)]}' { "log": [ { "commit": "1236cc3cf8c69bd316c940b2e94f91b3795f97fe", "tree": "c33374ffa89d34f901d91888851970071700c38d", "parents": [ "30aa4faf62b2dd9b239ae06ca7a85f1d36d7ef25" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Apr 28 02:13:43 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 08:58:27 2008 -0700" }, "message": "smack: use cap_task_prctl\n\nWith the introduction of per-process securebits, the capabilities-related\nprctl callbacks were moved into cap_task_prctl(). Have smack use\ncap_task_prctl() so that PR_SET_KEEPCAPS is defined.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "30aa4faf62b2dd9b239ae06ca7a85f1d36d7ef25", "tree": "37eb2c4fa1195f668d1d3a16653bdc93da5f5e6b", "parents": [ "55d00ccfb336b4f85a476a24e18c17b2eaff919e" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Apr 28 02:13:43 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 08:58:27 2008 -0700" }, "message": "smack: make smk_cipso_doi() and smk_unlbl_ambient()\n\nThe functions smk_cipso_doi and smk_unlbl_ambient are not used outside\nsmackfs.c and should hence be static.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "55d00ccfb336b4f85a476a24e18c17b2eaff919e", "tree": "5be259b88f5cfe17206ad20dcb11929dd4a40781", "parents": [ "c60264c494a119cd3a716a22edc0137b11de6d1e" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Apr 28 02:13:42 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 08:58:27 2008 -0700" }, "message": "root_plug: use cap_task_prctl\n\nWith the introduction of per-process securebits, the capabilities-related\nprctl callbacks were moved into cap_task_prctl(). Have root_plug use\ncap_task_prctl() so that PR_SET_KEEPCAPS is defined.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c60264c494a119cd3a716a22edc0137b11de6d1e", "tree": "db985b1529a6a136a7f439a9a557bcb80278e471", "parents": [ "3898b1b4ebff8dcfbcf1807e0661585e06c9a91c" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Mon Apr 28 02:13:41 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 08:58:27 2008 -0700" }, "message": "smack: fix integer as NULL pointer warning in smack_lsm.c\n\nsecurity/smack/smack_lsm.c:1257:16: warning: Using plain integer as NULL pointer\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3898b1b4ebff8dcfbcf1807e0661585e06c9a91c", "tree": "69a338864dfe654f68064a599c5d0da460df34ac", "parents": [ "4016a1390d07f15b267eecb20e76a48fd5c524ef" ], "author": { "name": "Andrew G. Morgan", "email": "morgan@kernel.org", "time": "Mon Apr 28 02:13:40 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 08:58:26 2008 -0700" }, "message": "capabilities: implement per-process securebits\n\nFilesystem capability support makes it possible to do away with (set)uid-0\nbased privilege and use capabilities instead. That is, with filesystem\nsupport for capabilities but without this present patch, it is (conceptually)\npossible to manage a system with capabilities alone and never need to obtain\nprivilege via (set)uid-0.\n\nOf course, conceptually isn\u0027t quite the same as currently possible since few\nuser applications, certainly not enough to run a viable system, are currently\nprepared to leverage capabilities to exercise privilege. Further, many\napplications exist that may never get upgraded in this way, and the kernel\nwill continue to want to support their setuid-0 base privilege needs.\n\nWhere pure-capability applications evolve and replace setuid-0 binaries, it is\ndesirable that there be a mechanisms by which they can contain their\nprivilege. In addition to leveraging the per-process bounding and inheritable\nsets, this should include suppressing the privilege of the uid-0 superuser\nfrom the process\u0027 tree of children.\n\nThe feature added by this patch can be leveraged to suppress the privilege\nassociated with (set)uid-0. This suppression requires CAP_SETPCAP to\ninitiate, and only immediately affects the \u0027current\u0027 process (it is inherited\nthrough fork()/exec()). This reimplementation differs significantly from the\nhistorical support for securebits which was system-wide, unwieldy and which\nhas ultimately withered to a dead relic in the source of the modern kernel.\n\nWith this patch applied a process, that is capable(CAP_SETPCAP), can now drop\nall legacy privilege (through uid\u003d0) for itself and all subsequently\nfork()\u0027d/exec()\u0027d children with:\n\n prctl(PR_SET_SECUREBITS, 0x2f);\n\nThis patch represents a no-op unless CONFIG_SECURITY_FILE_CAPABILITIES is\nenabled at configure time.\n\n[akpm@linux-foundation.org: fix uninitialised var warning]\n[serue@us.ibm.com: capabilities: use cap_task_prctl when !CONFIG_SECURITY]\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "94bc891b00e40cbec375feb4568780af183fd7f4", "tree": "fd48d354c61d2e736aa593c324a6d794afd8a4e7", "parents": [ "934b7024f0ed29003c95cef447d92737ab86dc4f", "1ec7f1ddbe5ba49f7b10c3b129d6d5c90c43526c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 22 18:27:56 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 22 18:28:34 2008 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:\n [PATCH] get rid of __exit_files(), __exit_fs() and __put_fs_struct()\n [PATCH] proc_readfd_common() race fix\n [PATCH] double-free of inode on alloc_file() failure exit in create_write_pipe()\n [PATCH] teach seq_file to discard entries\n [PATCH] umount_tree() will unhash everything itself\n [PATCH] get rid of more nameidata passing in namespace.c\n [PATCH] switch a bunch of LSM hooks from nameidata to path\n [PATCH] lock exclusively in collect_mounts() and drop_collected_mounts()\n [PATCH] move a bunch of declarations to fs/internal.h\n" }, { "commit": "618442509128fe4514be94de70ce54075cd9a706", "tree": "9aea814978791abd8c4f9a5c60de879b2811c063", "parents": [ "0f5e64200f20fc8f5b759c4010082f577ab0af3f" ], "author": { "name": "Paul E. McKenney", "email": "paulmck@linux.vnet.ibm.com", "time": "Mon Apr 21 18:12:33 2008 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 22 15:37:23 2008 +1000" }, "message": "SELinux fixups needed for preemptable RCU from -rt\n\nThe attached patch needs to move from -rt to mainline given preemptable RCU.\nThis patch fixes SELinux code that implicitly assumes that disabling\npreemption prevents an RCU grace period from completing, an assumption that\nis valid for Classic RCU, but not necessarily for preemptable RCU. Explicit\nrcu_read_lock() calls are thus added.\n\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Steven Rostedt \u003csrostedt@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b5266eb4c8d1a2887a19aaec8144ee4ad1b054c3", "tree": "37105d0640169ad758d20847cf3effe77381f50f", "parents": [ "1a60a280778ff90270fc7390d9ec102f713a5a29" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 22 17:48:24 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 21 23:13:23 2008 -0400" }, "message": "[PATCH] switch a bunch of LSM hooks from nameidata to path\n\nNamely, ones from namespace.c\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "0f5e64200f20fc8f5b759c4010082f577ab0af3f", "tree": "e59565d010a5538910a89f0c44122e802ba011a3", "parents": [ "e9b62693ae0a1e13ccc97a6792d9a7770c8d1b5b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 21 16:24:11 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 22 10:00:09 2008 +1000" }, "message": "SELinux: no BUG_ON(!ss_initialized) in selinux_clone_mnt_opts\n\nThe Fedora installer actually makes multiple NFS mounts before it loads\nselinux policy. The code in selinux_clone_mnt_opts() assumed that the\ninit process would always be loading policy before NFS was up and\nrunning. It might be possible to hit this in a diskless environment as\nwell, I\u0027m not sure. There is no need to BUG_ON() in this situation\nsince we can safely continue given the circumstances.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "19b5b517a8b81a448be9b2bdaf18a761a7b9799e", "tree": "b1e83e331769d44f98e564c984acf3841261c2a8", "parents": [ "bda0c0afa7a694bb1459fd023515aca681e4d79a", "95fff33b8e306a4331024bbd31c0999d5bf48fcf" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 21 16:01:40 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 21 16:01:40 2008 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n SELinux: one little, two little, three little whitespaces, the avc.c saga.\n SELinux: cleanup on isle selinuxfs.c\n changing whitespace for fun and profit: policydb.c\n SELinux: whitespace and formating fixes for hooks.c\n SELinux: clean up printks\n SELinux: sidtab.c whitespace, syntax, and static declaraction cleanups\n SELinux: services.c whitespace, syntax, and static declaraction cleanups\n SELinux: mls.c whitespace, syntax, and static declaraction cleanups\n SELinux: hashtab.c whitespace, syntax, and static declaraction cleanups\n SELinux: ebitmap.c whitespace, syntax, and static declaraction cleanups\n SELinux: conditional.c whitespace, syntax, and static declaraction cleanups\n SELinux: avtab.c whitespace, syntax, and static declaraction cleanups\n SELinux: xfrm.c whitespace, syntax, and static declaraction cleanups\n SELinux: nlmsgtab.c whitespace, syntax, and static declaraction cleanups\n SELinux: netnode.c whitespace, syntax, and static declaraction cleanups\n SELinux: netlink.c whitespace, syntax, and static declaraction cleanups\n SELinux: netlabel.c whitespace, syntax, and static declaraction cleanups\n SELinux: netif.c whitespace, syntax, and static declaraction cleanups\n" }, { "commit": "95fff33b8e306a4331024bbd31c0999d5bf48fcf", "tree": "822da169332912a8149a7947388347118d7921bf", "parents": [ "1872981b51dac9d1f5bcae17803bf368f7fa19cd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 17 14:42:10 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:12:02 2008 +1000" }, "message": "SELinux: one little, two little, three little whitespaces, the avc.c saga.\n\navc.c was bad. It had whitespace and syntax issues which are against\nour coding style. I have had a little chat with it and the result of\nthat conversation looked like this patch.