)]}' { "log": [ { "commit": "087feb980443aadc7c62f6c26d3867543b470d8c", "tree": "06922e22b5390aeb2ad9ef8ea64b4f05d1d354e3", "parents": [ "9fe79ad1e43d236bbbb8edb3cf634356de714c79" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@kaigai.gr.jp", "time": "Wed Oct 03 23:42:56 2007 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 17 08:59:36 2007 +1000" }, "message": "SELinux: kills warnings in Improve SELinux performance when AVC misses\n\nThis patch kills ugly warnings when the \"Improve SELinux performance\nwhen ACV misses\" patch.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9fe79ad1e43d236bbbb8edb3cf634356de714c79", "tree": "91149cefa28baf692eb55f88f8c544a33e9126df", "parents": [ "3f12070e27b4a213d62607d2bff139793089a77d" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Sat Sep 29 02:20:55 2007 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 17 08:59:34 2007 +1000" }, "message": "SELinux: improve performance when AVC misses.\n\n* We add ebitmap_for_each_positive_bit() which enables to walk on\n any positive bit on the given ebitmap, to improve its performance\n using common bit-operations defined in linux/bitops.h.\n In the previous version, this logic was implemented using a combination\n of ebitmap_for_each_bit() and ebitmap_node_get_bit(), but is was worse\n in performance aspect.\n This logic is most frequestly used to compute a new AVC entry,\n so this patch can improve SELinux performance when AVC misses are happen.\n* struct ebitmap_node is redefined as an array of \"unsigned long\", to get\n suitable for using find_next_bit() which is fasted than iteration of\n shift and logical operation, and to maximize memory usage allocated\n from general purpose slab.\n* Any ebitmap_for_each_bit() are repleced by the new implementation\n in ss/service.c and ss/mls.c. Some of related implementation are\n changed, however, there is no incompatibility with the previous\n version.\n* The width of any new line are less or equal than 80-chars.\n\nThe following benchmark shows the effect of this patch, when we\naccess many files which have different security context one after\nanother. The number is more than /selinux/avc/cache_threshold, so\nany access always causes AVC misses.\n\n selinux-2.6 selinux-2.6-ebitmap\nAVG: 22.763 [s] 8.750 [s]\nSTD: 0.265 0.019\n------------------------------------------\n1st: 22.558 [s] 8.786 [s]\n2nd: 22.458 [s] 8.750 [s]\n3rd: 22.478 [s] 8.754 [s]\n4th: 22.724 [s] 8.745 [s]\n5th: 22.918 [s] 8.748 [s]\n6th: 22.905 [s] 8.764 [s]\n7th: 23.238 [s] 8.726 [s]\n8th: 22.822 [s] 8.729 [s]\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3f12070e27b4a213d62607d2bff139793089a77d", "tree": "b6b614737f916c7c3102f66e6ad9e682b9c9bf04", "parents": [ "788e7dd4c22e6f41b3a118fd8c291f831f6fddbb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Sep 21 14:37:10 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 17 08:59:33 2007 +1000" }, "message": "SELinux: policy selectable handling of unknown classes and perms\n\nAllow policy to select, in much the same way as it selects MLS support, how\nthe kernel should handle access decisions which contain either unknown\nclasses or unknown permissions in known classes. The three choices for the\npolicy flags are\n\n0 - Deny unknown security access. (default)\n2 - reject loading policy if it does not contain all definitions\n4 - allow unknown security access\n\nThe policy\u0027s choice is exported through 2 booleans in\nselinuxfs. /selinux/deny_unknown and /selinux/reject_unknown.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "788e7dd4c22e6f41b3a118fd8c291f831f6fddbb", "tree": "cbe2d2a360aaf7dc243bef432e1c50507ae6db7b", "parents": [ "3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9" ], "author": { "name": "Yuichi Nakamura", "email": "ynakam@hitachisoft.jp", "time": "Fri Sep 14 09:27:07 2007 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 17 08:59:31 2007 +1000" }, "message": "SELinux: Improve read/write performance\n\nIt reduces the selinux overhead on read/write by only revalidating\npermissions in selinux_file_permission if the task or inode labels have\nchanged or the policy has changed since the open-time check. A new LSM\nhook, security_dentry_open, is added to capture the necessary state at open\ntime to allow this optimization.\n\n(see http://marc.info/?l\u003dselinux\u0026m\u003d118972995207740\u0026w\u003d2)\n\nSigned-off-by: Yuichi Nakamura\u003cynakam@hitachisoft.jp\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9", "tree": "b369f8dc55e9d27bbd0b8b4b6843c0736d61b005", "parents": [ "821f3eff7cdb9d6c7076effabd46c96c322daed1" ], "author": { "name": "Yuichi Nakamura", "email": "ynakam@hitachisoft.jp", "time": "Fri Aug 24 11:55:11 2007 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 17 08:59:30 2007 +1000" }, "message": "SELinux: tune avtab to reduce memory usage\n\nThis patch reduces memory usage of SELinux by tuning avtab. Number of hash\nslots in avtab was 32768. Unused slots used memory when number of rules is\nfewer. This patch decides number of hash slots dynamically based on number\nof rules. (chain length)^2 is also printed out in avtab_hash_eval to see\nstandard deviation of avtab hash table.\n\nSigned-off-by: Yuichi Nakamura\u003cynakam@hitachisoft.jp\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a224be766bf593f7bcd534ca0c48dbd3eaf7bfce", "tree": "b0a053b35fe654fb35199c1b5326a4d3932f79da", "parents": [ "762cc40801ad757a34527d5e548816cf3b6fc606" ], "author": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Oct 15 02:58:25 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Oct 15 12:26:44 2007 -0700" }, "message": "[SELINUX]: Update for netfilter -\u003ehook() arg changes.\n\nThey take a \"struct sk_buff *\" instead of a \"struct sk_buff **\" now.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "227b60f5102cda4e4ab792b526a59c8cb20cd9f8", "tree": "2c9e372601ba794894833b0618bc531a9f5d57c4", "parents": [ "06393009000779b00a558fd2f280882cc7dc2008" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@linux-foundation.org", "time": "Wed Oct 10 17:30:46 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Oct 10 17:30:46 2007 -0700" }, "message": "[INET]: local port range robustness\n\nExpansion of original idea from Denis V. Lunev \u003cden@openvz.org\u003e\n\nAdd robustness and locking to the local_port_range sysctl.\n1. Enforce that low \u003c high when setting.\n2. Use seqlock to ensure atomic update.\n\nThe locking might seem like overkill, but there are\ncases where sysadmin might want to change value in the\nmiddle of a DoS attack.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b4b510290b056b86611757ce1175a230f1080f53", "tree": "7bd1d45855ac7457be6d50338c60751f19e436d9", "parents": [ "e9dc86534051b78e41e5b746cccc291b57a3a311" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Sep 12 13:05:38 2007 +0200" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:49:09 2007 -0700" }, "message": "[NET]: Support multiple network namespaces with netlink\n\nEach netlink socket will live in exactly one network namespace,\nthis includes the controlling kernel sockets.\n\nThis patch updates all of the existing netlink protocols\nto only support the initial network namespace. Request\nby clients in other namespaces will get -ECONREFUSED.\nAs they would if the kernel did not have the support for\nthat netlink protocol compiled in.\n\nAs each netlink protocol is updated to be multiple network\nnamespace safe it can register multiple kernel sockets\nto acquire a presence in the rest of the network namespaces.\n\nThe implementation in af_netlink is a simple filter implementation\nat hash table insertion and hash table look up time.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "e9dc86534051b78e41e5b746cccc291b57a3a311", "tree": "1cd4a1dde4c51b6311749428a22cc8a8f5436825", "parents": [ "e730c15519d09ea528b4d2f1103681fa5937c0e6" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Sep 12 13:02:17 2007 +0200" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:49:09 2007 -0700" }, "message": "[NET]: Make device event notification network namespace safe\n\nEvery user of the network device notifiers is either a protocol\nstack or a pseudo device. If a protocol stack that does not have\nsupport for multiple network namespaces receives an event for a\ndevice that is not in the initial network namespace it quite possibly\ncan get confused and do the wrong thing.\n\nTo avoid problems until all of the protocol stacks are converted\nthis patch modifies all netdev event handlers to ignore events on\ndevices that are not in the initial network namespace.\n\nAs the rest of the code is made network namespace aware these\nchecks can be removed.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "31e879309474d1666d645b96de99d0b682fa055f", "tree": "bb9d45dc85e03044b5ee7635f3646774bcbb30d4", "parents": [ "a88a8eff1e6e32d3288986a9d36c6a449c032d3a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Sep 19 17:19:12 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 20 08:06:40 2007 +1000" }, "message": "SELinux: fix array out of bounds when mounting with selinux options\n\nGiven an illegal selinux option it was possible for match_token to work in\nrandom memory at the end of the match_table_t array.\n\nNote that privilege is required to perform a context mount, so this issue is\neffectively limited to root only.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4ac212ad4e8fafc22fa147fc255ff5fa5435cf33", "tree": "9ab703429a2b24ccafc6748c1e0f2147f2b47114", "parents": [ "a1c582d0720f2eff61043e90711767decf37b917" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Aug 29 08:51:50 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@localhost.localdomain", "time": "Thu Aug 30 20:22:47 2007 -0400" }, "message": "SELinux: clear parent death signal on SID transitions\n\nClear parent death signal on SID transitions to prevent unauthorized\nsignaling between SIDs.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: James Morris \u003cjmorris@localhost.localdomain\u003e\n" }, { "commit": "34b4e4aa3c470ce8fa2bd78abb1741b4b58baad7", "tree": "91d620288f1aaf63c12dc84ca1015465818601f2", "parents": [ "afe1ab4d577892822de2c8e803fbfaed6ec44ba3" ], "author": { "name": "Alan Cox", "email": "alan@lxorguk.ukuu.org.uk", "time": "Wed Aug 22 14:01:28 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Aug 22 19:52:45 2007 -0700" }, "message": "fix NULL pointer dereference in __vm_enough_memory()\n\nThe new exec code inserts an accounted vma into an mm struct which is not\ncurrent-\u003emm. The existing memory check code has a hard coded assumption\nthat this does not happen as does the security code.\n\nAs the correct mm is known we pass the mm to the security method and the\nhelper function. A new security test is added for the case where we need\nto pass the mm and the existing one is modified to pass current-\u003emm to\navoid the need to change large amounts of code.\n\n(Thanks to Tobias for fixing rejects and testing)\n\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nCc: WU Fengguang \u003cwfg@mail.ustc.edu.cn\u003e\nCc: James Morris \u003cjmorris@redhat.com\u003e\nCc: Tobias Diedrich \u003cranma+kernel@tdiedrich.