)]}'
{
  "log": [
    {
      "commit": "e114e473771c848c3cfec05f0123e70f1cdbdc99",
      "tree": "933b840f3ccac6860da56291c742094f9b5a20cb",
      "parents": [
        "eda61d32e8ad1d9102872f9a0abf3344bf9c5e67"
      ],
      "author": {
        "name": "Casey Schaufler",
        "email": "casey@schaufler-ca.com",
        "time": "Mon Feb 04 22:29:50 2008 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@woody.linux-foundation.org",
        "time": "Tue Feb 05 09:44:20 2008 -0800"
      },
      "message": "Smack: Simplified Mandatory Access Control Kernel\n\nSmack is the Simplified Mandatory Access Control Kernel.\n\nSmack implements mandatory access control (MAC) using labels\nattached to tasks and data containers, including files, SVIPC,\nand other tasks. Smack is a kernel based scheme that requires\nan absolute minimum of application support and a very small\namount of configuration data.\n\nSmack uses extended attributes and\nprovides a set of general mount options, borrowing technics used\nelsewhere. Smack uses netlabel for CIPSO labeling. Smack provides\na pseudo-filesystem smackfs that is used for manipulation of\nsystem Smack attributes.\n\nThe patch, patches for ls and sshd, a README, a startup script,\nand x86 binaries for ls and sshd are also available on\n\n    http://www.schaufler-ca.com\n\nDevelopment has been done using Fedora Core 7 in a virtual machine\nenvironment and on an old Sony laptop.\n\nSmack provides mandatory access controls based on the label attached\nto a task and the label attached to the object it is attempting to\naccess. Smack labels are deliberately short (1-23 characters) text\nstrings. Single character labels using special characters are reserved\nfor system use. The only operation applied to Smack labels is equality\ncomparison. No wildcards or expressions, regular or otherwise, are\nused. Smack labels are composed of printable characters and may not\ninclude \"/\".\n\nA file always gets the Smack label of the task that created it.\n\nSmack defines and uses these labels:\n\n    \"*\" - pronounced \"star\"\n    \"_\" - pronounced \"floor\"\n    \"^\" - pronounced \"hat\"\n    \"?\" - pronounced \"huh\"\n\nThe access rules enforced by Smack are, in order:\n\n1. Any access requested by a task labeled \"*\" is denied.\n2. A read or execute access requested by a task labeled \"^\"\n   is permitted.\n3. A read or execute access requested on an object labeled \"_\"\n   is permitted.\n4. Any access requested on an object labeled \"*\" is permitted.\n5. Any access requested by a task on an object with the same\n   label is permitted.\n6. Any access requested that is explicitly defined in the loaded\n   rule set is permitted.\n7. Any other access is denied.\n\nRules may be explicitly defined by writing subject,object,access\ntriples to /smack/load.\n\nSmack rule sets can be easily defined that describe Bell\u0026LaPadula\nsensitivity, Biba integrity, and a variety of interesting\nconfigurations. Smack rule sets can be modified on the fly to\naccommodate changes in the operating environment or even the time\nof day.\n\nSome practical use cases:\n\nHierarchical levels. The less common of the two usual uses\nfor MLS systems is to define hierarchical levels, often\nunclassified, confidential, secret, and so on. To set up smack\nto support this, these rules could be defined:\n\n   C        Unclass rx\n   S        C       rx\n   S        Unclass rx\n   TS       S       rx\n   TS       C       rx\n   TS       Unclass rx\n\nA TS process can read S, C, and Unclass data, but cannot write it.\nAn S process can read C and Unclass. Note that specifying that\nTS can read S and S can read C does not imply TS can read C, it\nhas to be explicitly stated.\n\nNon-hierarchical categories. This is the more common of the\nusual uses for an MLS system. Since the default rule is that a\nsubject cannot access an object with a different label no\naccess rules are required to implement compartmentalization.