)]}' { "log": [ { "commit": "e8c26255992474a2161c63ce9d385827302e4530", "tree": "08d247a53eca56a6e161ca784a4536b3ea7662f7", "parents": [ "01a05b337a5b647909e1d6670f57e7202318a5fb" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 23 06:36:54 2010 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 21 18:31:17 2010 -0400" }, "message": "switch selinux delayed superblock handling to iterate_supers()\n\n... kill their private list, while we are at it\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b3139bbc52762268769e7af842aade0e64372433", "tree": "eae65d208fdbeaefd9bdc9c6877d8eb18e617bf6", "parents": [ "9e4b50e93786d00c703f16ed46e6a4029c0dfdd1" ], "author": { "name": "Julia Lawall", "email": "julia@diku.dk", "time": "Fri May 14 21:30:30 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon May 17 09:00:27 2010 +1000" }, "message": "security/selinux/ss: Use kstrdup\n\nUse kstrdup when the goal of an allocation is copy a string into the\nallocated region.\n\nThe semantic patch that makes this change is as follows:\n(http://coccinelle.lip6.fr/)\n\n// \u003csmpl\u003e\n@@\nexpression from,to;\nexpression flag,E1,E2;\nstatement S;\n@@\n\n- to \u003d kmalloc(strlen(from) + 1,flag);\n+ to \u003d kstrdup(from, flag);\n ... when !\u003d \\(from \u003d E1 \\| to \u003d E1 \\)\n if (to\u003d\u003dNULL || ...) S\n ... when !\u003d \\(from \u003d E2 \\| to \u003d E2 \\)\n- strcpy(to, from);\n// \u003c/smpl\u003e\n\nSigned-off-by: Julia Lawall \u003cjulia@diku.dk\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0ffbe2699cda6afbe08501098dff8a8c2fe6ae09", "tree": "81b1a2305d16c873371b65c5a863c0268036cefe", "parents": [ "4e5d6f7ec3833c0da9cf34fa5c53c6058c5908b6", "7ebd467551ed6ae200d7835a84bbda0dcadaa511" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 10:56:07 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 10:56:07 2010 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "fcaaade1db63bb2d6f7611d7824eb50d2f07a546", "tree": "9091dbdd0c9bd1e3af9ece6f5cce5c0d6c258253", "parents": [ "cb84aa9b42b506299e5aea1ba4da26c03ab12877" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Apr 28 15:57:57 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 29 08:58:45 2010 +1000" }, "message": "selinux: generalize disabling of execmem for plt-in-heap archs\n\nOn Tue, 2010-04-27 at 11:47 -0700, David Miller wrote:\n\u003e From: \"Tom \\\"spot\\\" Callaway\" \u003ctcallawa@redhat.com\u003e\n\u003e Date: Tue, 27 Apr 2010 14:20:21 -0400\n\u003e\n\u003e \u003e [root@apollo ~]$ cat /proc/2174/maps\n\u003e \u003e 00010000-00014000 r-xp 00000000 fd:00 15466577\n\u003e \u003e /sbin/mingetty\n\u003e \u003e 00022000-00024000 rwxp 00002000 fd:00 15466577\n\u003e \u003e /sbin/mingetty\n\u003e \u003e 00024000-00046000 rwxp 00000000 00:00 0\n\u003e \u003e [heap]\n\u003e\n\u003e SELINUX probably barfs on the executable heap, the PLT is in the HEAP\n\u003e just like powerpc32 and that\u0027s why VM_DATA_DEFAULT_FLAGS has to set\n\u003e both executable and writable.\n\u003e\n\u003e You also can\u0027t remove the CONFIG_PPC32 ifdefs in selinux, since\n\u003e because of the VM_DATA_DEFAULT_FLAGS setting used still in that arch,\n\u003e the heap will always have executable permission, just like sparc does.\n\u003e You have to support those binaries forever, whether you like it or not.\n\u003e\n\u003e Let\u0027s just replace the CONFIG_PPC32 ifdef in SELINUX with CONFIG_PPC32\n\u003e || CONFIG_SPARC as in Tom\u0027s original patch and let\u0027s be done with\n\u003e this.\n\u003e\n\u003e In fact I would go through all the arch/ header files and check the\n\u003e VM_DATA_DEFAULT_FLAGS settings and add the necessary new ifdefs to the\n\u003e SELINUX code so that other platforms don\u0027t have the pain of having to\n\u003e go through this process too.\n\nTo avoid maintaining per-arch ifdefs, it seems that we could just\ndirectly use (VM_DATA_DEFAULT_FLAGS \u0026 VM_EXEC) as the basis for deciding\nwhether to enable or disable these checks. VM_DATA_DEFAULT_FLAGS isn\u0027t\nconstant on some architectures but instead depends on\ncurrent-\u003epersonality, but we want this applied uniformly. So we\u0027ll just\nuse the initial task state to determine whether or not to enable these\nchecks.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cb84aa9b42b506299e5aea1ba4da26c03ab12877", "tree": "af646c3d148f5c04f7362c8bddc59b8518cafd9e", "parents": [ "b03df87d119f50715891dcc09e487f6ae5c029f1" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 27 17:20:38 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 28 08:51:12 2010 +1000" }, "message": "LSM Audit: rename LSM_AUDIT_NO_AUDIT to LSM_AUDIT_DATA_NONE\n\nMost of the LSM common audit work uses LSM_AUDIT_DATA_* for the naming.\nThis was not so for LSM_AUDIT_NO_AUDIT which means the generic initializer\ncannot be used. This patch just renames the flag so the generic\ninitializer can be used.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a200005038955057063fc8ea82129ebc785df41c", "tree": "712fdedac2d15290cdbe7b8adc02cce844fde9f0", "parents": [ "6f262d8e1acb7b1605b811700326163fa707d355" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 20 10:29:42 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 21 08:58:49 2010 +1000" }, "message": "SELinux: return error codes on policy load failure\n\npolicy load failure always return EINVAL even if the failure was for some\nother reason (usually ENOMEM). This patch passes error codes back up the\nstack where they will make their way to userspace. This might help in\ndebugging future problems with policy load.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6c9ff1013b7a21099da838eeef7c3f23ee347957", "tree": "38fb14055ae1dcae110f0f77a959d9584e2466a0", "parents": [ "2ba3abd8186f24c7fb418927025b4e2120e3a362" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Mar 15 10:42:11 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 15 09:26:01 2010 +1000" }, "message": "SELinux: Reduce max avtab size to avoid page allocation failures\n\nReduce MAX_AVTAB_HASH_BITS so that the avtab allocation is an order 2\nallocation rather than an order 4 allocation on x86_64. This\naddresses reports of page allocation failures:\nhttp://marc.info/?l\u003dselinux\u0026m\u003d126757230625867\u0026w\u003d2\nhttps://bugzilla.redhat.com/show_bug.cgi?id\u003d570433\n\nReported-by: Russell Coker \u003crussell@coker.com.au\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c1a7368a6f0b18b10fdec87972da680ebdf03794", "tree": "17a8d306fe2332093e0e11e5fbb03199df011037", "parents": [ "e2902eb79fdea3c3bf679a8f15f3432b393cb2c0" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Fri Apr 09 19:30:29 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 09 15:13:48 2010 +1000" }, "message": "Security: Fix coding style in security/\n\nFix coding style in security/\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dd3e7836bfe093fc611f715c323cf53be9252b27", "tree": "5e789062f3b74ed7c0ec370785eba234ee1ff472", "parents": [ "d25d6fa1a95f465ff1ec4458ca15e30b2c8dffec" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:08:46 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 08 09:17:02 2010 +1000" }, "message": "selinux: always call sk_security_struct sksec\n\ntrying to grep everything that messes with a sk_security_struct isn\u0027t easy\nsince we don\u0027t always call it sksec. Just rename everything sksec.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d25d6fa1a95f465ff1ec4458ca15e30b2c8dffec", "tree": "7362b182dedd825fc762ef7706830837e42943af", "parents": [ "225a9be24d799aa16d543c31fb09f0c9ed1d9caa", "2eaa9cfdf33b8d7fb7aff27792192e0019ae8fc6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 31 08:39:27 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 31 08:39:27 2010 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "5a0e3ad6af8660be21ca98a971cd00f331318c05", "tree": "5bfb7be11a03176a87296a43ac6647975c00a1d1", "parents": [ "ed391f4ebf8f701d3566423ce8f17e614cde9806" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 24 17:04:11 2010 +0900" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Mar 30 22:02:32 2010 +0900" }, "message": "include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h\n\npercpu.h is included by sched.h and module.h and thus ends up being\nincluded when building most .c files. percpu.h includes slab.h which\nin turn includes gfp.h making everything defined by the two files\nuniversally available and complicating inclusion dependencies.\n\npercpu.h -\u003e slab.h dependency is about to be removed. Prepare for\nthis change by updating users of gfp and slab facilities include those\nheaders directly instead of assuming availability. As this conversion\nneeds to touch large number of source files, the following script is\nused as the basis of conversion.\n\n http://userweb.kernel.org/~tj/misc/slabh-sweep.py\n\nThe script does the followings.\n\n* Scan files for gfp and slab usages and update includes such that\n only the necessary includes are there. ie. if only gfp is used,\n gfp.h, if slab is used, slab.h.\n\n* When the script inserts a new include, it looks at the include\n blocks and try to put the new include such that its order conforms\n to its surrounding. It\u0027s put in the include block which contains\n core kernel includes, in the same order that the rest are ordered -\n alphabetical, Christmas tree, rev-Xmas-tree or at the end if there\n doesn\u0027t seem to be any matching order.\n\n* If the script can\u0027t find a place to put a new include (mostly\n because the file doesn\u0027t have fitting include block), it prints out\n an error message indicating which .h file needs to be added to the\n file.\n\nThe conversion was done in the following steps.\n\n1. The initial automatic conversion of all .c files updated slightly\n over 4000 files, deleting around 700 includes and adding ~480 gfp.h\n and ~3000 slab.h inclusions. The script emitted errors for ~400\n files.\n\n2. Each error was manually checked. Some didn\u0027t need the inclusion,\n some needed manual addition while adding it to implementation .h or\n embedding .c file was more appropriate for others. This step added\n inclusions to around 150 files.\n\n3. The script was run again and the output was compared to the edits\n from #2 to make sure no file was left behind.\n\n4. Several build tests were done and a couple of problems were fixed.\n e.g. lib/decompress_*.c used malloc/free() wrappers around slab\n APIs requiring slab.h to be added manually.\n\n5. The script was run on all .h files but without automatically\n editing them as sprinkling gfp.h and slab.h inclusions around .h\n files could easily lead to inclusion dependency hell. Most gfp.h\n inclusion directives were ignored as stuff from gfp.h was usually\n wildly available and often used in preprocessor macros. Each\n slab.h inclusion directive was examined and added manually as\n necessary.\n\n6. percpu.h was updated not to include slab.h.\n\n7. Build test were done on the following configurations and failures\n were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my\n distributed build env didn\u0027t work with gcov compiles) and a few\n more options had to be turned off depending on archs to make things\n build (like ipr on powerpc/64 which failed due to missing writeq).\n\n * x86 and x86_64 UP and SMP allmodconfig and a custom test config.\n * powerpc and powerpc64 SMP allmodconfig\n * sparc and sparc64 SMP allmodconfig\n * ia64 SMP allmodconfig\n * s390 SMP allmodconfig\n * alpha SMP allmodconfig\n * um on x86_64 SMP allmodconfig\n\n8. percpu.h modifications were reverted so that it could be applied as\n a separate patch and serve as bisection point.\n\nGiven the fact that I had only a couple of failures from tests on step\n6, I\u0027m fairly confident about the coverage of this conversion patch.