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3ad40d647d5e7c320385649e5eb422a5e89e035d", "tree": "496025ef0d9427967f56d2523cfc2b2097531ec4", "parents": [ "28e8351ac22de25034e048c680014ad824323c65" ], "author": { "name": "Steve G", "email": "linux_4ever@yahoo.com", "time": "Tue Aug 14 12:50:46 2007 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@halo.namei", "time": "Thu Aug 16 11:42:28 2007 -0400" }, "message": "SELinux: correct error code in selinux_audit_rule_init\n\nCorrects an error code so that it is valid to pass to userspace.\n\nSigned-off-by: Steve Grubb \u003clinux_4ever@yahoo.com\u003e\nSigned-off-by: James Morris \u003cjmorris@halo.namei\u003e\n" }, { "commit": "088999e98b8caecd31adc3b62223a228555c5ab7", "tree": "ee16fd7c6cdde90642550ee9937fafb96e979f67", "parents": [ "9534f71ca33e5a9de26dfd43c76af86e005005dd" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Aug 01 11:12:58 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 02 11:52:23 2007 -0400" }, "message": "SELinux: remove redundant pointer checks before calling kfree()\n\nWe don\u0027t need to check for NULL pointers before calling kfree().\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9534f71ca33e5a9de26dfd43c76af86e005005dd", "tree": "344444735f541f79ed98cc38fa9040bc018ec66e", "parents": [ "1ed4395035a6791ebbbf618429a58ab9c207cc83" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Jul 30 16:33:26 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 02 11:52:21 2007 -0400" }, "message": "SELinux: restore proper NetLabel caching behavior\n\nA small fix to the SELinux/NetLabel glue code to ensure that the NetLabel\ncache is utilized when possible. This was broken when the SELinux/NetLabel\nglue code was reorganized in the last kernel release.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d133a9609ee6111c9718a4bbe559b84a399603e6", "tree": "c838cc2ec00584acdf42125a13be1a8274b038e7", "parents": [ "6ace06dc68db13f7f82f9341fdef89502f0bb217" ], "author": { "name": "Gabriel Craciunescu", "email": "nix.or.die@googlemail.com", "time": "Tue Jul 31 00:39:19 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Jul 31 15:39:42 2007 -0700" }, "message": "Typo fixes errror -\u003e error\n\nTypo fixes errror -\u003e error\n\nSigned-off-by: Gabriel Craciunescu \u003cnix.or.die@googlemail.com\u003e\nCc: Jeff Garzik \u003cjeff@garzik.org\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "910949a66839ff5f59fede5b7cb68ecf1453e22c", "tree": "6842924dba1c4af0397d06aa4b6363e8c26c220e", "parents": [ "0de085bb474f64e4fdb2f1ff3268590792648c7b" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@trustedcs.com", "time": "Tue Jul 24 09:53:23 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 25 12:49:41 2007 -0400" }, "message": "SELinux: null-terminate context string in selinux_xfrm_sec_ctx_alloc\n\nxfrm_audit_log() expects the context string to be null-terminated\nwhich currently doesn\u0027t happen with user-supplied contexts.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0ec8abd7086ee4f760cb1b477fe376805b17558c", "tree": "09eff2e119de344244242788eab5b6514191f040", "parents": [ "f695baf2df9e0413d3521661070103711545207a" ], "author": { "name": "Jesper Juhl", "email": "jesper.juhl@gmail.com", "time": "Sat Jul 21 00:12:44 2007 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 23 09:35:37 2007 -0400" }, "message": "SELinux: fix memory leak in security_netlbl_cache_add()\n\nFix memory leak in security_netlbl_cache_add()\nNote: The Coverity checker gets credit for spotting this one.\n\nSigned-off-by: Jesper Juhl \u003cjesper.juhl@gmail.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "4259fa01a2d2aa3e589b34ba7624080232d9c1ff", "tree": "3aa83d784c4db22f3b62e4d963757497555c5e5c", "parents": [ "74f2345b6be1410f824cb7dd638d2c10a9709379" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jun 07 11:13:31 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 09:57:02 2007 -0400" }, "message": "[PATCH] get rid of AVC_PATH postponed treatment\n\n Selinux folks had been complaining about the lack of AVC_PATH\nrecords when audit is disabled. I must admit my stupidity - I assumed\nthat avc_audit() really couldn\u0027t use audit_log_d_path() because of\ndeadlocks (\u003d\u003d could be called with dcache_lock or vfsmount_lock held).\nShouldn\u0027t have made that assumption - it never gets called that way.\nIt _is_ called under spinlocks, but not those.\n\n Since audit_log_d_path() uses ab-\u003egfp_mask for allocations,\nkmalloc() in there is not a problem. IOW, the simple fix is sufficient:\nlet\u0027s rip AUDIT_AVC_PATH out and simply generate pathname as part of main\nrecord. It\u0027s trivial to do.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "20c2df83d25c6a95affe6157a4c9cac4cf5ffaac", "tree": "415c4453d2b17a50abe7a3e515177e1fa337bd67", "parents": [ "64fb98fc40738ae1a98bcea9ca3145b89fb71524" ], "author": { "name": "Paul Mundt", "email": "lethal@linux-sh.org", "time": "Fri Jul 20 10:11:58 2007 +0900" }, "committer": { "name": "Paul Mundt", "email": "lethal@linux-sh.org", "time": "Fri Jul 20 10:11:58 2007 +0900" }, "message": "mm: Remove slab destructors from kmem_cache_create().\n\nSlab destructors were no longer supported after Christoph\u0027s\nc59def9f222d44bb7e2f0a559f2906191a0862d7 change. They\u0027ve been\nBUGs for both slab and slub, and slob never supported them\neither.\n\nThis rips out support for the dtor pointer from kmem_cache_create()\ncompletely and fixes up every single callsite in the kernel (there were\nabout 224, not including the slab allocator definitions themselves,\nor the documentation references).\n\nSigned-off-by: Paul Mundt \u003clethal@linux-sh.org\u003e\n" }, { "commit": "721e2629fa2167c0e5a9f10d704b1fee1621a8cb", "tree": "a1580ed191e710f891ef1bf25c8c1fc7d6f054a9", "parents": [ "fdb64f93b38a3470fa4db8cd5720b8c731922d1a", "f36158c410651fe66f438c17b2ab3ae813f8c060" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Jul 19 14:42:40 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Jul 19 14:42:40 2007 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel\n SELinux: enable dynamic activation/deactivation of NetLabel/SELinux enforcement\n" }, { "commit": "6c5d523826dc639df709ed0f88c5d2ce25379652", "tree": "ef2fa8cb30266b3a9b047902794e78c583b099da", "parents": [ "76fdbb25f963de5dc1e308325f0578a2f92b1c2d" ], "author": { "name": "Kawai, Hidehiro", "email": "hidehiro.kawai.ez@hitachi.com", "time": "Thu Jul 19 01:48:27 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Jul 19 10:04:46 2007 -0700" }, "message": "coredump masking: reimplementation of dumpable using two flags\n\nThis patch changes mm_struct.dumpable to a pair of bit flags.\n\nset_dumpable() converts three-value dumpable to two flags and stores it into\nlower two bits of mm_struct.flags instead of mm_struct.dumpable.\nget_dumpable() behaves in the opposite way.\n\n[akpm@linux-foundation.org: export set_dumpable]\nSigned-off-by: Hidehiro Kawai \u003chidehiro.kawai.ez@hitachi.com\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nCc: Hugh Dickins \u003chugh@veritas.com\u003e\nCc: Nick Piggin \u003cnickpiggin@yahoo.com.au\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f36158c410651fe66f438c17b2ab3ae813f8c060", "tree": "644e57a36d918fe2b2fcdd2f59daffb847cd8d36", "parents": [ "23bcdc1adebd3cb47d5666f2e9ecada95c0134e4" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Jul 18 12:28:46 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jul 19 10:21:13 2007 -0400" }, "message": "SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel\n\nThese changes will make NetLabel behave like labeled IPsec where there is an\naccess check for both labeled and unlabeled packets as well as providing the\nability to restrict domains to receiving only labeled packets when NetLabel is\nin use. The changes to the policy are straight forward with the following\nnecessary to receive labeled traffic (with SECINITSID_NETMSG defined as\n\"netlabel_peer_t\"):\n\n allow mydom_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;\n\nThe policy for unlabeled traffic would be:\n\n allow mydom_t unlabeled_t:{ tcp_socket udp_socket rawip_socket } recvfrom;\n\nThese policy changes, as well as more general NetLabel support, are included in\nthe latest SELinux Reference Policy release 20070629 or later. Users who make\nuse of NetLabel are strongly encouraged to upgrade their policy to avoid\nnetwork problems. Users who do not make use of NetLabel will not notice any\ndifference.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "23bcdc1adebd3cb47d5666f2e9ecada95c0134e4", "tree": "71caf0ac9fa86e4a9cf423d968a2486656c2e196", "parents": [ "589f1e81bde732dd0b1bc5d01b6bddd4bcb4527b" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Jul 18 12:28:45 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jul 19 10:21:11 2007 -0400" }, "message": "SELinux: enable dynamic activation/deactivation of NetLabel/SELinux enforcement\n\nCreate a new NetLabel KAPI interface, netlbl_enabled(), which reports on the\ncurrent runtime status of NetLabel based on the existing configuration. LSMs\nthat make use of NetLabel, i.e. SELinux, can use this new function to determine\nif they should perform NetLabel access checks. This patch changes the\nNetLabel/SELinux glue code such that SELinux only enforces NetLabel related\naccess checks when netlbl_enabled() returns true.\n\nAt present NetLabel is considered to be enabled when there is at least one\nlabeled protocol configuration present. The result is that by default NetLabel\nis considered to be disabled, however, as soon as an administrator configured\na CIPSO DOI definition NetLabel is enabled and SELinux starts enforcing\nNetLabel related access controls - including unlabeled packet controls.\n\nThis patch also tries to consolidate the multiple \"#ifdef CONFIG_NETLABEL\"\nblocks into a single block to ease future review as recommended by Linus.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "86313c488a6848b7ec2ba04e74f25f79dd32a0b7", "tree": "3b190f7afc338362470573b563f65a1eb83795ac", "parents": [ "10a0a8d4e3f6bf2d077f94344441909abe670f5a" ], "author": { "name": "Jeremy Fitzhardinge", "email": "jeremy@xensource.com", "time": "Tue Jul 17 18:37:03 2007 -0700" }, "committer": { "name": "Jeremy Fitzhardinge", "email": "jeremy@goop.org", "time": "Wed Jul 18 08:47:40 2007 -0700" }, "message": "usermodehelper: Tidy up waiting\n\nRather than using a tri-state integer for the wait flag in\ncall_usermodehelper_exec, define a proper enum, and use that. I\u0027ve\npreserved the integer values so that any callers I\u0027ve missed should\nstill work OK.\n\nSigned-off-by: Jeremy Fitzhardinge \u003cjeremy@xensource.com\u003e\nCc: James Bottomley \u003cJames.Bottomley@HansenPartnership.com\u003e\nCc: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nCc: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Andi Kleen \u003cak@suse.de\u003e\nCc: Paul Mackerras \u003cpaulus@samba.org\u003e\nCc: Johannes Berg \u003cjohannes@sipsolutions.net\u003e\nCc: Ralf Baechle \u003cralf@linux-mips.org\u003e\nCc: Bjorn Helgaas \u003cbjorn.helgaas@hp.com\u003e\nCc: Joel Becker \u003cjoel.becker@oracle.com\u003e\nCc: Tony Luck \u003ctony.luck@intel.com\u003e\nCc: Kay Sievers \u003ckay.sievers@vrfy.org\u003e\nCc: Srivatsa Vaddagiri \u003cvatsa@in.ibm.