)]}' { "log": [ { "commit": "13402580021a52e49c6d1068ff28ade4d5a175f1", "tree": "5617d1eaa7409d8ac3680cdada5e5ef45d0c8753", "parents": [ "b33fa1f3c3ec05e54e73f06c4578948c55d89ef6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 30 14:24:34 2005 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 30 11:36:04 2005 -0700" }, "message": "[PATCH] SELinux - fix SCTP socket bug and general IP protocol handling\n\nThe following patch updates the way SELinux classifies and handles IP\nbased protocols.\n\nCurrently, IP sockets are classified by SELinux as being either TCP, UDP\nor \u0027Raw\u0027, the latter being a default for IP socket that is not TCP or UDP.\n\nThe classification code is out of date and uses only the socket type\nparameter to socket(2) to determine the class of IP socket. So, any\nsocket created with SOCK_STREAM will be classified by SELinux as TCP, and\nSOCK_DGRAM as UDP. Also, other socket types such as SOCK_SEQPACKET and\nSOCK_DCCP are currently ignored by SELinux, which classifies them as\ngeneric sockets, which means they don\u0027t even get basic IP level checking.\n\nThis patch changes the SELinux IP socket classification logic, so that\nonly an IPPROTO_IP protocol value passed to socket(2) classify the socket\nas TCP or UDP. The patch also drops the check for SOCK_RAW and converts\nit into a default, so that socket types like SOCK_DCCP and SOCK_SEQPACKET\nare classified as SECCLASS_RAWIP_SOCKET (instead of generic sockets).\n\nNote that protocol-specific support for SCTP, DCCP etc. is not addressed\nhere, we\u0027re just getting these protocols checked at the IP layer.\n\nThis fixes a reported problem where SCTP sockets were being recognized as\ngeneric SELinux sockets yet still being passed in one case to an IP level\ncheck, which then fails for generic sockets.\n\nIt will also fix bugs where any SOCK_STREAM socket is classified as TCP or\nany SOCK_DGRAM socket is classified as UDP.\n\nThis patch also unifies the way IP sockets classes are determined in\nselinux_socket_bind(), so we use the already calculated value instead of\ntrying to recalculate it.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "664cceb0093b755739e56572b836a99104ee8a75", "tree": "dbaa3ab802803879f29532db4d8a91a54294cf88", "parents": [ "5134fc15b643dc36eb9aa77e4318b886844a9ac5" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 28 17:03:15 2005 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Sep 28 09:10:47 2005 -0700" }, "message": "[PATCH] Keys: Add possessor permissions to keys [try #3]\n\nThe attached patch adds extra permission grants to keys for the possessor of a\nkey in addition to the owner, group and other permissions bits. This makes\nSUID binaries easier to support without going as far as labelling keys and key\ntargets using the LSM facilities.\n\nThis patch adds a second \"pointer type\" to key structures (struct key_ref *)\nthat can have the bottom bit of the address set to indicate the possession of\na key. This is propagated through searches from the keyring to the discovered\nkey. It has been made a separate type so that the compiler can spot attempts\nto dereference a potentially incorrect pointer.\n\nThe \"possession\" attribute can\u0027t be attached to a key structure directly as\nit\u0027s not an intrinsic property of a key.\n\nPointers to keys have been replaced with struct key_ref *\u0027s wherever\npossession information needs to be passed through.\n\nThis does assume that the bottom bit of the pointer will always be zero on\nreturn from kmem_cache_alloc().\n\nThe key reference type has been made into a typedef so that at least it can be\nlocated in the sources, even though it\u0027s basically a pointer to an undefined\ntype. I\u0027ve also renamed the accessor functions to be more useful, and all\nreference variables should now end in \"_ref\".\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9afa57b04ca08ff061e54787e3becf5c40283149", "tree": "0289bc53611919aaf87c455633fe0b3a9eff2c87", "parents": [ "d15c5749eb81dee94d40fe12584ca8461858b4cb" ], "author": { "name": "Serge Hallyn", "email": "serue@us.ibm.com", "time": "Fri Sep 16 19:27:57 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Sep 17 11:50:01 2005 -0700" }, "message": "[PATCH] seclvl: use securityfs (fix)\n\nThat should be -EINVAL for both.\n\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Greg KH \u003cgreg@kroah.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "d15c5749eb81dee94d40fe12584ca8461858b4cb", "tree": "b265834c83b80c25bf140d918edf0838405dc3d5", "parents": [ "73a0b538ee573a76cba59cdc9f177a71776d4678" ], "author": { "name": "Andrew Morton", "email": "akpm@osdl.org", "time": "Fri Sep 16 19:27:56 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Sep 17 11:50:01 2005 -0700" }, "message": "[PATCH] seclvl-use-securityfs tidy\n\nWe don\u0027t put braces around single statements, thanks.\n\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@osdl.org\u003e\nCc: Greg KH \u003cgreg@kroah.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "ddbf9ef385bfbef897210733abfb73cb9b94ecec", "tree": "64a9e965a71eef13e813a3327f8d74aa7168ee19", "parents": [ "5d54e69c68c05b162a56f9914cae72afd7e6f40a", "2c40579bdc2a94977fcff2521d5b53a97c33e77a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 09:48:54 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 09:48:54 2005 -0700" }, "message": "Merge master.kernel.org:/pub/scm/linux/kernel/git/chrisw/lsm-2.6 \n" }, { "commit": "5d54e69c68c05b162a56f9914cae72afd7e6f40a", "tree": "c5933858c4861bc3e358559f64ef459a1f56ab75", "parents": [ "63f3d1df1ad276a30b75339dd682a6e1f9d0c181", "b6ddc518520887a62728b0414efbf802a9dfdd55" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 09:47:30 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 09:47:30 2005 -0700" }, "message": "Merge master.kernel.org:/pub/scm/linux/kernel/git/dwmw2/audit-2.6 \n" }, { "commit": "b835996f628eadb55c5fb222ba46fe9395bf73c7", "tree": "d63d80585d197e1ffc299af4a0034049790fb197", "parents": [ "ab2af1f5005069321c5d130f09cce577b03f43ef" ], "author": { "name": "Dipankar Sarma", "email": "dipankar@in.ibm.com", "time": "Fri Sep 09 13:04:14 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:55 2005 -0700" }, "message": "[PATCH] files: lock-free fd look-up\n\nWith the use of RCU in files structure, the look-up of files using fds can now\nbe lock-free. The lookup is protected by rcu_read_lock()/rcu_read_unlock().\nThis patch changes the readers to use lock-free lookup.\n\nSigned-off-by: Maneesh Soni \u003cmaneesh@in.ibm.com\u003e\nSigned-off-by: Ravikiran Thirumalai \u003ckiran_th@gmail.com\u003e\nSigned-off-by: Dipankar Sarma \u003cdipankar@in.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "badf16621c1f9d1ac753be056fce11b43d6e0be5", "tree": "3fdf833fdf2e3d3a439090743539680449ec3428", "parents": [ "c0dfb2905126e9e94edebbce8d3e05001301f52d" ], "author": { "name": "Dipankar Sarma", "email": "dipankar@in.ibm.com", "time": "Fri Sep 09 13:04:10 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:55 2005 -0700" }, "message": "[PATCH] files: break up files struct\n\nIn order for the RCU to work, the file table array, sets and their sizes must\nbe updated atomically. Instead of ensuring this through too many memory\nbarriers, we put the arrays and their sizes in a separate structure. This\npatch takes the first step of putting the file table elements in a separate\nstructure fdtable that is embedded withing files_struct. It also changes all\nthe users to refer to the file table using files_fdtable() macro. Subsequent\napplciation of RCU becomes easier after this.\n\nSigned-off-by: Dipankar Sarma \u003cdipankar@in.ibm.com\u003e\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e31e14ec356f36b131576be5bc31d8fef7e95483", "tree": "5597419cf186904d77c4b4ecf117287bcc1db986", "parents": [ "a74574aafea3a63add3251047601611111f44562" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Sep 09 13:01:45 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:28 2005 -0700" }, "message": "[PATCH] remove the inode_post_link and inode_post_rename LSM hooks\n\nThis patch removes the inode_post_link and inode_post_rename LSM hooks as\nthey are unused (and likely useless).