\nIf there is a breakage, it\u0027s likely to be something in one of the arch\nheaders which should be easily discoverable easily on most builds of\nthe specific arch.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nGuess-its-ok-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Lee Schermerhorn \u003cLee.Schermerhorn@hp.com\u003e\n" }, { "commit": "77c160e7798b4141a0705c734397a9236bb0e726", "tree": "e163a4f3fac4fa6f6419d95bcdf78e842d510089", "parents": [ "a19c5bbefb37ebe22fb42bd3861a8d3b2a2652a1" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Mar 15 10:42:11 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 16 08:31:02 2010 +1100" }, "message": "SELinux: Reduce max avtab size to avoid page allocation failures\n\nReduce MAX_AVTAB_HASH_BITS so that the avtab allocation is an order 2\nallocation rather than an order 4 allocation on x86_64. This\naddresses reports of page allocation failures:\nhttp://marc.info/?l\u003dselinux\u0026m\u003d126757230625867\u0026w\u003d2\nhttps://bugzilla.redhat.com/show_bug.cgi?id\u003d570433\n\nReported-by: Russell Coker \u003crussell@coker.com.au\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c43a7523470dc2d9947fa114a0b54317975d4c04", "tree": "30a72ed1e9079f19b814263197761820f57c39ce", "parents": [ "eaa5eec739637f32f8733d528ff0b94fd62b1214", "634a539e16bd7a1ba31c3f832baa725565cc9f96" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 09 12:46:47 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 09 12:46:47 2010 +1100" }, "message": "Merge branch \u0027next-queue\u0027 into next\n" }, { "commit": "318ae2edc3b29216abd8a2510f3f80b764f06858", "tree": "ce595adde342f57f379d277b25e4dd206988a052", "parents": [ "25cf84cf377c0aae5dbcf937ea89bc7893db5176", "3e58974027b04e84f68b964ef368a6cd758e2f84" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Mar 08 16:55:37 2010 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Mar 08 16:55:37 2010 +0100" }, "message": "Merge branch \u0027for-next\u0027 into for-linus\n\nConflicts:\n\tDocumentation/filesystems/proc.txt\n\tarch/arm/mach-u300/include/mach/debug-macro.S\n\tdrivers/net/qlge/qlge_ethtool.c\n\tdrivers/net/qlge/qlge_main.c\n\tdrivers/net/typhoon.c\n" }, { "commit": "634a539e16bd7a1ba31c3f832baa725565cc9f96", "tree": "cdc26f167c3a2764fecdf3427b2303d28bf05671", "parents": [ "c8563473c1259f5686ceb918c548c80132089f79" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@vyatta.com", "time": "Thu Mar 04 21:59:03 2010 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Mar 08 09:33:53 2010 +1100" }, "message": "selinux: const strings in tables\n\nSeveral places strings tables are used that should be declared\nconst.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "06b9b72df43800b9ae4e77202c8bf5848c9d6998", "tree": "8618aedcf68de0193924b8e6c44d010c382c85b9", "parents": [ "dbba541f9d9bd2c200041bc1b37c59dbaf9beb75" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Wed Mar 03 21:29:37 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 04 08:51:06 2010 +1100" }, "message": "Selinux: Remove unused headers skbuff.h in selinux/nlmsgtab.c\n\nskbuff.h is already included by netlink.h, so remove it.\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dbba541f9d9bd2c200041bc1b37c59dbaf9beb75", "tree": "1f359b8f354759296d625f783ea32f4de9bfb399", "parents": [ "31637b55b09753de9d5e24afc3a1d7fbdb2108d8" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Tue Mar 02 17:03:43 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 03 09:22:16 2010 +1100" }, "message": "Selinux: Remove unused headers slab.h in selinux/ss/symtab.c\n\nslab.h is unused in symtab.c, so remove it.\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "31637b55b09753de9d5e24afc3a1d7fbdb2108d8", "tree": "92ab84b8a40aad0d1ec3f423a82033ebc8dce10a", "parents": [ "b380de9e54ec354ccac55fd9a611ffe28b4daa76" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Tue Mar 02 15:08:58 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 03 09:20:57 2010 +1100" }, "message": "Selinux: Remove unused headers list.h in selinux/netlink.c\n\nlist.h is unused in netlink.c, so remove it.\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b4ccebdd37ff70d349321a198f416ba737a5e833", "tree": "275d717070346722c3aacd8355fb4f743216e03b", "parents": [ "30ff056c42c665b9ea535d8515890857ae382540", "ef57471a73b67a7b65fd8708fd55c77cb7c619af" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Mar 01 09:36:31 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Mar 01 09:36:31 2010 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n" }, { "commit": "ef57471a73b67a7b65fd8708fd55c77cb7c619af", "tree": "0cb8f8dea197999d79bf69d192719be69cd36244", "parents": [ "1fcdc7c527010b144d3951f9ce25faedf264933c" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Feb 26 01:56:16 2010 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 26 14:54:23 2010 +1100" }, "message": "SELinux: Make selinux_kernel_create_files_as() shouldn\u0027t just always return 0\n\nMake selinux_kernel_create_files_as() return an error when it gets one, rather\nthan unconditionally returning 0.\n\nWithout this, cachefiles doesn\u0027t return an error if the SELinux policy doesn\u0027t\nlet it create files with the label of the directory at the base of the cache.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c36f74e67fa12202dbcb4ad92c5ac844f9d36b98", "tree": "13cf4be470470b32ce348202ab4ba6a342c39ed9", "parents": [ "baac35c4155a8aa826c70acee6553368ca5243a2" ], "author": { "name": "Joshua Roys", "email": "joshua.roys@gtri.gatech.edu", "time": "Wed Feb 24 18:52:44 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 25 17:49:20 2010 +1100" }, "message": "netlabel: fix export of SELinux categories \u003e 127\n\nThis fixes corrupted CIPSO packets when SELinux categories greater than 127\nare used. The bug occured on the second (and later) loops through the\nwhile; the inner for loop through the ebitmap-\u003emaps array used the same\nindex as the NetLabel catmap-\u003ebitmap array, even though the NetLabel bitmap\nis twice as long as the SELinux bitmap.\n\nSigned-off-by: Joshua Roys \u003cjoshua.roys@gtri.gatech.edu\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "189b3b1c89761054fee3438f063d7f257306e2d8", "tree": "8099352fa731fca91b95d862ac0d7199f21ca54d", "parents": [ "2ae3ba39389b51d8502123de0a59374bec899c4d" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Tue Feb 23 23:15:28 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Feb 24 08:11:02 2010 +1100" }, "message": "Security: add static to security_ops and default_security_ops variable\n\nEnhance the security framework to support resetting the active security\nmodule. This eliminates the need for direct use of the security_ops and\ndefault_security_ops variables outside of security.c, so make security_ops\nand default_security_ops static. Also remove the secondary_ops variable as\na cleanup since there is no use for that. secondary_ops was originally used by\nSELinux to call the \"secondary\" security module (capability or dummy),\nbut that was replaced by direct calls to capability and the only\nremaining use is to save and restore the original security ops pointer\nvalue if SELinux is disabled by early userspace based on /etc/selinux/config.\nFurther, if we support this directly in the security framework, then we can\njust use \u0026default_security_ops for this purpose since that is now available.\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2ae3ba39389b51d8502123de0a59374bec899c4d", "tree": "54c552fa9fa6c17b769f6aca3fd438e542b504a4", "parents": [ "170800088666963de1111d62fb503889c8c82eda" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Wed Feb 17 08:49:41 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 22 08:27:41 2010 +1100" }, "message": "selinux: libsepol: remove dead code in check_avtab_hierarchy_callback()\n\nThis patch revert the commit of 7d52a155e38d5a165759dbbee656455861bf7801\nwhich removed a part of type_attribute_bounds_av as a dead code.\nHowever, at that time, we didn\u0027t find out the target side boundary allows\nto handle some of pseudo /proc/\u003cpid\u003e/* entries with its process\u0027s security\ncontext well.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n\n--\n security/selinux/ss/services.c | 43 ++++++++++++++++++++++++++++++++++++---\n 1 files changed, 39 insertions(+), 4 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2da5d31bc72d0a36dc16af7f5d5baa4f86df9c76", "tree": "9d5bd3cc7d9e5b1beecc954bb5337af8454d352d", "parents": [ "97d6931ead3e89a764cdaa3ad0924037367f0d34" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 16 17:29:06 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 16 17:29:06 2010 +1100" }, "message": "security: fix a couple of sparse warnings\n\nFix a couple of sparse warnings for callers of\ncontext_struct_to_string, which takes a *u32, not an *int.\n\nThese cases are harmless as the values are not used.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\n" }, { "commit": "8007f10259d04f37044c2c731bf9ccdd9161d825", "tree": "6accff6b70b4780bc62824c419582f4cace56f23", "parents": [ "ea13ddbad0eb4be9cdc406cd7e0804fa4011f6e4" ], "author": { "name": "Xiaotian Feng", "email": "dfeng@redhat.com", "time": "Tue Feb 09 08:22:24 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 09 08:22:24 2010 +1100" }, "message": "selinux: fix memory leak in sel_make_bools\n\nIn sel_make_bools, kernel allocates memory for bool_pending_names[i]\nwith security_get_bools. So if we just free bool_pending_names, those\nmemories for bool_pending_names[i] will be leaked.\n\nThis patch resolves dozens of following kmemleak report after resuming\nfrom suspend:\nunreferenced object 0xffff88022e4c7380 (size 32):\n comm \"init\", pid 1, jiffies 4294677173\n backtrace:\n [\u003cffffffff810f76b5\u003e] create_object+0x1a2/0x2a9\n [\u003cffffffff810f78bb\u003e] kmemleak_alloc+0x26/0x4b\n [\u003cffffffff810ef3eb\u003e] __kmalloc+0x18f/0x1b8\n [\u003cffffffff811cd511\u003e] security_get_bools+0xd7/0x16f\n [\u003cffffffff811c48c0\u003e] sel_write_load+0x12e/0x62b\n [\u003cffffffff810f9a39\u003e] vfs_write+0xae/0x10b\n [\u003cffffffff810f9b56\u003e] sys_write+0x4a/0x6e\n [\u003cffffffff81011b82\u003e] system_call_fastpath+0x16/0x1b\n [\u003cffffffffffffffff\u003e] 0xffffffffffffffff\n\nSigned-off-by: Xiaotian Feng \u003cdfeng@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6382dc334064bb0b41a95df0e3c438de35f2ffb7", "tree": "e58a375af2352638eb5930bfd79c9a893b35e484", "parents": [ "fb637f3cd31783db2b654842ea32ffec15c4bd62" ], "author": { "name": "Justin P. Mattock", "email": "justinmattock@gmail.com", "time": "Thu Jan 14 23:03:18 2010 -0800" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Fri Feb 05 12:22:35 2010 +0100" }, "message": "fix comment typos in avc.c\n\nSigned-off-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "d78ca3cd733d8a2c3dcd88471beb1a15d973eed8", "tree": "a27ccf86f5f7df3cc987d0203ed0bff2db46db57", "parents": [ "002345925e6c45861f60db6f4fc6236713fd8847" ], "author": { "name": "Kees Cook", "email": "kees.cook@canonical.com", "time": "Wed Feb 03 15:37:13 2010 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 04 14:20:41 2010 +1100" }, "message": "syslog: use defined constants instead of raw numbers\n\nRight now the syslog \"type\" action are just raw numbers which makes\nthe source difficult to follow. This patch replaces the raw numbers\nwith defined constants for some level of sanity.