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1872981b51dac9d1f5bcae17803bf368f7fa19cd", "tree": "4d76e8f0cdd663a31d5fd99e96964e91d6bafdfb", "parents": [ "2ced3dfd3148fd8e2170ff06d6f72fd9f2f7b639" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 17 14:15:45 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:12:01 2008 +1000" }, "message": "SELinux: cleanup on isle selinuxfs.c\n\nWhy would anyone just clean up white space all day? Because they were\nout too late last night and don\u0027t want to think for a day. So here is a\nnice clean selinuxfs.c patch.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2ced3dfd3148fd8e2170ff06d6f72fd9f2f7b639", "tree": "e401ba8b134ef94fd6c63e1b3ce9975a4d9c04d3", "parents": [ "828dfe1da54fce81f80f97275353ba33be09a76e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 17 13:37:12 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:11:58 2008 +1000" }, "message": "changing whitespace for fun and profit: policydb.c\n\nMore formatting changes. Aside from the 80 character line limit even\nthe checkpatch scripts like this file now. Too bad I don\u0027t get paid by\nthe lines of code I change.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "828dfe1da54fce81f80f97275353ba33be09a76e", "tree": "c3eec5cf7ae7858614b2ba705aa53944861c19c2", "parents": [ "744ba35e455b0d5cf4f85208a8ca0edcc9976b95" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 17 13:17:49 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:11:56 2008 +1000" }, "message": "SELinux: whitespace and formating fixes for hooks.c\n\nAll whitespace and formatting. Nothing interesting to see here. About\nthe only thing to remember is that we aren\u0027t supposed to initialize\nstatic variables to 0/NULL. It is done for us and doing it ourselves\nputs them in a different section.\n\nWith this patch running checkpatch.pl against hooks.c only gives us\ncomplaints about busting the 80 character limit and declaring extern\u0027s\nin .c files. Apparently they don\u0027t like it, but I don\u0027t feel like going\nto the trouble of moving those to .h files...\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "744ba35e455b0d5cf4f85208a8ca0edcc9976b95", "tree": "1b242324aeba16d07e1a3811df041969c10422a6", "parents": [ "11670889380b144adfa5a91dc184c8f6300c4b28" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 17 11:52:44 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:09:26 2008 +1000" }, "message": "SELinux: clean up printks\n\nMake sure all printk start with KERN_*\nMake sure all printk end with \\n\nMake sure all printk have the word \u0027selinux\u0027 in them\nChange \"function name\" to \"%s\", __func__ (found 2 wrong)\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "11670889380b144adfa5a91dc184c8f6300c4b28", "tree": "eb9a75859f1d3227e3c9d0bde05e77a97f25bddf", "parents": [ "5d55a345c09ef1708bd341395792931a66306ba6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:34 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:09:09 2008 +1000" }, "message": "SELinux: sidtab.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes sidtab.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5d55a345c09ef1708bd341395792931a66306ba6", "tree": "137da17e617d8854f65ae878ebb125a0b6e9208d", "parents": [ "1a5e6f8729266154f34c84d25bb83942f99ba002" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:33 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:09:08 2008 +1000" }, "message": "SELinux: services.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes services.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1a5e6f8729266154f34c84d25bb83942f99ba002", "tree": "38a53fae39c506ec7a2c4d1a79604c78e190bda4", "parents": [ "719a2f8e5f7b07a3be0d59fdc6edeb8120653918" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:32 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:07:33 2008 +1000" }, "message": "SELinux: mls.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes mls.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "719a2f8e5f7b07a3be0d59fdc6edeb8120653918", "tree": "2190cfc6038b9dee25319d7c1a8fb8da4f1d8f7e", "parents": [ "7696ee80ac037959fc708156255d1bfec1f9ad70" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:31 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:07:32 2008 +1000" }, "message": "SELinux: hashtab.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes hashtab.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7696ee80ac037959fc708156255d1bfec1f9ad70", "tree": "824647d7c1d5767067fa044ad76ad1a8101fd896", "parents": [ "7c2b240ef2ae05a0081b4004176fd5838cecc4f6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:30 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:07:32 2008 +1000" }, "message": "SELinux: ebitmap.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes ebitmap.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7c2b240ef2ae05a0081b4004176fd5838cecc4f6", "tree": "2013e70b664b108b396864e61c658f3a84347076", "parents": [ "eb5df9a7ae794a7e352e0582011e9e2b586051b5" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:29 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:07:31 2008 +1000" }, "message": "SELinux: conditional.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes conditional.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "eb5df9a7ae794a7e352e0582011e9e2b586051b5", "tree": "cb232b131a7ed4be275027caf3c60996ad92c1b0", "parents": [ "3c1c88ab8ad8d1f7db74f719f2649a070190fd5e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:28 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:07:30 2008 +1000" }, "message": "SELinux: avtab.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes avtab.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3c1c88ab8ad8d1f7db74f719f2649a070190fd5e", "tree": "4801e6045ec34deb14b215b6e9b7b00dad5bb2da", "parents": [ "bfff3aa49765eb10053b58ee220949cfcc7a1a80" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:27 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:07:26 2008 +1000" }, "message": "SELinux: xfrm.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes xfrm.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bfff3aa49765eb10053b58ee220949cfcc7a1a80", "tree": "2695e909f58e9b1f683dae9c9a08090bd662e34f", "parents": [ "7b6b239c805ab372145c8a43ffa25529923d2658" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:26 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:05:07 2008 +1000" }, "message": "SELinux: nlmsgtab.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes nlmsgtab.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7b6b239c805ab372145c8a43ffa25529923d2658", "tree": "c5281805ee859d205cc981107e46bf1ad853cda7", "parents": [ "c544c028e45feceeb48b629456d0eb43adc8eaaf" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:25 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:05:06 2008 +1000" }, "message": "SELinux: netnode.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes netnode.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c544c028e45feceeb48b629456d0eb43adc8eaaf", "tree": "feb455ffd74d43df3667f1f59688e10e14f627fd", "parents": [ "a6aaafeecca7ea1ddb5d7dac09e468ae14751fcd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:24 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:05:05 2008 +1000" }, "message": "SELinux: netlink.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes netlink.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a6aaafeecca7ea1ddb5d7dac09e468ae14751fcd", "tree": "15b33a43a2d6335b2d7c72b131e614d547f7f195", "parents": [ "338366cbba686a06f9e17f33c31d533901e8639f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:23 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:05:04 2008 +1000" }, "message": "SELinux: netlabel.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes netlabel.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "338366cbba686a06f9e17f33c31d533901e8639f", "tree": "7d6062a9939f4f6299570bcfdc1c231231d264dd", "parents": [ "3925e6fc1f774048404fdd910b0345b06c699eb4" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:22 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:05:03 2008 +1000" }, "message": "SELinux: netif.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes netif.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocation of { around structs and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d7b1acd3b524b39f418e463e836b48ac041954d6", "tree": "38e0c822bc6ed1aac05c51eb4f17c57c48f31766", "parents": [ "f42b38009e1dbd4509a865e5ea0e91a1722c979d" ], "author": { "name": "Matthew Wilcox", "email": "matthew@wil.cx", "time": "Tue Feb 26 10:49:01 2008 -0500" }, "committer": { "name": "Matthew Wilcox", "email": "willy@linux.intel.com", "time": "Fri Apr 18 22:17:25 2008 -0400" }, "message": "security: Remove unnecessary inclusions of asm/semaphore.h\n\nNone of these files use any of the functionality promised by\nasm/semaphore.h.\n\nSigned-off-by: Matthew Wilcox \u003cwilly@linux.intel.com\u003e\n" }, { "commit": "3925e6fc1f774048404fdd910b0345b06c699eb4", "tree": "c9a58417d9492f39f7fe81d4721d674c34dd8be2", "parents": [ "334d094504c2fe1c44211ecb49146ae6bca8c321", "7cea51be4e91edad05bd834f3235b45c57783f0d" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 18 18:18:30 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 18 18:18:30 2008 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:\n security: fix up documentation for security_module_enable\n Security: Introduce security\u003d boot parameter\n Audit: Final renamings and cleanup\n SELinux: use new audit hooks, remove redundant exports\n Audit: internally use the new LSM audit hooks\n LSM/Audit: Introduce generic Audit LSM hooks\n SELinux: remove redundant exports\n Netlink: Use generic LSM hook\n Audit: use new LSM hooks instead of SELinux exports\n SELinux: setup new inode/ipc getsecid hooks\n LSM: Introduce inode_getsecid and ipc_getsecid hooks\n" }, { "commit": "334d094504c2fe1c44211ecb49146ae6bca8c321", "tree": "d3c0f68e4b9f8e3d2ccc39e7dfe5de0534a5fad9", "parents": [ "d1a4be630fb068f251d64b62919f143c49ca8057", "d1643d24c61b725bef399cc1cf2944b4c9c23177" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 18 18:02:35 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 18 18:02:35 2008 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26: (1090 commits)\n [NET]: Fix and allocate less memory for -\u003epriv\u0027less netdevices\n [IPV6]: Fix dangling references on error in fib6_add().\n [NETLABEL]: Fix NULL deref in netlbl_unlabel_staticlist_gen() if ifindex not found\n [PKT_SCHED]: Fix datalen check in tcf_simp_init().