)]}' { "log": [ { "commit": "0617c7ff34dc9b1d641640c3953274bb2dbe21a6", "tree": "6be51af32ad65380aff9b7fa385f65ef15b3d53b", "parents": [ "7c2ea22e3c5463627ca98924cd65cb9e480dc29c" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Jun 21 09:58:53 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:42 2010 +1000" }, "message": "TOMOYO: Remove alias keyword.\n\nSome programs behave differently depending on argv[0] passed to execve().\nTOMOYO has \"alias\" keyword in order to allow administrators to define different\ndomains if requested pathname passed to execve() is a symlink. But \"alias\"\nkeyword is incomplete because this keyword assumes that requested pathname and\nargv[0] are identical. Thus, remove \"alias\" keyword (by this patch) and add\nsyntax for checking argv[0] (by future patches).\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c8c57e842720d8cc92ac8607f2d1c16d92314573", "tree": "dc921366b931ba5817ad530433f3b1ee178bc56a", "parents": [ "9b244373da3eab671da6c5125482121528a9ebf3" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 03 20:36:43 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:41 2010 +1000" }, "message": "TOMOYO: Support longer pathname.\n\nAllow pathnames longer than 4000 bytes.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c3ef1500ec833890275172c7d063333404b64d60", "tree": "2453368e521a1f7a00098eef06afbedb8404503d", "parents": [ "17fcfbd9d45b57f38d40e31f9d28db53f4af5c88" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon May 17 10:12:46 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:39 2010 +1000" }, "message": "TOMOYO: Split files into some pieces.\n\nsecurity/tomoyo/common.c became too large to read.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "17fcfbd9d45b57f38d40e31f9d28db53f4af5c88", "tree": "e221937affe4d886706e880f39e1424333490cc0", "parents": [ "2106ccd972dcd9fda7df9b181505fac1741b3508" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon May 17 10:11:36 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:38 2010 +1000" }, "message": "TOMOYO: Add interactive enforcing mode.\n\nSince the behavior of the system is restricted by policy, we may need to update\npolicy when you update packages.\n\nWe need to update policy in the following cases.\n\n * The pathname of files has changed.\n * The dependency of files has changed.\n * The access permissions required has increased.\n\nThe ideal way to update policy is to rebuild from the scratch using learning\nmode. But it is not desirable to change from enforcing mode to other mode if\nthe system has once entered in production state. Suppose MAC could support\nper-application enforcing mode, the MAC becomes useless if an application that\nis not running in enforcing mode was cracked. For example, the whole system\nbecomes vulnerable if only HTTP server application is running in learning mode\nto rebuild policy for the application. So, in TOMOYO Linux, updating policy is\ndone while the system is running in enforcing mode.\n\nThis patch implements \"interactive enforcing mode\" which allows administrators\nto judge whether to accept policy violation in enforcing mode or not.\nA demo movie is available at http://www.youtube.com/watch?v\u003db9q1Jo25LPA .\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9e4b50e93786d00c703f16ed46e6a4029c0dfdd1", "tree": "51bf6072802888592ae98b9a6c8a26fcb2e1988f", "parents": [ "83c36ccfe4d849f482ea0a62402c7624f4e59f0e" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu May 06 12:40:02 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon May 10 17:59:02 2010 +1000" }, "message": "TOMOYO: Use stack memory for pending entry.\n\nUse stack memory for pending entry to reduce kmalloc() which will be kfree()d.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "292823814261e085cdcef06b6b691e6c2563fbd4", "tree": "8c1eaebcf8f698ea13ac2a9291b9769abde1905e", "parents": [ "2b9e4688fad8867b6e918610f396af3ab9246898" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu May 06 00:18:15 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 13:19:18 2010 +1000" }, "message": "TOMOYO: Use mutex_lock_interruptible.\n\nSome of TOMOYO\u0027s functions may sleep after mutex_lock(). If OOM-killer selected\na process which is waiting at mutex_lock(), the to-be-killed process can\u0027t be\nkilled. Thus, replace mutex_lock() with mutex_lock_interruptible() so that the\nto-be-killed process can immediately return from TOMOYO\u0027s functions.