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "3bd858ab1c451725c07a805dcb315215dc85b86e", "tree": "5d49c4300e350d64fd81eb3230b81f754117e0c1", "parents": [ "49c13b51a15f1ba9f6d47e26e4a3886c4f3931e2" ], "author": { "name": "Satyam Sharma", "email": "ssatyam@cse.iitk.ac.in", "time": "Tue Jul 17 15:00:08 2007 +0530" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Jul 17 12:00:03 2007 -0700" }, "message": "Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check\n\nIntroduce is_owner_or_cap() macro in fs.h, and convert over relevant\nusers to it. This is done because we want to avoid bugs in the future\nwhere we check for only effective fsuid of the current task against a\nfile\u0027s owning uid, without simultaneously checking for CAP_FOWNER as\nwell, thus violating its semantics.\n[ XFS uses special macros and structures, and in general looked ...\nuntouchable, so we leave it alone -- but it has been looked over. ]\n\nThe (current-\u003efsuid !\u003d inode-\u003ei_uid) check in generic_permission() and\nexec_permission_lite() is left alone, because those operations are\ncovered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH. Similarly operations\nfalling under the purview of CAP_CHOWN and CAP_LEASE are also left alone.\n\nSigned-off-by: Satyam Sharma \u003cssatyam@cse.iitk.ac.in\u003e\nCc: Al Viro \u003cviro@ftp.linux.org.uk\u003e\nAcked-by: Serge E. Hallyn \u003cserge@hallyn.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "522ed7767e800cff6c650ec64b0ee0677303119c", "tree": "f65ecb29f2cf885018d3557f840de3ef4be6ec64", "parents": [ "4f27c00bf80f122513d3a5be16ed851573164534" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Sun Jul 15 23:40:56 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "Audit: add TTY input auditing\n\nAdd TTY input auditing, used to audit system administrator\u0027s actions. This is\nrequired by various security standards such as DCID 6/3 and PCI to provide\nnon-repudiation of administrator\u0027s actions and to allow a review of past\nactions if the administrator seems to overstep their duties or if the system\nbecomes misconfigured for unknown reasons. These requirements do not make it\nnecessary to audit TTY output as well.\n\nCompared to an user-space keylogger, this approach records TTY input using the\naudit subsystem, correlated with other audit events, and it is completely\ntransparent to the user-space application (e.g. the console ioctls still\nwork).\n\nTTY input auditing works on a higher level than auditing all system calls\nwithin the session, which would produce an overwhelming amount of mostly\nuseless audit events.\n\nAdd an \"audit_tty\" attribute, inherited across fork (). Data read from TTYs\nby process with the attribute is sent to the audit subsystem by the kernel.\nThe audit netlink interface is extended to allow modifying the audit_tty\nattribute, and to allow sending explanatory audit events from user-space (for\nexample, a shell might send an event containing the final command, after the\ninteractive command-line editing and history expansion is performed, which\nmight be difficult to decipher from the TTY input alone).\n\nBecause the \"audit_tty\" attribute is inherited across fork (), it would be set\ne.g. for sshd restarted within an audited session. To prevent this, the\naudit_tty attribute is cleared when a process with no open TTY file\ndescriptors (e.g. after daemon startup) opens a TTY.\n\nSee https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a\nmore detailed rationale document for an older version of this patch.\n\n[akpm@linux-foundation.org: build fix]\nSigned-off-by: Miloslav Trmac \u003cmitr@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: Paul Fulghum \u003cpaulkf@microgate.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8d9107e8c50e1c4ff43c91c8841805833f3ecfb9", "tree": "abc57f38cf659d4031d5a9915a088f2c47b2cc7e", "parents": [ "16cefa8c3863721fd40445a1b34dea18cd16ccfe" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Jul 13 16:53:18 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Jul 13 16:53:18 2007 -0700" }, "message": "Revert \"SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel\"\n\nThis reverts commit 9faf65fb6ee2b4e08325ba2d69e5ccf0c46453d0.\n\nIt bit people like Michal Piotrowski:\n\n \"My system is too secure, I can not login :)\"\n\nbecause it changed how CONFIG_NETLABEL worked, and broke older SElinux\npolicies.\n\nAs a result, quoth James Morris:\n\n \"Can you please revert this patch?\n\n We thought it only affected people running MLS, but it will affect others.\n\n Sorry for the hassle.\"\n\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Michal Piotrowski \u003cmichal.k.k.piotrowski@gmail.com\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d4cf291526a74cc33d33700a35b74395eec812fd", "tree": "321018f7ef60b7cf2df7104f5361901d021edfdb", "parents": [ "9faf65fb6ee2b4e08325ba2d69e5ccf0c46453d0" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Sun Jul 01 22:23:53 2007 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:33 2007 -0400" }, "message": "security: unexport mmap_min_addr\n\nRemove unneeded export.\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9faf65fb6ee2b4e08325ba2d69e5ccf0c46453d0", "tree": "ee167dc8c575dee062cdaf91d0b60a5997bba0c3", "parents": [ "ed0321895182ffb6ecf210e066d87911b270d587" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Jun 29 11:48:16 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:31 2007 -0400" }, "message": "SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel\n\nThese changes will make NetLabel behave like labeled IPsec where there is an\naccess check for both labeled and unlabeled packets as well as providing the\nability to restrict domains to receiving only labeled packets when NetLabel\nis in use. The changes to the policy are straight forward with the\nfollowing necessary to receive labeled traffic (with SECINITSID_NETMSG\ndefined as \"netlabel_peer_t\"):\n\n allow mydom_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;\n\nThe policy for unlabeled traffic would be:\n\n allow mydom_t unlabeled_t:{ tcp_socket udp_socket rawip_socket } recvfrom;\n\nThese policy changes, as well as more general NetLabel support, are included\nin the SELinux Reference Policy SVN tree, r2352 or later. Users who enable\nNetLabel support in the kernel are strongly encouraged to upgrade their\npolicy to avoid network problems.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ed0321895182ffb6ecf210e066d87911b270d587", "tree": "832bb54666f73b06e55322df40f915c5e9ef64d7", "parents": [ "13bddc2e9d591e31bf20020dc19ea6ca85de420e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 28 15:55:21 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:29 2007 -0400" }, "message": "security: Protection for exploiting null dereference using mmap\n\nAdd a new security check on mmap operations to see if the user is attempting\nto mmap to low area of the address space. The amount of space protected is\nindicated by the new proc tunable /proc/sys/vm/mmap_min_addr and defaults to\n0, preserving existing behavior.\n\nThis patch uses a new SELinux security class \"memprotect.\" Policy already\ncontains a number of allow rules like a_t self:process * (unconfined_t being\none of them) which mean that putting this check in the process class (its\nbest current fit) would make it useless as all user processes, which we also\nwant to protect against, would be allowed. By taking the memprotect name of\nthe new class it will also make it possible for us to move some of the other\nmemory protect permissions out of \u0027process\u0027 and into the new class next time\nwe bump the policy version number (which I also think is a good future idea)\n\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "13bddc2e9d591e31bf20020dc19ea6ca85de420e", "tree": "b813a0a060439c4cfb84c93dc14307179465829b", "parents": [ "2c3c05dbcbc7b9d71549fe0e2b249f10f5a66518" ], "author": { "name": "Tobias Oed", "email": "tobias.oed@octant-fr.com", "time": "Mon Jun 11 08:56:31 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:27 2007 -0400" }, "message": "SELinux: Use %lu for inode-\u003ei_no when printing avc\n\nInode numbers are unsigned long and so need to %lu as format string of printf.\n\nSigned-off-by: Tobias Oed \u003ctobias.oed@octant-fr.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2c3c05dbcbc7b9d71549fe0e2b249f10f5a66518", "tree": "bab75df9fafc435f3370a6d773d3284716347249", "parents": [ "9dc9978084ea2a96b9f42752753d9e38a9f9d7b2" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jun 07 15:34:10 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:25 2007 -0400" }, "message": "SELinux: allow preemption between transition permission checks\n\nIn security_get_user_sids, move the transition permission checks\noutside of the section holding the policy rdlock, and use the AVC to\nperform the checks, calling cond_resched after each one. These\nchanges should allow preemption between the individual checks and\nenable caching of the results. It may however increase the overall\ntime spent in the function in some cases, particularly in the cache\nmiss case.\n\nThe long term fix will be to take much of this logic to userspace by\nexporting additional state via selinuxfs, and ultimately deprecating\nand eliminating this interface from the kernel.\n\nTested-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9dc9978084ea2a96b9f42752753d9e38a9f9d7b2", "tree": "24aac2351df72f9f12fa9143a7746a2e83d24899", "parents": [ "e47c8fc582a2c9f3cba059e543c4a056cd6bf8c4" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jun 04 17:41:22 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:23 2007 -0400" }, "message": "selinux: introduce schedule points in policydb_destroy()\n\nDuring the LSPP testing we found that it was possible for\npolicydb_destroy() to take 10+ seconds of kernel time to complete.\nBasically all policydb_destroy() does is walk some (possibly long) lists\nand free the memory it finds. Turning off slab debugging config options\nmade the problem go away since the actual functions which took most of\nthe time were (as seen by oprofile)\n\n\u003e 121202 23.9879 .check_poison_obj\n\u003e 78247 15.4864 .check_slabp\n\nwere caused by that. So I decided to also add some voluntary schedule\npoints in that code so config voluntary preempt would be enough to solve\nthe problem. Something similar was done in places like\nshmem_free_pages() when we have to walk a list of memory and free it.\nThis was tested by the LSPP group on the hardware which could reproduce\nthe problem just loading a new policy and was found to not trigger the\nsoftlock detector. It takes just as much processing time, but the\nkernel doesn\u0027t spend all that time stuck doing one thing and never\nscheduling.