\n [INET]: Uninline the __inet_inherit_port call.\n [INET]: Drop the inet_inherit_port() call.\n SCTP: Initialize partial_bytes_acked to 0, when all of the data is acked.\n [netdrvr] forcedeth: internal simplifications; changelog removal\n phylib: factor out get_phy_id from within get_phy_device\n PHY: add BCM5464 support to broadcom PHY driver\n cxgb3: Fix __must_check warning with dev_dbg.\n tc35815: Statistics cleanup\n natsemi: fix MMIO for PPC 44x platforms\n [TIPC]: Cleanup of TIPC reference table code\n [TIPC]: Optimized initialization of TIPC reference table\n [TIPC]: Remove inlining of reference table locking routines\n e1000: convert uint16_t style integers to u16\n ixgb: convert uint16_t style integers to u16\n sb1000.c: make const arrays static\n sb1000.c: stop inlining largish static functions\n ...\n" }, { "commit": "7cea51be4e91edad05bd834f3235b45c57783f0d", "tree": "55843bf8ab3afc3e33a99e86391668d48355d614", "parents": [ "076c54c5bcaed2081c0cba94a6f77c4d470236ad" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Mar 07 12:23:49 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 10:00:59 2008 +1000" }, "message": "security: fix up documentation for security_module_enable\n\nsecurity_module_enable() can only be called during kernel init.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "076c54c5bcaed2081c0cba94a6f77c4d470236ad", "tree": "5e8f05cab20a49922618bb3af697a6b46e610eee", "parents": [ "04305e4aff8b0533dc05f9f6f1a34d0796bd985f" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Thu Mar 06 18:09:10 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 10:00:51 2008 +1000" }, "message": "Security: Introduce security\u003d boot parameter\n\nAdd the security\u003d boot parameter. This is done to avoid LSM\nregistration clashes in case of more than one bult-in module.\n\nUser can choose a security module to enable at boot. If no\nsecurity\u003d boot parameter is specified, only the first LSM\nasking for registration will be loaded. An invalid security\nmodule name will be treated as if no module has been chosen.\n\nLSM modules must check now if they are allowed to register\nby calling security_module_enable(ops) first. Modify SELinux\nand SMACK to do so.\n\nDo not let SMACK register smackfs if it was not chosen on\nboot. Smackfs assumes that smack hooks are registered and\nthe initial task security setup (swapper-\u003esecurity) is done.\n\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "04305e4aff8b0533dc05f9f6f1a34d0796bd985f", "tree": "9938264917b4b9e6e147b883d88fca94c6788b76", "parents": [ "9d57a7f9e23dc30783d245280fc9907cf2c87837" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Apr 19 09:59:43 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:59:43 2008 +1000" }, "message": "Audit: Final renamings and cleanup\n\nRename the se_str and se_rule audit fields elements to\nlsm_str and lsm_rule to avoid confusion.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9d57a7f9e23dc30783d245280fc9907cf2c87837", "tree": "508b81e213f5dca1097ccf0ece8ba092b168607b", "parents": [ "d7a96f3a1ae279a2129653d6cb18d722f2f00f91" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 22:03:14 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:53:46 2008 +1000" }, "message": "SELinux: use new audit hooks, remove redundant exports\n\nSetup the new Audit LSM hooks for SELinux.\nRemove the now redundant exported SELinux Audit interface.\n\nAudit: Export \u0027audit_krule\u0027 and \u0027audit_field\u0027 to the public\nsince their internals are needed by the implementation of the\nnew LSM hook \u0027audit_rule_known\u0027.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "03d37d25e0f91b28c4b6d002be6221f1af4b19d8", "tree": "de56538f7b6e7623d7cee2b0fcdc8f9764957252", "parents": [ "6b89a74be0fbbc6cc639d5cf7dcf8e6ee0f120a7" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 22:00:05 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:36 2008 +1000" }, "message": "LSM/Audit: Introduce generic Audit LSM hooks\n\nIntroduce a generic Audit interface for security modules\nby adding the following new LSM hooks:\n\naudit_rule_init(field, op, rulestr, lsmrule)\naudit_rule_known(krule)\naudit_rule_match(secid, field, op, rule, actx)\naudit_rule_free(rule)\n\nThose hooks are only available if CONFIG_AUDIT is enabled.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "6b89a74be0fbbc6cc639d5cf7dcf8e6ee0f120a7", "tree": "c56574f86d518feb898e934e428dbae999236b5a", "parents": [ "0ce784ca729dce8c9076a6339a15530ca13212f2" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 21:58:32 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:36 2008 +1000" }, "message": "SELinux: remove redundant exports\n\nRemove the following exported SELinux interfaces:\nselinux_get_inode_sid(inode, sid)\nselinux_get_ipc_sid(ipcp, sid)\nselinux_get_task_sid(tsk, sid)\nselinux_sid_to_string(sid, ctx, len)\n\nThey can be substitued with the following generic equivalents\nrespectively:\nnew LSM hook, inode_getsecid(inode, secid)\nnew LSM hook, ipc_getsecid*(ipcp, secid)\nLSM hook, task_getsecid(tsk, secid)\nLSM hook, sid_to_secctx(sid, ctx, len)\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "713a04aeaba35bb95d442cdeb52055498519be25", "tree": "a9d995cdc850d159189886e29f44d4ee88516eba", "parents": [ "8a076191f373abaeb4aa5f6755d22e49db98940f" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 21:52:30 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:33 2008 +1000" }, "message": "SELinux: setup new inode/ipc getsecid hooks\n\nSetup the new inode_getsecid and ipc_getsecid() LSM hooks\nfor SELinux.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "8a076191f373abaeb4aa5f6755d22e49db98940f", "tree": "1311a11332abb0828999a7347a07509a68dffb5f", "parents": [ "d1a4be630fb068f251d64b62919f143c49ca8057" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 21:51:09 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:32 2008 +1000" }, "message": "LSM: Introduce inode_getsecid and ipc_getsecid hooks\n\nIntroduce inode_getsecid(inode, secid) and ipc_getsecid(ipcp, secid)\nLSM hooks. These hooks will be used instead of similar exported\nSELinux interfaces.\n\nLet {inode,ipc,task}_getsecid hooks set the secid to 0 by default\nif CONFIG_SECURITY is not defined or if the hook is set to\nNULL (dummy). This is done to notify the caller that no valid\nsecid exists.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "5f46ce14bd432cf52bf91079270af164ca48f821", "tree": "ae8129b0ba3743b67ba69af83c7c8aa6950e4f15", "parents": [ "27cc2a6e572e1a86a08a02918517558f175f6974" ], "author": { "name": "maximilian attems", "email": "max@stro.at", "time": "Wed Apr 16 19:36:36 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:18 2008 +1000" }, "message": "security: enhance DEFAULT_MMAP_MIN_ADDR description\n\nGot burned by setting the proposed default of 65536\nacross all Debian archs.\n\nThus proposing to be more specific on which archs you may\nset this. Also propose a value for arm and friends that\ndoesn\u0027t break sshd.\n\nReword to mention working archs ia64 and ppc64 too.\n\nSigned-off-by: maximilian attems \u003cmax@stro.at\u003e\nCc: Martin Michlmayr \u003ctbm@cyrius.com\u003e\nCc: Gordon Farquharson \u003cgordonfarquharson@gmail.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "27cc2a6e572e1a86a08a02918517558f175f6974", "tree": "fdd3d6cbea9807421527ffc4d6fa893f6a182c58", "parents": [ "3e11217263d0521e212cb8a017fbc2a1514db78f" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 14 15:09:53 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:17 2008 +1000" }, "message": "SELinux: add netport.[ch]\n\nThank you, git.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3e11217263d0521e212cb8a017fbc2a1514db78f", "tree": "d3b399c3d907cd90afd27003000fd9d99212f44b", "parents": [ "832cbd9aa1293cba57d06571f5fc8f0917c672af" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 10 10:48:14 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:16 2008 +1000" }, "message": "SELinux: Add network port SID cache\n\nMuch like we added a network node cache, this patch adds a network port\ncache. The design is taken almost completely from the network node cache\nwhich in turn was taken from the network interface cache. The basic idea is\nto cache entries in a hash table based on protocol/port information. The\nhash function only takes the port number into account since the number of\ndifferent protocols in use at any one time is expected to be relatively\nsmall.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "832cbd9aa1293cba57d06571f5fc8f0917c672af", "tree": "85b1b550c71acde04294b69c08176adbaaf8641b", "parents": [ "0e55a004b58847c53e48d846b9a4570b1587c382" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 01 13:24:09 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:13 2008 +1000" }, "message": "SELinux: turn mount options strings into defines\n\nConvert the strings used for mount options into #defines rather than\nretyping the string throughout the SELinux code.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0e55a004b58847c53e48d846b9a4570b1587c382", "tree": "1eb79c0a971ecd6db645aea3f2f9037ed7c49343", "parents": [ "64dbf07474d011540ca479a2e87fe998f570d6e3" ], "author": { "name": "Adrian Bunk", "email": "bunk@kernel.org", "time": "Mon Mar 31 01:54:02 2008 +0300" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:12 2008 +1000" }, "message": "selinux/ss/services.c should #include \u003clinux/selinux.h\u003e\n\nEvery file should include the headers containing the externs for its global\ncode.\n\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "64dbf07474d011540ca479a2e87fe998f570d6e3", "tree": "364ae3f3a29f06246dd2097674586fe508c4445f", "parents": [ "0356357c5158c71d4cbf20196b2f784435dd916c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Mar 31 12:17:33 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:11 2008 +1000" }, "message": "selinux: introduce permissive types\n\nIntroduce the concept of a permissive type. A new ebitmap is introduced to\nthe policy database which indicates if a given type has the permissive bit\nset or not. This bit is tested for the scontext of any denial. The bit is\nmeaningless on types which only appear as the target of a decision and never\nthe source. A domain running with a permissive type will be allowed to\nperform any action similarly to when the system is globally set permissive.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0356357c5158c71d4cbf20196b2f784435dd916c", "tree": "e680a4d0346286d2c318bb20914cceabc0596af1", "parents": [ "eda4f69ca5a532b425db5a6c2c6bc50717b9b5fe" ], "author": { "name": "Roland McGrath", "email": "roland@redhat.com", "time": "Wed Mar 26 15:46:39 2008 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:10 2008 +1000" }, "message": "selinux: remove ptrace_sid\n\nThis changes checks related to ptrace to get rid of the ptrace_sid tracking.\nIt\u0027s good to disentangle the security model from the ptrace implementation\ninternals. It\u0027s sufficient to check against the SID of the ptracer at the\ntime a tracee attempts a transition.\n\nSigned-off-by: Roland McGrath \u003croland@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "eda4f69ca5a532b425db5a6c2c6bc50717b9b5fe", "tree": "09b74e5637218c64588e523d6d264fae0b9cb771", "parents": [ "f0115e6c8980ea9125a17858291c90ecd990bc1c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Mar 11 14:19:34 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:09 2008 +1000" }, "message": "SELinux: requesting no permissions in avc_has_perm_noaudit is a BUG()\n\nThis patch turns the case where we have a call into avc_has_perm with no\nrequested permissions into a BUG_ON. All callers to this should be in\nthe kernel and thus should be a function we need to fix if we ever hit\nthis. The /selinux/access permission checking it done directly in the\nsecurity server and not through the avc, so those requests which we\ncannot control from userspace should not be able to trigger this BUG_ON.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f0115e6c8980ea9125a17858291c90ecd990bc1c", "tree": "f9b665c465b6813c421fc60660068197d178c53a", "parents": [ "dd6f953adb5c4deb9cd7b6a5054e7d5eafe4ed71" ], "author": { "name": "Andrew Morton", "email": "akpm@linux-foundation.org", "time": "Thu Mar 06 10:05:08 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:08 2008 +1000" }, "message": "security: code cleanup\n\nERROR: \"(foo*)\" should be \"(foo *)\"\n#168: FILE: security/selinux/hooks.c:2656:\n+\t\t \"%s, rc\u003d%d\\n\", __func__, (char*)value, -rc);\n\ntotal: 1 errors, 0 warnings, 195 lines checked\n\n./patches/security-replace-remaining-__function__-occurences.patch has style problems, please review. If any of these errors\nare false positives report them to the maintainer, see\nCHECKPATCH in MAINTAINERS.\n\nPlease run checkpatch prior to sending patches\n\nCc: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dd6f953adb5c4deb9cd7b6a5054e7d5eafe4ed71", "tree": "0ed459ca8da43b7e0486c8f0a840845a731920bf", "parents": [ "b0c636b99997c8594da6a46e166ce4fcf6956fda" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Thu Mar 06 10:03:59 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:07 2008 +1000" }, "message": "security: replace remaining __FUNCTION__ occurrences\n\n__FUNCTION__ is gcc-specific, use __func__\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b0c636b99997c8594da6a46e166ce4fcf6956fda", "tree": "16308f0324846cd8c19180b6a45793268dd16f50", "parents": [ "d4ee4231a3a8731576ef0e0a7e1225e4fde1e659" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 28 12:58:40 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:06 2008 +1000" }, "message": "SELinux: create new open permission\n\nAdds a new open permission inside SELinux when \u0027opening\u0027 a file. The idea\nis that opening a file and reading/writing to that file are not the same\nthing. Its different if a program had its stdout redirected to /tmp/output\nthan if the program tried to directly open /tmp/output. This should allow\npolicy writers to more liberally give read/write permissions across the\npolicy while still blocking many design and programing flaws SELinux is so\ngood at catching today.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d4ee4231a3a8731576ef0e0a7e1225e4fde1e659", "tree": "c7d265135f1cbfabf7eaa8bb31bcc56120d2e022", "parents": [ "454d972c24e6efce3d7b07a97f1ad18b14845de9" ], "author": { "name": "Adrian Bunk", "email": "bunk@kernel.org", "time": "Wed Feb 27 23:20:42 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:06 2008 +1000" }, "message": "selinux: selinux/netlabel.c should #include \"netlabel.h\"\n\nEvery file should include the headers containing the externs for its\nglobal code.\n\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "454d972c24e6efce3d7b07a97f1ad18b14845de9", "tree": "05cd06c8389ca0cdc2f493d7fb680678a0691d27", "parents": [ "98e9894650455426f67c2157db4f39bd14fac2f6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 26 20:42:02 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:05 2008 +1000" }, "message": "SELinux: unify printk messages\n\nReplace \"security:\" prefixes in printk messages with \"SELinux\"\nto help users identify the source of the messages. Also fix a\ncouple of minor formatting issues.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "98e9894650455426f67c2157db4f39bd14fac2f6", "tree": "bee5205f20c4d1faa6ec80f05d708eecad2959b3", "parents": [ "f74af6e816c940c678c235d49486fe40d7e49ce9" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 26 09:52:58 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:04 2008 +1000" }, "message": "SELinux: remove unused backpointers from security objects\n\nRemove unused backpoiters from security objects.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f74af6e816c940c678c235d49486fe40d7e49ce9", "tree": "06f2fa54bd7ceabac2ad29a6ab0aca1deb87c032", "parents": [ "4b119e21d0c66c22e8ca03df05d9de623d0eb50f" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Feb 25 11:40:33 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:03 2008 +1000" }, "message": "SELinux: Correct the NetLabel locking for the sk_security_struct\n\nThe RCU/spinlock locking approach for the nlbl_state in the sk_security_struct\nwas almost certainly overkill. This patch removes both the RCU and spinlock\nlocking, relying on the existing socket locks to handle the case of multiple\nwriters. This change also makes several code reductions possible.\n\nLess locking, less code - it\u0027s a Good Thing.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1e42198609d73ed1a9adcba2af275c24c2678420", "tree": "32fd4d9073bfc0f3909af8f9fb4bcff38951d01a", "parents": [ "794eb6bf20ebf992c040ea831cd3a9c64b0c1f7a", "4b119e21d0c66c22e8ca03df05d9de623d0eb50f" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 17 23:56:30 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 17 23:56:30 2008 -0700" }, "message": "Merge branch \u0027master\u0027 of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6\n" }, { "commit": "03e1ad7b5d871d4189b1da3125c2f12d1b5f7d0b", "tree": "1e7f291ac6bd0c1f3a95e8252c32fcce7ff47ea7", "parents": [ "00447872a643787411c2c0cb1df6169dda8b0c47" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Sat Apr 12 19:07:52 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Apr 12 19:07:52 2008 -0700" }, "message": "LSM: Make the Labeled IPsec hooks more stack friendly\n\nThe xfrm_get_policy() and xfrm_add_pol_expire() put some rather large structs\non the stack to work around the LSM API. This patch attempts to fix that\nproblem by changing the LSM API to require only the relevant \"security\"\npointers instead of the entire SPD entry; we do this for all of the\nsecurity_xfrm_policy*() functions to keep things consistent.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "00447872a643787411c2c0cb1df6169dda8b0c47", "tree": "ea4215f6f3040507b46bf90fe133ca73a59c9c0e", "parents": [ "b9f3124f08fffe2ad706fd164f6702fdca409a91" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Sat Apr 12 19:06:42 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Apr 12 19:06:42 2008 -0700" }, "message": "NetLabel: Allow passing the LSM domain as a shared pointer\n\nSmack doesn\u0027t have the need to create a private copy of the LSM \"domain\" when\nsetting NetLabel security attributes like SELinux, however, the current\nNetLabel code requires a private copy of the LSM \"domain\". This patches fixes\nthat by letting the LSM determine how it wants to pass the domain value.\n\n * NETLBL_SECATTR_DOMAIN_CPY\n The current behavior, NetLabel assumes that the domain value is a copy and\n frees it when done\n\n * NETLBL_SECATTR_DOMAIN\n New, Smack-friendly behavior, NetLabel assumes that the domain value is a\n reference to a string managed by the LSM and does not free it when done\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5a55261716e838f188598ab3d7a0abf9cf1338f8", "tree": "2acf7f919cb2edd77a4f9ed0a434b6dbec19708e", "parents": [ "7180c4c9e09888db0a188f729c96c6d7bd61fa83" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 09 14:08:35 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 10 08:51:01 2008 +1000" }, "message": "SELinux: don\u0027t BUG if fs reuses a superblock\n\nI (wrongly) assumed that nfs_xdev_get_sb() would not ever share a superblock\nand so cloning mount options would always be correct. Turns out that isn\u0027t\nthe case and we could fall over a BUG_ON() that wasn\u0027t a BUG at all. Since\nthere is little we can do to reconcile different mount options this patch\njust leaves the sb alone and the first set of options wins.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "869ab5147e1eead890245cfd4f652ba282b6ac26", "tree": "8334fe84734e14e247fb7b4ef78f9a43891249f0", "parents": [ "ff09e2afe742f3ff52a0c9a660e8a3fe30cf587c" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Apr 04 08:46:05 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 08 08:30:14 2008 +1000" }, "message": "SELinux: more GFP_NOFS fixups to prevent selinux from re-entering the fs code\n\nMore cases where SELinux must not re-enter the fs code. Called from the\nd_instantiate security hook.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a02fe13297af26c13d004b1d44f391c077094ea0", "tree": "d75879f0da229eec87e3b4a95a4c28db2ea4d713", "parents": [ "9597362d354f8655ece324b01d0c640a0e99c077" ], "author": { "name": "Josef Bacik", "email": "jbacik@redhat.com", "time": "Fri Apr 04 09:35:05 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 04 09:35:05 2008 +1100" }, "message": "selinux: prevent rentry into the FS\n\nBUG fix. Keep us from re-entering the fs when we aren\u0027t supposed to.