\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "a74574aafea3a63add3251047601611111f44562", "tree": "a8f4a809589513c666c6f5518cbe84f50ee5523e", "parents": [ "570bc1c2e5ccdb408081e77507a385dc7ebed7fa" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Sep 09 13:01:44 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:28 2005 -0700" }, "message": "[PATCH] Remove security_inode_post_create/mkdir/symlink/mknod hooks\n\nThis patch removes the inode_post_create/mkdir/mknod/symlink LSM hooks as\nthey are obsoleted by the new inode_init_security hook that enables atomic\ninode security labeling.\n\nIf anyone sees any reason to retain these hooks, please speak now. Also,\nis anyone using the post_rename/link hooks; if not, those could also be\nremoved.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "570bc1c2e5ccdb408081e77507a385dc7ebed7fa", "tree": "d00d2df7c93899fa2028128c40961fec46ede471", "parents": [ "ac50960afa31877493add6d941d8402fa879c452" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Sep 09 13:01:43 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:28 2005 -0700" }, "message": "[PATCH] tmpfs: Enable atomic inode security labeling\n\nThis patch modifies tmpfs to call the inode_init_security LSM hook to set\nup the incore inode security state for new inodes before the inode becomes\naccessible via the dcache.\n\nAs there is no underlying storage of security xattrs in this case, it is\nnot necessary for the hook to return the (name, value, len) triple to the\ntmpfs code, so this patch also modifies the SELinux hook function to\ncorrectly handle the case where the (name, value, len) pointers are NULL.\n\nThe hook call is needed in tmpfs in order to support proper security\nlabeling of tmpfs inodes (e.g. for udev with tmpfs /dev in Fedora). With\nthis change in place, we should then be able to remove the\nsecurity_inode_post_create/mkdir/... hooks safely.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Hugh Dickins \u003chugh@veritas.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "5e41ff9e0650f327a6c819841fa412da95d57319", "tree": "a525df8bda34c2aa52f30326f94cd15109bb58b3", "parents": [ "f5ee56cc184e0944ebc9ff1691985219959596f6" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Sep 09 13:01:35 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:27 2005 -0700" }, "message": "[PATCH] security: enable atomic inode security labeling\n\nThe following patch set enables atomic security labeling of newly created\ninodes by altering the fs code to invoke a new LSM hook to obtain the security\nattribute to apply to a newly created inode and to set up the incore inode\nsecurity state during the inode creation transaction. This parallels the\nexisting processing for setting ACLs on newly created inodes. Otherwise, it\nis possible for new inodes to be accessed by another thread via the dcache\nprior to complete security setup (presently handled by the\npost_create/mkdir/... LSM hooks in the VFS) and a newly created inode may be\nleft unlabeled on the disk in the event of a crash. SELinux presently works\naround the issue by ensuring that the incore inode security label is\ninitialized to a special SID that is inaccessible to unprivileged processes\n(in accordance with policy), thereby preventing inappropriate access but\npotentially causing false denials on legitimate accesses. A simple test\nprogram demonstrates such false denials on SELinux, and the patch solves the\nproblem. Similar such false denials have been encountered in real\napplications.\n\nThis patch defines a new inode_init_security LSM hook to obtain the security\nattribute to apply to a newly created inode and to set up the incore inode\nsecurity state for it, and adds a corresponding hook function implementation\nto SELinux.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "48467641bcc057f7cba3b6cbbe66cb834d64cc81", "tree": "f7c5c5e964c220de30fcdcd06b0f1efdb3e22439", "parents": [ "3863e72414fa2ebf5f3b615d1bf99de32e59980a", "d70063c4634af060a5387337b7632f6334ca3458" ], "author": { "name": "Linus Torvalds", "email": "torvalds@evo.osdl.org", "time": "Mon Sep 05 00:11:50 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@evo.osdl.org", "time": "Mon Sep 05 00:11:50 2005 -0700" }, "message": "Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 \n" }, { "commit": "b5bf6c55edf94e9c7fc01724d5b271f78eaf1d3f", "tree": "0f2be4478fa5886f467fce8b4a8d56b5e8dbed46", "parents": [ "782ebb992ec20b5afdd5786ee8c2f1b58b631f24" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Sat Sep 03 15:55:17 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@evo.osdl.org", "time": "Mon Sep 05 00:05:51 2005 -0700" }, "message": "[PATCH] selinux: endian notations\n\nThis patch adds endian notations to the SELinux code.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "782ebb992ec20b5afdd5786ee8c2f1b58b631f24", "tree": "adf0af44fa591d803ec6b9ab7541ff3e5745dd93", "parents": [ "720d6c29e146e96cca858057469951e91e0e6850" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sat Sep 03 15:55:16 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@evo.osdl.org", "time": "Mon Sep 05 00:05:50 2005 -0700" }, "message": "[PATCH] selinux: Reduce memory use by avtab\n\nThis patch improves memory use by SELinux by both reducing the avtab node\nsize and reducing the number of avtab nodes. The memory savings are\nsubstantial, e.g. on a 64-bit system after boot, James Morris reported the\nfollowing data for the targeted and strict policies:\n\n #objs objsize kernmem\nTargeted:\n Before: 237888 40 9.1MB\n After: 19968 24 468KB\n\nStrict:\n Before: 571680 40 21.81MB\n After: 221052 24 5.06MB\n\nThe improvement in memory use comes at a cost in the speed of security\nserver computations of access vectors, but these computations are only\nrequired on AVC cache misses, and performance measurements by James Morris\nusing a number of benchmarks have shown that the change does not cause any\nsignificant degradation.\n\nNote that a rebuilt policy via an updated policy toolchain\n(libsepol/checkpolicy) is required in order to gain the full benefits of\nthis patch, although some memory savings benefits are immediately applied\neven to older policies (in particular, the reduction in avtab node size).\nSources for the updated toolchain are presently available from the\nsourceforge CVS tree (http://sourceforge.net/cvs/?group_id\u003d21266), and\ntarballs are available from http://www.flux.utah.edu/~sds.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "eb6f1160ddb2fdadf50f350da79d0796c37f17e2", "tree": "e7b048b089b4b0ec9f121eea9a7f5864999dbac3", "parents": [ "64baf3cfea974d2b9e671ccfdbc03e030ea5ebc6" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Thu Sep 01 17:43:25 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Sep 01 17:43:25 2005 -0700" }, "message": "[CRYPTO]: Use CRYPTO_TFM_REQ_MAY_SLEEP where appropriate\n\nThis patch goes through the current users of the crypto layer and sets\nCRYPTO_TFM_REQ_MAY_SLEEP at crypto_alloc_tfm() where all crypto operations\nare performed in process context.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "216efaaaa006d2f3ecbb5bbc2b6673423813254e", "tree": "c05cd2d0ec829d18a8f85ff8611c0e1424303f52", "parents": [ "066286071d3542243baa68166acb779187c848b3" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 15 20:34:48 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 16:01:15 2005 -0700" }, "message": "[SELINUX]: Update for tcp_diag rename to inet_diag.\n\nAlso, support dccp sockets.