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0ffbe2699cda6afbe08501098dff8a8c2fe6ae09", "tree": "81b1a2305d16c873371b65c5a863c0268036cefe", "parents": [ "4e5d6f7ec3833c0da9cf34fa5c53c6058c5908b6", "7ebd467551ed6ae200d7835a84bbda0dcadaa511" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 10:56:07 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 10:56:07 2010 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "4e5d6f7ec3833c0da9cf34fa5c53c6058c5908b6", "tree": "5c0db5bfcdcb1b07594f20054cc6eefe05161c9a", "parents": [ "a674fa46c79ffa37995bd1c8e4daa2b3be5a95ae" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Apr 28 14:17:42 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 00:50:43 2010 +1000" }, "message": "TOMOYO: Use GFP_NOFS rather than GFP_KERNEL.\n\nIn Ubuntu, security_path_*() hooks are exported to Unionfs. Thus, prepare for\nbeing called from inside VFS functions because I\u0027m not sure whether it is safe\nto use GFP_KERNEL or not.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5a0e3ad6af8660be21ca98a971cd00f331318c05", "tree": "5bfb7be11a03176a87296a43ac6647975c00a1d1", "parents": [ "ed391f4ebf8f701d3566423ce8f17e614cde9806" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 24 17:04:11 2010 +0900" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Mar 30 22:02:32 2010 +0900" }, "message": "include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h\n\npercpu.h is included by sched.h and module.h and thus ends up being\nincluded when building most .c files. percpu.h includes slab.h which\nin turn includes gfp.h making everything defined by the two files\nuniversally available and complicating inclusion dependencies.\n\npercpu.h -\u003e slab.h dependency is about to be removed. Prepare for\nthis change by updating users of gfp and slab facilities include those\nheaders directly instead of assuming availability. As this conversion\nneeds to touch large number of source files, the following script is\nused as the basis of conversion.\n\n http://userweb.kernel.org/~tj/misc/slabh-sweep.py\n\nThe script does the followings.\n\n* Scan files for gfp and slab usages and update includes such that\n only the necessary includes are there. ie. if only gfp is used,\n gfp.h, if slab is used, slab.h.\n\n* When the script inserts a new include, it looks at the include\n blocks and try to put the new include such that its order conforms\n to its surrounding. It\u0027s put in the include block which contains\n core kernel includes, in the same order that the rest are ordered -\n alphabetical, Christmas tree, rev-Xmas-tree or at the end if there\n doesn\u0027t seem to be any matching order.\n\n* If the script can\u0027t find a place to put a new include (mostly\n because the file doesn\u0027t have fitting include block), it prints out\n an error message indicating which .h file needs to be added to the\n file.\n\nThe conversion was done in the following steps.\n\n1. The initial automatic conversion of all .c files updated slightly\n over 4000 files, deleting around 700 includes and adding ~480 gfp.h\n and ~3000 slab.h inclusions. The script emitted errors for ~400\n files.\n\n2. Each error was manually checked. Some didn\u0027t need the inclusion,\n some needed manual addition while adding it to implementation .h or\n embedding .c file was more appropriate for others. This step added\n inclusions to around 150 files.\n\n3. The script was run again and the output was compared to the edits\n from #2 to make sure no file was left behind.\n\n4. Several build tests were done and a couple of problems were fixed.\n e.g. lib/decompress_*.c used malloc/free() wrappers around slab\n APIs requiring slab.h to be added manually.\n\n5. The script was run on all .h files but without automatically\n editing them as sprinkling gfp.h and slab.h inclusions around .h\n files could easily lead to inclusion dependency hell. Most gfp.h\n inclusion directives were ignored as stuff from gfp.h was usually\n wildly available and often used in preprocessor macros. Each\n slab.h inclusion directive was examined and added manually as\n necessary.\n\n6. percpu.h was updated not to include slab.h.\n\n7. Build test were done on the following configurations and failures\n were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my\n distributed build env didn\u0027t work with gcov compiles) and a few\n more options had to be turned off depending on archs to make things\n build (like ipr on powerpc/64 which failed due to missing writeq).