)]}' { "log": [ { "commit": "0da939b0058742ad2d8580b7db6b966d0fc72252", "tree": "47cb109fdf97135191bff5db4e3bfc905136bf8b", "parents": [ "4bdec11f560b8f405a011288a50e65b1a81b3654", "d91d40799165b0c84c97e7c71fb8039494ff07dc" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 11 09:26:14 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 11 09:26:14 2008 +1100" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/pcmoore/lblnet-2.6_next into next\n" }, { "commit": "b1edeb102397546438ab4624489c6ccd7b410d97", "tree": "ce7033f678ffe46ec3f517bb2771b9cbb04d62bb", "parents": [ "a8134296ba9940b5b271d908666e532d34430a3c" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:31 2008 -0400" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:31 2008 -0400" }, "message": "netlabel: Replace protocol/NetLabel linking with refrerence counts\n\nNetLabel has always had a list of backpointers in the CIPSO DOI definition\nstructure which pointed to the NetLabel LSM domain mapping structures which\nreferenced the CIPSO DOI struct. The rationale for this was that when an\nadministrator removed a CIPSO DOI from the system all of the associated\nNetLabel LSM domain mappings should be removed as well; a list of\nbackpointers made this a simple operation.\n\nUnfortunately, while the backpointers did make the removal easier they were\na bit of a mess from an implementation point of view which was making\nfurther development difficult. Since the removal of a CIPSO DOI is a\nrealtively rare event it seems to make sense to remove this backpointer\nlist as the optimization was hurting us more then it was helping. However,\nwe still need to be able to track when a CIPSO DOI definition is being used\nso replace the backpointer list with a reference count. In order to\npreserve the current functionality of removing the associated LSM domain\nmappings when a CIPSO DOI is removed we walk the LSM domain mapping table,\nremoving the relevant entries.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a8134296ba9940b5b271d908666e532d34430a3c", "tree": "28ef03dc3c6a56bd43e5c9d4b8b303749e815342", "parents": [ "dfaebe9825ff34983778f287101bc5f3bce00640" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:31 2008 -0400" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:31 2008 -0400" }, "message": "smack: Fix missing calls to netlbl_skbuff_err()\n\nSmack needs to call netlbl_skbuff_err() to let NetLabel do the necessary\nprotocol specific error handling.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "86d688984deefa3ae5a802880c11f2b408b5d6cf", "tree": "7ea5e8189b0a774626d3ed7c3c87df2495a4c4a0", "parents": [ "93c06cbbf9fea5d5be1778febb7fa9ab1a74e5f5", "4c246edd2550304df5b766cc841584b2bb058843" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 28 10:47:34 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 28 10:47:34 2008 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "5cd9c58fbe9ec92b45b27e131719af4f2bd9eb40", "tree": "8573db001b4dc3c2ad97102dda42b841c40b5f6c", "parents": [ "8d0968abd03ec6b407df117adc773562386702fa" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Aug 14 11:37:28 2008 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 14 22:59:43 2008 +1000" }, "message": "security: Fix setting of PF_SUPERPRIV by __capable()\n\nFix the setting of PF_SUPERPRIV by __capable() as it could corrupt the flags\nthe target process if that is not the current process and it is trying to\nchange its own flags in a different way at the same time.\n\n__capable() is using neither atomic ops nor locking to protect t-\u003eflags. This\npatch removes __capable() and introduces has_capability() that doesn\u0027t set\nPF_SUPERPRIV on the process being queried.\n\nThis patch further splits security_ptrace() in two:\n\n (1) security_ptrace_may_access(). This passes judgement on whether one\n process may access another only (PTRACE_MODE_ATTACH for ptrace() and\n PTRACE_MODE_READ for /proc), and takes a pointer to the child process.\n current is the parent.\n\n (2) security_ptrace_traceme(). This passes judgement on PTRACE_TRACEME only,\n and takes only a pointer to the parent process. current is the child.\n\n In Smack and commoncap, this uses has_capability() to determine whether\n the parent will be permitted to use PTRACE_ATTACH if normal checks fail.\n This does not set PF_SUPERPRIV.\n\nTwo of the instances of __capable() actually only act on current, and so have\nbeen changed to calls to capable().