\n\nSee discussion at\nhttp://marc.info/?t\u003d120716967100004\u0026r\u003d1\u0026w\u003d2\n\nSigned-off-by: Josef Bacik \u003cjbacik@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3bb5da3837cc1aa17736b05139c9a22c3794851a", "tree": "c92d5684a866542b1cb20641607ac1643ce03a47", "parents": [ "7feb49c82a74bc7c091b8ab2a3f96baa33d08ece", "9597362d354f8655ece324b01d0c640a0e99c077" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 03 14:33:42 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 03 14:33:42 2008 -0700" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n" }, { "commit": "0794c66d49885a2f615618ce4940434b5b067d84", "tree": "b01be53c424c7d4793f5673539c11d09fbbe2b5a", "parents": [ "0e81a8ae37687845f7cdfa2adce14ea6a5f1dd34" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Mar 17 08:55:18 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 02 16:05:52 2008 +1100" }, "message": "selinux: handle files opened with flags 3 by checking ioctl permission\n\nHandle files opened with flags 3 by checking ioctl permission.\n\nDefault to returning FILE__IOCTL from file_to_av() if the f_mode has neither\nFMODE_READ nor FMODE_WRITE, and thus check ioctl permission on exec or\ntransfer, thereby validating such descriptors early as with normal r/w\ndescriptors and catching leaks of them prior to attempted usage.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c346dca10840a874240c78efe3f39acf4312a1f2", "tree": "c04cff20124eba5cc337cc5ec260ad2513eeb065", "parents": [ "7cbca67c073263c179f605bdbbdc565ab29d801d" ], "author": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Tue Mar 25 21:47:49 2008 +0900" }, "committer": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Wed Mar 26 04:39:53 2008 +0900" }, "message": "[NET] NETNS: Omit net_device-\u003end_net without CONFIG_NET_NS.\n\nIntroduce per-net_device inlines: dev_net(), dev_net_set().\nWithout CONFIG_NET_NS, no namespace other than \u0026init_net exists.\nLet\u0027s explicitly define them to help compiler optimizations.\n\nSigned-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\n" }, { "commit": "cb622bbb69e41f2746aadf5d7d527e77597abe2e", "tree": "537a1ce6f76bd915bf9acd197d6bf4d042063998", "parents": [ "58336114af4d2cce830201aae49e50b93ede6c5c" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Mon Mar 24 12:29:49 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Mar 24 19:22:19 2008 -0700" }, "message": "smackfs: remove redundant lock, fix open(,O_RDWR)\n\nOlder smackfs was parsing MAC rules by characters, thus a need of locking\nwrite sessions on open() was needed. This lock is no longer useful now since\neach rule is handled by a single write() call.\n\nThis is also a bugfix since seq_open() was not called if an open() O_RDWR flag\nwas given, leading to a seq_read() without an initialized seq_file, thus an\nOops.\n\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nReported-by: Jonathan Corbet \u003ccorbet@lwn.net\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "aedb60a67c10a0861af179725d060765262ba0fb", "tree": "4a4a316f9f7d1ab0bf4da2cdd5c802bfb05c947f", "parents": [ "457fb605834504af294916411be128a9b21fc3f6" ], "author": { "name": "Serge Hallyn", "email": "serge@hallyn.com", "time": "Fri Feb 29 15:14:57 2008 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 20 09:46:36 2008 -0700" }, "message": "file capabilities: remove cap_task_kill()\n\nThe original justification for cap_task_kill() was as follows:\n\n\tcheck_kill_permission() does appropriate uid equivalence checks.\n\tHowever with file capabilities it becomes possible for an\n\tunprivileged user to execute a file with file capabilities\n\tresulting in a more privileged task with the same uid.\n\nHowever now that cap_task_kill() always returns 0 (permission\ngranted) when p-\u003euid\u003d\u003dcurrent-\u003euid, the whole hook is worthless,\nand only likely to create more subtle problems in the corner cases\nwhere it might still be called but return -EPERM. Those cases\nare basically when uids are different but euid/suid is equivalent\nas per the check in check_kill_permission().\n\nOne example of a still-broken application is \u0027at\u0027 for non-root users.\n\nThis patch removes cap_task_kill().\n\nSigned-off-by: Serge Hallyn \u003cserge@hallyn.com\u003e\nAcked-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nEarlier-version-tested-by: Luiz Fernando N. Capitulino \u003clcapitulino@mandriva.com.br\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1d252fb870aa9cd227c4beb1a226ecd434f57f28", "tree": "4a7b956c01487454b139e1df271518f36ca32285", "parents": [ "4ebf89845bea44a164d1fbb8fa319379ec7132de" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Wed Mar 19 17:00:51 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 19 18:53:36 2008 -0700" }, "message": "smack: do not dereference NULL ipc object\n\nIn the SYSV ipc msgctl(),semctl(),shmctl() family, if the user passed *_INFO\nas the desired operation, no specific object is meant to be controlled and\nonly system-wide information is returned. This leads to a NULL IPC object in\nthe LSM hooks if the _INFO flag is given.\n\nAvoid dereferencing this NULL pointer in Smack ipc *ctl() methods.\n\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "2e1479d95d02b43660fe03ab2c595ec9751a6f97", "tree": "6e4ff5a6eeda225390a19287cd95617b6345df63", "parents": [ "bde4f8fa8db2abd5ac9c542d76012d0fedab050f" ], "author": { "name": "Adrian Bunk", "email": "bunk@kernel.org", "time": "Mon Mar 17 22:29:23 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 18 09:17:22 2008 +1100" }, "message": "make selinux_parse_opts_str() static\n\nThis patch makes the needlessly global selinux_parse_opts_str() static.\n\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b500ce8d24d1f14426643da5f6fada28c1f60533", "tree": "17b6084b29434a968f787e238548a843126e2ec3", "parents": [ "93d74463d018ddf05c169ad399e62e90e0f82fc0" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Thu Mar 13 12:32:34 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 13 13:11:43 2008 -0700" }, "message": "smackfs: do not trust `count\u0027 in inodes write()s\n\nSmackfs write() implementation does not put a higher bound on the number of\nbytes to copy from user-space. This may lead to a DOS attack if a malicious\n`count\u0027 field is given.\n\nAssure that given `count\u0027 is exactly the length needed for a /smack/load rule.\n In case of /smack/cipso where the length is relative, assure that `count\u0027\ndoes not exceed the size needed for a buffer representing maximum possible\nnumber of CIPSO 2.2 categories.\n\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e0007529893c1c064be90bd21422ca0da4a0198e", "tree": "c2334ba940e682183a18d18972cf95bd3a3da46a", "parents": [ "29e8c3c304b62f31b799565c9ee85d42bd163f80" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Mar 05 10:31:54 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 06 08:40:53 2008 +1100" }, "message": "LSM/SELinux: Interfaces to allow FS to control mount options\n\nIntroduce new LSM interfaces to allow an FS to deal with their own mount\noptions. This includes a new string parsing function exported from the\nLSM that an FS can use to get a security data blob and a new security\ndata blob. This is particularly useful for an FS which uses binary\nmount data, like NFS, which does not pass strings into the vfs to be\nhandled by the loaded LSM. Also fix a BUG() in both SELinux and SMACK\nwhen dealing with binary mount data. If the binary mount data is less\nthan one page the copy_page() in security_sb_copy_data() can cause an\nillegal page fault and boom. Remove all NFSisms from the SELinux code\nsince they were broken by past NFS changes.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bcdca225bfa016100985e5fc7e51cdc1d68beaa6", "tree": "4af588f69c754a6380dae17b00de20b0f2f3b149", "parents": [ "43627582799db317e966ecb0002c2c3c9805ec0f" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Sat Feb 23 15:24:04 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sat Feb 23 17:13:24 2008 -0800" }, "message": "Smack: update for file capabilities\n\nUpdate the Smack LSM to allow the registration of the capability \"module\"\nas a secondary LSM. Integrate the new hooks required for file based\ncapabilities.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "094972840f2e7c1c6fc9e1a97d817cc17085378e", "tree": "1fa2b8fb54b5d5d60318c8659d4574a81b953f88", "parents": [ "e5df70ab194543522397fa3da8c8f80564a0f7d3" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Sat Feb 23 15:23:33 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sat Feb 23 17:12:13 2008 -0800" }, "message": "file capabilities: simplify signal check\n\nSimplify the uid equivalence check in cap_task_kill(). Anyone can kill a\nprocess owned by the same uid.\n\nWithout this patch wireshark is reported to fail.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nCc: \u003cstable@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4bc87e62775052aac0be7574d5f84ff06f61c6b4", "tree": "23063e82de8f7b7506d795919d7d4c13725e74a0", "parents": [ "9a4c8546f3e7c893888bccc2b3416d6214f2664a" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Feb 15 15:24:25 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 19 07:51:00 2008 -0800" }, "message": "Smack: unlabeled outgoing ambient packets\n\nSmack uses CIPSO labeling, but allows for unlabeled packets by\nspecifying an \"ambient\" label that is applied to incoming unlabeled\npackets.\n\nBecause the other end of the connection may dislike IP options, and ssh\nis one know application that behaves thus, it is prudent to respond in\nkind.\n\nThis patch changes the network labeling behavior such that an outgoing\npacket that would be given a CIPSO label that matches the ambient label\nis left unlabeled. An \"unlbl\" domain is added and the netlabel\ndefaulting mechanism invoked rather than assuming that everything is\nCIPSO. Locking has been added around changes to the ambient label as\nthe mechanisms used to do so are more involved.