\n\n * x86 and x86_64 UP and SMP allmodconfig and a custom test config.\n * powerpc and powerpc64 SMP allmodconfig\n * sparc and sparc64 SMP allmodconfig\n * ia64 SMP allmodconfig\n * s390 SMP allmodconfig\n * alpha SMP allmodconfig\n * um on x86_64 SMP allmodconfig\n\n8. percpu.h modifications were reverted so that it could be applied as\n a separate patch and serve as bisection point.\n\nGiven the fact that I had only a couple of failures from tests on step\n6, I\u0027m fairly confident about the coverage of this conversion patch.\nIf there is a breakage, it\u0027s likely to be something in one of the arch\nheaders which should be easily discoverable easily on most builds of\nthe specific arch.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nGuess-its-ok-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Lee Schermerhorn \u003cLee.Schermerhorn@hp.com\u003e\n" }, { "commit": "0f2cc4ecd81dc1917a041dc93db0ada28f8356fa", "tree": "f128b50f48f50f0cda6d2b20b53e9ad6e2dfded3", "parents": [ "1fae4cfb97302289bb5df6a8195eb28385d0b002", "9643f5d94aadd47a5fa9754fb60f2c957de05903" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 04 08:15:33 2010 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 04 08:15:33 2010 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: (52 commits)\n init: Open /dev/console from rootfs\n mqueue: fix typo \"failues\" -\u003e \"failures\"\n mqueue: only set error codes if they are really necessary\n mqueue: simplify do_open() error handling\n mqueue: apply mathematics distributivity on mq_bytes calculation\n mqueue: remove unneeded info-\u003emessages initialization\n mqueue: fix mq_open() file descriptor leak on user-space processes\n fix race in d_splice_alias()\n set S_DEAD on unlink() and non-directory rename() victims\n vfs: add NOFOLLOW flag to umount(2)\n get rid of -\u003emnt_parent in tomoyo/realpath\n hppfs can use existing proc_mnt, no need for do_kern_mount() in there\n Mirror MS_KERNMOUNT in -\u003emnt_flags\n get rid of useless vfsmount_lock use in put_mnt_ns()\n Take vfsmount_lock to fs/internal.h\n get rid of insanity with namespace roots in tomoyo\n take check for new events in namespace (guts of mounts_poll()) to namespace.c\n Don\u0027t mess with generic_permission() under -\u003ed_lock in hpfs\n sanitize const/signedness for udf\n nilfs: sanitize const/signedness in dealing with -\u003ed_name.name\n ...\n\nFix up fairly trivial (famous last words...) conflicts in\ndrivers/infiniband/core/uverbs_main.c and security/tomoyo/realpath.c\n" }, { "commit": "440b3c6c160f7d0a985f24ad1f4c24e00ee2d936", "tree": "0dd3dbc7b86feb50cac302a6681b886ee1a11a08", "parents": [ "0ceeca5a08abb1d880f0cc0ea812ad14932070e0" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 05 09:37:21 2010 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 03 14:08:00 2010 -0500" }, "message": "get rid of -\u003emnt_parent in tomoyo/realpath\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "37afdc7960ab493f827b5df9dc1b71b63b44331c", "tree": "6c9b79d2cf73de3c5d371447ded129e3a32167e5", "parents": [ "9f5596af44514f99e3a654a4f7cb813354b9e516" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 05 01:41:33 2010 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 03 14:07:59 2010 -0500" }, "message": "get rid of insanity with namespace roots in tomoyo\n\npassing *any* namespace root to __d_path() as root is equivalent\nto just passing it {NULL, NULL}; no need to bother with finding\nthe root of our namespace in there.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "847b173ea3d6f50936823d07f2245059bf44713b", "tree": "b53c6d0536af73a078bcff0375f9f4d837f79bba", "parents": [ "ec8e6a4e062e2edebef91e930c20572c9f4c0dda" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Feb 11 09:43:54 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 15 09:00:24 2010 +1100" }, "message": "TOMOYO: Add garbage collector.\n\nThis patch adds garbage collector support to TOMOYO.\nElements are protected by \"struct srcu_struct tomoyo_ss\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "76bb0895d038be7bcdb6ccfcd2dd7deb30371d6b", "tree": "5948c68b08561deb20d155853faed475a15a4235", "parents": [ "bf24fb016c861b7f52be0c36c4cedd3e89afa2e2" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Feb 11 09:42:40 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 15 09:00:18 2010 +1100" }, "message": "TOMOYO: Merge headers.