Skip to content
Snippets Groups Projects
Commit 29caf07e authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'apparmor-pr-2024-11-27' of... 

Merge tag 'apparmor-pr-2024-11-27' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor

Pull apparmor updates from John Johansen:
 "Features:
   - extend next/check table to add support for 2^24 states to the state
     machine.
   - rework capability audit cache to use broader cred information
     instead of just the profile. Also add a time stamp so old entries
     can be aged out of the cache.

  Bug Fixes:
   - fix 'Do simple duplicate message elimination' to clear previous
     state when updating in capability audit cache
   - Fix memory leak for aa_unpack_strdup()
   - properly handle cx/px lookup failure when in complain mode
   - allocate xmatch for nullpdb inside aa_alloc_null fixing a NULL ptr
     deref of tracking profiles in when in complain mode

  Cleanups:
   - Remove everything being reported as deadcode
   - replace misleading 'scrubbing environment' phrase in debug print
   - Remove unnecessary NULL check before kvfree()
   - clean up duplicated parts of handle_onexec()
   - Use IS_ERR_OR_NULL() helper function
   - move new_profile declaration to top of block instead immediately
     after label to remove C23 extension warning

  Documentation:
   - add comment to document capability.c:profile_capable ad ptr
     parameter can not be NULL
   - add comment to document first entry is in packed perms struct is
     reserved for future planned expansion.
   - Update LSM/apparmor.rst add blurb for DEFAULT_SECURITY_APPARMOR"

* tag 'apparmor-pr-2024-11-27' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
  apparmor: lift new_profile declaration to remove C23 extension warning
  apparmor: replace misleading 'scrubbing environment' phrase in debug print
  parser: drop dead code for XXX_comb macros
  apparmor: Remove unused parameter L1 in macro next_comb
  Docs: Update LSM/apparmor.rst
  apparmor: audit_cap dedup based on subj_cred instead of profile
  apparmor: add a cache entry expiration time aging out capability audit cache
  apparmor: document capability.c:profile_capable ad ptr not being NULL
  apparmor: fix 'Do simple duplicate message elimination'
  apparmor: document first entry is in packed perms struct is reserved
  apparmor: test: Fix memory leak for aa_unpack_strdup()
  apparmor: Remove deadcode
  apparmor: Remove unnecessary NULL check before kvfree()
  apparmor: domain: clean up duplicated parts of handle_onexec()
  apparmor: Use IS_ERR_OR_NULL() helper function
  apparmor: add support for 2^24 states to the dfa state machine.
  apparmor: properly handle cx/px lookup failure for complain
  apparmor: allocate xmatch for nullpdb inside aa_alloc_null
parents 509f806f 04b5f0a5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 141 additions and 246 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment