From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Tue, 31 Mar 2020 22:07:55 +0000 (-0700)
Subject: Merge tag 'selinux-pr-20200330' of git://git.kernel.org/pub/scm/linux/kernel/git... 
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=b3aa112d57b704441143d84b0475fb633a750035;p=linux.git

Merge tag 'selinux-pr-20200330' of git://git./linux/kernel/git/pcmoore/selinux

Pull SELinux updates from Paul Moore:
 "We've got twenty SELinux patches for the v5.7 merge window, the
  highlights are below:

   - Deprecate setting /sys/fs/selinux/checkreqprot to 1.

     This flag was originally created to deal with legacy userspace and
     the READ_IMPLIES_EXEC personality flag. We changed the default from
     1 to 0 back in Linux v4.4 and now we are taking the next step of
     deprecating it, at some point in the future we will take the final
     step of rejecting 1.

   - Allow kernfs symlinks to inherit the SELinux label of the parent
     directory. In order to preserve backwards compatibility this is
     protected by the genfs_seclabel_symlinks SELinux policy capability.

   - Optimize how we store filename transitions in the kernel, resulting
     in some significant improvements to policy load times.

   - Do a better job calculating our internal hash table sizes which
     resulted in additional policy load improvements and likely general
     SELinux performance improvements as well.

   - Remove the unused initial SIDs (labels) and improve how we handle
     initial SIDs.

   - Enable per-file labeling for the bpf filesystem.

   - Ensure that we properly label NFS v4.2 filesystems to avoid a
     temporary unlabeled condition.

   - Add some missing XFS quota command types to the SELinux quota
     access controls.

   - Fix a problem where we were not updating the seq_file position
     index correctly in selinuxfs.

   - We consolidate some duplicated code into helper functions.

   - A number of list to array conversions.

   - Update Stephen Smalley's email address in MAINTAINERS"

* tag 'selinux-pr-20200330' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: clean up indentation issue with assignment statement
  NFS: Ensure security label is set for root inode
  MAINTAINERS: Update my email address
  selinux: avtab_init() and cond_policydb_init() return void
  selinux: clean up error path in policydb_init()
  selinux: remove unused initial SIDs and improve handling
  selinux: reduce the use of hard-coded hash sizes
  selinux: Add xfs quota command types
  selinux: optimize storage of filename transitions
  selinux: factor out loop body from filename_trans_read()
  security: selinux: allow per-file labeling for bpffs
  selinux: generalize evaluate_cond_node()
  selinux: convert cond_expr to array
  selinux: convert cond_av_list to array
  selinux: convert cond_list to array
  selinux: sel_avc_get_stat_idx should increase position index
  selinux: allow kernfs symlinks to inherit parent directory context
  selinux: simplify evaluate_cond_node()
  Documentation,selinux: deprecate setting checkreqprot to 1
  selinux: move status variables out of selinux_ss
---

b3aa112d57b704441143d84b0475fb633a750035
diff --cc security/selinux/hooks.c
index 1659b59fb5d77,b8e09aedbc560..0b4e32161b777
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@@ -698,7 -701,8 +701,8 @@@ static int selinux_set_mnt_opts(struct 
  
  	if (!strcmp(sb->s_type->name, "debugfs") ||
  	    !strcmp(sb->s_type->name, "tracefs") ||
 -	    !strcmp(sb->s_type->name, "binderfs") ||
 +	    !strcmp(sb->s_type->name, "binder") ||
+ 	    !strcmp(sb->s_type->name, "bpf") ||
  	    !strcmp(sb->s_type->name, "pstore"))
  		sbsec->flags |= SE_SBGENFS;