\n\nOf the places that were using __capable():\n\n (1) The OOM killer calls __capable() thrice when weighing the killability of a\n process. All of these now use has_capability().\n\n (2) cap_ptrace() and smack_ptrace() were using __capable() to check to see\n whether the parent was allowed to trace any process. As mentioned above,\n these have been split. For PTRACE_ATTACH and /proc, capable() is now\n used, and for PTRACE_TRACEME, has_capability() is used.\n\n (3) cap_safe_nice() only ever saw current, so now uses capable().\n\n (4) smack_setprocattr() rejected accesses to tasks other than current just\n after calling __capable(), so the order of these two tests have been\n switched and capable() is used instead.\n\n (5) In smack_file_send_sigiotask(), we need to allow privileged processes to\n receive SIGIO on files they\u0027re manipulating.\n\n (6) In smack_task_wait(), we let a process wait for a privileged process,\n whether or not the process doing the waiting is privileged.\n\nI\u0027ve tested this with the LTP SELinux and syscalls testscripts.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nAcked-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "15446235367fa4a621ff5abfa4b6ebbe25b33763", "tree": "bc6823055afbef26560c63f8041caeadd4cef078", "parents": [ "cf9481e289247fe9cf40f2e2481220d899132049" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed Jul 30 15:37:11 2008 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 05 10:55:53 2008 +1000" }, "message": "smack: limit privilege by label\n\nThere have been a number of requests to make the Smack LSM\nenforce MAC even in the face of privilege, either capability\nbased or superuser based. This is not universally desired,\nhowever, so it seems desirable to make it optional. Further,\nat least one legacy OS implemented a scheme whereby only\nprocesses running with one particular label could be exempt\nfrom MAC. This patch supports these three cases.\n\nIf /smack/onlycap is empty (unset or null-string) privilege\nis enforced in the normal way.\n\nIf /smack/onlycap contains a label only processes running with\nthat label may be MAC exempt.\n\nIf the label in /smack/onlycap is the star label (\"*\") the\nsemantics of the star label combine with the privilege\nrestrictions to prevent any violations of MAC, even in the\npresence of privilege.\n\nAgain, this will be independent of the privilege scheme.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b77b0646ef4efe31a7449bb3d9360fd00f95433d", "tree": "f8487fe832fbe23400c9f98e808555f0251fb158", "parents": [ "a110343f0d6d41f68b7cf8c00b57a3172c67f816" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jul 17 09:37:02 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 26 20:53:22 2008 -0400" }, "message": "[PATCH] pass MAY_OPEN to vfs_permission() explicitly\n\n... and get rid of the last \"let\u0027s deduce mask from nameidata-\u003eflags\"\nbit.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "6f0f0fd496333777d53daff21a4e3b28c4d03a6d", "tree": "202de67376fce2547b44ae5b016d6424c3c7409c", "parents": [ "93cbace7a058bce7f99319ef6ceff4b78cf45051" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jul 10 17:02:07 2008 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:04:06 2008 +1000" }, "message": "security: remove register_security hook\n\nThe register security hook is no longer required, as the capability\nmodule is always registered. LSMs wishing to stack capability as\na secondary module should do so explicitly.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n" }, { "commit": "006ebb40d3d65338bd74abb03b945f8d60e362bd", "tree": "c548c678b54b307e1fb9acf94676fb7bfd849501", "parents": [ "feb2a5b82d87fbdc01c00b7e9413e4b5f4c1f0c1" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon May 19 08:32:49 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:47 2008 +1000" }, "message": "Security: split proc ptrace checking into read vs. attach\n\nEnable security modules to distinguish reading of process state via\nproc from full ptrace access by renaming ptrace_may_attach to\nptrace_may_access and adding a mode argument indicating whether only\nread access or full attach access is requested. This allows security\nmodules to permit access to reading process state without granting\nfull ptrace access. The base DAC/capability checking remains unchanged.