\n\nSomeday a better way to handle memory might make the time needed in this\nfunction a lot less, but this fixes the current issue as it stands\ntoday.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e47c8fc582a2c9f3cba059e543c4a056cd6bf8c4", "tree": "20f43ed6ecb1bea6160f660721dee748a57e0568", "parents": [ "0dd4ae516e7b5be89caed2532f9d953d0b1dbf01" ], "author": { "name": "Christopher J. PeBenito", "email": "cpebenito@tresys.com", "time": "Wed May 23 09:12:09 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:20 2007 -0400" }, "message": "selinux: add selinuxfs structure for object class discovery\n\nThe structure is as follows (relative to selinuxfs root):\n\n/class/file/index\n/class/file/perms/read\n/class/file/perms/write\n...\n\nEach class is allocated 33 inodes, 1 for the class index and 32 for\npermissions. Relative to SEL_CLASS_INO_OFFSET, the inode of the index file\nDIV 33 is the class number. The inode of the permission file % 33 is the\nindex of the permission for that class.\n\nSigned-off-by: Christopher J. PeBenito \u003ccpebenito@tresys.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0dd4ae516e7b5be89caed2532f9d953d0b1dbf01", "tree": "7337115925bf6cbf875c17f465deb53e2ae2ad52", "parents": [ "0c92d7c73b6f99897c8bc7990717b9050cfc722f" ], "author": { "name": "Christopher J. PeBenito", "email": "cpebenito@tresys.com", "time": "Wed May 23 09:12:08 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:19 2007 -0400" }, "message": "selinux: change sel_make_dir() to specify inode counter.\n\nSpecify the inode counter explicitly in sel_make_dir(), rather than always\nusing sel_last_ino.\n\nSigned-off-by: Christopher J. PeBenito \u003ccpebenito@tresys.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0c92d7c73b6f99897c8bc7990717b9050cfc722f", "tree": "327e361aebe40e553e6eb9d0b2f0b10438e8ad9b", "parents": [ "55fcf09b3fe4325c9395ebbb0322a547a157ebc7" ], "author": { "name": "Christopher J. PeBenito", "email": "cpebenito@tresys.com", "time": "Wed May 23 09:12:07 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:17 2007 -0400" }, "message": "selinux: rename sel_remove_bools() for more general usage.\n\nsel_remove_bools() will also be used by the object class discovery, rename\nit for more general use.\n\nSigned-off-by: Christopher J. PeBenito \u003ccpebenito@tresys.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "55fcf09b3fe4325c9395ebbb0322a547a157ebc7", "tree": "36415abc8ad7e917909a1fbfbdcc8ad84f0cebd2", "parents": [ "4eb6bf6bfb580afaf1e1a1d30cba17a078530cf4" ], "author": { "name": "Christopher J. PeBenito", "email": "cpebenito@tresys.com", "time": "Wed May 23 09:12:06 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:15 2007 -0400" }, "message": "selinux: add support for querying object classes and permissions from the running policy\n\nAdd support to the SELinux security server for obtaining a list of classes,\nand for obtaining a list of permissions for a specified class.\n\nSigned-off-by: Christopher J. PeBenito \u003ccpebenito@tresys.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ba6ff9f2b5c6018b293bd21083ffaa5ad710e671", "tree": "7a868d3a1948ab9e1aaf7b6e64e114e0f790370d", "parents": [ "6363097cc4d182f93788131b5d8f72aa91d950a0" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Jun 07 18:37:15 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Jun 08 13:33:09 2007 -0700" }, "message": "[NetLabel]: consolidate the struct socket/sock handling to just struct sock\n\nThe current NetLabel code has some redundant APIs which allow both\n\"struct socket\" and \"struct sock\" types to be used; this may have made\nsense at some point but it is wasteful now. Remove the functions that\noperate on sockets and convert the callers. Not only does this make\nthe code smaller and more consistent but it pushes the locking burden\nup to the caller which can be more intelligent about the locks. Also,\nperform the same conversion (socket to sock) on the SELinux/NetLabel\nglue code where it make sense.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3dde6ad8fc3939d345a3768464ecff43c91d511a", "tree": "bf36419973a724f854ba69de793daaf3d916f9a0", "parents": [ "ccf6780dc3d228f380e17b6858b93fc48e40afd4" ], "author": { "name": "David Sterba", "email": "dave@jikos.cz", "time": "Wed May 09 07:12:20 2007 +0200" }, "committer": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Wed May 09 07:12:20 2007 +0200" }, "message": "Fix trivial typos in Kconfig* files\n\nFix several typos in help text in Kconfig* files.\n\nSigned-off-by: David Sterba \u003cdave@jikos.cz\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\n" }, { "commit": "e63340ae6b6205fef26b40a75673d1c9c0c8bb90", "tree": "8d3212705515edec73c3936bb9e23c71d34a7b41", "parents": [ "04c9167f91e309c9c4ea982992aa08e83b2eb42e" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Tue May 08 00:28:08 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue May 08 11:15:07 2007 -0700" }, "message": "header cleaning: don\u0027t include smp_lock.h when not used\n\nRemove includes of \u003clinux/smp_lock.h\u003e where it is not used/needed.\nSuggested by Al Viro.\n\nBuilds cleanly on x86_64, i386, alpha, ia64, powerpc, sparc,\nsparc64, and arm (all 59 defconfigs).\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "98a27ba485c7508ef9d9527fe06e4686f3a163dc", "tree": "73d5dca7f1b5120ecf1bbcc664094044bc35dc56", "parents": [ "2a65f1d9fe78475720bd8f0e0fbbf1973b1b5ac2" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue May 08 00:26:56 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue May 08 11:15:04 2007 -0700" }, "message": "tty: introduce no_tty and use it in selinux\n\nWhile researching the tty layer pid leaks I found a weird case in selinux when\nwe drop a controlling tty because of inadequate permissions we don\u0027t do the\nnormal hangup processing. Which is a problem if it happens the session leader\nhas exec\u0027d something that can no longer access the tty.\n\nWe already have code in the kernel to handle this case in the form of the\nTIOCNOTTY ioctl. So this patch factors out a helper function that is the\nessence of that ioctl and calls it from the selinux code.\n\nThis removes the inconsistency in handling dropping of a controlling tty and\nwho knows it might even make some part of user space happy because it received\na SIGHUP it was expecting.\n\nIn addition since this removes the last user of proc_set_tty outside of\ntty_io.c proc_set_tty is made static and removed from tty.h\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nAcked-by: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "823bccfc4002296ba88c3ad0f049e1abd8108d30", "tree": "5338ae0b32409446af4cd00c5107d9405d5bf0b6", "parents": [ "2609e7b9bebfd433254c02538ba803dc516ff674" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Fri Apr 13 13:15:19 2007 -0700" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Wed May 02 18:57:59 2007 -0700" }, "message": "remove \"struct subsystem\" as it is no longer needed\n\nWe need to work on cleaning up the relationship between kobjects, ksets and\nktypes. The removal of \u0027struct subsystem\u0027 is the first step of this,\nespecially as it is not really needed at all.\n\nThanks to Kay for fixing the bugs in this patch.\n\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n\n" }, { "commit": "a205752d1ad2d37d6597aaae5a56fc396a770868", "tree": "1def76b02da90b98cefd66c4ba3904697963c358", "parents": [ "39bc89fd4019b164002adaacef92c4140e37955a", "e900a7d90ae1486ac95c10e0b7337fc2c2eda529" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Apr 27 10:47:29 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Apr 27 10:47:29 2007 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n selinux: preserve boolean values across policy reloads\n selinux: change numbering of boolean directory inodes in selinuxfs\n selinux: remove unused enumeration constant from selinuxfs\n selinux: explicitly number all selinuxfs inodes\n selinux: export initial SID contexts via selinuxfs\n selinux: remove userland security class and permission definitions\n SELinux: move security_skb_extlbl_sid() out of the security server\n MAINTAINERS: update selinux entry\n SELinux: rename selinux_netlabel.h to netlabel.h\n SELinux: extract the NetLabel SELinux support from the security server\n NetLabel: convert a BUG_ON in the CIPSO code to a runtime check\n NetLabel: cleanup and document CIPSO constants\n" }, { "commit": "7318226ea2931a627f3572e5f4804c91ca19ecbc", "tree": "d2492bb7e87a9c1740432c4dcde13e75ee46ad8d", "parents": [ "071b638689464c6b39407025eedd810d5b5e6f5d" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Apr 26 15:46:23 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 26 15:46:23 2007 -0700" }, "message": "[AF_RXRPC]: Key facility changes for AF_RXRPC\n\nExport the keyring key type definition and document its availability.\n\nAdd alternative types into the key\u0027s type_data union to make it more useful.\nNot all users necessarily want to use it as a list_head (AF_RXRPC doesn\u0027t, for\nexample), so make it clear that it can be used in other ways.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "e900a7d90ae1486ac95c10e0b7337fc2c2eda529", "tree": "924c8b62c3c02d600a02c87bd2a7ed44d39a808b", "parents": [ "bce34bc0eef03c68b5c49a3cc5bc77c84760cfe2" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Apr 19 14:16:19 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:36:13 2007 -0400" }, "message": "selinux: preserve boolean values across policy reloads\n\nAt present, the userland policy loading code has to go through contortions to preserve\nboolean values across policy reloads, and cannot do so atomically.\nAs this is what we always want to do for reloads, let the kernel preserve them instead.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Karl MacMillan \u003ckmacmillan@mentalrootkit.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bce34bc0eef03c68b5c49a3cc5bc77c84760cfe2", "tree": "2ef7c5fc9578fa2a7cdfac297681f6b6a6415a53", "parents": [ "68b00df9bb5f38e87c102b3179a18eba9c9937a8" ], "author": { "name": "James Carter", "email": "jwcart2@tycho.nsa.gov", "time": "Wed Apr 04 16:18:50 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:36:11 2007 -0400" }, "message": "selinux: change numbering of boolean directory inodes in selinuxfs\n\nChange the numbering of the booleans directory inodes in selinuxfs to\nprovide more room for new inodes without a conflict in inode numbers and\nto be consistent with how inode numbering is done in the\ninitial_contexts directory.\n\nSigned-off-by: James Carter \u003cjwcart2@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "68b00df9bb5f38e87c102b3179a18eba9c9937a8", "tree": "16d0075e571fafe0a16591a306da326c1d5194ae", "parents": [ "6174eafce3a38114adc6058e2872434c53feae87" ], "author": { "name": "James Carter", "email": "jwcart2@tycho.nsa.gov", "time": "Wed Apr 04 16:18:43 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:36:10 2007 -0400" }, "message": "selinux: remove unused enumeration constant from selinuxfs\n\nRemove the unused enumeration constant, SEL_AVC, from the sel_inos\nenumeration in selinuxfs.