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "066286071d3542243baa68166acb779187c848b3", "tree": "ef6604f16ceb13842a30311654e6a64aac716c48", "parents": [ "9a4595bc7e67962f13232ee55a64e063062c3a99" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Mon Aug 15 12:33:26 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 16:01:11 2005 -0700" }, "message": "[NETLINK]: Add \"groups\" argument to netlink_kernel_create\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ac6d439d2097b72ea0cbc2322ce1263a38bc1fd0", "tree": "19e638a226993dddede5a2da577e2572f7555a95", "parents": [ "d629b836d151d43332492651dd841d32e57ebe3b" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Sun Aug 14 19:29:52 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 16:00:54 2005 -0700" }, "message": "[NETLINK]: Convert netlink users to use group numbers instead of bitmasks\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "43e943c32b9213b5d25407b281c94aaa474fd9a6", "tree": "7844a1aa95d697ae378bc799085e1b29eb0b8a48", "parents": [ "ad93e266a17c6f606e96304c866eb73665ae34fa" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Sun Aug 14 19:25:47 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 16:00:34 2005 -0700" }, "message": "[NETLINK]: Fix missing dst_groups initializations in netlink_broadcast users\n\nnetlink_broadcast users must initialize NETLINK_CB(skb).dst_groups to the\ndestination group mask for netlink_recvmsg.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4fdb3bb723db469717c6d38fda667d8b0fa86ebd", "tree": "43d82e717922e6319cf8a8f9dc5ee902c651b491", "parents": [ "020b4c12dbe3868d792a01d7c1470cd837abe10f" ], "author": { "name": "Harald Welte", "email": "laforge@netfilter.org", "time": "Tue Aug 09 19:40:55 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 15:35:08 2005 -0700" }, "message": "[NETLINK]: Add properly module refcounting for kernel netlink sockets.\n\n- Remove bogus code for compiling netlink as module\n- Add module refcounting support for modules implementing a netlink\n protocol\n- Add support for autoloading modules that implement a netlink protocol\n as soon as someone opens a socket for that protocol\n\nSigned-off-by: Harald Welte \u003claforge@netfilter.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2c40579bdc2a94977fcff2521d5b53a97c33e77a", "tree": "04da3ba2070d46115e93ddbb148e035666862d84", "parents": [ "5a73c308754e27829c94544e010f133019cbd432" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Mon Aug 22 18:20:50 2005 +0200" }, "committer": { "name": "Chris Wright", "email": "chrisw@osdl.org", "time": "Mon Aug 22 14:10:22 2005 -0700" }, "message": "[PATCH] SECURITY must depend on SYSFS\n\nCONFIG_SECURITY\u003dy and CONFIG_SYSFS\u003dn results in the following compile\nerror:\n\n\u003c-- snip --\u003e\n\n...\n LD vmlinux\nsecurity/built-in.o: In function `securityfs_init\u0027:\ninode.c:(.init.text+0x1c2): undefined reference to `kernel_subsys\u0027\nmake: *** [vmlinux] Error 1\n\n\u003c-- snip --\u003e\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Chris Wright \u003cchrisw@osdl.org\u003e\n" }, { "commit": "c973b112c76c9d8fd042991128f218a738cc8d0a", "tree": "e813b0da5d0a0e19e06de6462d145a29ad683026", "parents": [ "c5fbc3966f48279dbebfde10248c977014aa9988", "00dd1e433967872f3997a45d5adf35056fdf2f56" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Tue Aug 09 16:51:35 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Tue Aug 09 16:51:35 2005 +0100" }, "message": "Merge with /shiny/git/linux-2.6/.git\n" }, { "commit": "94efe72f762e2c147d8146d637d5ece5614c8d94", "tree": "002e4719541ad838342e01a5f8ff63ae0a618b29", "parents": [ "bcf945d36fa0598f41ac4ad46a9dc43135460263" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Aug 04 13:07:07 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Thu Aug 04 13:11:14 2005 -0700" }, "message": "[PATCH] Destruction of failed keyring oopses\n\nThe attached patch makes sure that a keyring that failed to instantiate\nproperly is destroyed without oopsing [CAN-2005-2099].\n\nThe problem occurs in three stages:\n\n (1) The key allocator initialises the type-specific data to all zeroes. In\n the case of a keyring, this will become a link in the keyring name list\n when the keyring is instantiated.\n\n (2) If a user (any user) attempts to add a keyring with anything other than\n an empty payload, the keyring instantiation function will fail with an\n error and won\u0027t add the keyring to the name list.\n\n (3) The keyring\u0027s destructor then sees that the keyring has a description\n (name) and tries to remove the keyring from the name list, which oopses\n because the link pointers are both zero.\n\nThis bug permits any user to take down a box trivially.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "bcf945d36fa0598f41ac4ad46a9dc43135460263", "tree": "7a2aa188442bf863f20055a001baf85143d7a5b9", "parents": [ "6fb0caa42308923d9e4ed7b36ec077b97c107e24" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Aug 04 13:07:06 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Thu Aug 04 13:11:14 2005 -0700" }, "message": "[PATCH] Error during attempt to join key management session can leave semaphore pinned\n\nThe attached patch prevents an error during the key session joining operation\nfrom hanging future joins in the D state [CAN-2005-2098].\n\nThe problem is that the error handling path for the KEYCTL_JOIN_SESSION_KEYRING\noperation has one error path that doesn\u0027t release the session management\nsemaphore. Further attempts to get the semaphore will then sleep for ever in\nthe D state.\n\nThis can happen in four situations, all involving an attempt to allocate a new\nsession keyring:\n\n (1) ENOMEM.\n\n (2) The users key quota being reached.\n\n (3) A keyring name that is an empty string.\n\n (4) A keyring name that is too long.\n\nAny user may attempt this operation, and so any user can cause the problem to\noccur.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1260f801b4e4ba7be200886b4a53d730de05ca19", "tree": "319a68125252ac50df21b6e84cc1131c96e60d6f", "parents": [ "c36f19e02a96488f550fdb678c92500afca3109b" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Aug 04 11:50:01 2005 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Thu Aug 04 08:20:47 2005 -0700" }, "message": "[PATCH] Keys: Fix key management syscall interface bugs\n\nThis fixes five bugs in the key management syscall interface:\n\n (1) add_key() returns 0 rather than EINVAL if the key type is \"\".\n\n Checking the key type isn\u0027t \"\" should be left to lookup_user_key().\n\n (2) request_key() returns ENOKEY rather than EPERM if the key type begins\n with a \".\".\n\n lookup_user_key() can\u0027t do this because internal key types begin with a\n \".\".\n\n (3) Key revocation always returns 0, even if it fails.\n\n (4) Key read can return EAGAIN rather than EACCES under some circumstances.\n\n A key is permitted to by read by a process if it doesn\u0027t grant read\n access, but it does grant search access and it is in the process\u0027s\n keyrings. That search returns EAGAIN if it fails, and this needs\n translating to EACCES.\n\n (5) request_key() never adds the new key to the destination keyring if one is\n supplied.\n\n The wrong macro was being used to test for an error condition: PTR_ERR()\n will always return true, whether or not there\u0027s an error; this should\u0027ve\n been IS_ERR().\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-Off-By: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "911656f8a630e36b22c7e2bba3317dec9174209c", "tree": "2257dd4c04f4d234caf770a748b290b4d144fcf5", "parents": [ "f0b9d796002d9d39575cf1beabfb625f68b507fa" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jul 28 21:16:21 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Thu Jul 28 21:46:05 2005 -0700" }, "message": "[PATCH] selinux: Fix address length checks in connect hook\n\nThis patch fixes the address length checks in the selinux_socket_connect\nhook to be no more restrictive than the underlying ipv4 and ipv6 code;\notherwise, this hook can reject valid connect calls. This patch is in\nresponse to a bug report where an application was calling connect on an\nINET6 socket with an address that didn\u0027t include the optional scope id and\nfailing due to these checks.