\n\nRead access to /proc/pid/mem continues to apply a full ptrace attach\ncheck since check_mem_permission() already requires the current task\nto already be ptracing the target. The other ptrace checks within\nproc for elements like environ, maps, and fds are changed to pass the\nread mode instead of attach.\n\nIn the SELinux case, we model such reading of process state as a\nreading of a proc file labeled with the target process\u0027 label. This\nenables SELinux policy to permit such reading of process state without\npermitting control or manipulation of the target process, as there are\na number of cases where programs probe for such information via proc\nbut do not need to be able to control the target (e.g. procps,\nlsof, PolicyKit, ConsoleKit). At present we have to choose between\nallowing full ptrace in policy (more permissive than required/desired)\nor breaking functionality (or in some cases just silencing the denials\nvia dontaudit rules but this can hide genuine attacks).\n\nThis version of the patch incorporates comments from Casey Schaufler\n(change/replace existing ptrace_may_attach interface, pass access\nmode), and Chris Wright (provide greater consistency in the checking).\n\nNote that like their predecessors __ptrace_may_attach and\nptrace_may_attach, the __ptrace_may_access and ptrace_may_access\ninterfaces use different return value conventions from each other (0\nor -errno vs. 1 or 0). I retained this difference to avoid any\nchanges to the caller logic but made the difference clearer by\nchanging the latter interface to return a bool rather than an int and\nby adding a comment about it to ptrace.h for any future callers.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e97dcb0eadbb821eccd549d4987b653cf61e2374", "tree": "0dc9cddcac54dcdc35f7e1ddf6e190947ec86320", "parents": [ "246dd412d31e4f5de1d43aa6422a325b785f36e4" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Jun 02 10:04:32 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jun 04 08:50:43 2008 -0700" }, "message": "Smack: fuse mount hang fix\n\nThe d_instantiate hook for Smack can hang on the root inode of a\nfilesystem if the file system code has not really done all the set-up.\nFuse is known to encounter this problem.\n\nThis change detects an attempt to instantiate a root inode and addresses\nit early in the processing, before any attempt is made to do something\nthat might hang.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nTested-by: Luiz Fernando N. Capitulino \u003clcapitulino@mandriva.com.br\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3b5e9e53c6f31b5a5a0f5c43707503c62bdefa46", "tree": "1244b7cf2755c06a8a793149ce4717e4a1311218", "parents": [ "9e3bd6c3fb2334be171e69b432039cd18bce4458" ], "author": { "name": "Oleg Nesterov", "email": "oleg@tv-sign.ru", "time": "Wed Apr 30 00:52:42 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Apr 30 08:29:34 2008 -0700" }, "message": "signals: cleanup security_task_kill() usage/implementation\n\nEvery implementation of -\u003etask_kill() does nothing when the signal comes from\nthe kernel. This is correct, but means that check_kill_permission() should\ncall security_task_kill() only for SI_FROMUSER() case, and we can remove the\nsame check from -\u003etask_kill() implementations.\n\n(sadly, check_kill_permission() is the last user of signal-\u003esession/__session\n but we can\u0027t s/task_session_nr/task_session/ here).\n\nNOTE: Eric W. Biederman pointed out cap_task_kill() should die, and I think\nhe is very right.\n\nSigned-off-by: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: David Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Harald Welte \u003claforge@gnumonks.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d20bdda6d45a4035e48ca7ae467a0d955c1ffc60", "tree": "634f8bcc6ad7382a79be1081575ee12e7006c375", "parents": [ "780db6c104de48104501f5943361f2371564b85d" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Wed Apr 30 08:34:10 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 30 08:34:10 2008 +1000" }, "message": "Smack: Integrate Smack with Audit\n\nSetup the new Audit hooks for Smack. SELinux Audit rule fields are recycled\nto avoid `auditd\u0027 userspace modifications. Currently only equality testing\nis supported on labels acting as a subject (AUDIT_SUBJ_USER) or as an object\n(AUDIT_OBJ_USER).\n\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "e52c1764f18a62776a0f2bc6752fb76b6e345827", "tree": "b60a62585dfe511d9216cdd4a207fd07df1b2f99", "parents": [ "7663c1e2792a9662b23dec6e19bfcd3d55360b8f" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Apr 29 20:52:51 2008 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 30 08:23:51 2008 +1000" }, "message": "Security: Make secctx_to_secid() take const secdata\n\nMake secctx_to_secid() take constant secdata.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9781db7b345b5dfe93787aaaf310c861db7c1ede", "tree": "d9796e29fd914ca04835636be95bbd5082a034fd", "parents": [ "97094dcf5cefc8ccfdf93839f54dac2c4d316165", "8b67dca9420474623709e00d72a066068a502b20" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 11:41:22 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 11:41:22 2008 -0700" }, "message": "Merge branch \u0027audit.b50\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current\n\n* \u0027audit.b50\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:\n [PATCH] new predicate - AUDIT_FILETYPE\n [patch 2/2] Use find_task_by_vpid in audit code\n [patch 1/2] audit: let userspace fully control TTY input auditing\n [PATCH 2/2] audit: fix sparse shadowed variable warnings\n [PATCH 1/2] audit: move extern declarations to audit.h\n Audit: MAINTAINERS update\n Audit: increase the maximum length of the key field\n Audit: standardize string audit interfaces\n Audit: stop deadlock from signals under load\n Audit: save audit_backlog_limit audit messages in case auditd comes back\n Audit: collect sessionid in netlink messages\n Audit: end printk with newline\n" }, { "commit": "8f0cfa52a1d4ffacd8e7de906d19662f5da58d58", "tree": "2aa82e3682e75330d9b5d601855e3af3c57c03d8", "parents": [ "7ec02ef1596bb3c829a7e8b65ebf13b87faf1819" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Apr 29 00:59:41 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:06 2008 -0700" }, "message": "xattr: add missing consts to function arguments\n\nAdd missing consts to xattr function arguments.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1236cc3cf8c69bd316c940b2e94f91b3795f97fe", "tree": "c33374ffa89d34f901d91888851970071700c38d", "parents": [ "30aa4faf62b2dd9b239ae06ca7a85f1d36d7ef25" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Apr 28 02:13:43 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 08:58:27 2008 -0700" }, "message": "smack: use cap_task_prctl\n\nWith the introduction of per-process securebits, the capabilities-related\nprctl callbacks were moved into cap_task_prctl(). Have smack use\ncap_task_prctl() so that PR_SET_KEEPCAPS is defined.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "30aa4faf62b2dd9b239ae06ca7a85f1d36d7ef25", "tree": "37eb2c4fa1195f668d1d3a16653bdc93da5f5e6b", "parents": [ "55d00ccfb336b4f85a476a24e18c17b2eaff919e" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Apr 28 02:13:43 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 08:58:27 2008 -0700" }, "message": "smack: make smk_cipso_doi() and smk_unlbl_ambient()\n\nThe functions smk_cipso_doi and smk_unlbl_ambient are not used outside\nsmackfs.c and should hence be static.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c60264c494a119cd3a716a22edc0137b11de6d1e", "tree": "db985b1529a6a136a7f439a9a557bcb80278e471", "parents": [ "3898b1b4ebff8dcfbcf1807e0661585e06c9a91c" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Mon Apr 28 02:13:41 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 08:58:27 2008 -0700" }, "message": "smack: fix integer as NULL pointer warning in smack_lsm.c\n\nsecurity/smack/smack_lsm.c:1257:16: warning: Using plain integer as NULL pointer\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "2532386f480eefbdd67b48be55fb4fb3e5a6081c", "tree": "dd6a5a3c4116a67380a1336319c16632f04f80f9", "parents": [ "436c405c7d19455a71f42c9bec5fd5e028f1eb4e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:09:25 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:18:03 2008 -0400" }, "message": "Audit: collect sessionid in netlink messages\n\nPreviously I added sessionid output to all audit messages where it was\navailable but we still didn\u0027t know the sessionid of the sender of\nnetlink messages. This patch adds that information to netlink messages\nso we can audit who sent netlink messages.