archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 01:04:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/security
History
Linus Torvalds 6252e917b9 selinux/stable-7.0 PR 20260203 
-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCgAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmmCup0UHHBhdWxAcGF1
 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXOjcA//QpH/SmY+U5kdyQcu7ZDclcLJoJMM
 LFMeYEDmIOWh29K4fP7BqTH3c2qZMrEpcudHrkMWwO05Nae1L8Tusc2Gq91DpWTq
 JxCntZYEaamoh4KMrsXhC/43MoMCIr/aWgPwrSVwXD2/nqd12fWdnATDZCUuLZPa
 KcWKADEgjD4fCgIhQLNVo0jbLKw3Ulnmm0qo4MR+Lw2L/JfOIOJUYIwh9SEIQxwh
 xJfUFUUNKZE7TggBH5V2t5LHWQCJmUmFDKuRFlykr0owOej3Cz+0XEszFFffbrQ6
 0Xspr0wMygpaNnM4DTRU/1nwRXINY9Z00fGpI1tDGR30IcEOv1Ub88mQIPnF0WvI
 E3XTCFjh0tQK5i6xH96yZzEK28wkEZ7MFSBui4UoKuaFdxwN25k61BG42+Q3bcSH
 zyRK7GOoii+iqCRDRTS+rAb2yOq2eWOP2h6mnIcviZtGqs8+t2/sVAE3Uv9GGMIb
 2U7IDv5TljYbVXbmXBtBe7bw6N/rPI9RdQFz1vOV1cEkvljXCehfTVcKdcf8oC0M
 mW0wienlxbawXK/DuS5Sv287U2GehiUaT5JvyWbleZ4yVIo15uPgVSVhk5r4lECX
 GHEEOrvP/eNBVb7J7s++cZprNVOudC4I3kTUnacqTJKaJE3uNDQYdR8z9B/05/rB
 djI3gsNh+XjMYcU=
 =eiWJ
 -----END PGP SIGNATURE-----

Merge tag 'selinux-pr-20260203' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:

 - Add support for SELinux based access control of BPF tokens

   We worked with the BPF devs to add the necessary LSM hooks when the
   BPF token code was first introduced, but it took us a bit longer to
   add the SELinux wiring and support.

   In order to preserve existing token-unaware SELinux policies, the new
   code is gated by the new "bpf_token_perms" policy capability.

   Additional details regarding the new permissions, and behaviors can
   be found in the associated commit.

 - Remove a BUG() from the SELinux capability code

   We now perform a similar check during compile time so we can safely
   remove the BUG() call.

* tag 'selinux-pr-20260203' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: drop the BUG() in cred_has_capability()
  selinux: fix a capabilities parsing typo in selinux_bpf_token_capable()
  selinux: add support for BPF token access control
  selinux: move the selinux_blob_sizes struct
2026-02-09 10:38:05 -08:00
..
apparmor Some filesystems use a kinda-sorta controlled dentry refcount leak to pin 2025-12-05 14:36:21 -08:00
bpf lsm: replace the name field with a pointer to the lsm_id struct 2025-10-22 19:24:18 -04:00
integrity kernel/kexec: change the prototype of kimage_map_segment() 2025-12-23 11:23:13 -08:00
ipe ipe/stable-6.19 PR 20251202 2025-12-03 11:19:34 -08:00
keys keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal 2026-01-25 19:03:45 +02:00
landlock landlock: Improve the comment for domain_is_scoped 2025-12-29 16:19:39 +01:00
loadpin loadpin: move initcalls to the LSM framework 2025-10-22 19:24:25 -04:00
lockdown lockdown: move initcalls to the LSM framework 2025-10-22 19:24:27 -04:00
safesetid safesetid: move initcalls to the LSM framework 2025-10-22 19:24:26 -04:00
selinux selinux: drop the BUG() in cred_has_capability() 2026-01-14 16:26:21 -05:00
smack Some filesystems use a kinda-sorta controlled dentry refcount leak to pin 2025-12-05 14:36:21 -08:00
tomoyo Trivial optimization. 2025-12-14 15:21:02 +12:00
yama lsm: replace the name field with a pointer to the lsm_id struct 2025-10-22 19:24:18 -04:00
commoncap.c Capabilities patch for v6.19 2025-12-04 20:10:28 -08:00
device_cgroup.c device_cgroup: Refactor devcgroup_seq_show to use seq_put* helpers 2025-11-11 19:47:24 -05:00
inode.c Some filesystems use a kinda-sorta controlled dentry refcount leak to pin 2025-12-05 14:36:21 -08:00
Kconfig lsm: CONFIG_LSM can depend on CONFIG_SECURITY 2025-09-11 16:32:04 -04:00
Kconfig.hardening rust: add bitmap API. 2025-09-22 15:52:44 -04:00
lsm.h lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY 2026-01-29 13:56:53 -05:00
lsm_audit.c net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
lsm_init.c lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY 2026-01-29 13:56:53 -05:00
lsm_notifier.c lsm: split the notifier code out into lsm_notifier.c 2025-10-22 19:24:15 -04:00
lsm_syscalls.c lsm: rework lsm_active_cnt and lsm_idlist[] 2025-10-22 19:24:19 -04:00
Makefile lsm: split the init code out into lsm_init.c 2025-10-22 19:24:16 -04:00
min_addr.c lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY 2026-01-29 13:56:53 -05:00
security.c lsm: make keys for static branch static 2026-01-06 20:57:55 -05:00