mirror of
https://github.com/torvalds/linux.git
synced 2024-12-27 05:11:48 +00:00
f4f27d0028
Pull security subsystem updates from James Morris: "Highlights: - A new LSM, "LoadPin", from Kees Cook is added, which allows forcing of modules and firmware to be loaded from a specific device (this is from ChromeOS, where the device as a whole is verified cryptographically via dm-verity). This is disabled by default but can be configured to be enabled by default (don't do this if you don't know what you're doing). - Keys: allow authentication data to be stored in an asymmetric key. Lots of general fixes and updates. - SELinux: add restrictions for loading of kernel modules via finit_module(). Distinguish non-init user namespace capability checks. Apply execstack check on thread stacks" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (48 commits) LSM: LoadPin: provide enablement CONFIG Yama: use atomic allocations when reporting seccomp: Fix comment typo ima: add support for creating files using the mknodat syscall ima: fix ima_inode_post_setattr vfs: forbid write access when reading a file into memory fs: fix over-zealous use of "const" selinux: apply execstack check on thread stacks selinux: distinguish non-init user namespace capability checks LSM: LoadPin for kernel file loading restrictions fs: define a string representation of the kernel_read_file_id enumeration Yama: consolidate error reporting string_helpers: add kstrdup_quotable_file string_helpers: add kstrdup_quotable_cmdline string_helpers: add kstrdup_quotable selinux: check ss_initialized before revalidating an inode label selinux: delay inode label lookup as long as possible selinux: don't revalidate an inode's label when explicitly setting it selinux: Change bool variable name to index. KEYS: Add KEYCTL_DH_COMPUTE command ... |
||
---|---|---|
.. | ||
internal | ||
ablk_helper.h | ||
aead.h | ||
aes.h | ||
akcipher.h | ||
algapi.h | ||
authenc.h | ||
b128ops.h | ||
blowfish.h | ||
cast5.h | ||
cast6.h | ||
cast_common.h | ||
chacha20.h | ||
cryptd.h | ||
crypto_wq.h | ||
ctr.h | ||
des.h | ||
drbg.h | ||
gf128mul.h | ||
hash_info.h | ||
hash.h | ||
if_alg.h | ||
lrw.h | ||
mcryptd.h | ||
md5.h | ||
null.h | ||
padlock.h | ||
pcrypt.h | ||
pkcs7.h | ||
poly1305.h | ||
public_key.h | ||
rng.h | ||
scatterwalk.h | ||
serpent.h | ||
sha1_base.h | ||
sha256_base.h | ||
sha512_base.h | ||
sha.h | ||
skcipher.h | ||
twofish.h | ||
vmac.h | ||
xts.h |