\n\nSigned-off-by: James Carter \u003cjwcart2@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6174eafce3a38114adc6058e2872434c53feae87", "tree": "8e97a2f10da78d6dc3a628109829c91c67584195", "parents": [ "f0ee2e467ffa68c3122128b704c1540ee294b748" ], "author": { "name": "James Carter", "email": "jwcart2@tycho.nsa.gov", "time": "Wed Apr 04 16:18:39 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:36:09 2007 -0400" }, "message": "selinux: explicitly number all selinuxfs inodes\n\nExplicitly number all selinuxfs inodes to prevent a conflict between\ninodes numbered using last_ino when created with new_inode() and those\nlabeled explicitly.\n\nSigned-off-by: James Carter \u003cjwcart2@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f0ee2e467ffa68c3122128b704c1540ee294b748", "tree": "1fb9bf27386233b88406b50ff69b83a2c9cdbe38", "parents": [ "a764ae4b0781fac75f9657bc737c37ae59888389" ], "author": { "name": "James Carter", "email": "jwcart2@tycho.nsa.gov", "time": "Wed Apr 04 10:11:29 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:36:00 2007 -0400" }, "message": "selinux: export initial SID contexts via selinuxfs\n\nMake the initial SID contexts accessible to userspace via selinuxfs.\nAn initial use of this support will be to make the unlabeled context\navailable to libselinux for use for invalidated userspace SIDs.\n\nSigned-off-by: James Carter \u003cjwcart2@tycho.nsa.gov\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a764ae4b0781fac75f9657bc737c37ae59888389", "tree": "eaff75fefa79a5db1713bf37d465ecc6dfbb2be4", "parents": [ "4f6a993f96a256e83b9be7612f958c7bc4ca9f00" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Mar 26 13:36:26 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:35:58 2007 -0400" }, "message": "selinux: remove userland security class and permission definitions\n\nRemove userland security class and permission definitions from the kernel\nas the kernel only needs to use and validate its own class and permission\ndefinitions and userland definitions may change.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4f6a993f96a256e83b9be7612f958c7bc4ca9f00", "tree": "385e5ce4423583b65780d20fce075cd936fe1449", "parents": [ "588a31577f86a5cd8b0bcde6026e4e6dcac8c383" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Mar 01 14:35:22 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:35:56 2007 -0400" }, "message": "SELinux: move security_skb_extlbl_sid() out of the security server\n\nAs suggested, move the security_skb_extlbl_sid() function out of the security\nserver and into the SELinux hooks file.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c60475bf35fc5fa10198df89187ab148527e72f7", "tree": "5f8081082c8be5865049c2c446583b67a9c786b3", "parents": [ "5778eabd9cdbf16ea3e40248c452b4fd25554d11" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Feb 28 15:14:23 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:35:50 2007 -0400" }, "message": "SELinux: rename selinux_netlabel.h to netlabel.h\n\nIn the beginning I named the file selinux_netlabel.h to avoid potential\nnamespace colisions. However, over time I have realized that there are several\nother similar cases of multiple header files with the same name so I\u0027m changing\nthe name to something which better fits with existing naming conventions.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5778eabd9cdbf16ea3e40248c452b4fd25554d11", "tree": "a488fd5fc07c01b93fe38621888cc50c64cfc0a1", "parents": [ "128c6b6cbffc8203e13ea5712a8aa65d2ed82e4e" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Feb 28 15:14:22 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:35:48 2007 -0400" }, "message": "SELinux: extract the NetLabel SELinux support from the security server\n\nUp until this patch the functions which have provided NetLabel support to\nSELinux have been integrated into the SELinux security server, which for\nvarious reasons is not really ideal. This patch makes an effort to extract as\nmuch of the NetLabel support from the security server as possibile and move it\ninto it\u0027s own file within the SELinux directory structure.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "af65bdfce98d7965fbe93a48b8128444a2eea024", "tree": "e6ac5ff82a0d5067213135cdf049b912b02e824d", "parents": [ "b076deb8498e26c9aa2f44046fe5e9936ae2fb5a" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Fri Apr 20 14:14:21 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 25 22:29:03 2007 -0700" }, "message": "[NETLINK]: Switch cb_lock spinlock to mutex and allow to override it\n\nSwitch cb_lock to mutex and allow netlink kernel users to override it\nwith a subsystem specific mutex for consistent locking in dump callbacks.\nAll netlink_dump_start users have been audited not to rely on any\nside-effects of the previously used spinlock.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b529ccf2799c14346d1518e9bdf1f88f03643e99", "tree": "f899a5a5d66d2ca21724c1871ee3afeda6c4a670", "parents": [ "965ffea43d4ebe8cd7b9fee78d651268dd7d23c5" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@redhat.com", "time": "Wed Apr 25 19:08:35 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 25 22:26:34 2007 -0700" }, "message": "[NETLINK]: Introduce nlmsg_hdr() helper\n\nFor the common \"(struct nlmsghdr *)skb-\u003edata\" sequence, so that we reduce the\nnumber of direct accesses to skb-\u003edata and for consistency with all the other\ncast skb member helpers.\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "27a884dc3cb63b93c2b3b643f5b31eed5f8a4d26", "tree": "5a267e40f9b94014be38dad5de0a52b6628834e0", "parents": [ "be8bd86321fa7f06359d866ef61fb4d2f3e9dce9" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@redhat.com", "time": "Thu Apr 19 20:29:13 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 25 22:26:28 2007 -0700" }, "message": "[SK_BUFF]: Convert skb-\u003etail to sk_buff_data_t\n\nSo that it is also an offset from skb-\u003ehead, reduces its size from 8 to 4 bytes\non 64bit architectures, allowing us to combine the 4 bytes hole left by the\nlayer headers conversion, reducing struct sk_buff size to 256 bytes, i.e. 4\n64byte cachelines, and since the sk_buff slab cache is SLAB_HWCACHE_ALIGN...\n:-)\n\nMany calculations that previously required that skb-\u003e{transport,network,\nmac}_header be first converted to a pointer now can be done directly, being\nmeaningful as offsets or pointers.\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "bbe735e4247dba32568a305553b010081c8dea99", "tree": "95d96619c85785a47ccee48965b68d99cf946854", "parents": [ "e7dd65dafda5737a983c04d652a69ab8da78ee3f" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@redhat.com", "time": "Sat Mar 10 22:16:10 2007 -0300" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 25 22:24:58 2007 -0700" }, "message": "[SK_BUFF]: Introduce skb_network_offset()\n\nFor the quite common \u0027skb-\u003enh.raw - skb-\u003edata\u0027 sequence.\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "04ff97086b1a3237bbd1fe6390fa80fe75207e23", "tree": "877e26055759d84a726c6bc68245bc6f9a4a5753", "parents": [ "c4823bce033be74c0fcfbcae2f1be0854fdc2e18" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Mon Mar 12 16:17:58 2007 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Mar 14 15:27:48 2007 -0700" }, "message": "[PATCH] sanitize security_getprocattr() API\n\nhave it return the buffer it had allocated\n\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4f4acf3a478d5cada688f336f2229ab580f56113", "tree": "ed549b4f079f8aaefaa47da1027eaf110a7c3013", "parents": [ "fadcdb451632d32d7c0d4c71df9ac2d3b7ae2348" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Feb 26 12:02:34 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 26 14:43:15 2007 -0500" }, "message": "Always initialize scontext and scontext_len\n\nAlways initialize *scontext and *scontext_len in security_sid_to_context.\n\n(via http://lkml.org/lkml/2007/2/23/135)\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fadcdb451632d32d7c0d4c71df9ac2d3b7ae2348", "tree": "51e411452a4aa05bb5150d4d670324badf1a4bd0", "parents": [ "9654640d0af8f2de40ff3807d3695109d3463f54" ], "author": { "name": "Eric Paris", "email": "eparis@parisplace.org", "time": "Thu Feb 22 18:11:31 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 26 14:43:07 2007 -0500" }, "message": "Reassign printk levels in selinux kernel code\n\nBelow is a patch which demotes many printk lines to KERN_DEBUG from\nKERN_INFO. It should help stop the spamming of logs with messages in\nwhich users are not interested nor is there any action that users should\ntake. It also promotes some KERN_INFO to KERN_ERR such as when there\nare improper attempts to register/unregister security modules.\n\nA similar patch was discussed a while back on list:\nhttp://marc.theaimsgroup.com/?t\u003d116656343500003\u0026r\u003d1\u0026w\u003d2\nThis patch addresses almost all of the issues raised. I believe the\nonly advice not taken was in the demoting of messages related to\nundefined permissions and classes.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n\n security/selinux/hooks.c | 20 ++++++++++----------\n security/selinux/ss/avtab.c | 2 +-\n security/selinux/ss/policydb.c | 6 +++---\n security/selinux/ss/sidtab.c | 2 +-\n 4 files changed, 15 insertions(+), 15 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bbaca6c2e7ef0f663bc31be4dad7cf530f6c4962", "tree": "c90c927fa0547ba46cb01aaf7625008e350d84eb", "parents": [ "b599fdfdb4bb4941e9076308efcf3bb89e577db5" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Feb 14 00:34:16 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Feb 14 08:10:00 2007 -0800" }, "message": "[PATCH] selinux: enhance selinux to always ignore private inodes\n\nHmmm...turns out to not be quite enough, as the /proc/sys inodes aren\u0027t truly\nprivate to the fs, so we can run into them in a variety of security hooks\nbeyond just the inode hooks, such as security_file_permission (when reading\nand writing them via the vfs helpers), security_sb_mount (when mounting other\nfilesystems on directories in proc like binfmt_misc), and deeper within the\nsecurity module itself (as in flush_unauthorized_files upon inheritance across\nexecve). So I think we have to add an IS_PRIVATE() guard within SELinux, as\nbelow. Note however that the use of the private flag here could be confusing,\nas these inodes are _not_ private to the fs, are exposed to userspace, and\nsecurity modules must implement the sysctl hook to get any access control over\nthem.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b599fdfdb4bb4941e9076308efcf3bb89e577db5", "tree": "c224273f3ef29749bf3f62e06f7ffdee595996c0", "parents": [ "3fbfa98112fc3962c416452a0baf2214381030e6" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Feb 14 00:34:15 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Feb 14 08:10:00 2007 -0800" }, "message": "[PATCH] sysctl: fix the selinux_sysctl_get_sid\n\nI goofed and when reenabling the fine grained selinux labels for\nsysctls and forgot to add the \"/sys\" prefix before consulting\nthe policy database. When computing the same path using\nproc_dir_entries we got the \"/sys\" for free as it was part\nof the tree, but it isn\u0027t true for clt_table trees.