caam-blob.h | 103 ++ include/uapi/linux/landlock.h | 36 +- samples/landlock/sandboxer.c | 132 +- scripts/check-blacklist-hashes.awk | 37 + scripts/selinux/genheaders/genheaders.c | 75 +- scripts/selinux/mdp/mdp.c | 4 +- security/apparmor/lsm.c | 30 +- .../integrity/platform_certs/keyring_handler.c | 26 +- security/keys/Kconfig | 18 +- security/keys/trusted-keys/Kconfig | 38 + security/keys/trusted-keys/Makefile | 10 +- security/keys/trusted-keys/trusted_caam.c | 80 + security/keys/trusted-keys/trusted_core.c | 45 +- security/landlock/cred.c | 4 +- security/landlock/cred.h | 8 +- security/landlock/fs.c | 815 ++++++++-- security/landlock/fs.h | 11 +- security/landlock/limits.h | 10 +- security/landlock/object.c | 6 +- security/landlock/object.h | 6 +- security/landlock/ptrace.c | 10 +- security/landlock/ruleset.c | 84 +- security/landlock/ruleset.h | 35 +- security/landlock/syscalls.c | 95 +- security/lsm_audit.c | 3 + security/security.c | 11 +- security/selinux/avc.c | 6 +- security/selinux/hooks.c | 9 +- security/selinux/include/audit.h | 5 +- security/selinux/include/avc.h | 1 + security/selinux/include/avc_ss.h | 4 +- security/selinux/include/classmap.h | 2 +- security/selinux/include/ibpkey.h | 2 + security/selinux/include/initial_sid_to_string.h | 3 +- security/selinux/include/netnode.h | 2 + security/selinux/include/netport.h | 2 + security/selinux/include/policycap.h | 2 +- security/selinux/include/policycap_names.h | 2 +- security/selinux/include/security.h | 4 + security/selinux/include/xfrm.h | 2 + security/selinux/nlmsgtab.c | 12 +- security/selinux/selinuxfs.c | 8 +- security/selinux/ss/avtab.c | 20 +- security/selinux/ss/policydb.c | 36 +- security/selinux/ss/services.c | 47 +- security/smack/smackfs.c | 1 - security/tomoyo/tomoyo.c | 11 +- tools/certs/print-cert-tbs-hash.sh | 91 ++ tools/testing/selftests/landlock/base_test.c | 179 ++- tools/testing/selftests/landlock/common.h | 66 +- tools/testing/selftests/landlock/fs_test.c | 1619 ++++++++++++++++---- tools/testing/selftests/landlock/ptrace_test.c | 40 +- 84 files changed, 3846 insertions(+), 1157 deletions(-) create mode 100644 drivers/crypto/caam/blob_gen.c create mode 100644 include/keys/trusted_caam.h create mode 100644 include/soc/fsl/caam-blob.h create mode 100755 scripts/check-blacklist-hashes.awk create mode 100644 security/keys/trusted-keys/Kconfig create mode 100644 security/keys/trusted-keys/trusted_caam.c create mode 100755 tools/certs/print-cert-tbs-hash.sh