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b5266eb4c8d1a2887a19aaec8144ee4ad1b054c3", "tree": "37105d0640169ad758d20847cf3effe77381f50f", "parents": [ "1a60a280778ff90270fc7390d9ec102f713a5a29" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 22 17:48:24 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 21 23:13:23 2008 -0400" }, "message": "[PATCH] switch a bunch of LSM hooks from nameidata to path\n\nNamely, ones from namespace.c\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3925e6fc1f774048404fdd910b0345b06c699eb4", "tree": "c9a58417d9492f39f7fe81d4721d674c34dd8be2", "parents": [ "334d094504c2fe1c44211ecb49146ae6bca8c321", "7cea51be4e91edad05bd834f3235b45c57783f0d" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 18 18:18:30 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 18 18:18:30 2008 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:\n security: fix up documentation for security_module_enable\n Security: Introduce security\u003d boot parameter\n Audit: Final renamings and cleanup\n SELinux: use new audit hooks, remove redundant exports\n Audit: internally use the new LSM audit hooks\n LSM/Audit: Introduce generic Audit LSM hooks\n SELinux: remove redundant exports\n Netlink: Use generic LSM hook\n Audit: use new LSM hooks instead of SELinux exports\n SELinux: setup new inode/ipc getsecid hooks\n LSM: Introduce inode_getsecid and ipc_getsecid hooks\n" }, { "commit": "076c54c5bcaed2081c0cba94a6f77c4d470236ad", "tree": "5e8f05cab20a49922618bb3af697a6b46e610eee", "parents": [ "04305e4aff8b0533dc05f9f6f1a34d0796bd985f" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Thu Mar 06 18:09:10 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 10:00:51 2008 +1000" }, "message": "Security: Introduce security\u003d boot parameter\n\nAdd the security\u003d boot parameter. This is done to avoid LSM\nregistration clashes in case of more than one bult-in module.\n\nUser can choose a security module to enable at boot. If no\nsecurity\u003d boot parameter is specified, only the first LSM\nasking for registration will be loaded. An invalid security\nmodule name will be treated as if no module has been chosen.\n\nLSM modules must check now if they are allowed to register\nby calling security_module_enable(ops) first. Modify SELinux\nand SMACK to do so.\n\nDo not let SMACK register smackfs if it was not chosen on\nboot. Smackfs assumes that smack hooks are registered and\nthe initial task security setup (swapper-\u003esecurity) is done.\n\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "00447872a643787411c2c0cb1df6169dda8b0c47", "tree": "ea4215f6f3040507b46bf90fe133ca73a59c9c0e", "parents": [ "b9f3124f08fffe2ad706fd164f6702fdca409a91" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Sat Apr 12 19:06:42 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Apr 12 19:06:42 2008 -0700" }, "message": "NetLabel: Allow passing the LSM domain as a shared pointer\n\nSmack doesn\u0027t have the need to create a private copy of the LSM \"domain\" when\nsetting NetLabel security attributes like SELinux, however, the current\nNetLabel code requires a private copy of the LSM \"domain\". This patches fixes\nthat by letting the LSM determine how it wants to pass the domain value.\n\n * NETLBL_SECATTR_DOMAIN_CPY\n The current behavior, NetLabel assumes that the domain value is a copy and\n frees it when done\n\n * NETLBL_SECATTR_DOMAIN\n New, Smack-friendly behavior, NetLabel assumes that the domain value is a\n reference to a string managed by the LSM and does not free it when done\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "cb622bbb69e41f2746aadf5d7d527e77597abe2e", "tree": "537a1ce6f76bd915bf9acd197d6bf4d042063998", "parents": [ "58336114af4d2cce830201aae49e50b93ede6c5c" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Mon Mar 24 12:29:49 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Mar 24 19:22:19 2008 -0700" }, "message": "smackfs: remove redundant lock, fix open(,O_RDWR)\n\nOlder smackfs was parsing MAC rules by characters, thus a need of locking\nwrite sessions on open() was needed. This lock is no longer useful now since\neach rule is handled by a single write() call.\n\nThis is also a bugfix since seq_open() was not called if an open() O_RDWR flag\nwas given, leading to a seq_read() without an initialized seq_file, thus an\nOops.\n\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nReported-by: Jonathan Corbet \u003ccorbet@lwn.net\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "aedb60a67c10a0861af179725d060765262ba0fb", "tree": "4a4a316f9f7d1ab0bf4da2cdd5c802bfb05c947f", "parents": [ "457fb605834504af294916411be128a9b21fc3f6" ], "author": { "name": "Serge Hallyn", "email": "serge@hallyn.com", "time": "Fri Feb 29 15:14:57 2008 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 20 09:46:36 2008 -0700" }, "message": "file capabilities: remove cap_task_kill()\n\nThe original justification for cap_task_kill() was as follows:\n\n\tcheck_kill_permission() does appropriate uid equivalence checks.