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "f5c1d5b2aaf9a98f15a6dcdfbba1f494d0aaae52", "tree": "e896d0b6b9f561c9d124fa81efd261518ccbddf4", "parents": [ "e1699f508ab5098de4b258268fa8913db38d9d35" ], "author": { "name": "James Morris", "email": "jmorris@redhat.com", "time": "Thu Jul 28 01:07:37 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Thu Jul 28 08:39:02 2005 -0700" }, "message": "[PATCH] SELinux: default labeling of MLS field\n\nImplement kernel labeling of the MLS (multilevel security) field of\nsecurity contexts for files which have no existing MLS field. This is to\nenable upgrades of a system from non-MLS to MLS without performing a full\nfilesystem relabel including all of the mountpoints, which would be quite\npainful for users.\n\nWith this patch, with MLS enabled, if a file has no MLS field, the kernel\ninternally adds an MLS field to the in-core inode (but not to the on-disk\nfile). This MLS field added is the default for the superblock, allowing\nper-mountpoint control over the values via fixed policy or mount options.\n\nThis patch has been tested by enabling MLS without relabeling its\nfilesystem, and seems to be working correctly.\n\nSigned-off-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "30beab1491f0b96b2f23d3fb68af01fd921a16d8", "tree": "c580bdc0846269fbb10feeda901ecec1a48ee2ef", "parents": [ "21af6c4f2aa5f63138871b4ddd77d7ebf2588c9d", "c32511e2718618f0b53479eb36e07439aa363a74" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jul 13 15:25:59 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jul 13 15:25:59 2005 +0100" }, "message": "Merge with /shiny/git/linux-2.6/.git\n" }, { "commit": "5a73c308754e27829c94544e010f133019cbd432", "tree": "be66dc5e28c5510f6c3da99a4f8d9d9efe1360d6", "parents": [ "b67dbf9d4c1987c370fd18fdc4cf9d8aaea604c2" ], "author": { "name": "serue@us.ibm.com", "email": "serue@us.ibm.com", "time": "Fri Jul 08 15:44:19 2005 -0500" }, "committer": { "name": "Chris Wright", "email": "chrisw@osdl.org", "time": "Fri Jul 08 18:49:05 2005 -0700" }, "message": "[PATCH] seclvl securityfs\n\nOnce again, the simple_attr in libfs was actually sufficient - I\u0027d\nthought the __attribute__(format(printk(1,2))) was more mysterious than\nit really is.\n\nAt last, here is the full patch to make seclvl use securityfs.\n\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Chris Wright \u003cchrisw@osdl.org\u003e\n--\n\n seclvl.c | 228 +++++++++++++++++++--------------------------------------------\n 1 files changed, 70 insertions(+), 158 deletions(-)\n\nIndex: linux-2.6.13-rc1/security/seclvl.c\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n" }, { "commit": "b67dbf9d4c1987c370fd18fdc4cf9d8aaea604c2", "tree": "76c8bf2d44a9e8b3fb8df8dedf950bbb78d340ae", "parents": [ "043d051615aa5da09a7e44f1edbb69798458e067" ], "author": { "name": "Greg KH", "email": "greg@kroah.com", "time": "Thu Jul 07 14:37:53 2005 -0700" }, "committer": { "name": "Chris Wright", "email": "chrisw@osdl.org", "time": "Fri Jul 08 18:48:41 2005 -0700" }, "message": "[PATCH] add securityfs for all LSMs to use\n\nHere\u0027s a small patch against 2.6.13-rc2 that adds securityfs, a virtual\nfs that all LSMs can use instead of creating their own. The fs should\nbe mounted at /sys/kernel/security, and the fs creates that mount point.\nThis will make the LSB people happy that we aren\u0027t creating a new\n/my_lsm_fs directory in the root for every different LSM.\n\nIt has changed a bit since the last version, thanks to comments from\nMike Waychison.\n\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nSigned-off-by: Chris Wright \u003cchrisw@osdl.org\u003e\n" }, { "commit": "a4014d8f61a6a136d22422cf8aa978e6495dbad9", "tree": "bb5d995c2511b99e131ca92020ffc10cafee4447", "parents": [ "682d4fc93105ebf0bdfbb04a4b85047999b17844" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Jul 07 17:57:03 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Thu Jul 07 18:23:46 2005 -0700" }, "message": "[PATCH] Keys: Base keyring size on key pointer not key struct\n\nThe attached patch makes the keyring functions calculate the new size of a\nkeyring\u0027s payload based on the size of pointer to the key struct, not the size\nof the key struct itself.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "d2f6409584e2c62ffad81690562330ff3bf4a458", "tree": "3bdfb97d0b51be2f7f414f2107e97603c1206abb", "parents": [ "e1b09eba2686eca94a3a188042b518df6044a3c1", "4a89a04f1ee21a7c1f4413f1ad7dcfac50ff9b63" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat Jul 02 13:39:09 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat Jul 02 13:39:09 2005 +0100" }, "message": "Merge with master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6.git\n\n" }, { "commit": "6931dfc9f3f81d148b7ed0ab3fd796f8b986a995", "tree": "8c7251413b1243e29dc155fd9590931b423c5e31", "parents": [ "9a936eb928c1a253c2e5d66b947688bdc55094a6" ], "author": { "name": "Eric Paris", "email": "eparis@parisplace.org", "time": "Thu Jun 30 02:58:51 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Thu Jun 30 08:45:09 2005 -0700" }, "message": "[PATCH] selinux_sb_copy_data() should not require a whole page\n\nCurrently selinux_sb_copy_data requires an entire page be allocated to\n*orig when the function is called. This \"requirement\" is based on the fact\nthat we call copy_page(in_save, nosec_save) and in_save \u003d orig when the\ndata is not FS_BINARY_MOUNTDATA. This means that if a caller were to call\ndo_kern_mount with only about 10 bytes of options, they would get passed\nhere and then we would corrupt PAGE_SIZE - 10 bytes of memory (with all\nzeros.)\n\nCurrently it appears all in kernel FS\u0027s use one page of data so this has\nnot been a problem. An out of kernel FS did just what is described above\nand it would almost always panic shortly after they tried to mount. From\nlooking else where in the kernel it is obvious that this string of data\nmust always be null terminated. (See example in do_mount where it always\nzeros the last byte.) Thus I suggest we use strcpy in place of copy_page.\nIn this way we make sure the amount we copy is always less than or equal to\nthe amount we received and since do_mount is zeroing the last byte this\nshould be safe for all.\n\nSigned-off-by: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nAcked-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9a5f04bf798254390f89445ecf0b6f4c70ddc1f8", "tree": "ed9aa17d9d980f3f013ccc84e12135c65b51757d", "parents": [ "a2ba192c96d12447472e105890a9cd1b97952747" ], "author": { "name": "Jesper Juhl", "email": "juhl-lkml@dif.dk", "time": "Sat Jun 25 14:58:51 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Jun 25 16:25:00 2005 -0700" }, "message": "[PATCH] selinux: kfree cleanup\n\nkfree(NULL) is legal.\n\nSigned-off-by: Jesper Juhl \u003cjuhl-lkml@dif.dk\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "b2b18660066997420b716c1881a6be8b82700d97", "tree": "7c6eb8e7b8163e3d332bd4a4efe2ae5b5cfabdd2", "parents": [ "ae67cd643e9e64217fd92457324625c67fec6e35" ], "author": { "name": "Paul E. McKenney", "email": "paulmck@us.ibm.com", "time": "Sat Jun 25 14:55:38 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Jun 25 16:24:38 2005 -0700" }, "message": "[PATCH] RCU: clean up a few remaining synchronize_kernel() calls\n\n2.6.12-rc6-mm1 has a few remaining synchronize_kernel()s, some (but not\nall) in comments. This patch changes these synchronize_kernel() calls (and\ncomments) to synchronize_rcu() or synchronize_sched() as follows:\n\n- arch/x86_64/kernel/mce.c mce_read(): change to synchronize_sched() to\n handle races with machine-check exceptions (synchronize_rcu() would not cut\n it given RCU implementations intended for hardcore realtime use.\n\n- drivers/input/serio/i8042.c i8042_stop(): change to synchronize_sched() to\n handle races with i8042_interrupt() interrupt handler. Again,\n synchronize_rcu() would not cut it given RCU implementations intended for\n hardcore realtime use.\n\n- include/*/kdebug.h comments: change to synchronize_sched() to handle races\n with NMIs. As before, synchronize_rcu() would not cut it...\n\n- include/linux/list.h comment: change to synchronize_rcu(), since this\n comment is for list_del_rcu().