)]}' { "log": [ { "commit": "2d8f30380ab8c706f4e0a8f1aaa22b5886e9ac8a", "tree": "b798097fd831eab39f35c8c2e5a8ccfd7a850ef5", "parents": [ "256984a83880ff7ac78055cb87baea48137f0b77" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 22 09:59:21 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 26 20:53:34 2008 -0400" }, "message": "[PATCH] sanitize __user_walk_fd() et.al.\n\n* do not pass nameidata; struct path is all the callers want.\n* switch to new helpers:\n\tuser_path_at(dfd, pathname, flags, \u0026path)\n\tuser_path(pathname, \u0026path)\n\tuser_lpath(pathname, \u0026path)\n\tuser_path_dir(pathname, \u0026path) (fail if not a directory)\n The last 3 are trivial macro wrappers for the first one.\n* remove nameidata in callers.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f419a2e3b64def707e1384ee38abb77f99af5f6d", "tree": "adbe12c510f04cf25ca6f822ee8004c8679a3a63", "parents": [ "30524472c2f728c20d6bf35191042a5d455c0a64" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 22 00:07:17 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 26 20:53:31 2008 -0400" }, "message": "[PATCH] kill nameidata passing to permission(), rename to inode_permission()\n\nIncidentally, the name that gives hundreds of false positives on grep\nis not a good idea...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "8f0cfa52a1d4ffacd8e7de906d19662f5da58d58", "tree": "2aa82e3682e75330d9b5d601855e3af3c57c03d8", "parents": [ "7ec02ef1596bb3c829a7e8b65ebf13b87faf1819" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Apr 29 00:59:41 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:06 2008 -0700" }, "message": "xattr: add missing consts to function arguments\n\nAdd missing consts to xattr function arguments.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "934b25c597c0e98304a7eaec198a87e4633a42bb", "tree": "8a7cac4f818e8fb4e835be3afeabf52fb4eaa94e", "parents": [ "94bc891b00e40cbec375feb4568780af183fd7f4" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Apr 23 00:04:04 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Apr 23 00:04:04 2008 -0400" }, "message": "[PATCH] remove unused label in xattr.c (noise from ro-bind)\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "18f335aff86913de3c76f88d32c8135c1da62ce6", "tree": "bf541547b9774137a161d200bace04ad152e80e3", "parents": [ "9079b1eb1753f217c3de9f1b7dd7fd549cc3f0cf" ], "author": { "name": "Dave Hansen", "email": "haveblue@us.ibm.com", "time": "Fri Feb 15 14:37:38 2008 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Apr 19 00:29:15 2008 -0400" }, "message": "[PATCH] r/o bind mounts: elevate write count for xattr_permission() callers\n\nThis basically audits the callers of xattr_permission(), which calls\npermission() and can perform writes to the filesystem.\n\n[AV: add missing parts - removexattr() and nfsd posix acls, plug for a leak\nspotted by Miklos]\n\nAcked-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1d957f9bf87da74f420424d16ece005202bbebd3", "tree": "363d4770c0c74a536524c99ccd2762ce96ee9bbe", "parents": [ "4ac9137858e08a19f29feac4e1f4df7c268b0ba5" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:34:35 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:13:33 2008 -0800" }, "message": "Introduce path_put()\n\n* Add path_put() functions for releasing a reference to the dentry and\n vfsmount of a struct path in the right order\n\n* Switch from path_release(nd) to path_put(\u0026nd-\u003epath)\n\n* Rename dput_path() to path_put_conditional()\n\n[akpm@linux-foundation.org: fix cifs]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nSigned-off-by: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@lst.de\u003e\nCc: \u003clinux-fsdevel@vger.kernel.