From: Linus Torvalds Date: Tue, 27 Apr 2021 20:42:11 +0000 (-0700) Subject: Merge tag 'selinux-pr-20210426' of git://git.kernel.org/pub/scm/linux/kernel/git... X-Git-Tag: accepted/tizen/unified/20230118.172025~7377 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f1c921fb70de06c7eda59104470134aecc7a07c4;p=platform%2Fkernel%2Flinux-rpi.git Merge tag 'selinux-pr-20210426' of git://git./linux/kernel/git/pcmoore/selinux Pull selinux updates from Paul Moore: - Add support for measuring the SELinux state and policy capabilities using IMA. - A handful of SELinux/NFS patches to compare the SELinux state of one mount with a set of mount options. Olga goes into more detail in the patch descriptions, but this is important as it allows more flexibility when using NFS and SELinux context mounts. - Properly differentiate between the subjective and objective LSM credentials; including support for the SELinux and Smack. My clumsy attempt at a proper fix for AppArmor didn't quite pass muster so John is working on a proper AppArmor patch, in the meantime this set of patches shouldn't change the behavior of AppArmor in any way. This change explains the bulk of the diffstat beyond security/. - Fix a problem where we were not properly terminating the permission list for two SELinux object classes. * tag 'selinux-pr-20210426' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: add proper NULL termination to the secclass_map permissions smack: differentiate between subjective and objective task credentials selinux: clarify task subjective and objective credentials lsm: separate security_task_getsecid() into subjective and objective variants nfs: account for selinux security context when deciding to share superblock nfs: remove unneeded null check in nfs_fill_super() lsm,selinux: add new hook to compare new mount to an existing mount selinux: fix misspellings using codespell tool selinux: fix misspellings using codespell tool selinux: measure state and policy capabilities selinux: Allow context mounts for unpriviliged overlayfs --- f1c921fb70de06c7eda59104470134aecc7a07c4