\n\nA case that the Bell \u0026 LaPadula policy does not allow is demonstrated\nwith this Smack access rule:\n\nA case that Bell\u0026LaPadula does not allow that Smack does:\n\n    ESPN    ABC   r\n    ABC     ESPN  r\n\nOn my portable video device I have two applications, one that\nshows ABC programming and the other ESPN programming. ESPN wants\nto show me sport stories that show up as news, and ABC will\nonly provide minimal information about a sports story if ESPN\nis covering it. Each side can look at the other\u0027s info, neither\ncan change the other. Neither can see what FOX is up to, which\nis just as well all things considered.\n\nAnother case that I especially like:\n\n    SatData Guard   w\n    Guard   Publish w\n\nA program running with the Guard label opens a UDP socket and\naccepts messages sent by a program running with a SatData label.\nThe Guard program inspects the message to ensure it is wholesome\nand if it is sends it to a program running with the Publish label.\nThis program then puts the information passed in an appropriate\nplace. Note that the Guard program cannot write to a Publish\nfile system object because file system semanitic require read as\nwell as write.\n\nThe four cases (categories, levels, mutual read, guardbox) here\nare all quite real, and problems I\u0027ve been asked to solve over\nthe years. The first two are easy to do with traditonal MLS systems\nwhile the last two you can\u0027t without invoking privilege, at least\nfor a while.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Joshua Brindle \u003cmethod@manicmethod.com\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: \"Ahmed S. Darwish\" \u003cdarwish.07@gmail.com\u003e\nCc: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "3bc1fa8ae18f281b40903cce94baba10c3cf9d88",
      "tree": "9097244b28cbf4eba16368803272af0fc70224d5",
      "parents": [
        "cd1c6a48ac16b360746f9f111895931d332c35dd"
      ],
      "author": {
        "name": "Chris Wright",
        "email": "chrisw@sous-sol.org",
        "time": "Fri Sep 29 01:59:49 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Fri Sep 29 09:18:10 2006 -0700"
      },
      "message": "[PATCH] LSM: remove BSD secure level security module\n\nThis code has suffered from broken core design and lack of developer\nattention.  Broken security modules are too dangerous to leave around.  It\nis time to remove this one.\n\nSigned-off-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nAcked-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Davi Arnaut \u003cdavi.arnaut@gmail.com\u003e\nAcked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Alan Cox \u003calan@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "b67dbf9d4c1987c370fd18fdc4cf9d8aaea604c2",
      "tree": "76c8bf2d44a9e8b3fb8df8dedf950bbb78d340ae",
      "parents": [
        "043d051615aa5da09a7e44f1edbb69798458e067"
      ],
      "author": {
        "name": "Greg KH",
        "email": "greg@kroah.com",
        "time": "Thu Jul 07 14:37:53 2005 -0700"
      },
      "committer": {
        "name": "Chris Wright",
        "email": "chrisw@osdl.org",
        "time": "Fri Jul 08 18:48:41 2005 -0700"
      },
      "message": "[PATCH] add securityfs for all LSMs to use\n\nHere\u0027s a small patch against 2.6.13-rc2 that adds securityfs, a virtual\nfs that all LSMs can use instead of creating their own.  The fs should\nbe mounted at /sys/kernel/security, and the fs creates that mount point.\nThis will make the LSB people happy that we aren\u0027t creating a new\n/my_lsm_fs directory in the root for every different LSM.\n\nIt has changed a bit since the last version, thanks to comments from\nMike Waychison.\n\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nSigned-off-by: Chris Wright \u003cchrisw@osdl.org\u003e\n"
    },
    {
      "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
      "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d",
      "parents": [],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@ppc970.osdl.org",
        "time": "Sat Apr 16 15:20:36 2005 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@ppc970.osdl.org",
        "time": "Sat Apr 16 15:20:36 2005 -0700"
      },
      "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n"
    }
  ]
}