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Steven French \u003csfrench@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4ac9137858e08a19f29feac4e1f4df7c268b0ba5", "tree": "f5b5d84fd12fcc2b0ba0e7ce1a79ff381ad8f5dd", "parents": [ "c5e725f33b733a77de622e91b6ba5645fcf070be" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:34:32 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:13:33 2008 -0800" }, "message": "Embed a struct path into struct nameidata instead of nd-\u003e{dentry,mnt}\n\nThis is the central patch of a cleanup series. In most cases there is no good\nreason why someone would want to use a dentry for itself. This series reflects\nthat fact and embeds a struct path into nameidata.\n\nTogether with the other patches of this series\n- it enforced the correct order of getting/releasing the reference count on\n \u003cdentry,vfsmount\u003e pairs\n- it prepares the VFS for stacking support since it is essential to have a\n struct path in every place where the stack can be traversed\n- it reduces the overall code size:\n\nwithout patch series:\n text data bss dec hex filename\n5321639 858418 715768 6895825 6938d1 vmlinux\n\nwith patch series:\n text data bss dec hex filename\n5320026 858418 715768 6894212 693284 vmlinux\n\nThis patch:\n\nSwitch from nd-\u003e{dentry,mnt} to nd-\u003epath.{dentry,mnt} everywhere.\n\n[akpm@linux-foundation.org: coding-style fixes]\n[akpm@linux-foundation.org: fix cifs]\n[akpm@linux-foundation.org: fix smack]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nSigned-off-by: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4bea58053f206be9a89ca35850f9ad295dac2042", "tree": "50df31f6b7e8d38ac0988a523e331babb6462216", "parents": [ "42492594043d621a7910ff5877c3eb9202870b45" ], "author": { "name": "David P. Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Mon Feb 04 22:29:40 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "VFS: Reorder vfs_getxattr to avoid unnecessary calls to the LSM\n\nOriginally vfs_getxattr would pull the security xattr variable using\nthe inode getxattr handle and then proceed to clobber it with a subsequent call\nto the LSM.\n\nThis patch reorders the two operations such that when the xattr requested is\nin the security namespace it first attempts to grab the value from the LSM\ndirectly.\n\nIf it fails to obtain the value because there is no module present or the\nmodule does not support the operation it will fall back to using the inode\ngetxattr operation.\n\nIn the event that both are inaccessible it returns EOPNOTSUPP.\n\nSigned-off-by: David P. Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "42492594043d621a7910ff5877c3eb9202870b45", "tree": "9188d112c019a189606847dc1d90ccc63c1bacf2", "parents": [ "3729145821e3088a0c3c4183037fde356204bf97" ], "author": { "name": "David P. Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Mon Feb 04 22:29:39 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "VFS/Security: Rework inode_getsecurity and callers to return resulting buffer\n\nThis patch modifies the interface to inode_getsecurity to have the function\nreturn a buffer containing the security blob and its length via parameters\ninstead of relying on the calling function to give it an appropriately sized\nbuffer.\n\nSecurity blobs obtained with this function should be freed using the\nrelease_secctx LSM hook. This alleviates the problem of the caller having to\nguess a length and preallocate a buffer for this function allowing it to be\nused elsewhere for Labeled NFS.\n\nThe patch also removed the unused err parameter. The conversion is similar to\nthe one performed by Al Viro for the security_getprocattr hook.\n\nSigned-off-by: David P. Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5a190ae69766da9a34bf31200c5cea4c0667cf94", "tree": "340c500fe42518abe6d1159a00619b1bd02f07fc", "parents": [ "cfa76f024f7c9e65169425804e5b32e71f66d0ee" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jun 07 12:19:32 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Oct 21 02:37:18 2007 -0400" }, "message": "[PATCH] pass dentry to audit_inode()/audit_inode_child()\n\nmakes caller simpler *and* allows to scan ancestors\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3bd858ab1c451725c07a805dcb315215dc85b86e", "tree": "5d49c4300e350d64fd81eb3230b81f754117e0c1", "parents": [ "49c13b51a15f1ba9f6d47e26e4a3886c4f3931e2" ], "author": { "name": "Satyam Sharma", "email": "ssatyam@cse.iitk.ac.in", "time": "Tue Jul 17 15:00:08 2007 +0530" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Jul 17 12:00:03 2007 -0700" }, "message": "Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check\n\nIntroduce is_owner_or_cap() macro in fs.h, and convert over relevant\nusers to it. This is done because we want to avoid bugs in the future\nwhere we check for only effective fsuid of the current task against a\nfile\u0027s owning uid, without simultaneously checking for CAP_FOWNER as\nwell, thus violating its semantics.\n[ XFS uses special macros and structures, and in general looked ...\nuntouchable, so we leave it alone -- but it has been looked over. ]\n\nThe (current-\u003efsuid !\u003d inode-\u003ei_uid) check in generic_permission() and\nexec_permission_lite() is left alone, because those operations are\ncovered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH. Similarly operations\nfalling under the purview of CAP_CHOWN and CAP_LEASE are also left alone.\n\nSigned-off-by: Satyam Sharma \u003cssatyam@cse.iitk.ac.in\u003e\nCc: Al Viro \u003cviro@ftp.linux.org.uk\u003e\nAcked-by: Serge E. Hallyn \u003cserge@hallyn.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "510f4006e7a82b37b53c17bbe64ec20f3a59302b", "tree": "928792618c3719378d99fe0365806ef0df4414a8", "parents": [ "e41e8bde43026d5d2e41464e6105a50b31e34102" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Tue Feb 13 14:14:41 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:26 2007 -0400" }, "message": "[PATCH] audit inode for all xattr syscalls\n\nCollect inode info for the remaining xattr syscalls that operate on a file\ndescriptor. These don\u0027t call a path_lookup variant, so they aren\u0027t covered by\nthe general audit hook.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e63340ae6b6205fef26b40a75673d1c9c0c8bb90", "tree": "8d3212705515edec73c3936bb9e23c71d34a7b41", "parents": [ "04c9167f91e309c9c4ea982992aa08e83b2eb42e" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Tue May 08 00:28:08 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue May 08 11:15:07 2007 -0700" }, "message": "header cleaning: don\u0027t include smp_lock.h when not used\n\nRemove includes of \u003clinux/smp_lock.h\u003e where it is not used/needed.\nSuggested by Al Viro.\n\nBuilds cleanly on x86_64, i386, alpha, ia64, powerpc, sparc,\nsparc64, and arm (all 59 defconfigs).\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0f7fc9e4d03987fe29f6dd4aa67e4c56eb7ecb05", "tree": "51763269e44eb9bf4d0f8c529577489902850cf9", "parents": [ "b65d34fd465f19fbe2f32f2205a9a06ca7c2bdeb" ], "author": { "name": "Josef \"Jeff\" Sipek", "email": "jsipek@cs.sunysb.edu", "time": "Fri Dec 08 02:36:35 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:41 2006 -0800" }, "message": "[PATCH] VFS: change struct file to use struct path\n\nThis patch changes struct file to use struct path instead of having\nindependent pointers to struct dentry and struct vfsmount, and converts all\nusers of f_{dentry,vfsmnt} in fs/ to use f_path.{dentry,mnt}.\n\nAdditionally, it adds two #define\u0027s to make the transition easier for users of\nthe f_dentry and f_vfsmnt.\n\nSigned-off-by: Josef \"Jeff\" Sipek \u003cjsipek@cs.sunysb.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "f1f2d8713d16a1e198880bbc716eb24fae09c858", "tree": "1782ba01540c329481d995e87b80d45047ea4a9c", "parents": [ "8ce08464d2c749610a52c4d6c7c11080a7eaaef1" ], "author": { "name": "Andreas Gruenbacher", "email": "agruen@suse.de", "time": "Thu Nov 02 22:07:29 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Nov 03 12:27:59 2006 -0800" }, "message": "[PATCH] Fix user.* xattr permission check for sticky dirs\n\nThe user.* extended attributes are only allowed on regular files and\ndirectories. Sticky directories further restrict write access to the owner\nand privileged users. (See the attr(5) man page for an explanation.)