\n\n- security/keys/key.c unregister_key_type(): change to synchronize_rcu(),\n since this is interacting with RCU read side.\n\n- security/keys/process_keys.c install_session_keyring(): change to\n synchronize_rcu(), since this is interacting with RCU read side.\n\nSigned-off-by: \"Paul E. McKenney\" \u003cpaulmck@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "09ffd94fb15d85fbf9eebb8180f50264b264d6fe", "tree": "688a5b60f9718a56a5d4386ef10596e77fb65b7b", "parents": [ "6b9921976f0861e04828b3aff66696c1f3fd900d" ], "author": { "name": "Lorenzo Hernández García-Hierro", "email": "lorenzo@gnu.org", "time": "Sat Jun 25 14:54:35 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Jun 25 16:24:26 2005 -0700" }, "message": "[PATCH] selinux: add executable heap check\n\nThis patch,based on sample code by Roland McGrath, adds an execheap\npermission check that controls the ability to make the heap executable so\nthat this can be prevented in almost all cases (the X server is presently\nan exception, but this will hopefully be resolved in the future) so that\neven programs with execmem permission will need to have the anonymous\nmemory mapped in order to make it executable.\n\nThe only reason that we use a permission check for such restriction (vs.\nmaking it unconditional) is that the X module loader presently needs it; it\ncould possibly be made unconditional in the future when X is changed.\n\nThe policy patch for the execheap permission is available at:\nhttp://pearls.tuxedo-es.org/patches/selinux/policy-execheap.patch\n\nSigned-off-by: Lorenzo Hernandez Garcia-Hierro \u003clorenzo@gnu.org\u003e\nAcked-by: James Morris \u003cjmorris@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6b9921976f0861e04828b3aff66696c1f3fd900d", "tree": "be372b9dc81e393c909c7fecf8778e8864ba3a0d", "parents": [ "2d15cab85b85a56cc886037cab43cc292923ff22" ], "author": { "name": "Lorenzo Hernandez García-Hierro", "email": "lorenzo@gnu.org", "time": "Sat Jun 25 14:54:34 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Jun 25 16:24:26 2005 -0700" }, "message": "[PATCH] selinux: add executable stack check\n\nThis patch adds an execstack permission check that controls the ability to\nmake the main process stack executable so that attempts to make the stack\nexecutable can still be prevented even if the process is allowed the\nexisting execmem permission in order to e.g. perform runtime code\ngeneration. Note that this does not yet address thread stacks. Note also\nthat unlike the execmem check, the execstack check is only applied on\nmprotect calls, not mmap calls, as the current security_file_mmap hook is\nnot passed the necessary information presently.\n\nThe original author of the code that makes the distinction of the stack\nregion, is Ingo Molnar, who wrote it within his patch for\n/proc/\u003cpid\u003e/maps markers.\n(http://marc.theaimsgroup.com/?l\u003dlinux-kernel\u0026m\u003d110719881508591\u0026w\u003d2)\n\nThe patches also can be found at:\nhttp://pearls.tuxedo-es.org/patches/selinux/policy-execstack.patch\nhttp://pearls.tuxedo-es.org/patches/selinux/kernel-execstack.patch\n\npolicy-execstack.patch is the patch that needs to be applied to the policy in\norder to support the execstack permission and exclude it\nfrom general_domain_access within macros/core_macros.te.\n\nkernel-execstack.patch adds such permission to the SELinux code within\nthe kernel and adds the proper permission check to the selinux_file_mprotect() hook.\n\nSigned-off-by: Lorenzo Hernandez Garcia-Hierro \u003clorenzo@gnu.org\u003e\nAcked-by: James Morris \u003cjmorris@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "16c29b67fb3bbacfc2a71f9e5f7d85728ef45efa", "tree": "adf06d2e9db51a455038f189790bfceffc1e0218", "parents": [ "3e30148c3d524a9c1c63ca28261bc24c457eb07a" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Thu Jun 23 22:00:58 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Fri Jun 24 00:05:19 2005 -0700" }, "message": "[PATCH] eCryptfs: export user key type\n\nExport this symbol to GPL modules for eCryptfs: an out-of-tree GPL\u0027ed\nfilesystem.\n\nSigned off by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\n\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "3e30148c3d524a9c1c63ca28261bc24c457eb07a", "tree": "a2fcc46cc11fe871ad976c07476d934a07313576", "parents": [ "8589b4e00e352f983259140f25a262d973be6bc5" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Jun 23 22:00:56 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Fri Jun 24 00:05:19 2005 -0700" }, "message": "[PATCH] Keys: Make request-key create an authorisation key\n\nThe attached patch makes the following changes:\n\n (1) There\u0027s a new special key type called \".request_key_auth\".\n\n This is an authorisation key for when one process requests a key and\n another process is started to construct it. This type of key cannot be\n created by the user; nor can it be requested by kernel services.\n\n Authorisation keys hold two references:\n\n (a) Each refers to a key being constructed. When the key being\n \t constructed is instantiated the authorisation key is revoked,\n \t rendering it of no further use.\n\n (b) The \"authorising process\". This is either:\n\n \t (i) the process that called request_key(), or:\n\n \t (ii) if the process that called request_key() itself had an\n \t authorisation key in its session keyring, then the authorising\n \t process referred to by that authorisation key will also be\n \t referred to by the new authorisation key.\n\n\t This means that the process that initiated a chain of key requests\n\t will authorise the lot of them, and will, by default, wind up with\n\t the keys obtained from them in its keyrings.\n\n (2) request_key() creates an authorisation key which is then passed to\n /sbin/request-key in as part of a new session keyring.\n\n (3) When request_key() is searching for a key to hand back to the caller, if\n it comes across an authorisation key in the session keyring of the\n calling process, it will also search the keyrings of the process\n specified therein and it will use the specified process\u0027s credentials\n (fsuid, fsgid, groups) to do that rather than the calling process\u0027s\n credentials.\n\n This allows a process started by /sbin/request-key to find keys belonging\n to the authorising process.\n\n (4) A key can be read, even if the process executing KEYCTL_READ doesn\u0027t have\n direct read or search permission if that key is contained within the\n keyrings of a process specified by an authorisation key found within the\n calling process\u0027s session keyring, and is searchable using the\n credentials of the authorising process.\n\n This allows a process started by /sbin/request-key to read keys belonging\n to the authorising process.\n\n (5) The magic KEY_SPEC_*_KEYRING key IDs when passed to KEYCTL_INSTANTIATE or\n KEYCTL_NEGATE will specify a keyring of the authorising process, rather\n than the process doing the instantiation.\n\n (6) One of the process keyrings can be nominated as the default to which\n request_key() should attach new keys if not otherwise specified. This is\n done with KEYCTL_SET_REQKEY_KEYRING and one of the KEY_REQKEY_DEFL_*\n constants. The current setting can also be read using this call.\n\n (7) request_key() is partially interruptible. If it is waiting for another\n process to finish constructing a key, it can be interrupted. This permits\n a request-key cycle to be broken without recourse to rebooting.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-Off-By: Benoit Boissinot \u003cbenoit.boissinot@ens-lyon.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "8589b4e00e352f983259140f25a262d973be6bc5", "tree": "d53c9b43ee0aaa2d7518a023c4b6373422117506", "parents": [ "7888e7ff4ee579442128d7d12a9c9dbf2cf7de6a" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Jun 23 22:00:53 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Fri Jun 24 00:05:18 2005 -0700" }, "message": "[PATCH] Keys: Use RCU to manage session keyring pointer\n\nThe attached patch uses RCU to manage the session keyring pointer in struct\nsignal_struct. This means that searching need not disable interrupts and get\na the sighand spinlock to access this pointer. Furthermore, by judicious use\nof rcu_read_(un)lock(), this patch also avoids the need to take and put\nrefcounts on the session keyring itself, thus saving on even more atomic ops.