Merge tag 'safesetid-5.3' of git://github.com/micah-morton/linux

Pull safesetid updates from Micah Morton:
 "These changes from Jann Horn fix a couple issues in the recently added
  SafeSetID LSM:

   - There was a simple logic bug in one of the hooks for the LSM where
     the code was incorrectly returning early in some cases before all
     security checks had been passed.

   - There was a more high level issue with how this LSM gets configured
     that could allow for a program to bypass the security restrictions
     by switching to an allowed UID and then again to any other UID on
     the system if the target UID of the first transition is
     unconstrained on the system. Luckily this is an easy fix that we
     now enforce at the time the LSM gets configured.

  There are also some changes from Jann that make policy updates for
  this LSM atomic. Kees Cook, Jann and myself have reviewed these
  changes and they look good from our point of view"

* tag 'safesetid-5.3' of git://github.com/micah-morton/linux:
  LSM: SafeSetID: fix use of literal -1 in capable hook
  LSM: SafeSetID: verify transitive constrainedness
  LSM: SafeSetID: add read handler
  LSM: SafeSetID: rewrite userspace API to atomic updates
  LSM: SafeSetID: fix userns handling in securityfs
  LSM: SafeSetID: refactor policy parsing
  LSM: SafeSetID: refactor safesetid_security_capable()
  LSM: SafeSetID: refactor policy hash table
  LSM: SafeSetID: fix check for setresuid(new1, new2, new3)
  LSM: SafeSetID: fix pr_warn() to include newline