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "44707fdf5938ad269ea5d6c5744d82f6a7328746", "tree": "7eb1704418eb41b859ad24bc48f6400135474d87", "parents": [ "a03a8a709a0c34b61b7aea1d54a0473a6b941fdb" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:38:33 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:17:08 2008 -0800" }, "message": "d_path: Use struct path in struct avc_audit_data\n\naudit_log_d_path() is a d_path() wrapper that is used by the audit code. To\nuse a struct path in audit_log_d_path() I need to embed it into struct\navc_audit_data.\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \"J. Bruce Fields\" \u003cbfields@fieldses.org\u003e\nCc: Neil Brown \u003cneilb@suse.de\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4ac9137858e08a19f29feac4e1f4df7c268b0ba5", "tree": "f5b5d84fd12fcc2b0ba0e7ce1a79ff381ad8f5dd", "parents": [ "c5e725f33b733a77de622e91b6ba5645fcf070be" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:34:32 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:13:33 2008 -0800" }, "message": "Embed a struct path into struct nameidata instead of nd-\u003e{dentry,mnt}\n\nThis is the central patch of a cleanup series. In most cases there is no good\nreason why someone would want to use a dentry for itself. This series reflects\nthat fact and embeds a struct path into nameidata.\n\nTogether with the other patches of this series\n- it enforced the correct order of getting/releasing the reference count on\n \u003cdentry,vfsmount\u003e pairs\n- it prepares the VFS for stacking support since it is essential to have a\n struct path in every place where the stack can be traversed\n- it reduces the overall code size:\n\nwithout patch series:\n text data bss dec hex filename\n5321639 858418 715768 6895825 6938d1 vmlinux\n\nwith patch series:\n text data bss dec hex filename\n5320026 858418 715768 6894212 693284 vmlinux\n\nThis patch:\n\nSwitch from nd-\u003e{dentry,mnt} to nd-\u003epath.{dentry,mnt} everywhere.\n\n[akpm@linux-foundation.org: coding-style fixes]\n[akpm@linux-foundation.org: fix cifs]\n[akpm@linux-foundation.org: fix smack]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nSigned-off-by: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "2e1d146a19f2941aec08f60ca67fb2763baad595", "tree": "14831c6332b2d4004a7551354be46526a0c6f426", "parents": [ "cba44359d15ac7a3bca2c9199b7ff403d7edc69e" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Wed Feb 13 15:03:34 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Feb 13 16:21:20 2008 -0800" }, "message": "Smack: check for \u0027struct socket\u0027 with NULL sk\n\nThere\u0027s a small problem with smack and NFS. A similar report was also\nsent here: http://lkml.org/lkml/2007/10/27/85\n\nI\u0027ve also added similar checks in inode_{get/set}security(). Cheating from\nSELinux post_create_socket(), it does the same.\n\n[akpm@linux-foundation.org: remove uneeded BUG_ON()]\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schuafler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b68e418c445e8a468634d0a7ca2fb63bbaa74028", "tree": "e49b4a94ef28a9288ed6735a994387205b7cc5bd", "parents": [ "19af35546de68c872dcb687613e0902a602cb20e" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Feb 07 11:21:04 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 11 20:30:02 2008 +1100" }, "message": "selinux: support 64-bit capabilities\n\nFix SELinux to handle 64-bit capabilities correctly, and to catch\nfuture extensions of capabilities beyond 64 bits to ensure that SELinux\nis properly updated.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e231c2ee64eb1c5cd3c63c31da9dac7d888dcf7f", "tree": "d4b17ef65960594681397a3acac02c2d248200b5", "parents": [ "d1bc8e95445224276d7896b8b08cbb0b28a0ca80" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Feb 07 00:15:26 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 07 08:42:26 2008 -0800" }, "message": "Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p)\n\nConvert instances of ERR_PTR(PTR_ERR(p)) to ERR_CAST(p) using:\n\nperl -spi -e \u0027s/ERR_PTR[(]PTR_ERR[(](.*)[)][)]/ERR_CAST(\\1)/\u0027 `grep -rl \u0027ERR_PTR[(]*PTR_ERR\u0027 fs crypto net security`\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "394c6753978a75cab7558a377f2551a3c1101027", "tree": "c2712cb2d52ecae5db1d9ae417241154fe7a0808", "parents": [ "a5ecbcb8c13ea8a822d243bf782d0dc9525b4f84" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Feb 05 07:31:00 2008 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@localhost.localdomain", "time": "Wed Feb 06 21:40:59 2008 +0800" }, "message": "SELinux: Remove security_get_policycaps()\n\nThe security_get_policycaps() functions has a couple of bugs in it and it\nisn\u0027t currently used by any in-tree code, so get rid of it and all of it\u0027s\nbugginess.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@localhost.localdomain\u003e\n" }, { "commit": "a5ecbcb8c13ea8a822d243bf782d0dc9525b4f84", "tree": "902df830bf581642a49bbb1e4f4de5b9f80eeaa1", "parents": [ "551e4fb2465b87de9d4aa1669b27d624435443bb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 31 15:11:22 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@localhost.localdomain", "time": "Wed Feb 06 21:39:46 2008 +0800" }, "message": "security: allow Kconfig to set default mmap_min_addr protection\n\nSince it was decided that low memory protection from userspace couldn\u0027t\nbe turned on by default add a Kconfig option to allow users/distros to\nset a default at compile time. This value is still tunable after boot\nin /proc/sys/vm/mmap_min_addr\n\nDiscussion:\nhttp://www.mail-archive.com/linux-security-module@vger.kernel.org/msg02543.html\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e114e473771c848c3cfec05f0123e70f1cdbdc99", "tree": "933b840f3ccac6860da56291c742094f9b5a20cb", "parents": [ "eda61d32e8ad1d9102872f9a0abf3344bf9c5e67" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Feb 04 22:29:50 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "Smack: Simplified Mandatory Access Control Kernel\n\nSmack is the Simplified Mandatory Access Control Kernel.\n\nSmack implements mandatory access control (MAC) using labels\nattached to tasks and data containers, including files, SVIPC,\nand other tasks. Smack is a kernel based scheme that requires\nan absolute minimum of application support and a very small\namount of configuration data.\n\nSmack uses extended attributes and\nprovides a set of general mount options, borrowing technics used\nelsewhere. Smack uses netlabel for CIPSO labeling. Smack provides\na pseudo-filesystem smackfs that is used for manipulation of\nsystem Smack attributes.\n\nThe patch, patches for ls and sshd, a README, a startup script,\nand x86 binaries for ls and sshd are also available on\n\n http://www.schaufler-ca.com\n\nDevelopment has been done using Fedora Core 7 in a virtual machine\nenvironment and on an old Sony laptop.\n\nSmack provides mandatory access controls based on the label attached\nto a task and the label attached to the object it is attempting to\naccess. Smack labels are deliberately short (1-23 characters) text\nstrings. Single character labels using special characters are reserved\nfor system use. The only operation applied to Smack labels is equality\ncomparison. No wildcards or expressions, regular or otherwise, are\nused. Smack labels are composed of printable characters and may not\ninclude \"/\".\n\nA file always gets the Smack label of the task that created it.\n\nSmack defines and uses these labels:\n\n \"*\" - pronounced \"star\"\n \"_\" - pronounced \"floor\"\n \"^\" - pronounced \"hat\"\n \"?\" - pronounced \"huh\"\n\nThe access rules enforced by Smack are, in order:\n\n1. Any access requested by a task labeled \"*\" is denied.\n2. A read or execute access requested by a task labeled \"^\"\n is permitted.\n3. A read or execute access requested on an object labeled \"_\"\n is permitted.\n4. Any access requested on an object labeled \"*\" is permitted.\n5. Any access requested by a task on an object with the same\n label is permitted.\n6. Any access requested that is explicitly defined in the loaded\n rule set is permitted.\n7. Any other access is denied.\n\nRules may be explicitly defined by writing subject,object,access\ntriples to /smack/load.\n\nSmack rule sets can be easily defined that describe Bell\u0026LaPadula\nsensitivity, Biba integrity, and a variety of interesting\nconfigurations. Smack rule sets can be modified on the fly to\naccommodate changes in the operating environment or even the time\nof day.\n\nSome practical use cases:\n\nHierarchical levels. The less common of the two usual uses\nfor MLS systems is to define hierarchical levels, often\nunclassified, confidential, secret, and so on. To set up smack\nto support this, these rules could be defined:\n\n C Unclass rx\n S C rx\n S Unclass rx\n TS S rx\n TS C rx\n TS Unclass rx\n\nA TS process can read S, C, and Unclass data, but cannot write it.\nAn S process can read C and Unclass. Note that specifying that\nTS can read S and S can read C does not imply TS can read C, it\nhas to be explicitly stated.\n\nNon-hierarchical categories. This is the more common of the\nusual uses for an MLS system. Since the default rule is that a\nsubject cannot access an object with a different label no\naccess rules are required to implement compartmentalization.\n\nA case that the Bell \u0026 LaPadula policy does not allow is demonstrated\nwith this Smack access rule:\n\nA case that Bell\u0026LaPadula does not allow that Smack does:\n\n ESPN ABC r\n ABC ESPN r\n\nOn my portable video device I have two applications, one that\nshows ABC programming and the other ESPN programming. ESPN wants\nto show me sport stories that show up as news, and ABC will\nonly provide minimal information about a sports story if ESPN\nis covering it. Each side can look at the other\u0027s info, neither\ncan change the other. Neither can see what FOX is up to, which\nis just as well all things considered.\n\nAnother case that I especially like:\n\n SatData Guard w\n Guard Publish w\n\nA program running with the Guard label opens a UDP socket and\naccepts messages sent by a program running with a SatData label.\nThe Guard program inspects the message to ensure it is wholesome\nand if it is sends it to a program running with the Publish label.