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "7888e7ff4ee579442128d7d12a9c9dbf2cf7de6a", "tree": "abe428ecb966e1dae07fce17f38e3e0c0ab4f134", "parents": [ "76d8aeabfeb1c42641a81c44280177b9a08670d8" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Jun 23 22:00:51 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Fri Jun 24 00:05:18 2005 -0700" }, "message": "[PATCH] Keys: Pass session keyring to call_usermodehelper()\n\nThe attached patch makes it possible to pass a session keyring through to the\nprocess spawned by call_usermodehelper(). This allows patch 3/3 to pass an\nauthorisation key through to /sbin/request-key, thus permitting better access\ncontrols when doing just-in-time key creation.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "76d8aeabfeb1c42641a81c44280177b9a08670d8", "tree": "0a584439bb44e440717aa77a1398ba9eea24a137", "parents": [ "7286aa9b9ab35f20b1ff16d867f4535701df99b5" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Jun 23 22:00:49 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Fri Jun 24 00:05:18 2005 -0700" }, "message": "[PATCH] keys: Discard key spinlock and use RCU for key payload\n\nThe attached patch changes the key implementation in a number of ways:\n\n (1) It removes the spinlock from the key structure.\n\n (2) The key flags are now accessed using atomic bitops instead of\n write-locking the key spinlock and using C bitwise operators.\n\n The three instantiation flags are dealt with with the construction\n semaphore held during the request_key/instantiate/negate sequence, thus\n rendering the spinlock superfluous.\n\n The key flags are also now bit numbers not bit masks.\n\n (3) The key payload is now accessed using RCU. This permits the recursive\n keyring search algorithm to be simplified greatly since no locks need be\n taken other than the usual RCU preemption disablement. Searching now does\n not require any locks or semaphores to be held; merely that the starting\n keyring be pinned.\n\n (4) The keyring payload now includes an RCU head so that it can be disposed\n of by call_rcu(). This requires that the payload be copied on unlink to\n prevent introducing races in copy-down vs search-up.\n\n (5) The user key payload is now a structure with the data following it. It\n includes an RCU head like the keyring payload and for the same reason. It\n also contains a data length because the data length in the key may be\n changed on another CPU whilst an RCU protected read is in progress on the\n payload. This would then see the supposed RCU payload and the on-key data\n length getting out of sync.\n\n I\u0027m tempted to drop the key\u0027s datalen entirely, except that it\u0027s used in\n conjunction with quota management and so is a little tricky to get rid\n of.\n\n (6) Update the keys documentation.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "d6e711448137ca3301512cec41a2c2ce852b3d0a", "tree": "f0765ebd90fdbdf270c05fcd7f3d32b24ba56681", "parents": [ "8b0914ea7475615c7c8965c1ac8fe4069270f25c" ], "author": { "name": "Alan Cox", "email": "alan@lxorguk.ukuu.org.uk", "time": "Thu Jun 23 00:09:43 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Thu Jun 23 09:45:26 2005 -0700" }, "message": "[PATCH] setuid core dump\n\nAdd a new `suid_dumpable\u0027 sysctl:\n\nThis value can be used to query and set the core dump mode for setuid\nor otherwise protected/tainted binaries. The modes are\n\n0 - (default) - traditional behaviour. Any process which has changed\n privilege levels or is execute only will not be dumped\n\n1 - (debug) - all processes dump core when possible. The core dump is\n owned by the current user and no security is applied. This is intended\n for system debugging situations only. Ptrace is unchecked.\n\n2 - (suidsafe) - any binary which normally would not be dumped is dumped\n readable by root only. This allows the end user to remove such a dump but\n not access it directly. For security reasons core dumps in this mode will\n not overwrite one another or other files. This mode is appropriate when\n adminstrators are attempting to debug problems in a normal environment.\n\n(akpm:\n\n\u003e \u003e +EXPORT_SYMBOL(suid_dumpable);\n\u003e\n\u003e EXPORT_SYMBOL_GPL?\n\nNo problem to me.\n\n\u003e \u003e \tif (current-\u003eeuid \u003d\u003d current-\u003euid \u0026\u0026 current-\u003eegid \u003d\u003d current-\u003egid)\n\u003e \u003e \t\tcurrent-\u003emm-\u003edumpable \u003d 1;\n\u003e\n\u003e Should this be SUID_DUMP_USER?\n\nActually the feedback I had from last time was that the SUID_ defines\nshould go because its clearer to follow the numbers. They can go\neverywhere (and there are lots of places where dumpable is tested/used\nas a bool in untouched code)\n\n\u003e Maybe this should be renamed to `dump_policy\u0027 or something. Doing that\n\u003e would help us catch any code which isn\u0027t using the #defines, too.\n\nFair comment. The patch was designed to be easy to maintain for Red Hat\nrather than for merging. Changing that field would create a gigantic\ndiff because it is used all over the place.\n\n)\n\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9ad9ad385be27fcc7c16d290d972c6173e780a61", "tree": "bbca700c2d88ba421a6c9c348de367eaf4de0e2c", "parents": [ "177bbc733a1d9c935bc3d6efd776a6699b29b1ca" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 15:04:33 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 15:04:33 2005 +0100" }, "message": "AUDIT: Wait for backlog to clear when generating messages.\n\nAdd a gfp_mask to audit_log_start() and audit_log(), to reduce the\namount of GFP_ATOMIC allocation -- most of it doesn\u0027t need to be \nGFP_ATOMIC. Also if the mask includes __GFP_WAIT, then wait up to\n60 seconds for the auditd backlog to clear instead of immediately \nabandoning the message. \n\nThe timeout should probably be made configurable, but for now it\u0027ll \nsuffice that it only happens if auditd is actually running.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "da3caa204ca40c32dcb751ebead2a6835b83e8d1", "tree": "0bf36cf3bd9bee84cc4f93de5e99d6a0832329cb", "parents": [ "8680e22f296e75e5497edb660c59c6b4dcfbbd32" ], "author": { "name": "Gerald Schaefer", "email": "geraldsc@de.ibm.com", "time": "Tue Jun 21 17:15:18 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Tue Jun 21 18:46:22 2005 -0700" }, "message": "[PATCH] SELinux: memory leak in selinux_sb_copy_data()\n\nThere is a memory leak during mount when SELinux is active and mount\noptions are specified.\n\nSigned-off-by: Gerald Schaefer \u003cgeraldsc@de.ibm.com\u003e\nAcked-by: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "70f2817a43c89b784dc2ec3d06ba5bf3064f8235", "tree": "210bbd16599d4e402051e4ec30c82e70b8b427ef", "parents": [ "6c1852a08e444a2e66367352a99c0e93c8bf3e97" ], "author": { "name": "Dmitry Torokhov", "email": "dtor_core@ameritech.net", "time": "Fri Apr 29 01:27:34 2005 -0500" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Mon Jun 20 15:15:03 2005 -0700" }, "message": "[PATCH] sysfs: (rest) if show/store is missing return -EIO\n\nsysfs: fix the rest of the kernel so if an attribute doesn\u0027t\n implement show or store method read/write will return\n -EIO instead of 0 or -EINVAL or -EPERM.\n\nSigned-off-by: Dmitry Torokhov \u003cdtor@mail.ru\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n" }, { "commit": "c7fb64db001f83ece669c76a02d8ec2fdb1dd307", "tree": "f8b8375b8b619c00db3399a4ef6f67e2636dfac7", "parents": [ "00768244923f66801958a8d2d103f7b65608c9b6" ], "author": { "name": "Thomas Graf", "email": "tgraf@suug.ch", "time": "Sat Jun 18 22:50:55 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Jun 18 22:50:55 2005 -0700" }, "message": "[NETLINK]: Neighbour table configuration and statistics via rtnetlink\n\nTo retrieve the neighbour tables send RTM_GETNEIGHTBL with the\nNLM_F_DUMP flag set. Every neighbour table configuration is\nspread over multiple messages to avoid running into message\nsize limits on systems with many interfaces. The first message\nin the sequence transports all not device specific data such as\nstatistics, configuration, and the default parameter set.