\n\nThe original check in ext2/ext3 when user.* xattrs were merged was more\nrestrictive than intended, and when the xattr permission checks were moved\ninto the VFS, read access to user.* attributes on sticky directores ended\nup being denied in addition.\n\nOriginally-from: Gerard Neil \u003cxyzzy@devferret.org\u003e\nSigned-off-by: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nCc: Dave Kleikamp \u003cshaggy@austin.ibm.com\u003e\nCc: Jan Engelhardt \u003cjengelh@linux01.gwdg.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "659564c8adfe1765476beee8d55cd18986946892", "tree": "8ddef1e06257449b4ca6ca83fc80867771a6f5a4", "parents": [ "e069d79d23739977800c3b8495853b735f77ef30" ], "author": { "name": "Bill Nottingham", "email": "notting@redhat.com", "time": "Mon Oct 09 16:10:48 2006 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Oct 09 14:20:38 2006 -0700" }, "message": "[PATCH] Introduce vfs_listxattr\n\nThis patch moves code out of fs/xattr.c:listxattr into a new function -\nvfs_listxattr. The code for vfs_listxattr was originally submitted by Bill\nNottingham \u003cnotting@redhat.com\u003e to Unionfs.\n\nSorry about that. The reason for this submission is to make the\nlistxattr code in fs/xattr.c a little cleaner (as well as to clean up\nsome code in Unionfs.)\n\nCurrently, Unionfs has vfs_listxattr defined in its code. I think\nthat\u0027s very ugly, and I\u0027d like to see it (re)moved. The logical place\nto put it, is along side of all the other vfs_*xattr functions.\n\nOverall, I think this patch is benefitial for both kernel.org kernel and\nUnionfs.\n\nSigned-off-by: Josef \"Jeff\" Sipek \u003cjsipek@cs.sunysb.edu\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9c937dcc71021f2dbf78f904f03d962dd9bcc130", "tree": "6ab53c1cf1235515307d521cecc4f76afa34e137", "parents": [ "6a2bceec0ea7fdc47aef9a3f2f771c201eaabe5d" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Jun 08 23:19:31 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:28 2006 -0400" }, "message": "[PATCH] log more info for directory entry change events\n\nWhen an audit event involves changes to a directory entry, include\na PATH record for the directory itself. A few other notable changes:\n\n - fixed audit_inode_child() hooks in fsnotify_move()\n - removed unused flags arg from audit_inode()\n - added audit log routines for logging a portion of a string\n\nHere\u0027s some sample output.\n\nbefore patch:\ntype\u003dSYSCALL msg\u003daudit(1149821605.320:26): arch\u003d40000003 syscall\u003d39 success\u003dyes exit\u003d0 a0\u003dbf8d3c7c a1\u003d1ff a2\u003d804e1b8 a3\u003dbf8d3c7c items\u003d1 ppid\u003d739 pid\u003d800 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dttyS0 comm\u003d\"mkdir\" exe\u003d\"/bin/mkdir\" subj\u003droot:system_r:unconfined_t:s0-s0:c0.c255\ntype\u003dCWD msg\u003daudit(1149821605.320:26): cwd\u003d\"/root\"\ntype\u003dPATH msg\u003daudit(1149821605.320:26): item\u003d0 name\u003d\"foo\" parent\u003d164068 inode\u003d164010 dev\u003d03:00 mode\u003d040755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_t:s0\n\nafter patch:\ntype\u003dSYSCALL msg\u003daudit(1149822032.332:24): arch\u003d40000003 syscall\u003d39 success\u003dyes exit\u003d0 a0\u003dbfdd9c7c a1\u003d1ff a2\u003d804e1b8 a3\u003dbfdd9c7c items\u003d2 ppid\u003d714 pid\u003d777 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dttyS0 comm\u003d\"mkdir\" exe\u003d\"/bin/mkdir\" subj\u003droot:system_r:unconfined_t:s0-s0:c0.c255\ntype\u003dCWD msg\u003daudit(1149822032.332:24): cwd\u003d\"/root\"\ntype\u003dPATH msg\u003daudit(1149822032.332:24): item\u003d0 name\u003d\"/root\" inode\u003d164068 dev\u003d03:00 mode\u003d040750 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_dir_t:s0\ntype\u003dPATH msg\u003daudit(1149822032.332:24): item\u003d1 name\u003d\"foo\" inode\u003d164010 dev\u003d03:00 mode\u003d040755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_t:s0\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "73241ccca0f7786933f1d31b3d86f2456549953a", "tree": "daa7efabfb7aa2f511a467606786820949e8763e", "parents": [ "f38aa94224c5517a40ba56d453779f70d3229803" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Nov 03 16:00:25 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:53 2006 -0500" }, "message": "[PATCH] Collect more inode information during syscall processing.