\nThis program then puts the information passed in an appropriate\nplace. Note that the Guard program cannot write to a Publish\nfile system object because file system semanitic require read as\nwell as write.\n\nThe four cases (categories, levels, mutual read, guardbox) here\nare all quite real, and problems I\u0027ve been asked to solve over\nthe years. The first two are easy to do with traditonal MLS systems\nwhile the last two you can\u0027t without invoking privilege, at least\nfor a while.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Joshua Brindle \u003cmethod@manicmethod.com\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: \"Ahmed S. Darwish\" \u003cdarwish.07@gmail.com\u003e\nCc: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3b7391de67da515c91f48aa371de77cb6cc5c07e", "tree": "22b9f5d9d1c36b374eb5765219aca3c7e1f23486", "parents": [ "46c383cc4530ccc438cb325e92e11eb21dd3d4fc" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Feb 04 22:29:45 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "capabilities: introduce per-process capability bounding set\n\nThe capability bounding set is a set beyond which capabilities cannot grow.\n Currently cap_bset is per-system. It can be manipulated through sysctl,\nbut only init can add capabilities. Root can remove capabilities. By\ndefault it includes all caps except CAP_SETPCAP.\n\nThis patch makes the bounding set per-process when file capabilities are\nenabled. It is inherited at fork from parent. Noone can add elements,\nCAP_SETPCAP is required to remove them.\n\nOne example use of this is to start a safer container. For instance, until\ndevice namespaces or per-container device whitelists are introduced, it is\nbest to take CAP_MKNOD away from a container.\n\nThe bounding set will not affect pP and pE immediately. It will only\naffect pP\u0027 and pE\u0027 after subsequent exec()s. It also does not affect pI,\nand exec() does not constrain pI\u0027. So to really start a shell with no way\nof regain CAP_MKNOD, you would do\n\n\tprctl(PR_CAPBSET_DROP, CAP_MKNOD);\n\tcap_t cap \u003d cap_get_proc();\n\tcap_value_t caparray[1];\n\tcaparray[0] \u003d CAP_MKNOD;\n\tcap_set_flag(cap, CAP_INHERITABLE, 1, caparray, CAP_DROP);\n\tcap_set_proc(cap);\n\tcap_free(cap);\n\nThe following test program will get and set the bounding\nset (but not pI). For instance\n\n\t./bset get\n\t\t(lists capabilities in bset)\n\t./bset drop cap_net_raw\n\t\t(starts shell with new bset)\n\t\t(use capset, setuid binary, or binary with\n\t\tfile capabilities to try to increase caps)\n\n************************************************************\ncap_bound.c\n************************************************************\n #include \u003csys/prctl.h\u003e\n #include \u003clinux/capability.h\u003e\n #include \u003csys/types.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003cstdio.h\u003e\n #include \u003cstdlib.h\u003e\n #include \u003cstring.h\u003e\n\n #ifndef PR_CAPBSET_READ\n #define PR_CAPBSET_READ 23\n #endif\n\n #ifndef PR_CAPBSET_DROP\n #define PR_CAPBSET_DROP 24\n #endif\n\nint usage(char *me)\n{\n\tprintf(\"Usage: %s get\\n\", me);\n\tprintf(\" %s drop \u003ccapability\u003e\\n\", me);\n\treturn 1;\n}\n\n #define numcaps 32\nchar *captable[numcaps] \u003d {\n\t\"cap_chown\",\n\t\"cap_dac_override\",\n\t\"cap_dac_read_search\",\n\t\"cap_fowner\",\n\t\"cap_fsetid\",\n\t\"cap_kill\",\n\t\"cap_setgid\",\n\t\"cap_setuid\",\n\t\"cap_setpcap\",\n\t\"cap_linux_immutable\",\n\t\"cap_net_bind_service\",\n\t\"cap_net_broadcast\",\n\t\"cap_net_admin\",\n\t\"cap_net_raw\",\n\t\"cap_ipc_lock\",\n\t\"cap_ipc_owner\",\n\t\"cap_sys_module\",\n\t\"cap_sys_rawio\",\n\t\"cap_sys_chroot\",\n\t\"cap_sys_ptrace\",\n\t\"cap_sys_pacct\",\n\t\"cap_sys_admin\",\n\t\"cap_sys_boot\",\n\t\"cap_sys_nice\",\n\t\"cap_sys_resource\",\n\t\"cap_sys_time\",\n\t\"cap_sys_tty_config\",\n\t\"cap_mknod\",\n\t\"cap_lease\",\n\t\"cap_audit_write\",\n\t\"cap_audit_control\",\n\t\"cap_setfcap\"\n};\n\nint getbcap(void)\n{\n\tint comma\u003d0;\n\tunsigned long i;\n\tint ret;\n\n\tprintf(\"i know of %d capabilities\\n\", numcaps);\n\tprintf(\"capability bounding set:\");\n\tfor (i\u003d0; i\u003cnumcaps; i++) {\n\t\tret \u003d prctl(PR_CAPBSET_READ, i);\n\t\tif (ret \u003c 0)\n\t\t\tperror(\"prctl\");\n\t\telse if (ret\u003d\u003d1)\n\t\t\tprintf(\"%s%s\", (comma++) ? \", \" : \" \", captable[i]);\n\t}\n\tprintf(\"\\n\");\n\treturn 0;\n}\n\nint capdrop(char *str)\n{\n\tunsigned long i;\n\n\tint found\u003d0;\n\tfor (i\u003d0; i\u003cnumcaps; i++) {\n\t\tif (strcmp(captable[i], str) \u003d\u003d 0) {\n\t\t\tfound\u003d1;\n\t\t\tbreak;\n\t\t}\n\t}\n\tif (!found)\n\t\treturn 1;\n\tif (prctl(PR_CAPBSET_DROP, i)) {\n\t\tperror(\"prctl\");\n\t\treturn 1;\n\t}\n\treturn 0;\n}\n\nint main(int argc, char *argv[])\n{\n\tif (argc\u003c2)\n\t\treturn usage(argv[0]);\n\tif (strcmp(argv[1], \"get\")\u003d\u003d0)\n\t\treturn getbcap();\n\tif (strcmp(argv[1], \"drop\")!\u003d0 || argc\u003c3)\n\t\treturn usage(argv[0]);\n\tif (capdrop(argv[2])) {\n\t\tprintf(\"unknown capability\\n\");\n\t\treturn 1;\n\t}\n\treturn execl(\"/bin/bash\", \"/bin/bash\", NULL);\n}\n************************************************************\n\n[serue@us.ibm.com: fix typo]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003ea\nSigned-off-by: \"Serge E. Hallyn\" \u003cserue@us.ibm.com\u003e\nTested-by: Jiri Slaby \u003cjirislaby@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e338d263a76af78fe8f38a72131188b58fceb591", "tree": "f3f046fc6fd66de43de7191830f0daf3bc4ec8eb", "parents": [ "8f6936f4d29aa14e54a2470b954a2e1f96322988" ], "author": { "name": "Andrew Morgan", "email": "morgan@kernel.org", "time": "Mon Feb 04 22:29:42 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "Add 64-bit capability support to the kernel\n\nThe patch supports legacy (32-bit) capability userspace, and where possible\ntranslates 32-bit capabilities to/from userspace and the VFS to 64-bit\nkernel space capabilities. If a capability set cannot be compressed into\n32-bits for consumption by user space, the system call fails, with -ERANGE.\n\nFWIW libcap-2.00 supports this change (and earlier capability formats)\n\n http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/\n\n[akpm@linux-foundation.org: coding-syle fixes]\n[akpm@linux-foundation.org: use get_task_comm()]\n[ezk@cs.sunysb.edu: build fix]\n[akpm@linux-foundation.org: do not initialise statics to 0 or NULL]\n[akpm@linux-foundation.org: unused var]\n[serue@us.ibm.com: export __cap_ symbols]\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Erez Zadok \u003cezk@cs.sunysb.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8f6936f4d29aa14e54a2470b954a2e1f96322988", "tree": "63e1bca33b783cf819b356f3ffd45cfe7b226654", "parents": [ "4bea58053f206be9a89ca35850f9ad295dac2042" ], "author": { "name": "Andrew Morton", "email": "akpm@linux-foundation.org", "time": "Mon Feb 04 22:29:41 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "revert \"capabilities: clean up file capability reading\"\n\nRevert b68680e4731abbd78863063aaa0dca2a6d8cc723 to make way for the next\npatch: \"Add 64-bit capability support to the kernel\".\n\nWe want to keep the vfs_cap_data.data[] structure, using two \u0027data\u0027s for\n64-bit caps (and later three for 96-bit caps), whereas\nb68680e4731abbd78863063aaa0dca2a6d8cc723 had gotten rid of the \u0027data\u0027 struct\nmade its members inline.\n\nThe 64-bit caps patch keeps the stack abuse fix at get_file_caps(), which was\nthe more important part of that patch.\n\n[akpm@linux-foundation.org: coding-style fixes]\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Andrew Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "42492594043d621a7910ff5877c3eb9202870b45", "tree": "9188d112c019a189606847dc1d90ccc63c1bacf2", "parents": [ "3729145821e3088a0c3c4183037fde356204bf97" ], "author": { "name": "David P. Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Mon Feb 04 22:29:39 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "VFS/Security: Rework inode_getsecurity and callers to return resulting buffer\n\nThis patch modifies the interface to inode_getsecurity to have the function\nreturn a buffer containing the security blob and its length via parameters\ninstead of relying on the calling function to give it an appropriately sized\nbuffer.\n\nSecurity blobs obtained with this function should be freed using the\nrelease_secctx LSM hook. This alleviates the problem of the caller having to\nguess a length and preallocate a buffer for this function allowing it to be\nused elsewhere for Labeled NFS.\n\nThe patch also removed the unused err parameter. The conversion is similar to\nthe one performed by Al Viro for the security_getprocattr hook.\n\nSigned-off-by: David P. Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4746ec5b01ed07205a91e4f7ed9de9d70f371407", "tree": "7a3a836b6178ccab24801e90b69c1159b2c23099", "parents": [ "c2a7780efe37d01bdb3facc85a94663e6d67d4a8" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 08 10:06:53 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:06:51 2008 -0500" }, "message": "[AUDIT] add session id to audit messages\n\nIn order to correlate audit records to an individual login add a session\nid. This is incremented every time a user logs in and is included in\nalmost all messages which currently output the auid. The field is\nlabeled ses\u003d or oses\u003d\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "0c11b9428f619ab377c92eff2f160a834a6585dd", "tree": "35b573715ad5730a77d067486838345132771a7a", "parents": [ "24e1c13c93cbdd05e4b7ea921c0050b036555adc" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jan 10 04:20:52 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:04:59 2008 -0500" }, "message": "[PATCH] switch audit_get_loginuid() to task_struct *\n\nall callers pass something-\u003eaudit_context\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e1770d97a730ff4c3aa1775d98f4d0558390607f", "tree": "64ad3c2d24b5506861aac9cef8f08c0e0fbd9959", "parents": [ "1a6509d991225ad210de54c63314fd9542922095" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Jan 28 19:49:00 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Jan 31 19:27:04 2008 -0800" }, "message": "[SELinux]: Fix double free in selinux_netlbl_sock_setsid()\n\nAs pointed out by Adrian Bunk, commit\n45c950e0f839fded922ebc0bfd59b1081cc71b70 (\"fix memory leak in netlabel\ncode\") caused a double-free when security_netlbl_sid_to_secattr()\nfails. This patch fixes this by removing the netlbl_secattr_destroy()\ncall from that function since we are already releasing the secattr\nmemory in selinux_netlbl_sock_setsid().