\nThis message is followed by 0..n messages carrying device\nspecific parameter sets.\n\nAlthough the ordering should be sufficient, NDTA_NAME can be\nused to identify sequences. The initial message can be identified\nby checking for NDTA_CONFIG. The device specific messages do\nnot contain this TLV but have NDTPA_IFINDEX set to the\ncorresponding interface index.\n\nTo change neighbour table attributes, send RTM_SETNEIGHTBL\nwith NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],\nNDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked\notherwise. Device specific parameter sets can be changed by\nsetting NDTPA_IFINDEX to the interface index of the corresponding\ndevice.\n\nSigned-off-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "37ca5389b863e5ffba6fb7c22331bf57dbf7764a", "tree": "4869477a27fbd8ad91b0ce42f0b2e4b6817e5105", "parents": [ "99e45eeac867d51ff3395dcf3d7aedf5ac2812c8" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Tue May 24 21:28:28 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Tue May 24 21:28:28 2005 +0100" }, "message": "AUDIT: Fix remaining cases of direct logging of untrusted strings by avc_audit\n\nPer Steve Grubb\u0027s observation that there are some remaining cases where\navc_audit() directly logs untrusted strings without escaping them, here\nis a patch that changes avc_audit() to use audit_log_untrustedstring()\nor audit_log_hex() as appropriate. Note that d_name.name is nul-\nterminated by d_alloc(), and that sun_path is nul-terminated by\nunix_mkname(), so it is not necessary for the AVC to create nul-\nterminated copies or to alter audit_log_untrustedstring to take a length\nargument. In the case of an abstract name, we use audit_log_hex() with\nan explicit length.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "7b5d781ce1f19fb7382d3d3fb7af48e429bed12d", "tree": "8ab8eef2e8c3629c46d29ffb9c618d87c5e1a02c", "parents": [ "326e9c8ba6a149f47e020719b23b24a14ba740d6" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat May 21 16:52:57 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat May 21 16:52:57 2005 +0100" }, "message": "Fix oops due to thinko in avc_audit()\n\nWhen I added the logging of pid\u003d and comm\u003d back to avc_audit() I \nscrewed it up. Put it back how it should be.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "011161051bbc25f7f8b7df059dbd934c534443f0", "tree": "f1ca3727e4130cacad86dfdae65e7533fcb67784", "parents": [ "fb19b4c6aa024837a0071f07baa07dbf49d07151" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sat May 21 00:15:52 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat May 21 00:15:52 2005 +0100" }, "message": "AUDIT: Avoid sleeping function in SElinux AVC audit.\n\nThis patch changes the SELinux AVC to defer logging of paths to the audit\nframework upon syscall exit, by saving a reference to the (dentry,vfsmount)\npair in an auxiliary audit item on the current audit context for processing\nby audit_log_exit.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "7063e6c717f6108c4b3fc3135a516c86ef944870", "tree": "ec6eec10b4dc93474100e6e366df028bd3314fda", "parents": [ "7ca0026495dbb644b4e32ede76be44072cb2bc7a", "05d3794aa8bd3b2c9f7920a05003c331cdeb75c5" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Thu May 19 11:54:00 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Thu May 19 11:54:00 2005 +0100" }, "message": "Merge with master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6.git\n\n" }, { "commit": "cd77b8212d5473b800ac865364981d334ff564ea", "tree": "334f44b05fc02039d67de5f9bfc26765e754b727", "parents": [ "b7d1125817c9a46cc46f57db89d9c195e7af22f8" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Thu May 19 11:18:24 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Thu May 19 11:18:24 2005 +0100" }, "message": "Restore logging of pid\u003d and comm\u003d in AVC audit messages\n\nWe turned this all off because the \u0027exe\u003d\u0027 was causing deadlocks on\ndcache_lock. There\u0027s no need to leave the pid and comm out though. \nThey\u0027ll all be logged correctly if full auditing is enabled, but we\nshould still print them in case auditing _isn\u0027t_ enabled.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "209aba03243ee42a22f8df8d08aa9963f62aec64", "tree": "e45ee43e7af31f847377e8bb3a0a61581732b653", "parents": [ "3ec3b2fba526ead2fa3f3d7c91924f39a0733749" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed May 18 10:21:07 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed May 18 10:21:07 2005 +0100" }, "message": "AUDIT: Treat all user messages identically.\n\nIt\u0027s silly to have to add explicit entries for new userspace messages\nas we invent them. Just treat all messages in the user range the same.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "4c443d1b558b21520bd8fd6140b85cee0756becd", "tree": "e6d4fea8329bb709efd825ec14c9598a0c08e562", "parents": [ "b81074800b98ac50b64d4c8d34e8abf0fda5e3d1" ], "author": { "name": "Stephen Smalley", "email": "sds@epoch.ncsc.mil", "time": "Mon May 16 21:53:52 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Tue May 17 07:59:20 2005 -0700" }, "message": "[PATCH] selinux: fix avc_alloc_node() oom with no policy loaded\n\nThis patch should fix the avc_alloc_node() oom condition that Andrew\nreported when no policy is loaded in SELinux.\n\nPrior to this patch, when no policy was loaded, the SELinux \"security\nserver\" (policy engine) was only returning allowed decisions for the\nrequested permissions for each access check. This caused the cache to\nthrash when trying to use SELinux for real work with no policy loaded\n(typically, the no policy loaded state is only for bootstrapping to the\npoint where we can load an initial policy).\n\nThis patch changes the SELinux security server to return the complete\nallowed access vector at once, and then to reset the cache after the\ninitial policy load to flush the initial cache state created during\nbootstrapping.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "c04049939f88b29e235d2da217bce6e8ead44f32", "tree": "9bf3ab72b9939c529e7c96f8768bc8b7e1d768c9", "parents": [ "9ea74f0655412d0fbd12bf9adb6c14c8fe707a42" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Fri May 13 18:17:42 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Fri May 13 18:17:42 2005 +0100" }, "message": "AUDIT: Add message types to audit records\n\nThis patch adds more messages types to the audit subsystem so that audit \nanalysis is quicker, intuitive, and more useful.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\n---\nI forgot one type in the big patch. I need to add one for user space \noriginating SE Linux avc messages. This is used by dbus and nscd.\n\n-Steve\n---\nUpdated to 2.6.12-rc4-mm1.\n-dwmw2\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "c1b773d87eadc3972d697444127e89a7291769a2", "tree": "edfce2e842c3b6be70f3b90584507aab9fb3de8f", "parents": [ "197c69c6afd2deb7eec44040ff533d90d26c6161" ], "author": { "name": "Chris Wright", "email": "chrisw@osdl.org", "time": "Wed May 11 10:55:10 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed May 11 10:55:10 2005 +0100" }, "message": "Add audit_log_type\n\nAdd audit_log_type to allow callers to specify type and pid when logging.\nConvert audit_log to wrapper around audit_log_type. Could have\nconverted all audit_log callers directly, but common case is default\nof type AUDIT_KERNEL and pid 0. Update audit_log_start to take type\nand pid values when creating a new audit_buffer. Move sequences that\ndid audit_log_start, audit_log_format, audit_set_type, audit_log_end,\nto simply call audit_log_type directly. This obsoletes audit_set_type\nand audit_set_pid, so remove them.