\n\nThis patch augments the collection of inode info during syscall\nprocessing. It represents part of the functionality that was provided\nby the auditfs patch included in RHEL4.\n\nSpecifically, it:\n\n- Collects information for target inodes created or removed during\n syscalls. Previous code only collects information for the target\n inode\u0027s parent.\n\n- Adds the audit_inode() hook to syscalls that operate on a file\n descriptor (e.g. fchown), enabling audit to do inode filtering for\n these calls.\n\n- Modifies filtering code to check audit context for either an inode #\n or a parent inode # matching a given rule.\n\n- Modifies logging to provide inode # for both parent and child.\n\n- Protect debug info from NULL audit_names.name.\n\n[AV: folded a later typo fix from the same author]\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e0ad7b073eb7317e5afe0385b02dcb1d52a1eedf", "tree": "bd4a424efe77bfb94c74bb6e57dcf0a0ff998969", "parents": [ "5be196e5f925dab2309530fabce69c2e562b9791" ], "author": { "name": "akpm@osdl.org", "email": "akpm@osdl.org", "time": "Mon Jan 09 20:51:56 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jan 10 08:01:29 2006 -0800" }, "message": "[PATCH] move xattr permission checks into the VFS\n\n\r)\n\nFrom: Christoph Hellwig \u003chch@lst.de\u003e\n\nThe xattr code has rather complex permission checks because the rules are very\ndifferent for different attribute namespaces. This patch moves as much as we\ncan into the generic code. Currently all the major disk based filesystems\nduplicate these checks, while many minor filesystems or network filesystems\nlack some or all of them.\n\nTo do this we need defines for the extended attribute names in common code, I\nmoved them up from JFS which had the nicest defintions.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nAcked-by: Dave Kleikamp \u003cshaggy@austin.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "5be196e5f925dab2309530fabce69c2e562b9791", "tree": "4249d808c38b6f13e899ac936585c1fbb48e5b3b", "parents": [ "a7e670d828e85ef9aacb7fa1cd221525c408110f" ], "author": { "name": "Christoph Hellwig", "email": "hch@lst.de", "time": "Mon Jan 09 20:51:55 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jan 10 08:01:29 2006 -0800" }, "message": "[PATCH] add vfs_* helpers for xattr operations\n\nAdd vfs_getxattr, vfs_setxattr and vfs_removexattr helpers for common checks\naround invocation of the xattr methods. NFSD already was missing some of the\nchecks and there will be more soon.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\n\n(James, I haven\u0027t touched selinux yet because it\u0027s doing various odd things\nand I\u0027m not sure how it would interact with the security attribute fallbacks\nyou added. Could you investigate whether it could use vfs_getxattr or if not\nadd a __vfs_getxattr helper to share the bits it is fine with?)\n\nFor NFSv4: instead of just converting it add an nfsd_getxattr helper for the\ncode shared by NFSv2/3 and NFSv4 ACLs. In fact that code isn\u0027t even\nNFS-specific, but I\u0027ll wait for more users to pop up first before moving it to\ncommon code.