From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Tue, 30 Sep 2025 15:30:32 +0000 (-0700)
Subject: Merge tag 'selinux-pr-20250926' of git://git.kernel.org/pub/scm/linux/kernel/git... 
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=57bc683896c55ff348e1a592175e76f9478035d6;p=thirdparty%2Fkernel%2Fstable.git

Merge tag 'selinux-pr-20250926' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:

 - Support per-file labeling for functionfs

   Both genfscon and user defined labeling methods are supported. This
   should help users who want to provide separation between the control
   endpoint file, "ep0", and other endpoints.

 - Remove our use of get_zeroed_page() in sel_read_bool()

   Update sel_read_bool() to use a four byte stack buffer instead of a
   memory page fetched via get_zeroed_page(), and fix a memory in the
   process.

   Needless to say we should have done this a long time ago, but it was
   in a very old chunk of code that "just worked" and I don't think
   anyone had taken a real look at it in many years.

 - Better use of the netdev skb/sock helper functions

   Convert a sk_to_full_sk(skb->sk) into a skb_to_full_sk(skb) call.

 - Remove some old, dead, and/or redundant code

* tag 'selinux-pr-20250926' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: enable per-file labeling for functionfs
  selinux: fix sel_read_bool() allocation and error handling
  selinux: Remove redundant __GFP_NOWARN
  selinux: use a consistent method to get full socket from skb
  selinux: Remove unused function selinux_policycap_netif_wildcard()
---

57bc683896c55ff348e1a592175e76f9478035d6