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3fbfa98112fc3962c416452a0baf2214381030e6", "tree": "5a14a9d97ba05f415698de7b4ec5949363c268a6", "parents": [ "d912b0cc1a617d7c590d57b7ea971d50c7f02503" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Feb 14 00:34:14 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Feb 14 08:10:00 2007 -0800" }, "message": "[PATCH] sysctl: remove the proc_dir_entry member for the sysctl tables\n\nIt isn\u0027t needed anymore, all of the users are gone, and all of the ctl_table\ninitializers have been converted to use explicit names of the fields they are\ninitializing.\n\n[akpm@osdl.org: NTFS fix]\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cd354f1ae75e6466a7e31b727faede57a1f89ca5", "tree": "09a2da1672465fefbc7fe06ff4e6084f1dd14c6b", "parents": [ "3fc605a2aa38899c12180ca311f1eeb61a6d867e" ], "author": { "name": "Tim Schmielau", "email": "tim@physik3.uni-rostock.de", "time": "Wed Feb 14 00:33:14 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Feb 14 08:09:54 2007 -0800" }, "message": "[PATCH] remove many unneeded #includes of sched.h\n\nAfter Al Viro (finally) succeeded in removing the sched.h #include in module.h\nrecently, it makes sense again to remove other superfluous sched.h includes.\nThere are quite a lot of files which include it but don\u0027t actually need\nanything defined in there. Presumably these includes were once needed for\nmacros that used to live in sched.h, but moved to other header files in the\ncourse of cleaning it up.\n\nTo ease the pain, this time I did not fiddle with any header files and only\nremoved #includes from .c-files, which tend to cause less trouble.\n\nCompile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha,\narm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig,\nallmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all\nconfigs in arch/arm/configs on arm. I also checked that no new warnings were\nintroduced by the patch (actually, some warnings are removed that were emitted\nby unnecessarily included header files).\n\nSigned-off-by: Tim Schmielau \u003ctim@physik3.uni-rostock.de\u003e\nAcked-by: Russell King \u003crmk+kernel@arm.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9c2e08c592cd357a8330c34def1e8ecfdcf53275", "tree": "62e7449e43bb502f2e9630ab41832ceccd9a0f65", "parents": [ "da7071d7e32d15149cc513f096a3638097b66387" ], "author": { "name": "Arjan van de Ven", "email": "arjan@linux.intel.com", "time": "Mon Feb 12 00:55:37 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Feb 12 09:48:46 2007 -0800" }, "message": "[PATCH] mark struct file_operations const 9\n\nMany struct file_operations in the kernel can be \"const\". Marking them const\nmoves these to the .rodata section, which avoids false sharing with potential\ndirty data. In addition it\u0027ll catch accidental writes at compile time to\nthese shared resources.\n\nSigned-off-by: Arjan van de Ven \u003carjan@linux.intel.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b385a144ee790f00e8559bcb8024d042863f9be1", "tree": "c2f2df78805fe8eff006716cee7b8fa8010d3b62", "parents": [ "521dae191e5ba9362152da9fd3a12203e087df83" ], "author": { "name": "Robert P. J. Day", "email": "rpjday@mindspring.com", "time": "Sat Feb 10 01:46:25 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sun Feb 11 11:18:06 2007 -0800" }, "message": "[PATCH] Replace regular code with appropriate calls to container_of()\n\nReplace a small number of expressions with a call to the \"container_of()\"\nmacro.\n\nSigned-off-by: Robert P. J. Day \u003crpjday@mindspring.com\u003e\nAcked-by: Paul Mackerras \u003cpaulus@samba.org\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c376222960ae91d5ffb9197ee36771aaed1d9f90", "tree": "7f431c42529fec77433d33490bd9f2a8c47ba091", "parents": [ "1b135431abf5ea92e61bf4e91d93726c7b96da5f" ], "author": { "name": "Robert P. J. Day", "email": "rpjday@mindspring.com", "time": "Sat Feb 10 01:45:03 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sun Feb 11 10:51:27 2007 -0800" }, "message": "[PATCH] Transform kmem_cache_alloc()+memset(0) -\u003e kmem_cache_zalloc().\n\nReplace appropriate pairs of \"kmem_cache_alloc()\" + \"memset(0)\" with the\ncorresponding \"kmem_cache_zalloc()\" call.\n\nSigned-off-by: Robert P. J. Day \u003crpjday@mindspring.com\u003e\nCc: \"Luck, Tony\" \u003ctony.luck@intel.com\u003e\nCc: Andi Kleen \u003cak@muc.de\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: James Bottomley \u003cJames.Bottomley@steeleye.com\u003e\nCc: Greg KH \u003cgreg@kroah.com\u003e\nAcked-by: Joel Becker \u003cJoel.Becker@oracle.com\u003e\nCc: Steven Whitehouse \u003cswhiteho@redhat.com\u003e\nCc: Jan Kara \u003cjack@ucw.cz\u003e\nCc: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9ad0830f307bcd8dc285cfae58998d43b21727f4", "tree": "237119861640847301c6af758650b05ea353a1da", "parents": [ "768c242b30d9ec5581dd245e8289acb6b77815d1" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Feb 06 13:45:51 2007 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 06 14:45:00 2007 -0800" }, "message": "[PATCH] Keys: Fix key serial number collision handling\n\nFix the key serial number collision avoidance code in key_alloc_serial().\n\nThis didn\u0027t use to be so much of a problem as the key serial numbers were\nallocated from a simple incremental counter, and it would have to go through\ntwo billion keys before it could possibly encounter a collision. However, now\nthat random numbers are used instead, collisions are much more likely.\n\nThis is fixed by finding a hole in the rbtree where the next unused serial\nnumber ought to be and using that by going almost back to the top of the\ninsertion routine and redoing the insertion with the new serial number rather\nthan trying to be clever and attempting to work out the insertion point\npointer directly.\n\nThis fixes kernel BZ #7727.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "342a0cff0ad5fba6b591cfa37db3c65c4d9913f8", "tree": "d437dd552e615faa7825101197909a8bf515661e", "parents": [ "c229ec5dae58b218cab0bc1b36a7647b0ec4900f" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Fri Jan 26 19:03:48 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Jan 26 19:03:48 2007 -0800" }, "message": "[SELINUX]: Fix 2.6.20-rc6 build when no xfrm\n\nThis patch is an incremental fix to the flow_cache_genid\npatch for selinux that breaks the build of 2.6.20-rc6 when\nxfrm is not configured.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "334c85569b8adeaa820c0f2fab3c8f0a9dc8b92e", "tree": "a813e11fc4168e8eb2597364b7d809cd981859ac", "parents": [ "d88ae4cc97b24783ee4480697fbdcc02ab4133a6" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Mon Jan 15 16:38:45 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jan 23 20:25:41 2007 -0800" }, "message": "[SELINUX]: increment flow cache genid\n\nCurrently, old flow cache entries remain valid even after\na reload of SELinux policy.\n\nThis patch increments the flow cache generation id\non policy (re)loads so that flow cache entries are\nrevalidated as needed.\n\nThanks to Herbet Xu for pointing this out. See:\nhttp://marc.theaimsgroup.com/?l\u003dlinux-netdev\u0026m\u003d116841378704536\u0026w\u003d2\n\nThere\u0027s also a general issue as well as a solution proposed\nby David Miller for when flow_cache_genid wraps. I might be\nsubmitting a separate patch for that later.\n\nI request that this be applied to 2.6.20 since it\u0027s\na security relevant fix.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "797951200679f1d5ea12a2e58cc7bdbc2848764c", "tree": "aaf0785e317ad5f4651324669bcafbd163d1833d", "parents": [ "86112ffdccab3ee75bc9d9dfae6745df73189e37" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Jan 05 15:08:21 2007 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jan 09 00:30:00 2007 -0800" }, "message": "NetLabel: correct locking in selinux_netlbl_socket_setsid()\n\nThe spinlock protecting the update of the \"sksec-\u003enlbl_state\" variable is not\ncurrently softirq safe which can lead to problems. This patch fixes this by\nchanging the spin_{un}lock() functions into spin_{un}lock_bh() functions.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0efc61eaee5471acd7399c8536feff280b4966dd", "tree": "c57dbd32f8a318082ba4f35092b5679d23cfb184", "parents": [ "bf81b46482c0fa8ea638e409d39768ea92a6b0f0" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Tue Dec 12 13:02:41 2006 -0600" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 08 17:32:51 2007 -0500" }, "message": "selinux: Delete mls_copy_context\n\nThis deletes mls_copy_context() in favor of mls_context_cpy() and\nreplaces mls_scopy_context() with mls_context_cpy_low().\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9883a13c72dbf8c518814b6091019643cdb34429", "tree": "cb904d6db071a985598d8b8659dee1556f6fb231", "parents": [ "ec8acb6904fabb8e741f741ec99bb1c18f2b3dee" ], "author": { "name": "Parag Warudkar", "email": "paragw@paragw.zapto.org", "time": "Tue Jan 02 21:09:31 2007 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Tue Jan 02 13:32:21 2007 -0800" }, "message": "[PATCH] selinux: fix selinux_netlbl_inode_permission() locking\n\ndo not call a sleeping lock API in an RCU read section.\nlock_sock_nested can sleep, its BH counterpart doesn\u0027t.\nselinux_netlbl_inode_permission() needs to use the BH counterpart\nunconditionally.\n\nCompile tested.\n\nFrom: Ingo Molnar \u003cmingo@elte.hu\u003e\n\nadded BH disabling, because this function can be called from non-atomic\ncontexts too, so a naked bh_lock_sock() would be deadlock-prone.\n\nBoot-tested the resulting kernel.\n\nSigned-off-by: Parag Warudkar \u003cparagw@paragw.zapto.org\u003e\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "bbea9f69668a3d0cf9feba15a724cd02896f8675", "tree": "bc58506e4daba4a04309181a5501ae4eb5424783", "parents": [ "f3d19c90fb117a5f080310a4592929aa8e1ad8e9" ], "author": { "name": "Vadim Lobanov", "email": "vlobanov@speakeasy.net", "time": "Sun Dec 10 02:21:12 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Sun Dec 10 09:57:22 2006 -0800" }, "message": "[PATCH] fdtable: Make fdarray and fdsets equal in size\n\nCurrently, each fdtable supports three dynamically-sized arrays of data: the\nfdarray and two fdsets. The code allows the number of fds supported by the\nfdarray (fdtable-\u003emax_fds) to differ from the number of fds supported by each\nof the fdsets (fdtable-\u003emax_fdset).\n\nIn practice, it is wasteful for these two sizes to differ: whenever we hit a\nlimit on the smaller-capacity structure, we will reallocate the entire fdtable\nand all the dynamic arrays within it, so any delta in the memory used by the\nlarger-capacity structure will never be touched at all.\n\nRather than hogging this excess, we shouldn\u0027t even allocate it in the first\nplace, and keep the capacities of the fdarray and the fdsets equal. This\npatch removes fdtable-\u003emax_fdset. As an added bonus, most of the supporting\ncode becomes simpler.