\n\nSigned-off-by: Chris Wright \u003cchrisw@osdl.org\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "c2f0c7c356dc9ae15419f00c725a2fcc58eeff58", "tree": "2b765b791115e0e85b45bc98800fd2650b23155b", "parents": [ "2512809255d018744fe6c2f5e996c83769846c07" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Fri May 06 12:38:39 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Fri May 06 12:38:39 2005 +0100" }, "message": "The attached patch addresses the problem with getting the audit daemon \nshutdown credential information. It creates a new message type \nAUDIT_TERM_INFO, which is used by the audit daemon to query who issued the \nshutdown. \n\nIt requires the placement of a hook function that gathers the information. The \nhook is after the DAC \u0026 MAC checks and before the function returns. Racing \nthreads could overwrite the uid \u0026 pid - but they would have to be root and \nhave policy that allows signalling the audit daemon. That should be a \nmanageable risk.\n\nThe userspace component will be released later in audit 0.7.2. When it \nreceives the TERM signal, it queries the kernel for shutdown information. \nWhen it receives it, it writes the message and exits. The message looks \nlike this:\n\ntype\u003dDAEMON msg\u003dauditd(1114551182.000) auditd normal halt, sending pid\u003d2650 \nuid\u003d525, auditd pid\u003d1685\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "b207a290ea7dc83dba02e40b81cc8a29415a9c60", "tree": "fe76d1c494977ba95ab576e9207dc13c4a66a04a", "parents": [ "6af963f1d6789ef20abca5696cd52a758b396e52" ], "author": { "name": "James Morris", "email": "jmorris@redhat.com", "time": "Sun May 01 08:58:40 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sun May 01 08:58:40 2005 -0700" }, "message": "[PATCH] SELinux: add finer grained permissions to Netlink audit processing\n\nThis patch provides finer grained permissions for the audit family of\nNetlink sockets under SELinux.\n\n1. We need a way to differentiate between privileged and unprivileged\n reads of kernel data maintained by the audit subsystem. The AUDIT_GET\n operation is unprivileged: it returns the current status of the audit\n subsystem (e.g. whether it\u0027s enabled etc.). The AUDIT_LIST operation\n however returns a list of the current audit ruleset, which is considered\n privileged by the audit folk. To deal with this, a new SELinux\n permission has been implemented and applied to the operation:\n nlmsg_readpriv, which can be allocated to appropriately privileged\n domains. Unprivileged domains would only be allocated nlmsg_read.\n\n2. There is a requirement for certain domains to generate audit events\n from userspace. These events need to be collected by the kernel,\n collated and transmitted sequentially back to the audit daemon. An\n example is user level login, an auditable event under CAPP, where\n login-related domains generate AUDIT_USER messages via PAM which are\n relayed back to auditd via the kernel. To prevent handing out\n nlmsg_write permissions to such domains, a new permission has been\n added, nlmsg_relay, which is intended for this type of purpose: data is\n passed via the kernel back to userspace but no privileged information is\n written to the kernel.\n\nAlso, AUDIT_LOGIN messages are now valid only for kernel-\u003euser messaging,\nso this value has been removed from the SELinux nlmsgtab (which is only\nused to check user-\u003ekernel messages).\n\nSigned-off-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6af963f1d6789ef20abca5696cd52a758b396e52", "tree": "20990e909fc4a79789de54cfcae7ea150329cdc5", "parents": [ "de7d5a3b6c9ff8429bf046c36b56d3192b75c3da" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sun May 01 08:58:39 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sun May 01 08:58:39 2005 -0700" }, "message": "[PATCH] SELinux: cleanup ipc_has_perm\n\nThis patch removes the sclass argument from ipc_has_perm in the SELinux\nmodule, as it can be obtained from the ipc security structure. The use of\na separate argument was a legacy of the older precondition function\nhandling in SELinux and is obsolete. Please apply.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "0d3d077cd4f1154e63a9858e47fe3fb1ad0c03e5", "tree": "63f376b3586412af712ffac7d500516c98f7bb2c", "parents": [ "aa77d26961fa4ecb11fe4209578dcd62ad15819d" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Sun Apr 24 20:16:19 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Apr 24 20:16:19 2005 -0700" }, "message": "[SELINUX]: Fix ipv6_skip_exthdr() invocation causing OOPS.\n\nThe SELinux hooks invoke ipv6_skip_exthdr() with an incorrect\nlength final argument. However, the length argument turns out\nto be superfluous.\n\nI was just reading ipv6_skip_exthdr and it occured to me that we can\nget rid of len altogether. The only place where len is used is to\ncheck whether the skb has two bytes for ipv6_opt_hdr. This check\nis done by skb_header_pointer/skb_copy_bits anyway.\n\nNow it might appear that we\u0027ve made the code slower by deferring\nthe check to skb_copy_bits. However, this check should not trigger\nin the common case so this is OK.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "219f0817038cabc722968e914490adf6b686499e", "tree": "13b64537abe906645ee22843e146e21958236219", "parents": [ "865108d13801d39ec038bdc82b5bec5e1eaffa9d" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Apr 18 10:47:35 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Mon Apr 18 10:47:35 2005 -0700" }, "message": "[PATCH] SELinux: fix deadlock on dcache lock\n\nThis fixes a deadlock on the dcache lock detected during testing at IBM\nby moving the logging of the current executable information from the\nSELinux avc_audit function to audit_log_exit (via an audit_log_task_info\nhelper) for processing upon syscall exit. \n\nFor consistency, the patch also removes the logging of other\ntask-related information from avc_audit, deferring handling to\naudit_log_exit instead. \n\nThis allows simplification of the avc_audit code, allows the exe\ninformation to be obtained more reliably, always includes the comm\ninformation (useful for scripts), and avoids including bogus task\ninformation for checks performed from irq or softirq. \n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "0c9b79429c83a404a04908be65baa9d97836bbb6", "tree": "66cdf9fc4cf40867ed8c9dc060661615941cd95f", "parents": [ "7e5c6bc0a600c49e5922591ad41ff41987f54eb4" ], "author": { "name": "James Morris", "email": "jmorris@redhat.com", "time": "Sat Apr 16 15:24:13 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:24:13 2005 -0700" }, "message": "[PATCH] SELinux: add support for NETLINK_KOBJECT_UEVENT\n\nThis patch adds SELinux support for the KOBJECT_UEVENT Netlink family, so\nthat SELinux can apply finer grained controls to it. For example, security\npolicy for hald can be locked down to the KOBJECT_UEVENT Netlink family\nonly. Currently, this family simply defaults to the default Netlink socket\nclass.\n\nNote that some new permission definitions are added to sync with changes in\nthe core userspace policy package, which auto-generates header files.\n\nSigned-off-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "388c69789a2a2e50965e805e3e641418082b352c", "tree": "6a715440068d1df09fee5bc2e7e9ac0d8af37cae", "parents": [ "1db7fc75a410d9a15cbc58a9b073a688669c6d42" ], "author": { "name": "James Morris", "email": "jmorris@redhat.com", "time": "Sat Apr 16 15:24:03 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:24:03 2005 -0700" }, "message": "[PATCH] SELinux: fix bug in Netlink message type detection\n\nThis patch fixes a bug in the SELinux Netlink message type detection code,\nwhere the wrong constant was being used in a case statement. The incorrect\nvalue is not valid for this class of object so it would not have been\nreached, and fallen through to a default handler for all Netlink messages.\n\nSigned-off-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d", "parents": [], "author": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n" } ] }