\n\nGather structures and constants scattered around security/tomoyo/ directory.\nThis is for preparation for adding garbage collector since garbage collector\nneeds to know structures and constants which TOMOYO uses.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bf24fb016c861b7f52be0c36c4cedd3e89afa2e2", "tree": "f485ca2e70d8305d9aaecf45b5fd929b68b971b2", "parents": [ "ca0b7df3374c5566468c17f26fa2dfd3fe3c6a37" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Feb 11 09:41:58 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 15 09:00:16 2010 +1100" }, "message": "TOMOYO: Add refcounter on string data.\n\nAdd refcounter to \"struct tomoyo_name_entry\" and replace tomoyo_save_name()\nwith tomoyo_get_name()/tomoyo_put_name() pair so that we can kfree() when\ngarbage collector is added.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8e2d39a1665e680c095545993aac2fcac6916eb9", "tree": "41687f7e7f4fb37416b7948b6d2e09d0a383459b", "parents": [ "7d52a155e38d5a165759dbbee656455861bf7801" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jan 26 20:45:27 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 27 08:20:48 2010 +1100" }, "message": "TOMOYO: Remove usage counter for temporary memory.\n\nTOMOYO was using own memory usage counter for detecting memory leak.\nBut as kernel 2.6.31 introduced memory leak detection mechanism\n( CONFIG_DEBUG_KMEMLEAK ), we no longer need to have own counter.\n\nWe remove usage counter for memory used for permission checks, but we keep\nusage counter for memory used for policy so that we can apply quota.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cd7bec6ad80188394a8ea857ff1aa3512fc2282a", "tree": "598e7d59c29966e0d8fa8abf24eb51bbb2f567a6", "parents": [ "e41035a996356c257183e53a70abfb46fa84908b" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jan 05 06:39:37 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 11 09:27:40 2010 +1100" }, "message": "TOMOYO: Remove memory pool for list elements.\n\nCurrently, TOMOYO allocates memory for list elements from memory pool allocated\nby kmalloc(PAGE_SIZE). But that makes it difficult to kfree() when garbage\ncollector is added. Thus, remove memory pool and use kmalloc(sizeof()).\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e41035a996356c257183e53a70abfb46fa84908b", "tree": "f874e9d5e07072f9a9fed17158e69fa5d304465d", "parents": [ "0ed731859e24cd6e3ec058cf2b49b2a0df80e86b" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jan 05 06:39:00 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 11 09:27:38 2010 +1100" }, "message": "TOMOYO: Remove memory pool for string data.\n\nCurrently, TOMOYO allocates memory for string data from memory pool allocated\nby kmalloc(PAGE_SIZE). But that makes it difficult to kfree() when garbage\ncollector is added. Thus, remove memory pool and use kmalloc(strlen()).\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fdb8ebb729bbb640e64028a4f579a02ebc405727", "tree": "9dfca7422cb858cd05208734affab31d980030fe", "parents": [ "86fc80f16e8a2449d5827bf1a9838b7fd9f70097" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Dec 08 09:34:43 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Dec 15 15:46:31 2009 +1100" }, "message": "TOMOYO: Use RCU primitives for list operation\n\nReplace list operation with RCU primitives and replace\ndown_read()/up_read() with srcu_read_lock()/srcu_read_unlock().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "67fa4880c5e059428392ca6f7c2f9c38e8546fea", "tree": "e9dd72bf71067fcacb122b7ced20d964e3be0be8", "parents": [ "1ad1f10cd915744bbe52b19423653b38287d827d" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Wed Dec 09 15:36:04 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 09 19:01:16 2009 +1100" }, "message": "TOMOYO: Compare filesystem by magic number rather than by name.\n\nPlease apply below one after merging 1557d33007f63dd96e5d15f33af389378e5f2e54\n(Merge git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6).\n----------\n[PATCH for 2.6.33] TOMOYO: Compare filesystem by magic number rather than by name.\n\nWe can use magic number for checking whether the filesystem is procfs or not.