\n\nSigned-off-by: Kees Cook \u003ckees.cook@canonical.com\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "002345925e6c45861f60db6f4fc6236713fd8847", "tree": "d7849eafe1755116597166bbebf43e2bee86cb76", "parents": [ "0719aaf5ead7555b7b7a4a080ebf2826a871384e" ], "author": { "name": "Kees Cook", "email": "kees.cook@canonical.com", "time": "Wed Feb 03 15:36:43 2010 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 04 14:20:12 2010 +1100" }, "message": "syslog: distinguish between /proc/kmsg and syscalls\n\nThis allows the LSM to distinguish between syslog functions originating\nfrom /proc/kmsg access and direct syscalls. By default, the commoncaps\nwill now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg\nfile descriptor. For example the kernel syslog reader can now drop\nprivileges after opening /proc/kmsg, instead of staying privileged with\nCAP_SYS_ADMIN. MAC systems that implement security_syslog have unchanged\nbehavior.\n\nSigned-off-by: Kees Cook \u003ckees.cook@canonical.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0719aaf5ead7555b7b7a4a080ebf2826a871384e", "tree": "19c0b16b1013d84a8b8092737d38e60f3dd7e939", "parents": [ "42596eafdd75257a640f64701b9b07090bcd84b0" ], "author": { "name": "Guido Trentalancia", "email": "guido@trentalancia.com", "time": "Wed Feb 03 16:40:20 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 04 09:06:36 2010 +1100" }, "message": "selinux: allow MLS-\u003enon-MLS and vice versa upon policy reload\n\nAllow runtime switching between different policy types (e.g. from a MLS/MCS\npolicy to a non-MLS/non-MCS policy or viceversa).\n\nSigned-off-by: Guido Trentalancia \u003cguido@trentalancia.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "42596eafdd75257a640f64701b9b07090bcd84b0", "tree": "d5c4eb801d70ddd00a7a03814833d99cabf38962", "parents": [ "b6cac5a30b325e14cda425670bb3568d3cad0aa8" ], "author": { "name": "Guido Trentalancia", "email": "guido@trentalancia.com", "time": "Wed Feb 03 17:06:01 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 04 08:48:17 2010 +1100" }, "message": "selinux: load the initial SIDs upon every policy load\n\nAlways load the initial SIDs, even in the case of a policy\nreload and not just at the initial policy load. This comes\nparticularly handy after the introduction of a recent\npatch for enabling runtime switching between different\npolicy types, although this patch is in theory independent\nfrom that feature.\n\nSigned-off-by: Guido Trentalancia \u003cguido@trentalancia.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b6cac5a30b325e14cda425670bb3568d3cad0aa8", "tree": "276a3a2a985c862ac9439cb2f8facabb7d1f1944", "parents": [ "8e2d39a1665e680c095545993aac2fcac6916eb9" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Tue Feb 02 11:31:51 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Feb 03 08:49:10 2010 +1100" }, "message": "selinux: Only audit permissions specified in policy\n\nOnly audit the permissions specified by the policy rules.\n\nBefore:\ntype\u003dAVC msg\u003daudit(01/28/2010 14:30:46.690:3250) : avc: denied { read\nappend } for pid\u003d14092 comm\u003dfoo name\u003dtest_file dev\u003ddm-1 ino\u003d132932\nscontext\u003dunconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023\ntcontext\u003dunconfined_u:object_r:rpm_tmp_t:s0 tclass\u003dfile\n\nAfter:\ntype\u003dAVC msg\u003daudit(01/28/2010 14:52:37.448:26) : avc: denied\n{ append } for pid\u003d1917 comm\u003dfoo name\u003dtest_file dev\u003ddm-1 ino\u003d132932\nscontext\u003dunconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023\ntcontext\u003dunconfined_u:object_r:rpm_tmp_t:s0 tclass\u003dfile\n\nReference:\nhttps://bugzilla.redhat.com/show_bug.cgi?id\u003d558499\n\nReported-by: Tom London \u003cselinux@gmail.com\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7d52a155e38d5a165759dbbee656455861bf7801", "tree": "7b071cde283e98465744b5abb2c6140b9b6afcda", "parents": [ "2f3e82d694d3d7a2db019db1bb63385fbc1066f3" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Thu Jan 21 15:00:15 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 25 08:31:38 2010 +1100" }, "message": "selinux: remove dead code in type_attribute_bounds_av()\n\nThis patch removes dead code in type_attribute_bounds_av().\n\nDue to the historical reason, the type boundary feature is delivered\nfrom hierarchical types in libsepol, it has supported boundary features\nboth of subject type (domain; in most cases) and target type.\n\nHowever, we don\u0027t have any actual use cases in bounded target types,\nand it tended to make conceptual confusion.\nSo, this patch removes the dead code to apply boundary checks on the\ntarget types. I makes clear the TYPEBOUNDS restricts privileges of\na certain domain bounded to any other domain.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n\n--\n security/selinux/ss/services.c | 43 +++------------------------------------\n 1 files changed, 4 insertions(+), 39 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2f3e82d694d3d7a2db019db1bb63385fbc1066f3", "tree": "9d99a883eb2ab097a3ff1ee4e1c9bf2fa851d832", "parents": [ "2457552d1e6f3183cd93f81c49a8da5fe8bb0e42" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jan 07 15:55:16 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 25 08:29:05 2010 +1100" }, "message": "selinux: convert range transition list to a hashtab\n\nPer https://bugzilla.redhat.com/show_bug.cgi?id\u003d548145\nthere are sufficient range transition rules in modern (Fedora) policy to\nmake mls_compute_sid a significant factor on the shmem file setup path\ndue to the length of the range_tr list. Replace the simple range_tr\nlist with a hashtab inside the security server to help mitigate this\nproblem.\n\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2457552d1e6f3183cd93f81c49a8da5fe8bb0e42", "tree": "7ca46caa910012d75617700e4083b3657053cb31", "parents": [ "19439d05b88dafc4e55d9ffce84ccc27cf8b2bcc", "6ccf80eb15ccaca4d3f1ab5162b9ded5eecd9971" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 18 09:56:22 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 18 09:56:22 2010 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "19439d05b88dafc4e55d9ffce84ccc27cf8b2bcc", "tree": "e529e1bbba49f30684c3b88a67df1d62ba3e11b1", "parents": [ "8d9525048c74786205b99f3fcd05a839721edfb7" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jan 14 17:28:10 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 18 09:54:26 2010 +1100" }, "message": "selinux: change the handling of unknown classes\n\nIf allow_unknown\u003d\u003ddeny, SELinux treats an undefined kernel security\nclass as an error condition rather than as a typical permission denial\nand thus does not allow permissions on undefined classes even when in\npermissive mode. Change the SELinux logic so that this case is handled\nas a typical permission denial, subject to the usual permissive mode and\npermissive domain handling.\n\nAlso drop the \u0027requested\u0027 argument from security_compute_av() and\nhelpers as it is a legacy of the original security server interface and\nis unused.\n\nChanges:\n- Handle permissive domains consistently by moving up the test for a\npermissive domain.\n- Make security_compute_av_user() consistent with security_compute_av();\nthe only difference now is that security_compute_av() performs mapping\nbetween the kernel-private class and permission indices and the policy\nvalues. In the userspace case, this mapping is handled by libselinux.\n- Moved avd_init inside the policy lock.\n\nBased in part on a patch by Paul Moore \u003cpaul.moore@hp.com\u003e.\n\nReported-by: Andrew Worsley \u003camworsley@gmail.com\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "17740d89785aeb4143770923d67c293849414710", "tree": "58f332b0eb828017eb4571e2f7323e859b6c268d", "parents": [ "45d28b097280a78893ce25a5d0db41e6a2717853" ], "author": { "name": "Jiri Slaby", "email": "jirislaby@gmail.com", "time": "Fri Aug 28 10:47:16 2009 +0200" }, "committer": { "name": "Jiri Slaby", "email": "jslaby@suse.cz", "time": "Mon Jan 04 11:27:18 2010 +0100" }, "message": "SECURITY: selinux, fix update_rlimit_cpu parameter\n\nDon\u0027t pass current RLIMIT_RTTIME to update_rlimit_cpu() in\nselinux_bprm_committing_creds, since update_rlimit_cpu expects\nRLIMIT_CPU limit.\n\nUse proper rlim[RLIMIT_CPU].rlim_cur instead to fix that.\n\nSigned-off-by: Jiri Slaby \u003cjirislaby@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "4ef58d4e2ad1fa2a3e5bbf41af2284671fca8cf8", "tree": "856ba96302a36014736747e8464f80eeb827bbdd", "parents": [ "f6c4c8195b5e7878823caa1181be404d9e86d369", "d014d043869cdc591f3a33243d3481fa4479c2d0" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 09 19:43:33 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 09 19:43:33 2009 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (42 commits)\n tree-wide: fix misspelling of \"definition\" in comments\n reiserfs: fix misspelling of \"journaled\"\n doc: Fix a typo in slub.txt.\n inotify: remove superfluous return code check\n hdlc: spelling fix in find_pvc() comment\n doc: fix regulator docs cut-and-pasteism\n mtd: Fix comment in Kconfig\n doc: Fix IRQ chip docs\n tree-wide: fix assorted typos all over the place\n drivers/ata/libata-sff.c: comment spelling fixes\n fix typos/grammos in Documentation/edac.txt\n sysctl: add missing comments\n fs/debugfs/inode.c: fix comment typos\n sgivwfb: Make use of ARRAY_SIZE.\n sky2: fix sky2_link_down copy/paste comment error\n tree-wide: fix typos \"couter\" -\u003e \"counter\"\n tree-wide: fix typos \"offest\" -\u003e \"offset\"\n fix kerneldoc for set_irq_msi()\n spidev: fix double \"of of\" in comment\n comment typo fix: sybsystem -\u003e subsystem\n ...\n" }, { "commit": "1ad1f10cd915744bbe52b19423653b38287d827d", "tree": "ae072aace36b45a55d80b8cbf1b6d92523a88ea0", "parents": [ "08e3daff217059c84c360cc71212686e0a7995af", "2b876f95d03e226394b5d360c86127cbefaf614b" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 09 19:01:03 2009 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 09 19:01:03 2009 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "08e3daff217059c84c360cc71212686e0a7995af", "tree": "ac2dd60ab2309a82b72e57f15fef72401f5102d1", "parents": [ "937bf6133b21b16965f75223085f4314ae32b8eb" ], "author": { "name": "Amerigo Wang", "email": "amwang@redhat.com", "time": "Thu Dec 03 03:48:28 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Dec 08 14:58:11 2009 +1100" }, "message": "selinux: remove a useless return\n\nThe last return is unreachable, remove the \u0027return\u0027\nin default, let it fall through.\n\nSigned-off-by: WANG Cong \u003camwang@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9f59f90bf57cff8be07faddc608c400b6e7c5d05", "tree": "621e4fa6dae193b3427913a1945eee473f47b153", "parents": [ "6ec22f9b037fc0c2e00ddb7023fad279c365324d" ], "author": { "name": "Julia Lawall", "email": "julia@diku.dk", "time": "Sun Dec 06 10:16:51 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Dec 08 14:57:54 2009 +1100" }, "message": "security/selinux/ss: correct size computation\n\nThe size argument to kcalloc should be the size of desired structure,\nnot the pointer to it.\n\nThe semantic patch that makes this change is as follows:\n(http://coccinelle.lip6.fr/)\n\n// \u003csmpl\u003e\n@expression@\nexpression *x;\n@@\n\nx \u003d\n \u003c+...\n-sizeof(x)\n+sizeof(*x)\n...