\n\nSigned-off-by: Vadim Lobanov \u003cvlobanov@speakeasy.net\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Dipankar Sarma \u003cdipankar@in.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "3d5ff529ea222461a5fa3c4df05cbdc5eb56864d", "tree": "28ec8432eb9212bc04e345c2e85addc132f3a34e", "parents": [ "7ac6207b2a6a5b828bc333f2530a3bd48197af3e" ], "author": { "name": "Josef Sipek", "email": "jsipek@fsl.cs.sunysb.edu", "time": "Fri Dec 08 02:37:38 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:49 2006 -0800" }, "message": "[PATCH] struct path: convert selinux\n\nSigned-off-by: Josef Sipek \u003cjsipek@fsl.cs.sunysb.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "24ec839c431eb79bb8f6abc00c4e1eb3b8c4d517", "tree": "2ff478b1925159eeac007913c2a8f19d5f5e6010", "parents": [ "562f9c574e0707f9159a729ea41faf53b221cd30" ], "author": { "name": "Peter Zijlstra", "email": "a.p.zijlstra@chello.nl", "time": "Fri Dec 08 02:36:04 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:38 2006 -0800" }, "message": "[PATCH] tty: -\u003esignal-\u003etty locking\n\nFix the locking of signal-\u003etty.\n\nUse -\u003esighand-\u003esiglock to protect -\u003esignal-\u003etty; this lock is already used\nby most other members of -\u003esignal/-\u003esighand. And unless we are \u0027current\u0027\nor the tasklist_lock is held we need -\u003esiglock to access -\u003esignal anyway.\n\n(NOTE: sys_unshare() is broken wrt -\u003esighand locking rules)\n\nNote that tty_mutex is held over tty destruction, so while holding\ntty_mutex any tty pointer remains valid. Otherwise the lifetime of ttys\nare governed by their open file handles. This leaves some holes for tty\naccess from signal-\u003etty (or any other non file related tty access).\n\nIt solves the tty SLAB scribbles we were seeing.\n\n(NOTE: the change from group_send_sig_info to __group_send_sig_info needs to\n be examined by someone familiar with the security framework, I think\n it is safe given the SEND_SIG_PRIV from other __group_send_sig_info\n invocations)\n\n[schwidefsky@de.ibm.com: 3270 fix]\n[akpm@osdl.org: various post-viro fixes]\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nAcked-by: Alan Cox \u003calan@redhat.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: Prarit Bhargava \u003cprarit@redhat.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Jeff Dike \u003cjdike@addtoit.com\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Jan Kara \u003cjack@ucw.cz\u003e\nSigned-off-by: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6cfd76a26d9fe2ba54b9d496a48c1d9285e5c5ed", "tree": "1114a0630c5045d0650c6d78a8097fdea6f94d8e", "parents": [ "a4c410f00f7ca4bd448b0d63f6f882fd244dc991" ], "author": { "name": "Peter Zijlstra", "email": "a.p.zijlstra@chello.nl", "time": "Wed Dec 06 20:37:22 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:36 2006 -0800" }, "message": "[PATCH] lockdep: name some old style locks\n\nName some of the remaning \u0027old_style_spin_init\u0027 locks\n\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nAcked-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "48ad504ee7d598431cb2d0b2f01c6d1aff1d2a07", "tree": "52862e12cdca605b04959fc0fa28164dc015013b", "parents": [ "7cf9c2c76c1a17b32f2da85b50cd4fe468ed44b5" ], "author": { "name": "Eric Sesterhenn", "email": "snakebyte@gmx.de", "time": "Wed Dec 06 20:33:47 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:25 2006 -0800" }, "message": "[PATCH] security/keys/*: user kmemdup()\n\nSigned-off-by: Eric Sesterhenn \u003csnakebyte@gmx.de\u003e\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nAcked-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e18b890bb0881bbab6f4f1a6cd20d9c60d66b003", "tree": "4828be07e1c24781c264b42c5a75bcd968223c3f", "parents": [ "441e143e95f5aa1e04026cb0aa71c801ba53982f" ], "author": { "name": "Christoph Lameter", "email": "clameter@sgi.com", "time": "Wed Dec 06 20:33:20 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:25 2006 -0800" }, "message": "[PATCH] slab: remove kmem_cache_t\n\nReplace all uses of kmem_cache_t with struct kmem_cache.\n\nThe patch was generated using the following script:\n\n\t#!/bin/sh\n\t#\n\t# Replace one string by another in all the kernel sources.\n\t#\n\n\tset -e\n\n\tfor file in `find * -name \"*.c\" -o -name \"*.h\"|xargs grep -l $1`; do\n\t\tquilt add $file\n\t\tsed -e \"1,\\$s/$1/$2/g\" $file \u003e/tmp/$$\n\t\tmv /tmp/$$ $file\n\t\tquilt refresh\n\tdone\n\nThe script was run like this\n\n\tsh replace kmem_cache_t \"struct kmem_cache\"\n\nSigned-off-by: Christoph Lameter \u003cclameter@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e94b1766097d53e6f3ccfb36c8baa562ffeda3fc", "tree": "93fa0a8ab84976d4e89c50768ca8b8878d642a0d", "parents": [ "54e6ecb23951b195d02433a741c7f7cb0b796c78" ], "author": { "name": "Christoph Lameter", "email": "clameter@sgi.com", "time": "Wed Dec 06 20:33:17 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:24 2006 -0800" }, "message": "[PATCH] slab: remove SLAB_KERNEL\n\nSLAB_KERNEL is an alias of GFP_KERNEL.\n\nSigned-off-by: Christoph Lameter \u003cclameter@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "54e6ecb23951b195d02433a741c7f7cb0b796c78", "tree": "c8885c49f37c8d383945b8af69d51597494ed62c", "parents": [ "f7267c0c0721fd02ad3dc37c3d6dd24ccd81d4d6" ], "author": { "name": "Christoph Lameter", "email": "clameter@sgi.com", "time": "Wed Dec 06 20:33:16 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:24 2006 -0800" }, "message": "[PATCH] slab: remove SLAB_ATOMIC\n\nSLAB_ATOMIC is an alias of GFP_ATOMIC\n\nSigned-off-by: Christoph Lameter \u003cclameter@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9db73724453a9350e1c22dbe732d427e2939a5c9", "tree": "15e3ead6413ae97398a54292acc199bee0864d42", "parents": [ "4c1ac1b49122b805adfa4efc620592f68dccf5db", "e62438630ca37539c8cc1553710bbfaa3cf960a7" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Dec 05 17:01:28 2006 +0000" }, "committer": { "name": "David Howells", "email": "dhowells@warthog.cambridge.redhat.com", "time": "Tue Dec 05 17:01:28 2006 +0000" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6\n\nConflicts:\n\n\tdrivers/ata/libata-scsi.c\n\tinclude/linux/libata.h\n\nFuther merge of Linus\u0027s head and compilation fixups.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "4c1ac1b49122b805adfa4efc620592f68dccf5db", "tree": "87557f4bc2fd4fe65b7570489c2f610c45c0adcd", "parents": [ "c4028958b6ecad064b1a6303a6a5906d4fe48d73", "d916faace3efc0bf19fe9a615a1ab8fa1a24cd93" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Dec 05 14:37:56 2006 +0000" }, "committer": { "name": "David Howells", "email": "dhowells@warthog.cambridge.redhat.com", "time": "Tue Dec 05 14:37:56 2006 +0000" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6\n\nConflicts:\n\n\tdrivers/infiniband/core/iwcm.c\n\tdrivers/net/chelsio/cxgb2.c\n\tdrivers/net/wireless/bcm43xx/bcm43xx_main.c\n\tdrivers/net/wireless/prism54/islpci_eth.c\n\tdrivers/usb/core/hub.h\n\tdrivers/usb/input/hid-core.c\n\tnet/core/netpoll.c\n\nFix up merge failures with Linus\u0027s head and fix new compilation failures.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "87fcd70d983d30eca4b933fff2e97d9a31743d0a", "tree": "2c79943f7691f80123af0145a8909f14011b0761", "parents": [ "91f433cacc9d1ae95ae46ce26d7bcf3a724c72d0" ], "author": { "name": "Al Viro", "email": "viro@hera.kernel.org", "time": "Mon Dec 04 22:00:55 2006 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Mon Dec 04 19:32:44 2006 -0800" }, "message": "[PATCH] selinux endianness annotations\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6cbda6b6e2e2a0a84c0fcda8ea262c16d7a63fc8", "tree": "ca4c974f9eedc3ab756b6eecb7c2db2a68095493", "parents": [ "484b366932be0b73a22c74a82748ca10a721643e" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 29 16:50:27 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:31:39 2006 -0800" }, "message": "Rename class_destroy to avoid namespace conflicts.\n\nWe\u0027re seeing increasing namespace conflicts between the global\nclass_destroy() function declared in linux/device.h, and the private\nfunction in the SELinux core code. This patch renames the SELinux\nfunction to cls_destroy() to avoid this conflict.\n\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "02752760359db6b00a3ffb1acfc13ef8d9eb1e3f", "tree": "796cd65fd4cd732b295e61dac194efbf36b78842", "parents": [ "ef91fd522ba3c88d9c68261c243567bc4c5a8f55" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Nov 29 13:18:18 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:31:36 2006 -0800" }, "message": "NetLabel: convert to an extensibile/sparse category bitmap\n\nThe original NetLabel category bitmap was a straight char bitmap which worked\nfine for the initial release as it only supported 240 bits due to limitations\nin the CIPSO restricted bitmap tag (tag type 0x01). This patch converts that\nstraight char bitmap into an extensibile/sparse bitmap in order to lay the\nfoundation for other CIPSO tag types and protocols.\n\nThis patch also has a nice side effect in that all of the security attributes\npassed by NetLabel into the LSM are now in a format which is in the host\u0027s\nnative byte/bit ordering which makes the LSM specific code much simpler; look\nat the changes in security/selinux/ss/ebitmap.c as an example.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bb22f58087fdf8b617803c9b65bc86c6d26b5115", "tree": "ff68f85498cedce8858d44b80d0ae8c65b757056", "parents": [ "de64688ffb952a65ddbc5295ccd235d35f292593" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 17 23:01:03 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:24:16 2006 -0800" }, "message": "Compile fix for \"peer secid consolidation for external network labeling\"\n\nUse a forward declaration instead of dragging in skbuff.h and\nrelated junk.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3de4bab5b9f8848a0c16a4b1ffe0452f0d670237", "tree": "f65c12b53bf2ad02645ea31522f67e7318019498", "parents": [ "9f2ad66509b182b399a5b03de487f45bde623524" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Nov 17 17:38:54 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:24:14 2006 -0800" }, "message": "SELinux: peer secid consolidation for external network labeling\n\nNow that labeled IPsec makes use of the peer_sid field in the\nsk_security_struct we can remove a lot of the special cases between labeled\nIPsec and NetLabel. In addition, create a new function,\nsecurity_skb_extlbl_sid(), which we can use in several places to get the\nsecurity context of the packet\u0027s external label which allows us to further\nsimplify the code in a few places.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9f2ad66509b182b399a5b03de487f45bde623524", "tree": "8376dc2db99a78c1b043644f019c4dc224187f16", "parents": [ "9bb5fd2b05cb4dba229e225536faa59eaadd837d" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Nov 17 17:38:53 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:24:13 2006 -0800" }, "message": "NetLabel: SELinux cleanups\n\nThis patch does a lot of cleanup in the SELinux NetLabel support code. A\nsummary of the changes include:\n\n* Use RCU locking for the NetLabel state variable in the skk_security_struct\n instead of using the inode_security_struct mutex.