• Linus Torvalds's avatar
    Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 55b3a0cb
    Linus Torvalds authored
    Pull general security subsystem updates from James Morris:
     "TPM (from Jarkko):
       - essential clean up for tpm_crb so that ARM64 and x86 versions do
         not distract each other as much as before
       - /dev/tpm0 rejects now too short writes (shorter buffer than
         specified in the command header
       - use DMA-safe buffer in tpm_tis_spi
       - otherwise mostly minor fixes.
       - base support for overlafs
       - BPRM_FCAPS fixes, from Richard Guy Briggs:
         The audit subsystem is adding a BPRM_FCAPS record when auditing
         setuid application execution (SYSCALL execve). This is not expected
         as it was supposed to be limited to when the file system actually
         had capabilities in an extended attribute. It lists all
         capabilities making the event really ugly to parse what is
         happening. The PATH record correctly records the setuid bit and
         owner. Suppress the BPRM_FCAPS record on set*id.
       - Y2038 timestamping fixes"
    * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (28 commits)
      MAINTAINERS: update the IMA, EVM, trusted-keys, encrypted-keys entries
      Smack: Base support for overlayfs
      MAINTAINERS: remove David Safford as maintainer for encrypted+trusted keys
      tomoyo: fix timestamping for y2038
      capabilities: audit log other surprising conditions
      capabilities: fix logic for effective root or real root
      capabilities: invert logic for clarity
      capabilities: remove a layer of conditional logic
      capabilities: move audit log decision to function
      capabilities: use intuitive names for id changes
      capabilities: use root_priveleged inline to clarify logic
      capabilities: rename has_cap to has_fcap
      capabilities: intuitive names for cap gain status
      capabilities: factor out cap_bprm_set_creds privileged root
      tpm, tpm_tis: use ARRAY_SIZE() to define TPM_HID_USR_IDX
      tpm: fix duplicate inline declaration specifier
      tpm: fix type of a local variables in tpm_tis_spi.c
      tpm: fix type of a local variable in tpm2_map_command()
      tpm: fix type of a local variable in tpm2_get_cc_attrs_tbl()
      tpm-dev-common: Reject too short writes