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nAcked-by: Dave Kleikamp \u003cshaggy@austin.ibm.com\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Neil Brown \u003cneilb@suse.de\u003e\nCc: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1b1dcc1b57a49136f118a0f16367256ff9994a69", "tree": "b0b36d4f41d28c9d6514fb309d33c1a084d6309b", "parents": [ "794ee1baee1c26be40410233e6c20bceb2b03c08" ], "author": { "name": "Jes Sorensen", "email": "jes@sgi.com", "time": "Mon Jan 09 15:59:24 2006 -0800" }, "committer": { "name": "Ingo Molnar", "email": "mingo@hera.kernel.org", "time": "Mon Jan 09 15:59:24 2006 -0800" }, "message": "[PATCH] mutex subsystem, semaphore to mutex: VFS, -\u003ei_sem\n\nThis patch converts the inode semaphore to a mutex. I have tested it on\nXFS and compiled as much as one can consider on an ia64. Anyway your\nluck with it might be different.\n\nModified-by: Ingo Molnar \u003cmingo@elte.hu\u003e\n\n(finished the conversion)\n\nSigned-off-by: Jes Sorensen \u003cjes@sgi.com\u003e\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\n" }, { "commit": "894ec8707ced240b96dc45944790fb35d9a6b03c", "tree": "6498b7f6606027f3a52417431222b7a69c43391d", "parents": [ "c3f5902325d3053986e7359f706581d8f032e72f" ], "author": { "name": "Daniel Drake", "email": "dsd@gentoo.org", "time": "Mon Dec 12 00:37:08 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Dec 12 08:57:42 2005 -0800" }, "message": "[PATCH] Fix listxattr() for generic security attributes\n\nCommit f549d6c18c0e8e6cf1bf0e7a47acc1daf7e2cec1 introduced a generic\nfallback for security xattrs, but appears to include a subtle bug.\n\nGentoo users with kernels with selinux compiled in, and coreutils compiled\nwith acl support, noticed that they could not copy files on tmpfs using\n\u0027cp\u0027.\n\ncp (compiled with acl support) copies the file, lists the extended\nattributes on the old file, copies them all to the new file, and then\nexits. However the listxattr() calls were failing with this odd behaviour:\n\nllistxattr(\"a.out\", (nil), 0) \u003d 17\nllistxattr(\"a.out\", 0x7fffff8c6cb0, 17) \u003d -1 ERANGE (Numerical result out of\nrange)\n\nI believe this is a simple problem in the logic used to check the buffer\nsizes; if the user sends a buffer the exact size of the data, then its ok\n:)\n\nThis change solves the problem.\nMore info can be found at http://bugs.gentoo.org/113138\n\nSigned-off-by: Daniel Drake \u003cdsd@gentoo.org\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "f99d49adf527fa6f7a9c42257fa76bca6b8df1e3", "tree": "41dddbc336016f9dc9557cdb15300de5e599dac1", "parents": [ "6044ec8882c726e325017bd948aa0cd94ad33abc" ], "author": { "name": "Jesper Juhl", "email": "jesper.juhl@gmail.com", "time": "Mon Nov 07 01:01:34 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Nov 07 07:54:06 2005 -0800" }, "message": "[PATCH] kfree cleanup: fs\n\nThis is the fs/ part of the big kfree cleanup patch.\n\nRemove pointless checks for NULL prior to calling kfree() in fs/.\n\nSigned-off-by: Jesper Juhl \u003cjesper.juhl@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "d381d8a9a08cac9824096213069159be17fd2e2f", "tree": "0c19722b8f67c29b7c08c6ab8776a9c146395d03", "parents": [ "89d155ef62e5e0c10e4b37aaa5056f0beafe10e6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sun Oct 30 14:59:22 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:11 2005 -0800" }, "message": "[PATCH] SELinux: canonicalize getxattr()\n\nThis patch allows SELinux to canonicalize the value returned from\ngetxattr() via the security_inode_getsecurity() hook, which is called after\nthe fs level getxattr() function.\n\nThe purpose of this is to allow the in-core security context for an inode\nto override the on-disk value. This could happen in cases such as\nupgrading a system to a different labeling form (e.g. standard SELinux to\nMLS) without needing to do a full relabel of the filesystem.\n\nIn such cases, we want getxattr() to return the canonical security context\nthat the kernel is using rather than what is stored on disk.\n\nThe implementation hooks into the inode_getsecurity(), adding another\nparameter to indicate the result of the preceding fs-level getxattr() call,\nso that SELinux knows whether to compare a value obtained from disk with\nthe kernel value.\n\nWe also now allow getxattr() to work for mountpoint labeled filesystems\n(i.e. mount with option context\u003dfoo_t), as we are able to return the\nkernel value to the user.