\n\tHowever with file capabilities it becomes possible for an\n\tunprivileged user to execute a file with file capabilities\n\tresulting in a more privileged task with the same uid.\n\nHowever now that cap_task_kill() always returns 0 (permission\ngranted) when p-\u003euid\u003d\u003dcurrent-\u003euid, the whole hook is worthless,\nand only likely to create more subtle problems in the corner cases\nwhere it might still be called but return -EPERM. Those cases\nare basically when uids are different but euid/suid is equivalent\nas per the check in check_kill_permission().\n\nOne example of a still-broken application is \u0027at\u0027 for non-root users.\n\nThis patch removes cap_task_kill().\n\nSigned-off-by: Serge Hallyn \u003cserge@hallyn.com\u003e\nAcked-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nEarlier-version-tested-by: Luiz Fernando N. Capitulino \u003clcapitulino@mandriva.com.br\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1d252fb870aa9cd227c4beb1a226ecd434f57f28", "tree": "4a7b956c01487454b139e1df271518f36ca32285", "parents": [ "4ebf89845bea44a164d1fbb8fa319379ec7132de" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Wed Mar 19 17:00:51 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 19 18:53:36 2008 -0700" }, "message": "smack: do not dereference NULL ipc object\n\nIn the SYSV ipc msgctl(),semctl(),shmctl() family, if the user passed *_INFO\nas the desired operation, no specific object is meant to be controlled and\nonly system-wide information is returned. This leads to a NULL IPC object in\nthe LSM hooks if the _INFO flag is given.\n\nAvoid dereferencing this NULL pointer in Smack ipc *ctl() methods.\n\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b500ce8d24d1f14426643da5f6fada28c1f60533", "tree": "17b6084b29434a968f787e238548a843126e2ec3", "parents": [ "93d74463d018ddf05c169ad399e62e90e0f82fc0" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Thu Mar 13 12:32:34 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 13 13:11:43 2008 -0700" }, "message": "smackfs: do not trust `count\u0027 in inodes write()s\n\nSmackfs write() implementation does not put a higher bound on the number of\nbytes to copy from user-space. This may lead to a DOS attack if a malicious\n`count\u0027 field is given.\n\nAssure that given `count\u0027 is exactly the length needed for a /smack/load rule.\n In case of /smack/cipso where the length is relative, assure that `count\u0027\ndoes not exceed the size needed for a buffer representing maximum possible\nnumber of CIPSO 2.2 categories.\n\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e0007529893c1c064be90bd21422ca0da4a0198e", "tree": "c2334ba940e682183a18d18972cf95bd3a3da46a", "parents": [ "29e8c3c304b62f31b799565c9ee85d42bd163f80" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Mar 05 10:31:54 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 06 08:40:53 2008 +1100" }, "message": "LSM/SELinux: Interfaces to allow FS to control mount options\n\nIntroduce new LSM interfaces to allow an FS to deal with their own mount\noptions. This includes a new string parsing function exported from the\nLSM that an FS can use to get a security data blob and a new security\ndata blob. This is particularly useful for an FS which uses binary\nmount data, like NFS, which does not pass strings into the vfs to be\nhandled by the loaded LSM. Also fix a BUG() in both SELinux and SMACK\nwhen dealing with binary mount data. If the binary mount data is less\nthan one page the copy_page() in security_sb_copy_data() can cause an\nillegal page fault and boom. Remove all NFSisms from the SELinux code\nsince they were broken by past NFS changes.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bcdca225bfa016100985e5fc7e51cdc1d68beaa6", "tree": "4af588f69c754a6380dae17b00de20b0f2f3b149", "parents": [ "43627582799db317e966ecb0002c2c3c9805ec0f" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Sat Feb 23 15:24:04 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sat Feb 23 17:13:24 2008 -0800" }, "message": "Smack: update for file capabilities\n\nUpdate the Smack LSM to allow the registration of the capability \"module\"\nas a secondary LSM. Integrate the new hooks required for file based\ncapabilities.