\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f71ea9ddf0ff110f3fcbb89a46686bfba264014c", "tree": "db6843db55d5e1036248fc41782a891882b2cb54", "parents": [ "374ea019cacfa8b69ae49eea993b74cb5968970b" ], "author": { "name": "sergeh@us.ibm.com", "email": "sergeh@us.ibm.com", "time": "Tue Jan 29 05:04:43 2008 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:18:21 2008 +1100" }, "message": "security: compile capabilities by default\n\nCapabilities have long been the default when CONFIG_SECURITY\u003dn,\nand its help text suggests turning it on when CONFIG_SECURITY\u003dy.\nBut it is set to default n.\n\nDefault it to y instead.\n\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Matt LaPlante \u003ckernel1@cyberdogtech.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "374ea019cacfa8b69ae49eea993b74cb5968970b", "tree": "822718af14d91f3beabbde3e9d5758c055e3bef8", "parents": [ "71f1cb05f773661b6fa98c7a635d7a395cd9c55d" ], "author": { "name": "Adrian Bunk", "email": "bunk@kernel.org", "time": "Tue Jan 29 00:11:52 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:44 2008 +1100" }, "message": "selinux: make selinux_set_mnt_opts() static\n\nselinux_set_mnt_opts() can become static.\n\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "71f1cb05f773661b6fa98c7a635d7a395cd9c55d", "tree": "a540f89c5d1d081ea2c09105f264adce44d92fa9", "parents": [ "effad8df44261031a882e1a895415f7186a5098e" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:51:16 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:30 2008 +1100" }, "message": "SELinux: Add warning messages on network denial due to error\n\nCurrently network traffic can be sliently dropped due to non-avc errors which\ncan lead to much confusion when trying to debug the problem. This patch adds\nwarning messages so that when these events occur there is a user visible\nnotification.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "effad8df44261031a882e1a895415f7186a5098e", "tree": "42c04b3247ede13077546e13f82fe3da83ce7b90", "parents": [ "13541b3adad2dc2f56761c5193c2b88db3597f0e" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:49:27 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:30 2008 +1100" }, "message": "SELinux: Add network ingress and egress control permission checks\n\nThis patch implements packet ingress/egress controls for SELinux which allow\nSELinux security policy to control the flow of all IPv4 and IPv6 packets into\nand out of the system. Currently SELinux does not have proper control over\nforwarded packets and this patch corrects this problem.\n\nSpecial thanks to Venkat Yekkirala \u003cvyekkirala@trustedcs.com\u003e whose earlier\nwork on this topic eventually led to this patch.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5dbe1eb0cfc144a2b0cb1466e22bcb6fc34229a8", "tree": "e1e028acaf0dd08cbcacd2c125f60230f820b442", "parents": [ "d621d35e576aa20a0ddae8022c3810f38357c8ff" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:44:18 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:27 2008 +1100" }, "message": "SELinux: Allow NetLabel to directly cache SIDs\n\nNow that the SELinux NetLabel \"base SID\" is always the netmsg initial SID we\ncan do a big optimization - caching the SID and not just the MLS attributes.\nThis not only saves a lot of per-packet memory allocations and copies but it\nhas a nice side effect of removing a chunk of code.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d621d35e576aa20a0ddae8022c3810f38357c8ff", "tree": "318e8aa890dbe715b901b11b019ebac3badb693d", "parents": [ "220deb966ea51e0dedb6a187c0763120809f3e64" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:43:36 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:26 2008 +1100" }, "message": "SELinux: Enable dynamic enable/disable of the network access checks\n\nThis patch introduces a mechanism for checking when labeled IPsec or SECMARK\nare in use by keeping introducing a configuration reference counter for each\nsubsystem. In the case of labeled IPsec, whenever a labeled SA or SPD entry\nis created the labeled IPsec/XFRM reference count is increased and when the\nentry is removed it is decreased. In the case of SECMARK, when a SECMARK\ntarget is created the reference count is increased and later decreased when the\ntarget is removed. These reference counters allow SELinux to quickly determine\nif either of these subsystems are enabled.\n\nNetLabel already has a similar mechanism which provides the netlbl_enabled()\nfunction.\n\nThis patch also renames the selinux_relabel_packet_permission() function to\nselinux_secmark_relabel_packet_permission() as the original name and\ndescription were misleading in that they referenced a single packet label which\nis not the case.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "220deb966ea51e0dedb6a187c0763120809f3e64", "tree": "7d0e5dd8048907c364b4eeff294991937b466c7e", "parents": [ "f67f4f315f31e7907779adb3296fb6682e755342" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:23 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:25 2008 +1100" }, "message": "SELinux: Better integration between peer labeling subsystems\n\nRework the handling of network peer labels so that the different peer labeling\nsubsystems work better together. This includes moving both subsystems to a\nsingle \"peer\" object class which involves not only changes to the permission\nchecks but an improved method of consolidating multiple packet peer labels.\nAs part of this work the inbound packet permission check code has been heavily\nmodified to handle both the old and new behavior in as sane a fashion as\npossible.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f67f4f315f31e7907779adb3296fb6682e755342", "tree": "237a41ae93b73bf4e98761a4b6d30d7a5a54b896", "parents": [ "3bb56b25dbe0a4b44bd2ebceab6736d068e85068" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:21 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:24 2008 +1100" }, "message": "SELinux: Add a new peer class and permissions to the Flask definitions\n\nAdd additional Flask definitions to support the new \"peer\" object class and\nadditional permissions to the netif, node, and packet object classes. Also,\nbring the kernel Flask definitions up to date with the Fedora SELinux policies\nby adding the \"flow_in\" and \"flow_out\" permissions to the \"packet\" class.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3bb56b25dbe0a4b44bd2ebceab6736d068e85068", "tree": "2285d831352b8580d401730eee98820ed54a81a0", "parents": [ "224dfbd81e1ff672eb46e7695469c395bd531083" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:19 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:23 2008 +1100" }, "message": "SELinux: Add a capabilities bitmap to SELinux policy version 22\n\nAdd a new policy capabilities bitmap to SELinux policy version 22. This bitmap\nwill enable the security server to query the policy to determine which features\nit supports.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "224dfbd81e1ff672eb46e7695469c395bd531083", "tree": "c89c3ab606634a7174db8807b2633df8bb024b8c", "parents": [ "da5645a28a15aed2e541a814ecf9f7ffcd4c4673" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:13 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:23 2008 +1100" }, "message": "SELinux: Add a network node caching mechanism similar to the sel_netif_*() functions\n\nThis patch adds a SELinux IP address/node SID caching mechanism similar to the\nsel_netif_*() functions. The node SID queries in the SELinux hooks files are\nalso modified to take advantage of this new functionality. In addition, remove\nthe address length information from the sk_buff parsing routines as it is\nredundant since we already have the address family.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "da5645a28a15aed2e541a814ecf9f7ffcd4c4673", "tree": "8cedccebd0e12308de30573ad593d703943e3cbb", "parents": [ "e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:10 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:22 2008 +1100" }, "message": "SELinux: Only store the network interface\u0027s ifindex\n\nInstead of storing the packet\u0027s network interface name store the ifindex. This\nallows us to defer the need to lookup the net_device structure until the audit\nrecord is generated meaning that in the majority of cases we never need to\nbother with this at all.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6", "tree": "0d786c0ad972e43d1128296b8e7ae47275ab3ebd", "parents": [ "75e22910cf0c26802b09dac2e34c13e648d3ed02" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:08 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:21 2008 +1100" }, "message": "SELinux: Convert the netif code to use ifindex values\n\nThe current SELinux netif code requires the caller have a valid net_device\nstruct pointer to lookup network interface information. However, we don\u0027t\nalways have a valid net_device pointer so convert the netif code to use\nthe ifindex values we always have as part of the sk_buff. This patch also\nremoves the default message SID from the network interface record, it is\nnot being used and therefore is \"dead code\".\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "75e22910cf0c26802b09dac2e34c13e648d3ed02", "tree": "bf5f5c62f6db8a3057a0265dc7748bf310d26d4a", "parents": [ "16efd45435fa695b501b7f73c3259bd7c77cc12c" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:04 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:20 2008 +1100" }, "message": "NetLabel: Add IP address family information to the netlbl_skbuff_getattr() function\n\nIn order to do any sort of IP header inspection of incoming packets we need to\nknow which address family, AF_INET/AF_INET6/etc., it belongs to and since the\nsk_buff structure does not store this information we need to pass along the\naddress family separate from the packet itself.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "16efd45435fa695b501b7f73c3259bd7c77cc12c" }