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "b80068543794864f533163c586be2a1a9880a65d", "tree": "54795bcc0fb0cd3d8bea3a301e74c9049cd0c626", "parents": [ "90563ec4129f14d19f018240d1d3ff5c0e5e6392" ], "author": { "name": "Robert Love", "email": "rml@novell.com", "time": "Tue Sep 06 15:17:16 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Sep 07 16:57:27 2005 -0700" }, "message": "[PATCH] fsnotify: hook on removexattr, too\n\nAdd fsnotify_xattr() hook to removexattr().\n\nSigned-off-by: Robert Love \u003crml@novell.com\u003e\nSigned-off-by: John McCtuchan \u003cttb@tentacle.dhs.org\u003e\nCc: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "f549d6c18c0e8e6cf1bf0e7a47acc1daf7e2cec1", "tree": "40d827736575f2a8c489761599e9a1e5e45005be", "parents": [ "b5bf6c55edf94e9c7fc01724d5b271f78eaf1d3f" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sat Sep 03 15:55:18 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@evo.osdl.org", "time": "Mon Sep 05 00:05:52 2005 -0700" }, "message": "[PATCH] Generic VFS fallback for security xattrs\n\nThis patch modifies the VFS setxattr, getxattr, and listxattr code to fall\nback to the security module for security xattrs if the filesystem does not\nsupport xattrs natively. This allows security modules to export the incore\ninode security label information to userspace even if the filesystem does\nnot provide xattr storage, and eliminates the need to individually patch\nvarious pseudo filesystem types to provide such access. The patch removes\nthe existing xattr code from devpts and tmpfs as it is then no longer\nneeded.\n\nThe patch restructures the code flow slightly to reduce duplication between\nthe normal path and the fallback path, but this should only have one\nuser-visible side effect - a program may get -EACCES rather than\n-EOPNOTSUPP if policy denied access but the filesystem didn\u0027t support the\noperation anyway. Note that the post_setxattr hook call is not needed in\nthe fallback case, as the inode_setsecurity hook call handles the incore\ninode security state update directly. In contrast, we do call fsnotify in\nboth cases.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "0eeca28300df110bd6ed54b31193c83b87921443", "tree": "7db42d8a18d80eca538f5b7d25e0532b8fa38b85", "parents": [ "bd4c625c061c2a38568d0add3478f59172455159" ], "author": { "name": "Robert Love", "email": "rml@novell.com", "time": "Tue Jul 12 17:06:03 2005 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jul 12 20:38:38 2005 -0700" }, "message": "[PATCH] inotify\n\ninotify is intended to correct the deficiencies of dnotify, particularly\nits inability to scale and its terrible user interface:\n\n * dnotify requires the opening of one fd per each directory\n that you intend to watch. This quickly results in too many\n open files and pins removable media, preventing unmount.\n * dnotify is directory-based. You only learn about changes to\n directories. Sure, a change to a file in a directory affects\n the directory, but you are then forced to keep a cache of\n stat structures.\n * dnotify\u0027s interface to user-space is awful. Signals?\n\ninotify provides a more usable, simple, powerful solution to file change\nnotification:\n\n * inotify\u0027s interface is a system call that returns a fd, not SIGIO.\n\t You get a single fd, which is select()-able.\n * inotify has an event that says \"the filesystem that the item\n you were watching is on was unmounted.\"\n * inotify can watch directories or files.\n\nInotify is currently used by Beagle (a desktop search infrastructure),\nGamin (a FAM replacement), and other projects.\n\nSee Documentation/filesystems/inotify.txt.\n\nSigned-off-by: Robert Love \u003crml@novell.com\u003e\nCc: John McCutchan \u003cttb@tentacle.dhs.org\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d", "parents": [], "author": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n" } ] }