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1557d33007f63dd96e5d15f33af389378e5f2e54", "tree": "06d05722b2ba5d2a67532f779fa8a88efe3c88f1", "parents": [ "6ec22f9b037fc0c2e00ddb7023fad279c365324d", "c656ae95d1c5c8ed5763356263ace2d03087efec" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Dec 08 07:38:50 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Dec 08 07:38:50 2009 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6: (43 commits)\n security/tomoyo: Remove now unnecessary handling of security_sysctl.\n security/tomoyo: Add a special case to handle accesses through the internal proc mount.\n sysctl: Drop \u0026 in front of every proc_handler.\n sysctl: Remove CTL_NONE and CTL_UNNUMBERED\n sysctl: kill dead ctl_handler definitions.\n sysctl: Remove the last of the generic binary sysctl support\n sysctl net: Remove unused binary sysctl code\n sysctl security/tomoyo: Don\u0027t look at ctl_name\n sysctl arm: Remove binary sysctl support\n sysctl x86: Remove dead binary sysctl support\n sysctl sh: Remove dead binary sysctl support\n sysctl powerpc: Remove dead binary sysctl support\n sysctl ia64: Remove dead binary sysctl support\n sysctl s390: Remove dead sysctl binary support\n sysctl frv: Remove dead binary sysctl support\n sysctl mips/lasat: Remove dead binary sysctl support\n sysctl drivers: Remove dead binary sysctl support\n sysctl crypto: Remove dead binary sysctl support\n sysctl security/keys: Remove dead binary sysctl support\n sysctl kernel: Remove binary sysctl logic\n ...\n" }, { "commit": "a4054b6b20e9c2cca63715a319759bf8d37d82fc", "tree": "c7d17dda2b79fbc4faacd88514b01f49c3c05169", "parents": [ "6d4561110a3e9fa742aeec6717248a491dfb1878" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Nov 20 09:12:22 2009 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Nov 20 09:23:22 2009 -0800" }, "message": "security/tomoyo: Add a special case to handle accesses through the internal proc mount.\n\nWith the change of sys_sysctl going through the internal proc mount we no\nlonger need to handle security_sysctl in tomoyo as we have valid pathnames\nfor all sysctl accesses. There is one slight caveat to that in that\nall of the paths from the internal mount look like\n\"/sys/net/ipv4/ip_local_port_range\" instead of\n\"/proc/sys/net/ipv4/ip_local_port_range\" so tomoyo needs to add the\n\"/proc\" portion manually when resolving to full path names to get what it expects.\n\nThis change teaches tomoyo perform that modification.\n\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "024e1a49411a1a7363e65db48edf1b09e9ee68ad", "tree": "628fb392d0230f2e46753c04dded209ef27124d1", "parents": [ "d6ba452128178091dab7a04d54f7e66fdc32fb39" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@vyatta.com", "time": "Tue Oct 27 19:24:46 2009 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 29 11:17:33 2009 +1100" }, "message": "tomoyo: improve hash bucket dispersion\n\nWhen examining the network device name hash, it was discovered that\nthe low order bits of full_name_hash() are not very well dispersed\nacross the possible values. When used by filesystem code, this is handled\nby folding with the function hash_long().\n\nThe only other non-filesystem usage of full_name_hash() at this time\nappears to be in TOMOYO. This patch should fix that.\n\nI do not use TOMOYO at this time, so this patch is build tested only.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c3fa109a5894077d1eaf8731ea741a15dd117b3c", "tree": "a3d5f58ea878868b48a1493055e6f2cb6dd3c9de", "parents": [ "5bf1692f65c12a8aa359dc883468284ffc3c4587" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Mon Jun 08 12:37:39 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jun 09 09:30:24 2009 +1000" }, "message": "TOMOYO: Add description of lists and structures.\n\nThis patch adds some descriptions of lists and structures.\nThis patch contains no code changes.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ab588ccadc80f6ef5495e83e176e88c5c0fc2d0e", "tree": "ffb995eba759218fd07795f00a1303518621c119", "parents": [ "850b0cee165576f969363a8c52021b5cf9ecbe67" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Tue Jun 02 14:23:39 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 03 07:50:06 2009 +1000" }, "message": "TOMOYO: Remove redundant markers.\n\nRemove \u0027/***** START/STOP *****/\u0027 markers.