\n* Remove unnecessary parameters in selinux_netlbl_socket_post_create().\n* Rename selinux_netlbl_sk_clone_security() to\n selinux_netlbl_sk_security_clone() to better fit the other NetLabel\n sk_security functions.\n* Improvements to selinux_netlbl_inode_permission() to help reduce the cost of\n the common case.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "701a90bad99b8081a824cca52c178c8fc8f46bb2", "tree": "5fed88e6707e9122d7f16e4c5d8fea7c69e090ac", "parents": [ "c6fa82a9dd6160e0bc980cb0401c16bf62f2fe66" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Nov 17 17:38:46 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:24:07 2006 -0800" }, "message": "NetLabel: make netlbl_lsm_secattr struct easier/quicker to understand\n\nThe existing netlbl_lsm_secattr struct required the LSM to check all of the\nfields to determine if any security attributes were present resulting in a lot\nof work in the common case of no attributes. This patch adds a \u0027flags\u0027 field\nwhich is used to indicate which attributes are present in the structure; this\nshould allow the LSM to do a quick comparison to determine if the structure\nholds any security attributes.\n\nExample:\n\n if (netlbl_lsm_secattr-\u003eflags)\n\t/* security attributes present */\n else\n\t/* NO security attributes present */\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6051e2f4fb68fc8e5343db58fa680ece376f405c", "tree": "b061f38f00100e40a3c5b9f33e3acb58c5aa3e7b", "parents": [ "04561c1fe7b067a8250e6caaf168256783580c4c" ], "author": { "name": "Thomas Graf", "email": "tgraf@suug.ch", "time": "Tue Nov 14 19:54:19 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:22:45 2006 -0800" }, "message": "[IPv6] prefix: Convert RTM_NEWPREFIX notifications to use the new netlink api\n\nRTM_GETPREFIX is completely unused and is thus removed.\n\nSigned-off-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2ee92d46c6cabedd50edf6f273fa8cf84f707618", "tree": "bdf7c64514a5063ba4ef41915f9efb6f803fc38a", "parents": [ "90833aa4f496d69ca374af6acef7d1614c8693ff" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 13 16:09:01 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:22:24 2006 -0800" }, "message": "[SELinux]: Add support for DCCP\n\nThis patch implements SELinux kernel support for DCCP\n(http://linux-net.osdl.org/index.php/DCCP), which is similar in\noperation to TCP in terms of connected state between peers.\n\nThe SELinux support for DCCP is thus modeled on existing handling of\nTCP.\n\nA new DCCP socket class is introduced, to allow protocol\ndifferentation. The permissions for this class inherit all of the\nsocket permissions, as well as the current TCP permissions (node_bind,\nname_bind etc). IPv4 and IPv6 are supported, although labeled\nnetworking is not, at this stage.\n\nPatches for SELinux userspace are at:\nhttp://people.redhat.com/jmorris/selinux/dccp/user/\n\nI\u0027ve performed some basic testing, and it seems to be working as\nexpected. Adding policy support is similar to TCP, the only real\ndifference being that it\u0027s a different protocol.\n\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "67f83cbf081a70426ff667e8d14f94e13ed3bdca", "tree": "776a40733eacb9071478f865e6791daa3f6fd602", "parents": [ "6b877699c6f1efede4545bcecc367786a472eedb" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@trustedcs.com", "time": "Wed Nov 08 17:04:26 2006 -0600" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:21:34 2006 -0800" }, "message": "SELinux: Fix SA selection semantics\n\nFix the selection of an SA for an outgoing packet to be at the same\ncontext as the originating socket/flow. This eliminates the SELinux\npolicy\u0027s ability to use/sendto SAs with contexts other than the socket\u0027s.\n\nWith this patch applied, the SELinux policy will require one or more of the\nfollowing for a socket to be able to communicate with/without SAs:\n\n1. To enable a socket to communicate without using labeled-IPSec SAs:\n\nallow socket_t unlabeled_t:association { sendto recvfrom }\n\n2. To enable a socket to communicate with labeled-IPSec SAs:\n\nallow socket_t self:association { sendto };\nallow socket_t peer_sa_t:association { recvfrom };\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6b877699c6f1efede4545bcecc367786a472eedb", "tree": "c0a60dc90578fa9f16d4496e2700bc285eab47c0", "parents": [ "c1a856c9640c9ff3d70bbd8214b6a0974609eef8" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@trustedcs.com", "time": "Wed Nov 08 17:04:09 2006 -0600" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:21:33 2006 -0800" }, "message": "SELinux: Return correct context for SO_PEERSEC\n\nFix SO_PEERSEC for tcp sockets to return the security context of\nthe peer (as represented by the SA from the peer) as opposed to the\nSA used by the local/source socket.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c1a856c9640c9ff3d70bbd8214b6a0974609eef8", "tree": "76166bf784edd968ffac8c3dcc607d73580c509a", "parents": [ "e8db8c99100750ade5a9b4072b9469cab718a5b7" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@trustedcs.com", "time": "Wed Nov 08 17:03:44 2006 -0600" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:21:31 2006 -0800" }, "message": "SELinux: Various xfrm labeling fixes\n\nSince the upstreaming of the mlsxfrm modification a few months back,\ntesting has resulted in the identification of the following issues/bugs that\nare resolved in this patch set.\n\n1. Fix the security context used in the IKE negotiation to be the context\n of the socket as opposed to the context of the SPD rule.\n\n2. Fix SO_PEERSEC for tcp sockets to return the security context of\n the peer as opposed to the source.\n\n3. Fix the selection of an SA for an outgoing packet to be at the same\n context as the originating socket/flow.\n\nThe following would be the result of applying this patchset:\n\n- SO_PEERSEC will now correctly return the peer\u0027s context.\n\n- IKE deamons will receive the context of the source socket/flow\n as opposed to the SPD rule\u0027s context so that the negotiated SA\n will be at the same context as the source socket/flow.\n\n- The SELinux policy will require one or more of the\n following for a socket to be able to communicate with/without SAs:\n\n 1. To enable a socket to communicate without using labeled-IPSec SAs:\n\n allow socket_t unlabeled_t:association { sendto recvfrom }\n\n 2. To enable a socket to communicate with labeled-IPSec SAs:\n\n allow socket_t self:association { sendto };\n allow socket_t peer_sa_t:association { recvfrom };\n\nThis Patch: Pass correct security context to IKE for use in negotiation\n\nFix the security context passed to IKE for use in negotiation to be the\ncontext of the socket as opposed to the context of the SPD rule so that\nthe SA carries the label of the originating socket/flow.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b07e3c3a1db0ce399d2a1d04860e1b901927c05e", "tree": "474c17e969b5462a3702f0021249e1d78522ac35", "parents": [ "5f56bbdf1e35d41b4b3d4c92bdb3e70c63877e4d", "b94c7e677b9d28bd3f9ba4a70df6bfa7942867ca" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 01 16:43:42 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 01 16:43:42 2006 -0800" }, "message": "Merge branch \u0027for-2.6.20\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-2.6.20\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n SELinux: validate kernel object classes and permissions\n SELinux: ensure keys constant in hashtab_search\n SELinux: export object class and permission definitions\n SELinux: remove current object class and permission validation mechanism\n" }, { "commit": "b94c7e677b9d28bd3f9ba4a70df6bfa7942867ca", "tree": "ea116d586f821526513d32fd5e7c2f8fa6d59485", "parents": [ "bb242497474da317a7169cc939c741ccf2e79e8c" ], "author": { "name": "Chad Sellers", "email": "csellers@tresys.com", "time": "Mon Nov 06 12:38:18 2006 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 28 12:04:38 2006 -0500" }, "message": "SELinux: validate kernel object classes and permissions\n\nThis is a new object class and permission validation scheme that validates\nagainst the defined kernel headers. This scheme allows extra classes\nand permissions that do not conflict with the kernel definitions to be\nadded to the policy. This validation is now done for all policy loads,\nnot just subsequent loads after the first policy load.\n\nThe implementation walks the three structrures containing the defined\nobject class and permission values and ensures their values are the\nsame in the policy being loaded. This includes verifying the object\nclasses themselves, the permissions they contain, and the permissions\nthey inherit from commons. Classes or permissions that are present in the\nkernel but missing from the policy cause a warning (printed to KERN_INFO)\nto be printed, but do not stop the policy from loading, emulating current\nbehavior. Any other inconsistencies cause the load to fail.\n\nSigned-off-by: Chad Sellers \u003ccsellers@tresys.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bb242497474da317a7169cc939c741ccf2e79e8c", "tree": "f0388fcadc32e98ae977ba7d1b42f724697cd756", "parents": [ "5c45899879e8caadb78f04c9c639f4c2025b9f00" ], "author": { "name": "Chad Sellers", "email": "csellers@tresys.com", "time": "Mon Nov 06 12:38:17 2006 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 28 12:04:37 2006 -0500" }, "message": "SELinux: ensure keys constant in hashtab_search\n\nMakes the key argument passed into hashtab_search and all the functions\nit calls constant. These functions include hash table function pointers\nhash_value and keycmp. The only implementations of these currently\nare symhash and symcmp, which do not modify the key. The key parameter\nshould never be changed by any of these, so it should be const. This\nis necessary to allow calling these functions with keys found in kernel\nobject class and permission definitions.\n\nSigned-off-by: Chad Sellers \u003ccsellers@tresys.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5c45899879e8caadb78f04c9c639f4c2025b9f00", "tree": "ee47228ccb816e523ac1051cfe41927059bc5ef9", "parents": [ "5a64d4438ed1e759ccd30d9e90842bf360f19298" ], "author": { "name": "Chad Sellers", "email": "csellers@tresys.com", "time": "Mon Nov 06 12:38:16 2006 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 28 12:04:36 2006 -0500" }, "message": "SELinux: export object class and permission definitions\n\nMoves the definition of the 3 structs containing object class and\npermission definitions from avc.c to avc_ss.h so that the security\nserver can access them for validation on policy load. This also adds\na new struct type, defined_classes_perms_t, suitable for allowing the\nsecurity server to access these data structures from the avc.\n\nSigned-off-by: Chad Sellers \u003ccsellers@tresys.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "5a64d4438ed1e759ccd30d9e90842bf360f19298" }