Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-06 05:02:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
df4390934d
linux-next/security/apparmor
History
Matthew Wilcox df4390934d apparmor: Convert secid mapping to XArrays instead of IDR 
XArrays are a better match than IDR for how AppArmor is mapping
secids.  Specifically AppArmor is trying to keep the allocation
dense. XArrays also have the advantage of avoiding the complexity IDRs
preallocation.

In addition this avoids/fixes a lockdep issue raised in the LKML thread
  "Linux 5.18-rc4"

where there is a report of an interaction between apparmor and IPC,
this warning may have been spurious as the reported issue is in a
per-cpu local lock taken by the IDR. With the one side in the IPC id
allocation and the other in AppArmor's secid allocation.

Description by John Johansen <john.johansen@canonical.com>

Message-Id: <226cee6a-6ca1-b603-db08-8500cd8f77b7@gnuweeb.org>
Signed-off-by: Matthew Wilcox <willy@infradead.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>
2022-07-13 17:16:02 -07:00
..
include apparmor: Convert secid mapping to XArrays instead of IDR 2022-07-13 17:16:02 -07:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
apparmorfs.c apparmor: Fix memleak in aa_simple_write_to_buffer() 2022-07-09 15:13:59 -07:00
audit.c apparmor: fix quiet_denied for file rules 2022-07-09 15:13:59 -07:00
capability.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
crypto.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
domain.c apparmor: Fix some kernel-doc comments 2022-07-09 15:13:59 -07:00
file.c apparmor: handle idmapped mounts 2021-01-24 14:27:20 +01:00
ipc.c audit: purge audit_log_string from the intra-kernel audit API 2020-07-21 11:12:31 -04:00
Kconfig apparmor: Enable tuning of policy paranoid load for embedded systems 2022-07-09 15:13:59 -07:00
label.c apparmor: fix aa_label_asxprint return check 2022-07-09 15:13:59 -07:00
lib.c apparmor: Use struct_size() helper in kmalloc() 2022-07-09 15:13:59 -07:00
lsm.c apparmor: Convert secid mapping to XArrays instead of IDR 2022-07-13 17:16:02 -07:00
Makefile apparmor: add base infastructure for socket mediation 2018-03-13 17:25:48 -07:00
match.c apparmor: ensure that dfa state tables have entries 2020-04-08 04:42:48 -07:00
mount.c apparmor: fix reference count leak in aa_pivotroot() 2022-07-09 15:13:59 -07:00
net.c apparmor: add a kernel label to use on kernel objects 2022-07-13 16:37:21 -07:00
nulldfa.in apparmor: cleanup add proper line wrapping to nulldfa.in 2018-02-09 11:30:01 -08:00
path.c security: apparmor: delete repeated words in comments 2021-02-07 04:15:46 -08:00
policy_ns.c apparmor: add a kernel label to use on kernel objects 2022-07-13 16:37:21 -07:00
policy_unpack_test.c apparmor: test: Remove some casts which are no-longer required 2022-07-09 15:14:14 -07:00
policy_unpack.c apparmor: Fix undefined reference to `zlib_deflate_workspacesize' 2022-07-09 15:13:59 -07:00
policy.c apparmor: make export of raw binary profile to userspace optional 2022-07-09 15:13:59 -07:00
procattr.c apparmor: Fix kernel-doc 2022-07-09 15:13:59 -07:00
resource.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
secid.c apparmor: Convert secid mapping to XArrays instead of IDR 2022-07-13 17:16:02 -07:00
stacksplitdfa.in apparmor: use the dfa to do label parse string splitting 2018-02-09 11:30:01 -08:00
task.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00