+\u003e// \u003c/smpl\u003e\n\nSigned-off-by: Julia Lawall \u003cjulia@diku.dk\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d014d043869cdc591f3a33243d3481fa4479c2d0", "tree": "63626829498e647ba058a1ce06419fe7e4d5f97d", "parents": [ "6ec22f9b037fc0c2e00ddb7023fad279c365324d", "6070d81eb5f2d4943223c96e7609a53cdc984364" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Dec 07 18:36:35 2009 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Dec 07 18:36:35 2009 +0100" }, "message": "Merge branch \u0027for-next\u0027 into for-linus\n\nConflicts:\n\n\tkernel/irq/chip.c\n" }, { "commit": "28b4d5cc17c20786848cdc07b7ea237a309776bb", "tree": "bae406a4b17229dcce7c11be5073f7a67665e477", "parents": [ "d29cecda036f251aee4947f47eea0fe9ed8cc931", "96fa2b508d2d3fe040cf4ef2fffb955f0a537ea1" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Dec 05 15:22:26 2009 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Dec 05 15:22:26 2009 -0800" }, "message": "Merge branch \u0027master\u0027 of /home/davem/src/GIT/linux-2.6/\n\nConflicts:\n\tdrivers/net/pcmcia/fmvj18x_cs.c\n\tdrivers/net/pcmcia/nmclan_cs.c\n\tdrivers/net/pcmcia/xirc2ps_cs.c\n\tdrivers/net/wireless/ray_cs.c\n" }, { "commit": "af901ca181d92aac3a7dc265144a9081a86d8f39", "tree": "380054af22521144fbe1364c3bcd55ad24c9bde4", "parents": [ "972b94ffb90ea6d20c589d9a47215df103388ddd" ], "author": { "name": "André Goddard Rosa", "email": "andre.goddard@gmail.com", "time": "Sat Nov 14 13:09:05 2009 -0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Fri Dec 04 15:39:55 2009 +0100" }, "message": "tree-wide: fix assorted typos all over the place\n\nThat is \"success\", \"unknown\", \"through\", \"performance\", \"[re|un]mapping\"\n, \"access\", \"default\", \"reasonable\", \"[con]currently\", \"temperature\"\n, \"channel\", \"[un]used\", \"application\", \"example\",\"hierarchy\", \"therefore\"\n, \"[over|under]flow\", \"contiguous\", \"threshold\", \"enough\" and others.\n\nSigned-off-by: André Goddard Rosa \u003candre.goddard@gmail.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "0bce95279909aa4cc401a2e3140b4295ca22e72a", "tree": "5b98e4ebe7ef30fa1edf627c79501c531b346a8b", "parents": [ "c4a5af54c8ef277a59189fc9358e190f3c1b8206" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 23 16:47:23 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 24 14:30:49 2009 +1100" }, "message": "SELinux: print denials for buggy kernel with unknown perms\n\nHistorically we\u0027ve seen cases where permissions are requested for classes\nwhere they do not exist. In particular we have seen CIFS forget to set\ni_mode to indicate it is a directory so when we later check something like\nremove_name we have problems since it wasn\u0027t defined in tclass file. This\nused to result in a avc which included the permission 0x2000 or something.\nCurrently the kernel will deny the operations (good thing) but will not\nprint ANY information (bad thing). First the auditdeny field is no\nextended to include unknown permissions. After that is fixed the logic in\navc_dump_query to output this information isn\u0027t right since it will remove\nthe permission from the av and print the phrase \"\u003cNULL\u003e\". This takes us\nback to the behavior before the classmap rewrite.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8964be4a9a5ca8cab1219bb046db2f6d1936227c", "tree": "8838c73a03cc69c010b55928fce3725d17bc26a9", "parents": [ "fa9a6fed87df1b50804405e700f8d30251d3aaf1" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Fri Nov 20 15:35:04 2009 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 20 15:35:04 2009 -0800" }, "message": "net: rename skb-\u003eiif to skb-\u003eskb_iif\n\nTo help grep games, rename iif to skb_iif\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "dd8dbf2e6880e30c00b18600c962d0cb5a03c555", "tree": "24835aaf40cec5ceb2aeecccde9240ee173f70f1", "parents": [ "6e65f92ff0d6f18580737321718d09035085a3fb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 03 16:35:32 2009 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 10 09:33:46 2009 +1100" }, "message": "security: report the module name to security_module_request\n\nFor SELinux to do better filtering in userspace we send the name of the\nmodule along with the AVC denial when a program is denied module_request.\n\nExample output:\n\ntype\u003dSYSCALL msg\u003daudit(11/03/2009 10:59:43.510:9) : arch\u003dx86_64 syscall\u003dwrite success\u003dyes exit\u003d2 a0\u003d3 a1\u003d7fc28c0d56c0 a2\u003d2 a3\u003d7fffca0d7440 items\u003d0 ppid\u003d1727 pid\u003d1729 auid\u003dunset uid\u003droot gid\u003droot euid\u003droot suid\u003droot fsuid\u003droot egid\u003droot sgid\u003droot fsgid\u003droot tty\u003d(none) ses\u003dunset comm\u003drpc.nfsd exe\u003d/usr/sbin/rpc.nfsd subj\u003dsystem_u:system_r:nfsd_t:s0 key\u003d(null)\ntype\u003dAVC msg\u003daudit(11/03/2009 10:59:43.510:9) : avc: denied { module_request } for pid\u003d1729 comm\u003drpc.nfsd kmod\u003d\"net-pf-10\" scontext\u003dsystem_u:system_r:nfsd_t:s0 tcontext\u003dsystem_u:system_r:kernel_t:s0 tclass\u003dsystem\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6e8e16c7bc298d7887584c3d027e05db3e86eed9", "tree": "355403813b5945a5a5fdd24054a76a446d05b206", "parents": [ "3e1c2515acf70448cad1ae3ab835ca80be043d33" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Oct 22 15:38:26 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 24 09:42:27 2009 +0800" }, "message": "SELinux: add .gitignore files for dynamic classes\n\nThe SELinux dynamic class work in c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c\ncreates a number of dynamic header files and scripts. Add .gitignore files\nso git doesn\u0027t complain about these.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b7f3008ad1d795935551e4dd810b0255a7bfa3c9", "tree": "1933b20fd16d30f6f9b3043ee6a66f0ddedb4009", "parents": [ "825332e4ff1373c55d931b49408df7ec2298f71e" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Oct 19 10:08:50 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Oct 20 09:22:07 2009 +0900" }, "message": "SELinux: fix locking issue introduced with c6d3aaa4e35c71a3\n\nEnsure that we release the policy read lock on all exit paths from\nsecurity_compute_av.\n\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e", "tree": "c2f579e6fcc5bee6659527db7ccfb661acfe196c", "parents": [ "8753f6bec352392b52ed9b5e290afb34379f4612" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Oct 01 14:48:23 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 07 21:56:46 2009 +1100" }, "message": "selinux: drop remapping of netlink classes\n\nDrop remapping of netlink classes and bypass of permission checking\nbased on netlink message type for policy version \u003c 18. This removes\ncompatibility code introduced when the original single netlink\nsecurity class used for all netlink sockets was split into\nfiner-grained netlink classes based on netlink protocol and when\npermission checking was added based on netlink message type in Linux\n2.6.8. The only known distribution that shipped with SELinux and\npolicy \u003c 18 was Fedora Core 2, which was EOL\u0027d on 2005-04-11.\n\nGiven that the remapping code was never updated to address the\naddition of newer netlink classes, that the corresponding userland\nsupport was dropped in 2005, and that the assumptions made by the\nremapping code about the fixed ordering among netlink classes in the\npolicy may be violated in the future due to the dynamic class/perm\ndiscovery support, we should drop this compatibility code now.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8753f6bec352392b52ed9b5e290afb34379f4612", "tree": "b5f381be9f56125309bfbfcaa73d68e08c309747", "parents": [ "c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Sep 30 13:41:02 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 07 21:56:44 2009 +1100" }, "message": "selinux: generate flask headers during kernel build\n\nAdd a simple utility (scripts/selinux/genheaders) and invoke it to\ngenerate the kernel-private class and permission indices in flask.h\nand av_permissions.h automatically during the kernel build from the\nsecurity class mapping definitions in classmap.h. Adding new kernel\nclasses and permissions can then be done just by adding them to classmap.h.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c", "tree": "1a5475b4370655a22670fd6eb35e54d8b131b362", "parents": [ "23acb98de5a4109a60b5fe3f0439389218b039d7" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Sep 30 13:37:50 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 07 21:56:42 2009 +1100" }, "message": "selinux: dynamic class/perm discovery\n\nModify SELinux to dynamically discover class and permission values\nupon policy load, based on the dynamic object class/perm discovery\nlogic from libselinux. A mapping is created between kernel-private\nclass and permission indices used outside the security server and the\npolicy values used within the security server.\n\nThe mappings are only applied upon kernel-internal computations;\nsimilar mappings for the private indices of userspace object managers\nis handled on a per-object manager basis by the userspace AVC. The\ninterfaces for compute_av and transition_sid are split for kernel\nvs. userspace; the userspace functions are distinguished by a _user\nsuffix.\n\nThe kernel-private class indices are no longer tied to the policy\nvalues and thus do not need to skip indices for userspace classes;\nthus the kernel class index values are compressed. The flask.h\ndefinitions were regenerated by deleting the userspace classes from\nrefpolicy\u0027s definitions and then regenerating the headers. Going\nforward, we can just maintain the flask.h, av_permissions.h, and\nclassmap.h definitions separately from policy as they are no longer\ntied to the policy values. The next patch introduces a utility to\nautomate generation of flask.h and av_permissions.h from the\nclassmap.h definitions.\n\nThe older kernel class and permission string tables are removed and\nreplaced by a single security class mapping table that is walked at\npolicy load to generate the mapping. The old kernel class validation\nlogic is completely replaced by the mapping logic.\n\nThe handle unknown logic is reworked. reject_unknown\u003d1 is handled\nwhen the mappings are computed at policy load time, similar to the old\nhandling by the class validation logic. allow_unknown\u003d1 is handled\nwhen computing and mapping decisions - if the permission was not able\nto be mapped (i.e. undefined, mapped to zero), then it is\nautomatically added to the allowed vector. If the class was not able\nto be mapped (i.e. undefined, mapped to zero), then all permissions\nare allowed for it if allow_unknown\u003d1.\n\navc_audit leverages the new security class mapping table to lookup the\nclass and permission names from the kernel-private indices.\n\nThe mdp program is updated to use the new table when generating the\nclass definitions and allow rules for a minimal boot policy for the\nkernel. It should be noted that this policy will not include any\nuserspace classes, nor will its policy index values for the kernel\nclasses correspond with the ones in refpolicy (they will instead match\nthe kernel-private indices).\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "af8ff04917169805b151280155bf772d3ca9bec0", "tree": "1a1ec17d0926b4bbe9f8b243231582dde02ef1f5", "parents": [ "1669b049db50fc7f1d4e694fb115a0f408c63fce" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Sun Sep 20 21:23:01 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 30 19:17:06 2009 +1000" }, "message": "SELinux: reset the security_ops before flushing the avc cache\n\nThis patch resets the security_ops to the secondary_ops before it flushes\nthe avc. It\u0027s still possible that a task on another processor could have\nalready passed the security_ops dereference and be executing an selinux hook\nfunction which would add a new avc entry. That entry would still not be\nfreed. This should however help to reduce the number of needless avcs the\nkernel has when selinux is disabled at run time. There is no wasted\nmemory if selinux is disabled on the command line or not compiled.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0b7570e77f7c3abd43107dabc47ea89daf9a1cba", "tree": "8dd93b4a189b4e98384d4470a289ecfb7818cc26", "parents": [ "a2322e1d272938d192d8c24cdacf57c0c7a2683f" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Wed Sep 23 15:56:46 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Sep 24 07:20:59 2009 -0700" }, "message": "do_wait() wakeup optimization: change __wake_up_parent() to use filtered wakeup\n\nRatan Nalumasu reported that in a process with many threads doing\nunnecessary wakeups. Every waiting thread in the process wakes up to loop\nthrough the children and see that the only ones it cares about are still\nnot ready.