kernel-5.8.0-0.rc5.1

* Mon Jul 13 2020 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.8.0-0.rc5.1] - v5.8-rc5 rebase - arm64: dts: sun50i-a64-pinephone: Add touchscreen support (Ondrej Jirman) - arm64: dts: sun50i-a64-pinephone: Enable LCD support on PinePhone (Icenowy Zheng) - drm/panel: st7703: Assert reset prior to powering down the regulators (Ondrej Jirman) - drm/panel: st7703: Enter sleep after display off (Ondrej Jirman) - drm/panel: st7703: Add support for Xingbangda XBD599 (Ondrej Jirman) - drm/panel: st7703: Move generic part of init sequence to enable callback (Ondrej Jirman) - drm/panel: st7703: Move code specific to jh057n closer together (Ondrej Jirman) - drm/panel: st7703: Prepare for supporting multiple panels (Ondrej Jirman) - drm/panel: st7703: Rename functions from jh057n prefix to st7703 (Ondrej Jirman) - drm/panel: rocktech-jh057n00900: Rename the driver to st7703 (Ondrej Jirman) - dt-bindings: panel: Add compatible for Xingbangda XBD599 panel (Ondrej Jirman) - dt-bindings: panel: Convert rocktech, jh057n00900 to yaml (Ondrej Jirman) - dt-bindings: vendor-prefixes: Add Xingbangda (Icenowy Zheng) - Revert "arm64: allwinner: dts: a64: add LCD-related device nodes for PinePhone" (Peter Robinson) - Revert "drm/sun4i: sun6i_mipi_dsi: fix horizontal timing calculation" (Peter Robinson) - Revert "drm: panel: add Xingbangda XBD599 panel" (Peter Robinson) - Revert "dt-bindings: panel: add binding for Xingbangda XBD599 panel" (Peter Robinson) - selinux: allow reading labels before policy is loaded (Jonathan Lebon) - Fixes "acpi: prefer booting with ACPI over DTS" to be RHEL only (Peter Robinson) - Update config for renamed panel driver. (Peter Robinson) - Enable SERIAL_SC16IS7XX for SPI interfaces (Peter Robinson) - Updated changelog for the release based on dcde237b9b0e (Fedora Kernel Team) Resolves: rhbz# Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
author: Justin M. Forbes <jforbes@fedoraproject.org> 2020-07-13 10:05:15 -0500
committer: Justin M. Forbes <jforbes@fedoraproject.org> 2020-07-13 10:05:15 -0500
commit: aa5ab7f890a036ab6802c7a0c8cf8459a324e3c2 (patch)
tree: f637c079f5bb221193d2a33f5520f477a02bae0e /0001-selinux-allow-reading-labels-before-policy-is-loaded.patch
parent: d8d578bfa82493a49b71c8665b2f48c3e6df3617 (diff)
download: kernel-aa5ab7f890a036ab6802c7a0c8cf8459a324e3c2.tar.gz
kernel-aa5ab7f890a036ab6802c7a0c8cf8459a324e3c2.tar.xz
kernel-aa5ab7f890a036ab6802c7a0c8cf8459a324e3c2.zip
1 files changed, 49 insertions, 0 deletions
diff --git a/0001-selinux-allow-reading-labels-before-policy-is-loaded.patch b/0001-selinux-allow-reading-labels-before-policy-is-loaded.patch
new file mode 100644
index 000000000..5c2384cd6
--- /dev/null
+++ b/0001-selinux-allow-reading-labels-before-policy-is-loaded.patch
@@ -0,0 +1,49 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Jonathan Lebon <jlebon@redhat.com>
+Date: Thu, 28 May 2020 10:39:40 -0400
+Subject: [PATCH] selinux: allow reading labels before policy is loaded
+
+This patch does for `getxattr` what commit 3e3e24b42043 ("selinux: allow
+labeling before policy is loaded") did for `setxattr`; it allows
+querying the current SELinux label on disk before the policy is loaded.
+
+One of the motivations described in that commit message also drives this
+patch: for Fedora CoreOS (and eventually RHEL CoreOS), we want to be
+able to move the root filesystem for example, from xfs to ext4 on RAID,
+on first boot, at initrd time.[1]
+
+Because such an operation works at the filesystem level, we need to be
+able to read the SELinux labels first from the original root, and apply
+them to the files of the new root. The previous commit enabled the
+second part of this process; this commit enables the first part.
+
+[1] https://github.com/coreos/fedora-coreos-tracker/issues/94
+
+Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
+Signed-off-by: Jonathan Lebon <jlebon@redhat.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+---
+ security/selinux/hooks.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
+index efa6108b1ce9..ca901025802a 100644
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -3332,7 +3332,12 @@ static int selinux_inode_getsecurity(struct inode *inode, const char *name, void
+ 	char *context = NULL;
+ 	struct inode_security_struct *isec;
+
+-	if (strcmp(name, XATTR_SELINUX_SUFFIX))
++	/*
++	 * If we're not initialized yet, then we can't validate contexts, so
++	 * just let vfs_getxattr fall back to using the on-disk xattr.
++	 */
++	if (!selinux_initialized(&selinux_state) ||
++	    strcmp(name, XATTR_SELINUX_SUFFIX))
+ 		return -EOPNOTSUPP;
+
+ 	/*
+-- 
+2.26.2
+
author	Justin M. Forbes <jforbes@fedoraproject.org>	2020-07-13 10:05:15 -0500
committer	Justin M. Forbes <jforbes@fedoraproject.org>	2020-07-13 10:05:15 -0500
commit	aa5ab7f890a036ab6802c7a0c8cf8459a324e3c2 (patch)
tree	f637c079f5bb221193d2a33f5520f477a02bae0e /0001-selinux-allow-reading-labels-before-policy-is-loaded.patch
parent	d8d578bfa82493a49b71c8665b2f48c3e6df3617 (diff)
download	kernel-aa5ab7f890a036ab6802c7a0c8cf8459a324e3c2.tar.gz kernel-aa5ab7f890a036ab6802c7a0c8cf8459a324e3c2.tar.xz kernel-aa5ab7f890a036ab6802c7a0c8cf8459a324e3c2.zip