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4bc87e62775052aac0be7574d5f84ff06f61c6b4", "tree": "23063e82de8f7b7506d795919d7d4c13725e74a0", "parents": [ "9a4c8546f3e7c893888bccc2b3416d6214f2664a" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Feb 15 15:24:25 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 19 07:51:00 2008 -0800" }, "message": "Smack: unlabeled outgoing ambient packets\n\nSmack uses CIPSO labeling, but allows for unlabeled packets by\nspecifying an \"ambient\" label that is applied to incoming unlabeled\npackets.\n\nBecause the other end of the connection may dislike IP options, and ssh\nis one know application that behaves thus, it is prudent to respond in\nkind.\n\nThis patch changes the network labeling behavior such that an outgoing\npacket that would be given a CIPSO label that matches the ambient label\nis left unlabeled. An \"unlbl\" domain is added and the netlabel\ndefaulting mechanism invoked rather than assuming that everything is\nCIPSO. Locking has been added around changes to the ambient label as\nthe mechanisms used to do so are more involved.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4ac9137858e08a19f29feac4e1f4df7c268b0ba5", "tree": "f5b5d84fd12fcc2b0ba0e7ce1a79ff381ad8f5dd", "parents": [ "c5e725f33b733a77de622e91b6ba5645fcf070be" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:34:32 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:13:33 2008 -0800" }, "message": "Embed a struct path into struct nameidata instead of nd-\u003e{dentry,mnt}\n\nThis is the central patch of a cleanup series. In most cases there is no good\nreason why someone would want to use a dentry for itself. This series reflects\nthat fact and embeds a struct path into nameidata.\n\nTogether with the other patches of this series\n- it enforced the correct order of getting/releasing the reference count on\n \u003cdentry,vfsmount\u003e pairs\n- it prepares the VFS for stacking support since it is essential to have a\n struct path in every place where the stack can be traversed\n- it reduces the overall code size:\n\nwithout patch series:\n text data bss dec hex filename\n5321639 858418 715768 6895825 6938d1 vmlinux\n\nwith patch series:\n text data bss dec hex filename\n5320026 858418 715768 6894212 693284 vmlinux\n\nThis patch:\n\nSwitch from nd-\u003e{dentry,mnt} to nd-\u003epath.{dentry,mnt} everywhere.\n\n[akpm@linux-foundation.org: coding-style fixes]\n[akpm@linux-foundation.org: fix cifs]\n[akpm@linux-foundation.org: fix smack]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nSigned-off-by: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "2e1d146a19f2941aec08f60ca67fb2763baad595", "tree": "14831c6332b2d4004a7551354be46526a0c6f426", "parents": [ "cba44359d15ac7a3bca2c9199b7ff403d7edc69e" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Wed Feb 13 15:03:34 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Feb 13 16:21:20 2008 -0800" }, "message": "Smack: check for \u0027struct socket\u0027 with NULL sk\n\nThere\u0027s a small problem with smack and NFS. A similar report was also\nsent here: http://lkml.org/lkml/2007/10/27/85\n\nI\u0027ve also added similar checks in inode_{get/set}security(). Cheating from\nSELinux post_create_socket(), it does the same.\n\n[akpm@linux-foundation.org: remove uneeded BUG_ON()]\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schuafler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e114e473771c848c3cfec05f0123e70f1cdbdc99", "tree": "933b840f3ccac6860da56291c742094f9b5a20cb", "parents": [ "eda61d32e8ad1d9102872f9a0abf3344bf9c5e67" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Feb 04 22:29:50 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "Smack: Simplified Mandatory Access Control Kernel\n\nSmack is the Simplified Mandatory Access Control Kernel.\n\nSmack implements mandatory access control (MAC) using labels\nattached to tasks and data containers, including files, SVIPC,\nand other tasks. Smack is a kernel based scheme that requires\nan absolute minimum of application support and a very small\namount of configuration data.\n\nSmack uses extended attributes and\nprovides a set of general mount options, borrowing technics used\nelsewhere. Smack uses netlabel for CIPSO labeling. Smack provides\na pseudo-filesystem smackfs that is used for manipulation of\nsystem Smack attributes.