\n\nNow that we have struct wait_opts we can change do_wait/__wake_up_parent\nto use filtered wakeups.\n\nWe can make child_wait_callback() more clever later, right now it only\nchecks eligible_child().\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: Roland McGrath \u003croland@redhat.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Ratan Nalumasu \u003crnalumasu@gmail.com\u003e\nCc: Vitaly Mayatskikh \u003cvmayatsk@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nTested-by: Valdis Kletnieks \u003cvaldis.kletnieks@vt.edu\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5224ee086321fec78970e2f2805892d2b34e8957", "tree": "3b7eef40c92b07ed75d8585c51333b8e87a33a2b", "parents": [ "606531c316d30e9639473a6da09ee917125ab467" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Sun Sep 20 21:21:10 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 23 11:16:20 2009 -0700" }, "message": "SELinux: do not destroy the avc_cache_nodep\n\nThe security_ops reset done when SELinux is disabled at run time is done\nafter the avc cache is freed and after the kmem_cache for the avc is also\nfreed. This means that between the time the selinux disable code destroys\nthe avc_node_cachep another process could make a security request and could\ntry to allocate from the cache. We are just going to leave the cachep around,\nlike we always have.\n\nSELinux: Disabled at runtime.\nBUG: unable to handle kernel NULL pointer dereference at (null)\nIP: [\u003cffffffff81122537\u003e] kmem_cache_alloc+0x9a/0x185\nPGD 0\nOops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC\nlast sysfs file:\nCPU 1\nModules linked in:\nPid: 12, comm: khelper Not tainted 2.6.31-tip-05525-g0eeacc6-dirty #14819\nSystem Product Name\nRIP: 0010:[\u003cffffffff81122537\u003e] [\u003cffffffff81122537\u003e]\nkmem_cache_alloc+0x9a/0x185\nRSP: 0018:ffff88003f9258b0 EFLAGS: 00010086\nRAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000078c0129e\nRDX: 0000000000000000 RSI: ffffffff8130b626 RDI: ffffffff81122528\nRBP: ffff88003f925900 R08: 0000000078c0129e R09: 0000000000000001\nR10: 0000000000000000 R11: 0000000078c0129e R12: 0000000000000246\nR13: 0000000000008020 R14: ffff88003f8586d8 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff880002b00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b\nCR2: 0000000000000000 CR3: 0000000001001000 CR4: 00000000000006e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: ffffffff827bd420 DR6: 00000000ffff0ff0 DR7: 0000000000000400\nProcess khelper (pid: 12, threadinfo ffff88003f924000, task\nffff88003f928000)\nStack:\n 0000000000000246 0000802000000246 ffffffff8130b626 0000000000000001\n\u003c0\u003e 0000000078c0129e 0000000000000000 ffff88003f925a70 0000000000000002\n\u003c0\u003e 0000000000000001 0000000000000001 ffff88003f925960 ffffffff8130b626\nCall Trace:\n [\u003cffffffff8130b626\u003e] ? avc_alloc_node+0x36/0x273\n [\u003cffffffff8130b626\u003e] avc_alloc_node+0x36/0x273\n [\u003cffffffff8130b545\u003e] ? avc_latest_notif_update+0x7d/0x9e\n [\u003cffffffff8130b8b4\u003e] avc_insert+0x51/0x18d\n [\u003cffffffff8130bcce\u003e] avc_has_perm_noaudit+0x9d/0x128\n [\u003cffffffff8130bf20\u003e] avc_has_perm+0x45/0x88\n [\u003cffffffff8130f99d\u003e] current_has_perm+0x52/0x6d\n [\u003cffffffff8130fbb2\u003e] selinux_task_create+0x2f/0x45\n [\u003cffffffff81303bf7\u003e] security_task_create+0x29/0x3f\n [\u003cffffffff8105c6ba\u003e] copy_process+0x82/0xdf0\n [\u003cffffffff81091578\u003e] ? register_lock_class+0x2f/0x36c\n [\u003cffffffff81091a13\u003e] ? mark_lock+0x2e/0x1e1\n [\u003cffffffff8105d596\u003e] do_fork+0x16e/0x382\n [\u003cffffffff81091578\u003e] ? register_lock_class+0x2f/0x36c\n [\u003cffffffff810d9166\u003e] ? probe_workqueue_execution+0x57/0xf9\n [\u003cffffffff81091a13\u003e] ? mark_lock+0x2e/0x1e1\n [\u003cffffffff810d9166\u003e] ? probe_workqueue_execution+0x57/0xf9\n [\u003cffffffff8100cdb2\u003e] kernel_thread+0x82/0xe0\n [\u003cffffffff81078b1f\u003e] ? ____call_usermodehelper+0x0/0x139\n [\u003cffffffff8100ce10\u003e] ? child_rip+0x0/0x20\n [\u003cffffffff81078aea\u003e] ? __call_usermodehelper+0x65/0x9a\n [\u003cffffffff8107a5c7\u003e] run_workqueue+0x171/0x27e\n [\u003cffffffff8107a573\u003e] ? run_workqueue+0x11d/0x27e\n [\u003cffffffff81078a85\u003e] ? __call_usermodehelper+0x0/0x9a\n [\u003cffffffff8107a7bc\u003e] worker_thread+0xe8/0x10f\n [\u003cffffffff810808e2\u003e] ? autoremove_wake_function+0x0/0x63\n [\u003cffffffff8107a6d4\u003e] ? worker_thread+0x0/0x10f\n [\u003cffffffff8108042e\u003e] kthread+0x91/0x99\n [\u003cffffffff8100ce1a\u003e] child_rip+0xa/0x20\n [\u003cffffffff8100c754\u003e] ? restore_args+0x0/0x30\n [\u003cffffffff8108039d\u003e] ? kthread+0x0/0x99\n [\u003cffffffff8100ce10\u003e] ? child_rip+0x0/0x20\nCode: 0f 85 99 00 00 00 9c 58 66 66 90 66 90 49 89 c4 fa 66 66 90 66 66 90\ne8 83 34 fb ff e8 d7 e9 26 00 48 98 49 8b 94 c6 10 01 00 00 \u003c48\u003e 8b 1a 44\n8b 7a 18 48 85 db 74 0f 8b 42 14 48 8b 04 c3 ff 42\nRIP [\u003cffffffff81122537\u003e] kmem_cache_alloc+0x9a/0x185\n RSP \u003cffff88003f9258b0\u003e\nCR2: 0000000000000000\n---[ end trace 42f41a982344e606 ]---\n\nReported-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4e6d0bffd3d72a32b620525c9007d2482c731775", "tree": "f4a3ff34e800be74469bec99834780b4a0294dec", "parents": [ "008574b11171a1ee9583a00188e27ff9e0432061" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Sat Sep 12 22:54:23 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 14 12:34:11 2009 +1000" }, "message": "SELinux: flush the avc before disabling SELinux\n\nBefore SELinux is disabled at boot it can create AVC entries. This patch\nwill flush those entries before disabling SELinux.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "008574b11171a1ee9583a00188e27ff9e0432061", "tree": "bada4ddf3c79a6a274a80839acd75eb132c78b29", "parents": [ "ed868a56988464cd31de0302426a5e94d3127f10" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Sat Sep 12 22:54:17 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 14 12:34:09 2009 +1000" }, "message": "SELinux: seperate avc_cache flushing\n\nMove the avc_cache flushing into it\u0027s own function so it can be reused when\ndisabling SELinux.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ed868a56988464cd31de0302426a5e94d3127f10", "tree": "cdcd1715445aa19051b6a9a671b39250a449333a", "parents": [ "86d710146fb9975f04c505ec78caa43d227c1018" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Sat Sep 12 22:54:10 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 14 12:34:07 2009 +1000" }, "message": "Creds: creds-\u003esecurity can be NULL is selinux is disabled\n\n__validate_process_creds should check if selinux is actually enabled before\nrunning tests on the selinux portion of the credentials struct.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ddd29ec6597125c830f7badb608a86c98b936b64", "tree": "e6df1ef9a635179de78650d006ecb4cd1453ebb1", "parents": [ "1ee65e37e904b959c24404139f5752edc66319d5" ], "author": { "name": "David P. Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Wed Sep 09 14:25:37 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 10 10:11:29 2009 +1000" }, "message": "sysfs: Add labeling support for sysfs\n\nThis patch adds a setxattr handler to the file, directory, and symlink\ninode_operations structures for sysfs. The patch uses hooks introduced in the\nprevious patch to handle the getting and setting of security information for\nthe sysfs inodes. As was suggested by Eric Biederman the struct iattr in the\nsysfs_dirent structure has been replaced by a structure which contains the\niattr, secdata and secdata length to allow the changes to persist in the event\nthat the inode representing the sysfs_dirent is evicted. Because sysfs only\nstores this information when a change is made all the optional data is moved\ninto one dynamically allocated field.\n\nThis patch addresses an issue where SELinux was denying virtd access to the PCI\nconfiguration entries in sysfs. The lack of setxattr handlers for sysfs\nrequired that a single label be assigned to all entries in sysfs. Granting virtd\naccess to every entry in sysfs is not an acceptable solution so fine grained\nlabeling of sysfs is required such that individual entries can be labeled\nappropriately.\n\n[sds: Fixed compile-time warnings, coding style, and setting of inode security init flags.]\n\nSigned-off-by: David P. Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1ee65e37e904b959c24404139f5752edc66319d5", "tree": "587c1ef70ae7ee41a7b9b531161a4ef5689838f7", "parents": [ "b1ab7e4b2a88d3ac13771463be8f302ce1616cfc" ], "author": { "name": "David P. Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Thu Sep 03 14:25:57 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 10 10:11:24 2009 +1000" }, "message": "LSM/SELinux: inode_{get,set,notify}secctx hooks to access LSM security context information.\n\nThis patch introduces three new hooks. The inode_getsecctx hook is used to get\nall relevant information from an LSM about an inode. The inode_setsecctx is\nused to set both the in-core and on-disk state for the inode based on a context\nderived from inode_getsecctx.The final hook inode_notifysecctx will notify the\nLSM of a change for the in-core state of the inode in question. These hooks are\nfor use in the labeled NFS code and addresses concerns of how to set security\non an inode in a multi-xattr LSM. For historical reasons Stephen Smalley\u0027s\nexplanation of the reason for these hooks is pasted below.\n\nQuote Stephen Smalley\n\ninode_setsecctx: Change the security context of an inode. Updates the\nin core security context managed by the security module and invokes the\nfs code as needed (via __vfs_setxattr_noperm) to update any backing\nxattrs that represent the context. Example usage: NFS server invokes\nthis hook to change the security context in its incore inode and on the\nbacking file system to a value provided by the client on a SETATTR\noperation.\n\ninode_notifysecctx: Notify the security module of what the security\ncontext of an inode should be. Initializes the incore security context\nmanaged by the security module for this inode. Example usage: NFS\nclient invokes this hook to initialize the security context in its\nincore inode to the value provided by the server for the file when the\nserver returned the file\u0027s attributes to the client.\n\nSigned-off-by: David P. Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ee18d64c1f632043a02e6f5ba5e045bb26a5465f", "tree": "80b5a4d530ec7d5fd69799920f0db7b78aba6b9d", "parents": [ "d0420c83f39f79afb82010c2d2cafd150eef651b" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 02 09:14:21 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 02 21:29:22 2009 +1000" }, "message": "KEYS: Add a keyctl to install a process\u0027s session keyring on its parent [try #6]\n\nAdd a keyctl to install a process\u0027s session keyring onto its parent. This\nreplaces the parent\u0027s session keyring. Because the COW credential code does\nnot permit one process to change another process\u0027s credentials directly, the\nchange is deferred until userspace next starts executing again. Normally this\nwill be after a wait*() syscall.\n\nTo support this, three new security hooks have been provided:\ncred_alloc_blank() to allocate unset security creds, cred_transfer() to fill in\nthe blank security creds and key_session_to_parent() - which asks the LSM if\nthe process may replace its parent\u0027s session keyring.\n\nThe replacement may only happen if the process has the same ownership details\nas its parent, and the process has LINK permission on the session keyring, and\nthe session keyring is owned by the process, and the LSM permits it.