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e24977d45f45d1675e050dc1a0aaf4bfc4ca9866", "tree": "ee39b590596e9ca6cd18b8ece11a1f6d24278c29", "parents": [ "6b3304b531704711286c3359b06922b83fdba015" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Apr 02 21:17:03 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat May 09 10:49:42 2009 -0400" }, "message": "Reduce path_lookup() abuses\n\n... use kern_path() where possible\n\n[folded a fix from rdd]\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "39826a1e17c1957bd7b5cd7815b83940e5e3a230", "tree": "c1452c0293b7f2f4bce2c36d3b5aea8e4020ff3e", "parents": [ "17a7b7b39056a82c5012539311850f202e6c3cd4" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Apr 08 22:31:28 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 14 09:15:02 2009 +1000" }, "message": "tomoyo: version bump to 2.2.0.\n\nSigned-off-by: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Toshiharu Harada \u003charadats@nttdata.co.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5ad4e53bd5406ee214ddc5a41f03f779b8b2d526", "tree": "b3dab5140284b3edf02bf2b13f74bfddb25aa62a", "parents": [ "ce3b0f8d5c2203301fc87f3aaaed73e5819e2a48" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Mar 29 19:50:06 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 31 23:00:27 2009 -0400" }, "message": "Get rid of indirect include of fs_struct.h\n\nDon\u0027t pull it in sched.h; very few files actually need it and those\ncan include directly. sched.h itself only needs forward declaration\nof struct fs_struct;\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1581e7ddbdd97443a134e1a0cc9d81256baf77a4", "tree": "54134783d9b61dea08b434e0d6e447ac8f8924b2", "parents": [ "0da0a420bb542b13ebae142109a9d2045ade0cb1" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Feb 21 20:40:50 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 23 09:45:05 2009 +1100" }, "message": "TOMOYO: Do not call tomoyo_realpath_init unless registered.\n\ntomoyo_realpath_init() is unconditionally called by security_initcall().\nBut nobody will use realpath related functions if TOMOYO is not registered.\n\nSo, let tomoyo_init() call tomoyo_realpath_init().\n\nThis patch saves 4KB of memory allocation if TOMOYO is not registered.\n\nSigned-off-by: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Toshiharu Harada \u003charadats@nttdata.co.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c73bd6d473ceb5d643d3afd7e75b7dc2e6918558", "tree": "76a800f3080d000215ec74f4c66fc73560b83a8f", "parents": [ "f9ce1f1cda8b73a36f47e424975a9dfa78b7840c" ], "author": { "name": "Kentaro Takeda", "email": "takedakn@nttdata.co.jp", "time": "Thu Feb 05 17:18:12 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 12 15:15:04 2009 +1100" }, "message": "Memory and pathname management functions.\n\nTOMOYO Linux performs pathname based access control.\nTo remove factors that make pathname based access control difficult\n(e.g. symbolic links, \"..\", \"//\" etc.), TOMOYO Linux derives realpath\nof requested pathname from \"struct dentry\" and \"struct vfsmount\".\n\nThe maximum length of string data is limited to 4000 including trailing \u0027\\0\u0027.\nSince TOMOYO Linux uses \u0027\\ooo\u0027 style representation for non ASCII printable\ncharacters, maybe TOMOYO Linux should be able to support 16336 (which means\n(NAME_MAX * (PATH_MAX / (NAME_MAX + 1)) * 4 + (PATH_MAX / (NAME_MAX + 1)))\nincluding trailing \u0027\\0\u0027), but I think 4000 is enough for practical use.\n\nTOMOYO uses only 0x21 - 0x7E (as printable characters) and 0x20 (as word\ndelimiter) and 0x0A (as line delimiter).\n0x01 - 0x20 and 0x80 - 0xFF is handled in \\ooo style representation.\nThe reason to use \\ooo is to guarantee that \"%s\" won\u0027t damage logs.\nUserland program can request\n\n open(\"/tmp/file granted.\\nAccess /tmp/file \", O_WRONLY | O_CREAT, 0600)\n\nand logging such crazy pathname using \"Access %s denied.\\n\" format will cause\n\"fabrication of logs\" like\n\n Access /tmp/file granted.\n Access /tmp/file denied.\n\nTOMOYO converts such characters to \\ooo so that the logs will become\n\n Access /tmp/file\\040granted.\\012Access\\040/tmp/file denied.\n\nand the administrator can read the logs safely using /bin/cat .\nLikewise, a crazy request like\n\n open(\"/tmp/\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\", O_WRONLY | O_CREAT, 0600)\n\nwill be processed safely by converting to\n\n Access /tmp/\\001\\002\\003\\004\\005\\006\\007\\010\\011 denied.\n\nSigned-off-by: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Toshiharu Harada \u003charadats@nttdata.co.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ] }