Ubuntu Mainline

~ubuntu-mainline/ubuntu-mainline/+git/linux-ubuntu:noble/linux-xilinx

  1. Git
  2. lp:~ubuntu-mainline/ubuntu-mainline/+git/linux-ubuntu
  3. noble/linux-xilinx
Last commit made on 2024-03-21
Get this branch:
git clone -b noble/linux-xilinx https://git.launchpad.net/~ubuntu-mainline/ubuntu-mainline/+git/linux-ubuntu
Members of Ubuntu Mainline can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
noble/linux-xilinx
Repository:
lp:~ubuntu-mainline/ubuntu-mainline/+git/linux-ubuntu

Recent commits

3549b27... by Andrea Righi

UBUNTU: SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with CONFIG_SECURITY=n

When CONFIG_SECURITY=n we are not initializing lsmblob correctly in
security_cred_getlsmblob().

Fix by calling lsmblob_init() properly.

Fixes: 4d652c1a90a7 ("UBUNTU: SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new security_cred_getlsmblob LSM hook")
Reported-by: Emil Renner Berthing <email address hidden>
Signed-off-by: Andrea Righi <email address hidden>

361cb3b... by Andrea Righi

UBUNTU: [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS

BugLink: https://bugs.launchpad.net/bugs/2028253

Signed-off-by: Andrea Righi <email address hidden>

bb98af4... by Paolo Pisati

UBUNTU: SAUCE: apparmor4.0.0: fix reserved mem for when we save ipv6 addresses

BugLink: http://bugs.launchpad.net/bugs/2028253

Signed-off-by: Paolo Pisati <email address hidden>

eff9f27... by John Johansen

UBUNTU: SAUCE: apparmor4.0.0 [90/90]: apparmor: Fix notify build warnings

BugLink: http://bugs.launchpad.net/bugs/2028253

Remove the static and unused build warnings from notify.

Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit a22e22ecf2fd281c16b1c62976489944088bc689
https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next)
Signed-off-by: Paolo Pisati <email address hidden>

b941cea... by John Johansen

UBUNTU: SAUCE: apparmor4.0.0 [89/90]:apparmor: disable tailglob responses for now

BugLink: http://bugs.launchpad.net/bugs/2028253

Tailglob responses are currently unused, and there are a few bugs
that need to be fixed. Sp just disable access.

Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit 7cdddcf0388b3d215dd0a87ca6a9c8b24ce1e780
https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next)
Signed-off-by: Paolo Pisati <email address hidden>

a4ed4f5... by John Johansen

UBUNTU: SAUCE: apparmor4.0.0 [88/90]: apparmor: add fine grained ipv4/ipv6 mediation

BugLink: http://bugs.launchpad.net/bugs/2028253
Buglink: https://bugs.launchpad.net/bugs/2056496

Add the ability to mediate inet access at a port and address level.

Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit fefa3cec7db83b9a0dd1a339f7c8d76c0b820ad8
https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next)
Signed-off-by: Paolo Pisati <email address hidden>

3ae7a3f... by John Johansen

UBUNTU: SAUCE: apparmor4.0.0 [87/90]: fixup notify

BugLink: http://bugs.launchpad.net/bugs/2028253
(cherry picked from commit fb00e41adbe0c5c0e0f2bcaaf2949fec00b2a941
https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next)
Signed-off-by: Paolo Pisati <email address hidden>

92b128d... by John Johansen

UBUNTU: SAUCE: apparmor4.0.0 [86/90]: apparmor: add ability to mediate caps with policy state machine

BugLink: http://bugs.launchpad.net/bugs/2028253

Currently the caps encoding is very limited. Allow capabilities to
be mediated by the state machine. This will allow us to add
conditionals to capabilities that aren't possible with the current
encoding.

Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit bb78e87633afdf5e4b7dc0b2c857f61e97369068
https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next)
Signed-off-by: Paolo Pisati <email address hidden>

fb65ffc... by John Johansen

UBUNTU: SAUCE: apparmor4.0.0 [85/90]: apparmor: allow profile to be transitioned when a user ns is created

BugLink: http://bugs.launchpad.net/bugs/2028253

User namespaces are used to create sandboxes and often need a different
set of permission than during setup. Allow for a profile state change
on the task creating the namespace.

The transition is encoded the same as exec domain transitions and
only uses a subset of the transitions available at exec. Enivronment
scrubbing etc are not available.

Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit 90f73560fd8dfec350c62a630a9f5719e1da2f23
https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next)
Signed-off-by: Paolo Pisati <email address hidden>

d644202... by John Johansen

UBUNTU: SAUCE: apparmor4.0.0 [84/90]: apparmor: fix x_table_lookup when stacking is not the first entry

BugLink: http://bugs.launchpad.net/bugs/2028253

x_table_lookup currently does stacking during label_parse() if the
target specifies a stack but its only caller ensures that it will
never be used with stacking.

Refactor to slightly simplify the code between in x_to_label(), this
also fixes a long standing problem where x_to_labels check on stacking
is only on the first element to the table option list, instead of
the element that is found and used.

Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit 4faf1d74aba271957f81e00109223a771b5f96a4
https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next)
Signed-off-by: Paolo Pisati <email address hidden>