\n\nNote that this requires alteration to each architecture\u0027s notify_resume path.\nThis has been done for all arches barring blackfin, m68k* and xtensa, all of\nwhich need assembly alteration to support TIF_NOTIFY_RESUME. This allows the\nreplacement to be performed at the point the parent process resumes userspace\nexecution.\n\nThis allows the userspace AFS pioctl emulation to fully emulate newpag() and\nthe VIOCSETTOK and VIOCSETTOK2 pioctls, all of which require the ability to\nalter the parent process\u0027s PAG membership. However, since kAFS doesn\u0027t use\nPAGs per se, but rather dumps the keys into the session keyring, the session\nkeyring of the parent must be replaced if, for example, VIOCSETTOK is passed\nthe newpag flag.\n\nThis can be tested with the following program:\n\n\t#include \u003cstdio.h\u003e\n\t#include \u003cstdlib.h\u003e\n\t#include \u003ckeyutils.h\u003e\n\n\t#define KEYCTL_SESSION_TO_PARENT\t18\n\n\t#define OSERROR(X, S) do { if ((long)(X) \u003d\u003d -1) { perror(S); exit(1); } } while(0)\n\n\tint main(int argc, char **argv)\n\t{\n\t\tkey_serial_t keyring, key;\n\t\tlong ret;\n\n\t\tkeyring \u003d keyctl_join_session_keyring(argv[1]);\n\t\tOSERROR(keyring, \"keyctl_join_session_keyring\");\n\n\t\tkey \u003d add_key(\"user\", \"a\", \"b\", 1, keyring);\n\t\tOSERROR(key, \"add_key\");\n\n\t\tret \u003d keyctl(KEYCTL_SESSION_TO_PARENT);\n\t\tOSERROR(ret, \"KEYCTL_SESSION_TO_PARENT\");\n\n\t\treturn 0;\n\t}\n\nCompiled and linked with -lkeyutils, you should see something like:\n\n\t[dhowells@andromeda ~]$ keyctl show\n\tSession Keyring\n\t -3 --alswrv 4043 4043 keyring: _ses\n\t355907932 --alswrv 4043 -1 \\_ keyring: _uid.4043\n\t[dhowells@andromeda ~]$ /tmp/newpag\n\t[dhowells@andromeda ~]$ keyctl show\n\tSession Keyring\n\t -3 --alswrv 4043 4043 keyring: _ses\n\t1055658746 --alswrv 4043 4043 \\_ user: a\n\t[dhowells@andromeda ~]$ /tmp/newpag hello\n\t[dhowells@andromeda ~]$ keyctl show\n\tSession Keyring\n\t -3 --alswrv 4043 4043 keyring: hello\n\t340417692 --alswrv 4043 4043 \\_ user: a\n\nWhere the test program creates a new session keyring, sticks a user key named\n\u0027a\u0027 into it and then installs it on its parent.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e0e817392b9acf2c98d3be80c233dddb1b52003d", "tree": "ee680c020039313c9f9c40ab3542bb30a7363381", "parents": [ "ed6d76e4c32de0c2ad5f1d572b948ef49e465176" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 02 09:13:40 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 02 21:29:01 2009 +1000" }, "message": "CRED: Add some configurable debugging [try #6]\n\nAdd a config option (CONFIG_DEBUG_CREDENTIALS) to turn on some debug checking\nfor credential management. The additional code keeps track of the number of\npointers from task_structs to any given cred struct, and checks to see that\nthis number never exceeds the usage count of the cred struct (which includes\nall references, not just those from task_structs).\n\nFurthermore, if SELinux is enabled, the code also checks that the security\npointer in the cred struct is never seen to be invalid.\n\nThis attempts to catch the bug whereby inode_has_perm() faults in an nfsd\nkernel thread on seeing cred-\u003esecurity be a NULL pointer (it appears that the\ncredential struct has been previously released):\n\n\thttp://www.kerneloops.org/oops.php?number\u003d252883\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ed6d76e4c32de0c2ad5f1d572b948ef49e465176", "tree": "893914916ad849fefed72df48bca0bf9c78e392d", "parents": [ "2b980dbd77d229eb60588802162c9659726b11f4" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Aug 28 18:12:49 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Sep 01 08:29:52 2009 +1000" }, "message": "selinux: Support for the new TUN LSM hooks\n\nAdd support for the new TUN LSM hooks: security_tun_dev_create(),\nsecurity_tun_dev_post_create() and security_tun_dev_attach(). This includes\nthe addition of a new object class, tun_socket, which represents the socks\nassociated with TUN devices. The _tun_dev_create() and _tun_dev_post_create()\nhooks are fairly similar to the standard socket functions but _tun_dev_attach()\nis a bit special. The _tun_dev_attach() is unique because it involves a\ndomain attaching to an existing TUN device and its associated tun_socket\nobject, an operation which does not exist with standard sockets and most\nclosely resembles a relabel operation.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bc6a6008e5e3c7a30191a7f19ab19e85b14b1705", "tree": "46504659c2303224cb3c8ad13e1d1b580351b41b", "parents": [ "ece13879e74313e62109e0755dd3d4f172df89e2" ], "author": { "name": "Amerigo Wang", "email": "amwang@redhat.com", "time": "Thu Aug 20 19:29:02 2009 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Aug 21 14:25:30 2009 +1000" }, "message": "selinux: adjust rules for ATTR_FORCE\n\nAs suggested by OGAWA Hirofumi in thread:\nhttp://lkml.org/lkml/2009/8/7/132, we should let selinux_inode_setattr()\nto match our ATTR_* rules. ATTR_FORCE should not force things like\nATTR_SIZE.\n\n[hirofumi@mail.parknet.co.jp: tweaks]\nSigned-off-by: WANG Cong \u003camwang@redhat.com\u003e\nSigned-off-by: OGAWA Hirofumi \u003chirofumi@mail.parknet.co.jp\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Eugene Teo \u003ceteo@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ece13879e74313e62109e0755dd3d4f172df89e2", "tree": "1fe96ab392c1ff203a6fb3f67ed0ed577056572e", "parents": [ "b08dc3eba0c34027010caeda258f495074ae3a54", "6c30c53fd5ae6a99a23ad78e90c428d2c8ffb07f" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 20 09:18:42 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 20 09:18:42 2009 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n\nConflicts:\n\tsecurity/Kconfig\n\nManual fix.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "788084aba2ab7348257597496befcbccabdc98a3", "tree": "2da42d746d67b16ef705229a1b5a3528ec19c725", "parents": [ "8cf948e744e0218af604c32edecde10006dc8e9e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:54:11 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 17 15:09:11 2009 +1000" }, "message": "Security/SELinux: seperate lsm specific mmap_min_addr\n\nCurrently SELinux enforcement of controls on the ability to map low memory\nis determined by the mmap_min_addr tunable. This patch causes SELinux to\nignore the tunable and instead use a seperate Kconfig option specific to how\nmuch space the LSM should protect.\n\nThe tunable will now only control the need for CAP_SYS_RAWIO and SELinux\npermissions will always protect the amount of low memory designated by\nCONFIG_LSM_MMAP_MIN_ADDR.\n\nThis allows users who need to disable the mmap_min_addr controls (usual reason\nbeing they run WINE as a non-root user) to do so and still have SELinux\ncontrols preventing confined domains (like a web server) from being able to\nmap some area of low memory.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8cf948e744e0218af604c32edecde10006dc8e9e", "tree": "c5d48e9210976e28e5ce07d69ca9b87d4c437389", "parents": [ "9c0d90103c7e0eb6e638e5b649e9f6d8d9c1b4b3" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:54:05 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 17 15:08:48 2009 +1000" }, "message": "SELinux: call cap_file_mmap in selinux_file_mmap\n\nCurrently SELinux does not check CAP_SYS_RAWIO in the file_mmap hook. This\nmeans there is no DAC check on the ability to mmap low addresses in the\nmemory space. This function adds the DAC check for CAP_SYS_RAWIO while\nmaintaining the selinux check on mmap_zero. This means that processes\nwhich need to mmap low memory will need CAP_SYS_RAWIO and mmap_zero but will\nNOT need the SELinux sys_rawio capability.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2bf49690325b62480a42f7afed5e9f164173c570", "tree": "bc8525f6a45ea3ffaed9449084df7644bcd4e3c2", "parents": [ "f322abf83feddc3c37c3a91794e0c5aece4af18e" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Tue Jul 14 12:14:09 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 17 08:37:18 2009 +1000" }, "message": "SELinux: Convert avc_audit to use lsm_audit.h\n\nConvert avc_audit in security/selinux/avc.c to use lsm_audit.h,\nfor better maintainability.\n\n - changed selinux to use common_audit_data instead of\n avc_audit_data\n - eliminated code in avc.c and used code from lsm_audit.h instead.\n\nHad to add a LSM_AUDIT_NO_AUDIT to lsm_audit.h so that avc_audit\ncan call common_lsm_audit and do the pre and post callbacks without\ndoing the actual dump. This makes it so that the patched version\nbehaves the same way as the unpatched version.\n\nAlso added a denied field to the selinux_audit_data private space,\nonce again to make it so that the patched version behaves like the\nunpatched.\n\nI\u0027ve tested and confirmed that AVCs look the same before and after\nthis patch.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "25354c4fee169710fd9da15f3bb2abaa24dcf933", "tree": "7fb462945c15ce09392ae858c8ae757290b5ed2d", "parents": [ "9188499cdb117d86a1ea6b04374095b098d56936" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Aug 13 09:45:03 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Aug 14 11:18:40 2009 +1000" }, "message": "SELinux: add selinux_kernel_module_request\n\nThis patch adds a new selinux hook so SELinux can arbitrate if a given\nprocess should be allowed to trigger a request for the kernel to try to\nload a module. This is a different operation than a process trying to load\na module itself, which is already protected by CAP_SYS_MODULE.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "314dabb83a547ec4da819e8cbc78fac9cec605cd", "tree": "8e32efc47c52a218bfb4eb517ae2ba14d496adcc", "parents": [ "85dfd81dc57e8183a277ddd7a56aa65c96f3f487" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 10 22:00:13 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 11 08:37:13 2009 +1000" }, "message": "SELinux: fix memory leakage in /security/selinux/hooks.c\n\nFix memory leakage in /security/selinux/hooks.c\n\nThe buffer always needs to be freed here; we either error\nout or allocate more memory.\n\nReported-by: iceberg \u003cstrakh@ispras.ru\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "a2551df7ec568d87793d2eea4ca744e86318f205", "tree": "3bdd4257bf757d9d1d64d9d7aa10cd144cd3a657", "parents": [ "84336d1a77ccd2c06a730ddd38e695c2324a7386" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:54:11 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 06 09:02:23 2009 +1000" }, "message": "Security/SELinux: seperate lsm specific mmap_min_addr\n\nCurrently SELinux enforcement of controls on the ability to map low memory\nis determined by the mmap_min_addr tunable. This patch causes SELinux to\nignore the tunable and instead use a seperate Kconfig option specific to how\nmuch space the LSM should protect.\n\nThe tunable will now only control the need for CAP_SYS_RAWIO and SELinux\npermissions will always protect the amount of low memory designated by\nCONFIG_LSM_MMAP_MIN_ADDR.\n\nThis allows users who need to disable the mmap_min_addr controls (usual reason\nbeing they run WINE as a non-root user) to do so and still have SELinux\ncontrols preventing confined domains (like a web server) from being able to\nmap some area of low memory.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "84336d1a77ccd2c06a730ddd38e695c2324a7386", "tree": "9eeb414eff58e5b7165daa36c2ce3c2e7422632b", "parents": [ "7c73875e7dda627040b12c19b01db634fa7f0fd1" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:54:05 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 06 09:02:21 2009 +1000" }, "message": "SELinux: call cap_file_mmap in selinux_file_mmap\n\nCurrently SELinux does not check CAP_SYS_RAWIO in the file_mmap hook. This\nmeans there is no DAC check on the ability to mmap low addresses in the\nmemory space. This function adds the DAC check for CAP_SYS_RAWIO while\nmaintaining the selinux check on mmap_zero. This means that processes\nwhich need to mmap low memory will need CAP_SYS_RAWIO and mmap_zero but will\nNOT need the SELinux sys_rawio capability.