\n\nThe patch, patches for ls and sshd, a README, a startup script,\nand x86 binaries for ls and sshd are also available on\n\n http://www.schaufler-ca.com\n\nDevelopment has been done using Fedora Core 7 in a virtual machine\nenvironment and on an old Sony laptop.\n\nSmack provides mandatory access controls based on the label attached\nto a task and the label attached to the object it is attempting to\naccess. Smack labels are deliberately short (1-23 characters) text\nstrings. Single character labels using special characters are reserved\nfor system use. The only operation applied to Smack labels is equality\ncomparison. No wildcards or expressions, regular or otherwise, are\nused. Smack labels are composed of printable characters and may not\ninclude \"/\".\n\nA file always gets the Smack label of the task that created it.\n\nSmack defines and uses these labels:\n\n \"*\" - pronounced \"star\"\n \"_\" - pronounced \"floor\"\n \"^\" - pronounced \"hat\"\n \"?\" - pronounced \"huh\"\n\nThe access rules enforced by Smack are, in order:\n\n1. Any access requested by a task labeled \"*\" is denied.\n2. A read or execute access requested by a task labeled \"^\"\n is permitted.\n3. A read or execute access requested on an object labeled \"_\"\n is permitted.\n4. Any access requested on an object labeled \"*\" is permitted.\n5. Any access requested by a task on an object with the same\n label is permitted.\n6. Any access requested that is explicitly defined in the loaded\n rule set is permitted.\n7. Any other access is denied.\n\nRules may be explicitly defined by writing subject,object,access\ntriples to /smack/load.\n\nSmack rule sets can be easily defined that describe Bell\u0026LaPadula\nsensitivity, Biba integrity, and a variety of interesting\nconfigurations. Smack rule sets can be modified on the fly to\naccommodate changes in the operating environment or even the time\nof day.\n\nSome practical use cases:\n\nHierarchical levels. The less common of the two usual uses\nfor MLS systems is to define hierarchical levels, often\nunclassified, confidential, secret, and so on. To set up smack\nto support this, these rules could be defined:\n\n C Unclass rx\n S C rx\n S Unclass rx\n TS S rx\n TS C rx\n TS Unclass rx\n\nA TS process can read S, C, and Unclass data, but cannot write it.\nAn S process can read C and Unclass. Note that specifying that\nTS can read S and S can read C does not imply TS can read C, it\nhas to be explicitly stated.\n\nNon-hierarchical categories. This is the more common of the\nusual uses for an MLS system. Since the default rule is that a\nsubject cannot access an object with a different label no\naccess rules are required to implement compartmentalization.\n\nA case that the Bell \u0026 LaPadula policy does not allow is demonstrated\nwith this Smack access rule:\n\nA case that Bell\u0026LaPadula does not allow that Smack does:\n\n ESPN ABC r\n ABC ESPN r\n\nOn my portable video device I have two applications, one that\nshows ABC programming and the other ESPN programming. ESPN wants\nto show me sport stories that show up as news, and ABC will\nonly provide minimal information about a sports story if ESPN\nis covering it. Each side can look at the other\u0027s info, neither\ncan change the other. Neither can see what FOX is up to, which\nis just as well all things considered.\n\nAnother case that I especially like:\n\n SatData Guard w\n Guard Publish w\n\nA program running with the Guard label opens a UDP socket and\naccepts messages sent by a program running with a SatData label.\nThe Guard program inspects the message to ensure it is wholesome\nand if it is sends it to a program running with the Publish label.\nThis program then puts the information passed in an appropriate\nplace. Note that the Guard program cannot write to a Publish\nfile system object because file system semanitic require read as\nwell as write.\n\nThe four cases (categories, levels, mutual read, guardbox) here\nare all quite real, and problems I\u0027ve been asked to solve over\nthe years. The first two are easy to do with traditonal MLS systems\nwhile the last two you can\u0027t without invoking privilege, at least\nfor a while.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Joshua Brindle \u003cmethod@manicmethod.com\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: \"Ahmed S. Darwish\" \u003cdarwish.07@gmail.com\u003e\nCc: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" } ] }