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5bb459bb45d1ad3c177485dcf0af01580aa31125", "tree": "fd6d11d424d222b97f56d8b870bdecbacaab8a17", "parents": [ "d2e3ee9b29f5de5b01e611b04e6fb29760589b01" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Fri Jul 10 03:48:23 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jul 17 09:10:42 2009 +1000" }, "message": "kernel: rename is_single_threaded(task) to current_is_single_threaded(void)\n\n- is_single_threaded(task) is not safe unless task \u003d\u003d current,\n we can\u0027t use task-\u003esignal or task-\u003emm.\n\n- it doesn\u0027t make sense unless task \u003d\u003d current, the task can\n fork right after the check.\n\nRename it to current_is_single_threaded() and kill the argument.\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "be940d6279c30a2d7c4e8d1d5435f957f594d66d", "tree": "965805d563cb756879fd3595230c3ca205da76d1", "parents": [ "b3a633c8527ef155b1a4e22e8f5abc58f7af54c9" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 13 10:39:36 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 13 10:39:36 2009 +1000" }, "message": "Revert \"SELinux: Convert avc_audit to use lsm_audit.h\"\n\nThis reverts commit 8113a8d80f4c6a3dc3724b39b470f3fee9c426b6.\n\nThe patch causes a stack overflow on my system during boot.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8113a8d80f4c6a3dc3724b39b470f3fee9c426b6", "tree": "27eb775108daaff8390ad564010a9f2fbd5187a2", "parents": [ "65c3f0a2d0f72d210c879e4974c2d222b7951321" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Fri Jul 10 10:31:04 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 13 07:54:48 2009 +1000" }, "message": "SELinux: Convert avc_audit to use lsm_audit.h\n\nConvert avc_audit in security/selinux/avc.c to use lsm_audit.h,\nfor better maintainability and for less code duplication.\n\n - changed selinux to use common_audit_data instead of\n avc_audit_data\n - eliminated code in avc.c and used code from lsm_audit.h instead.\n\nI have tested to make sure that the avcs look the same before and\nafter this patch.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "89c86576ecde504da1eeb4f4882b2189ac2f9c4a", "tree": "94674a48becd9cfde298e9fe6b58db8da28fe238", "parents": [ "a893a84e8799270fbec5c3708d001650aab47138" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Wed Jun 24 17:58:05 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 25 08:29:16 2009 +1000" }, "message": "selinux: clean up avc node cache when disabling selinux\n\nAdded a call to free the avc_node_cache when inside selinux_disable because\nit should not waste resources allocated during avc_init if SELinux is disabled\nand the cache will never be used.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9e48858f7d36a6a3849f1d1b40c3bf5624b4ee7c", "tree": "5d8fe586c5b1bbab36acc3b76b2b4dd1bc538968", "parents": [ "86abcf9cebf7b5ceb33facde297face5ec4d2260" ], "author": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Thu May 07 19:26:19 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 25 00:18:05 2009 +1000" }, "message": "security: rename ptrace_may_access \u003d\u003e ptrace_access_check\n\nThe -\u003eptrace_may_access() methods are named confusingly - the real\nptrace_may_access() returns a bool, while these security checks have\na retval convention.\n\nRename it to ptrace_access_check, to reduce the confusion factor.\n\n[ Impact: cleanup, no code changed ]\n\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "20dda18be9035c487c2e9534e4d18d2a1e1deade", "tree": "5d50d2727e1495ccd8fa2a2340332f25c290670c", "parents": [ "56f8c9bc410deb55f21698e6a0d59f559ae1d794" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Jun 22 14:54:53 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jun 23 08:19:58 2009 +1000" }, "message": "selinux: restore optimization to selinux_file_permission\n\nRestore the optimization to skip revalidation in selinux_file_permission\nif nothing has changed since the dentry_open checks, accidentally removed by\n389fb800. Also remove redundant test from selinux_revalidate_file_permission.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d905163c5b23f6d8511971e06081a1b525e8a0bd", "tree": "f76918c1be802ec068d37763466f5518efdb690e", "parents": [ "44c2d9bdd7022ca7d240d5adc009296fc1c6ce08", "0732f87761dbe417cb6e084b712d07e879e876ef" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 19 08:20:55 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 19 08:20:55 2009 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "44c2d9bdd7022ca7d240d5adc009296fc1c6ce08", "tree": "33115ee8d7e167d2a26558c2af8e0edfdca099d5", "parents": [ "caabbdc07df4249f2ed516b2c3e2d6b0973bcbb3" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Thu Jun 18 17:26:13 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 19 00:12:28 2009 +1000" }, "message": "Add audit messages on type boundary violations\n\nThe attached patch adds support to generate audit messages on two cases.\n\nThe first one is a case when a multi-thread process tries to switch its\nperforming security context using setcon(3), but new security context is\nnot bounded by the old one.\n\n type\u003dSELINUX_ERR msg\u003daudit(1245311998.599:17): \\\n op\u003dsecurity_bounded_transition result\u003ddenied \\\n oldcontext\u003dsystem_u:system_r:httpd_t:s0 \\\n newcontext\u003dsystem_u:system_r:guest_webapp_t:s0\n\nThe other one is a case when security_compute_av() masked any permissions\ndue to the type boundary violation.\n\n type\u003dSELINUX_ERR msg\u003daudit(1245312836.035:32):\t\\\n op\u003dsecurity_compute_av reason\u003dbounds \\\n scontext\u003dsystem_u:object_r:user_webapp_t:s0 \\\n tcontext\u003dsystem_u:object_r:shadow_t:s0:c0 \\\n tclass\u003dfile perms\u003dgetattr,open\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "caabbdc07df4249f2ed516b2c3e2d6b0973bcbb3", "tree": "73e59a2c516edb4620b4e734eb7167651c466360", "parents": [ "991ec02cdca33b03a132a0cacfe6f0aa0be9aa8d" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Thu Jun 18 17:30:07 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 18 21:53:44 2009 +1000" }, "message": "cleanup in ss/services.c\n\nIt is a cleanup patch to cut down a line within 80 columns.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\n--\n security/selinux/ss/services.c | 6 +++---\n 1 files changed, 3 insertions(+), 3 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9cbc1cb8cd46ce1f7645b9de249b2ce8460129bb", "tree": "8d104ec2a459346b99413b0b77421ca7b9936c1a", "parents": [ "ca44d6e60f9de26281fda203f58b570e1748c015", "45e3e1935e2857c54783291107d33323b3ef33c8" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jun 15 03:02:23 2009 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jun 15 03:02:23 2009 -0700" }, "message": "Merge branch \u0027master\u0027 of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6\n\nConflicts:\n\tDocumentation/feature-removal-schedule.txt\n\tdrivers/scsi/fcoe/fcoe.c\n\tnet/core/drop_monitor.c\n\tnet/core/net-traces.c\n" }, { "commit": "adf30907d63893e4208dfe3f5c88ae12bc2f25d5", "tree": "0f07542bb95de2ad537540868aba6cf87a86e17d", "parents": [ "511c3f92ad5b6d9f8f6464be1b4f85f0422be91a" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Tue Jun 02 05:19:30 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Jun 03 02:51:04 2009 -0700" }, "message": "net: skb-\u003edst accessors\n\nDefine three accessors to get/set dst attached to a skb\n\nstruct dst_entry *skb_dst(const struct sk_buff *skb)\n\nvoid skb_dst_set(struct sk_buff *skb, struct dst_entry *dst)\n\nvoid skb_dst_drop(struct sk_buff *skb)\nThis one should replace occurrences of :\ndst_release(skb-\u003edst)\nskb-\u003edst \u003d NULL;\n\nDelete skb-\u003edst field\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "850b0cee165576f969363a8c52021b5cf9ecbe67", "tree": "47d8da2840492950b89a8a1a597c8c18b7cccff8", "parents": [ "fe67e6f2d6df371b58ba721954d45a196df5e8b8" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jun 02 17:01:16 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 03 07:44:53 2009 +1000" }, "message": "SELinux: define audit permissions for audit tree netlink messages\n\nAudit trees defined 2 new netlink messages but the netlink mapping tables for\nselinux permissions were not set up. This patch maps these 2 new operations\nto AUDIT_WRITE.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c5642f4bbae30122beb696e723f6da273caa570e", "tree": "caf9da5048c6083df90d97d7612d761840fdfbcf", "parents": [ "75834fc3b6fcff00327f5d2a18760c1e8e0179c5" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Tue May 19 09:02:23 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 19 23:56:11 2009 +1000" }, "message": "selinux: remove obsolete read buffer limit from sel_read_bool\n\nOn Tue, 2009-05-19 at 00:05 -0400, Eamon Walsh wrote:\n\u003e Recent versions of coreutils have bumped the read buffer size from 4K to\n\u003e 32K in several of the utilities.\n\u003e\n\u003e This means that \"cat /selinux/booleans/xserver_object_manager\" no longer\n\u003e works, it returns \"Invalid argument\" on F11. getsebool works fine.\n\u003e\n\u003e sel_read_bool has a check for \"count \u003e PAGE_SIZE\" that doesn\u0027t seem to\n\u003e be present in the other read functions. Maybe it could be removed?\n\nYes, that check is obsoleted by the conversion of those functions to\nusing simple_read_from_buffer(), which will reduce count if necessary to\nwhat is available in the buffer.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "75834fc3b6fcff00327f5d2a18760c1e8e0179c5", "tree": "28b1085d2aa76517024709d2f077fdc41aeec4c2", "parents": [ "c3d20103d08e5c0b6738fbd0acf3ca004e5356c5" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon May 18 10:26:10 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 19 08:19:00 2009 +1000" }, "message": "SELinux: move SELINUX_MAGIC into magic.h\n\nThe selinuxfs superblock magic is used inside the IMA code, but is being\ndefined in two places and could someday get out of sync. This patch moves the\ndeclaration into magic.h so it is only done once.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d254117099d711f215e62427f55dfb8ebd5ad011", "tree": "0848ff8dd74314fec14a86497f8d288c86ba7c65", "parents": [ "07ff7a0b187f3951788f64ae1f30e8109bc8e9eb", "8c9ed899b44c19e81859fbb0e9d659fe2f8630fc" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 08 17:56:47 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 08 17:56:47 2009 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "65c90bca0dba56f60dc4ce2a529140c3cc440f22", "tree": "fd8f5e6338f04ba47fe91de1303b92a22da78daf", "parents": [ "091438dd5668396328a3419abcbc6591159eb8d1" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon May 04 15:43:18 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 05 08:31:03 2009 +1000" }, "message": "selinux: Fix send_sigiotask hook\n\nThe CRED patch incorrectly converted the SELinux send_sigiotask hook to\nuse the current task SID rather than the target task SID in its\npermission check, yielding the wrong permission check. This fixes the\nhook function. Detected by the ltp selinux testsuite and confirmed to\ncorrect the test failure.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ecd6de3c88e8cbcad175b2eab48ba05c2014f7b6", "tree": "ab9257bbe3f3bc9379cf0d252110f9abffba7751", "parents": [ "3bcac0263f0b45e67a64034ebcb69eb9abb742f4" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Wed Apr 29 16:02:24 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 30 09:08:48 2009 +1000" }, "message": "selinux: selinux_bprm_committed_creds() should wake up -\u003ereal_parent, not -\u003eparent.\n\nWe shouldn\u0027t worry about the tracer if current is ptraced, exec() must not\nsucceed if the tracer has no rights to trace this task after cred changing.\nBut we should notify -\u003ereal_parent which is, well, real parent.\n\nAlso, we don\u0027t need _irq to take tasklist, and we don\u0027t need parent\u0027s\n-\u003esiglock to wake_up_interruptible(real_parent-\u003esignal-\u003ewait_chldexit).\nSince we hold tasklist, real_parent-\u003esignal must be stable. Otherwise\nspin_lock(siglock) is not safe too and can\u0027t help anyway.\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3bcac0263f0b45e67a64034ebcb69eb9abb742f4", "tree": "33f4db08edaa12e1c20df348e2fa28c7c2198ebe", "parents": [ "88c48db9788862d0290831d081bc3c64e13b592f" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Apr 29 13:45:05 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 30 09:07:13 2009 +1000" }, "message": "SELinux: Don\u0027t flush inherited SIGKILL during execve()\n\nDon\u0027t flush inherited SIGKILL during execve() in SELinux\u0027s post cred commit\nhook. This isn\u0027t really a security problem: if the SIGKILL came before the\ncredentials were changed, then we were right to receive it at the time, and\nshould honour it; if it came after the creds were changed, then we definitely\nshould honour it; and in any case, all that will happen is that the process\nwill be scrapped before it ever returns to userspace.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "88c48db9788862d0290831d081bc3c64e13b592f", "tree": "5d0e0aedd2c5c0ea8db4007cac66f930ddbe73d7", "parents": [ "19e4529ee7345079eeacc8e40cf69a304a64dc23" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 29 14:00:25 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 30 08:45:56 2009 +1000" }, "message": "SELinux: drop secondary_ops-\u003esysctl\n\nWe are still calling secondary_ops-\u003esysctl even though the capabilities\nmodule does not define a sysctl operation.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8a6f83afd0c5355db6d11394a798e94950306239", "tree": "f7cb84de87f67eeba0dd68681907696f8a5774d1", "parents": [ "c31f403de62415c738ddc9e673cf8e722c82f861" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Wed Apr 01 10:07:57 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 02 09:23:45 2009 +1100" }, "message": "Permissive domain in userspace object manager\n\nThis patch enables applications to handle permissive domain correctly.\n\nSince the v2.6.26 kernel, SELinux has supported an idea of permissive\ndomain which allows certain processes to work as if permissive mode,\neven if the global setting is enforcing mode.\nHowever, we don\u0027t have an application program interface to inform\nwhat domains are permissive one, and what domains are not.\nIt means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL\nand so on) cannot handle permissive domain correctly.\n\nThis patch add the sixth field (flags) on the reply of the /selinux/access\ninterface which is used to make an access control decision from userspace.\nIf the first bit of the flags field is positive, it means the required\naccess control decision is on permissive domain, so application should\nallow any required actions, as the kernel doing.\n\nThis patch also has a side benefit. The av_decision.flags is set at\ncontext_struct_compute_av(). It enables to check required permissions\nwithout read_lock(\u0026policy_rwlock).\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n--\n security/selinux/avc.c | 2 +-\n security/selinux/include/security.h | 4 +++-\n security/selinux/selinuxfs.c | 4 ++--\n security/selinux/ss/services.c | 30 +++++-------------------------\n 4 files changed, 11 insertions(+), 29 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "58bfbb51ff2b0fdc6c732ff3d72f50aa632b67a2", "tree": "41132587adbb6816b56b9d28105826b8ef0fd7b9", "parents": [ "389fb800ac8be2832efedd19978a2b8ced37eb61" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Mar 27 17:10:41 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Mar 28 15:01:37 2009 +1100" }, "message": "selinux: Remove the \"compat_net\" compatibility code\n\nThe SELinux \"compat_net\" is marked as deprecated, the time has come to\nfinally remove it from the kernel. Further code simplifications are\nlikely in the future, but this patch was intended to be a simple,\nstraight-up removal of the compat_net code.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "389fb800ac8be2832efedd19978a2b8ced37eb61", "tree": "fa0bc16050dfb491aa05f76b54fa4c167de96376", "parents": [ "284904aa79466a4736f4c775fdbe5c7407fa136c" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Mar 27 17:10:34 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Mar 28 15:01:36 2009 +1100" }, "message": "netlabel: Label incoming TCP connections correctly in SELinux\n\nThe current NetLabel/SELinux behavior for incoming TCP connections works but\nonly through a series of happy coincidences that rely on the limited nature of\nstandard CIPSO (only able to convey MLS attributes) and the write equality\nimposed by the SELinux MLS constraints. The problem is that network sockets\ncreated as the result of an incoming TCP connection were not on-the-wire\nlabeled based on the security attributes of the parent socket but rather based\non the wire label of the remote peer. The issue had to do with how IP options\nwere managed as part of the network stack and where the LSM hooks were in\nrelation to the code which set the IP options on these newly created child\nsockets. While NetLabel/SELinux did correctly set the socket\u0027s on-the-wire\nlabel it was promptly cleared by the network stack and reset based on the IP\noptions of the remote peer.\n\nThis patch, in conjunction with a prior patch that adjusted the LSM hook\nlocations, works to set the correct on-the-wire label format for new incoming\nconnections through the security_inet_conn_request() hook. Besides the\ncorrect behavior there are many advantages to this change, the most significant\nis that all of the NetLabel socket labeling code in SELinux now lives in hooks\nwhich can return error codes to the core stack which allows us to finally get\nride of the selinux_netlbl_inode_permission() logic which greatly simplfies\nthe NetLabel/SELinux glue code. In the process of developing this patch I\nalso ran into a small handful of AF_INET6 cleanliness issues that have been\nfixed which should make the code safer and easier to extend in the future.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "703a3cd72817e99201cef84a8a7aecc60b2b3581", "tree": "3e943755178ff410694722bb031f523136fbc432", "parents": [ "df7f54c012b92ec93d56b68547351dcdf8a163d3", "8e0ee43bc2c3e19db56a4adaa9a9b04ce885cd84" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 24 10:52:46 2009 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 24 10:52:46 2009 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "df7f54c012b92ec93d56b68547351dcdf8a163d3", "tree": "07039542feca94d4d467c430521319950819a4e1", "parents": [ "dd34b5d75a0405814a3de83f02a44ac297e81629" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Mar 09 14:35:58 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 10 08:40:02 2009 +1100" }, "message": "SELinux: inode_doinit_with_dentry drop no dentry printk\n\nDrop the printk message when an inode is found without an associated\ndentry. This should only happen when userspace can\u0027t be accessing those\ninodes and those labels will get set correctly on the next d_instantiate.\nThus there is no reason to send this message.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dd34b5d75a0405814a3de83f02a44ac297e81629", "tree": "f24939a7b7f6b33c44939ee4022d7e95b3f670b6", "parents": [ "6a25b27d602aac24f3c642722377ba5d778417ec" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 05 13:43:35 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Mar 06 08:50:21 2009 +1100" }, "message": "SELinux: new permission between tty audit and audit socket\n\nNew selinux permission to separate the ability to turn on tty auditing from\nthe ability to set audit rules.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6a25b27d602aac24f3c642722377ba5d778417ec", "tree": "ba334617326c65ccd98e7f4733c75fa0ac2ae5ca", "parents": [ "113a0e4590881ce579ca992a80ddc562b3372ede" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 05 13:40:35 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Mar 06 08:50:18 2009 +1100" }, "message": "SELinux: open perm for sock files\n\nWhen I did open permissions I didn\u0027t think any sockets would have an open.\nTurns out AF_UNIX sockets can have an open when they are bound to the\nfilesystem namespace. This patch adds a new SOCK_FILE__OPEN permission.\nIt\u0027s safe to add this as the open perms are already predicated on\ncapabilities and capabilities means we have unknown perm handling so\nsystems should be as backwards compatible as the policy wants them to\nbe.\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id\u003d475224\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d7f59dc4642ce2fc7b79fcd4ec02ffce7f21eb02", "tree": "1557550ed6478a38cc04ad480a5977580d97b5cd", "parents": [ "778ef1e6cbb049c9bcbf405936ee6f2b6e451892" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Feb 27 15:00:03 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Mar 02 09:30:04 2009 +1100" }, "message": "selinux: Fix a panic in selinux_netlbl_inode_permission()\n\nRick McNeal from LSI identified a panic in selinux_netlbl_inode_permission()\ncaused by a certain sequence of SUNRPC operations. The problem appears to be\ndue to the lack of NULL pointer checking in the function; this patch adds the\npointer checks so the function will exit safely in the cases where the socket\nis not completely initialized.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "09c50b4a52c01a1f450b8eec819089e228655bfb", "tree": "d97bcaf9544e58a8a6bc6aeb40ca9793411d3e79", "parents": [ "586c25003707067f074043d80fb2071671c58db0" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Feb 20 16:33:02 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 23 10:05:55 2009 +1100" }, "message": "selinux: Fix the NetLabel glue code for setsockopt()\n\nAt some point we (okay, I) managed to break the ability for users to use the\nsetsockopt() syscall to set IPv4 options when NetLabel was not active on the\nsocket in question. The problem was noticed by someone trying to use the\n\"-R\" (record route) option of ping:\n\n # ping -R 10.0.0.1\n ping: record route: No message of desired type\n\nThe solution is relatively simple, we catch the unlabeled socket case and\nclear the error code, allowing the operation to succeed. Please note that we\nstill deny users the ability to override IPv4 options on socket\u0027s which have\nNetLabel labeling active; this is done to ensure the labeling remains intact.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "26036651c562609d1f52d181f9d2cccbf89929b1", "tree": "db68ab98d574d6763f562ac87cc7810385496f22", "parents": [ "edf3d1aecd0d608acbd561b0c527e1d41abcb657" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:51:04 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:23:48 2009 +1100" }, "message": "SELinux: convert the avc cache hash list to an hlist\n\nWe do not need O(1) access to the tail of the avc cache lists and so we are\nwasting lots of space using struct list_head instead of struct hlist_head.\nThis patch converts the avc cache to use hlists in which there is a single\npointer from the head which saves us about 4k of global memory.\n\nResulted in about a 1.5% decrease in time spent in avc_has_perm_noaudit based\non oprofile sampling of tbench. Although likely within the noise....\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "edf3d1aecd0d608acbd561b0c527e1d41abcb657" }