)]}' { "log": [ { "commit": "12b3052c3ee8f508b2c7ee4ddd63ed03423409d8", "tree": "b97d0f209f363cfad94ce9d075312274e349da89", "parents": [ "6800e4c0ea3e96cf78953b8b5743381cb1bb9e37" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 15 18:36:29 2010 -0500" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Nov 15 15:40:01 2010 -0800" }, "message": "capabilities/syslog: open code cap_syslog logic to fix build failure\n\nThe addition of CONFIG_SECURITY_DMESG_RESTRICT resulted in a build\nfailure when CONFIG_PRINTK\u003dn. This is because the capabilities code\nwhich used the new option was built even though the variable in question\ndidn\u0027t exist.\n\nThe patch here fixes this by moving the capabilities checks out of the\nLSM and into the caller. All (known) LSMs should have been calling the\ncapabilities hook already so it actually makes the code organization\nbetter to eliminate the hook altogether.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "fc14f2fef682df677d64a145256dbd263df2aa7b", "tree": "74f6b939fbad959a43c04ec646cd0adc8af5f53a", "parents": [ "848b83a59b772b8f102bc5e3f1187c2fa5676959" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 25 01:48:30 2010 +0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 29 04:16:28 2010 -0400" }, "message": "convert get_sb_single() users\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "85fe4025c616a7c0ed07bc2fc8c5371b07f3888c", "tree": "7a5db7accb6192f2911f2473b4e3191227b914cc", "parents": [ "f991bd2e14210fb93d722cb23e54991de20e8a3d" ], "author": { "name": "Christoph Hellwig", "email": "hch@lst.de", "time": "Sat Oct 23 11:19:54 2010 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Oct 25 21:26:11 2010 -0400" }, "message": "fs: do not assign default i_ino in new_inode\n\nInstead of always assigning an increasing inode number in new_inode\nmove the call to assign it into those callers that actually need it.\nFor now callers that need it is estimated conservatively, that is\nthe call is added to all filesystems that do not assign an i_ino\nby themselves. For a few more filesystems we can avoid assigning\nany inode number given that they aren\u0027t user visible, and for others\nit could be done lazily when an inode number is actually needed,\nbut that\u0027s left for later patches.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Dave Chinner \u003cdchinner@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f0d3d9894e43fc68d47948e2c6f03e32da88b799", "tree": "685f386b1f114a29c6db8d5f2f947620b4df0285", "parents": [ "ff660c80d00b52287f1f67ee6c115dc0057bcdde" ], "author": { "name": "Stephen Rothwell", "email": "sfr@canb.auug.org.au", "time": "Wed Oct 20 16:08:00 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:13:01 2010 +1100" }, "message": "selinux: include vmalloc.h for vmalloc_user\n\nInclude vmalloc.h for vmalloc_user (fixes ppc build warning).\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "845ca30fe9691f1bab7cfbf30b6d11c944eb4abd", "tree": "eabf2b17957c2214375f870387eaab6c43d9e931", "parents": [ "cee74f47a6baba0ac457e87687fdcf0abd599f0a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Oct 13 17:50:31 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:59 2010 +1100" }, "message": "selinux: implement mmap on /selinux/policy\n\n/selinux/policy allows a user to copy the policy back out of the kernel.\nThis patch allows userspace to actually mmap that file and use it directly.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cee74f47a6baba0ac457e87687fdcf0abd599f0a", "tree": "3d9fdb073050664e62d9cdb6c28112090cd138da", "parents": [ "00d85c83ac52e2c1a66397f1abc589f80c543425" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Oct 13 17:50:25 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:58 2010 +1100" }, "message": "SELinux: allow userspace to read policy back out of the kernel\n\nThere is interest in being able to see what the actual policy is that was\nloaded into the kernel. The patch creates a new selinuxfs file\n/selinux/policy which can be read by userspace. The actual policy that is\nloaded into the kernel will be written back out to userspace.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "00d85c83ac52e2c1a66397f1abc589f80c543425", "tree": "86f297ed90f988d46e6bb8c56a60fbc3b3eb8d66", "parents": [ "4419aae1f4f380a3fba0f4f12ffbbbdf3f267c51" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Oct 13 17:50:19 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:57 2010 +1100" }, "message": "SELinux: drop useless (and incorrect) AVTAB_MAX_SIZE\n\nAVTAB_MAX_SIZE was a define which was supposed to be used in userspace to\ndefine a maximally sized avtab when userspace wasn\u0027t sure how big of a table\nit needed. It doesn\u0027t make sense in the kernel since we always know our table\nsizes. The only place it is used we have a more appropiately named define\ncalled AVTAB_MAX_HASH_BUCKETS, use that instead.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4419aae1f4f380a3fba0f4f12ffbbbdf3f267c51", "tree": "e2f7e4850dc84768f6dd66e38a1454b8e3574714", "parents": [ "b28efd54d9d5c8005a29cd8782335beb9daaa32d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Oct 13 17:50:14 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:56 2010 +1100" }, "message": "SELinux: deterministic ordering of range transition rules\n\nRange transition rules are placed in the hash table in an (almost)\narbitrary order. This patch inserts them in a fixed order to make policy\nretrival more predictable.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d5630b9d276bd389299ffea620b7c340ab19bcf5", "tree": "4e97cadf12518fb107f9e7140fa94343bd6643f5", "parents": [ "2606fd1fa5710205b23ee859563502aa18362447" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Oct 13 16:24:48 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:50 2010 +1100" }, "message": "security: secid_to_secctx returns len when data is NULL\n\nWith the (long ago) interface change to have the secid_to_secctx functions\ndo the string allocation instead of having the caller do the allocation we\nlost the ability to query the security server for the length of the\nupcoming string. The SECMARK code would like to allocate a netlink skb\nwith enough length to hold the string but it is just too unclean to do the\nstring allocation twice or to do the allocation the first time and hold\nonto the string and slen. This patch adds the ability to call\nsecurity_secid_to_secctx() with a NULL data pointer and it will just set\nthe slen pointer.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2606fd1fa5710205b23ee859563502aa18362447", "tree": "f79becd7010a2da1a765829fce0e09327cd50531", "parents": [ "15714f7b58011cf3948cab2988abea560240c74f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Oct 13 16:24:41 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:48 2010 +1100" }, "message": "secmark: make secmark object handling generic\n\nRight now secmark has lots of direct selinux calls. Use all LSM calls and\nremove all SELinux specific knowledge. The only SELinux specific knowledge\nwe leave is the mode. The only point is to make sure that other LSMs at\nleast test this generic code before they assume it works. (They may also\nhave to make changes if they do not represent labels as strings)\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b0ae19811375031ae3b3fecc65b702a9c6e5cc28", "tree": "a765b71155fbed1ed3a3cff35c1044ad49a002ae", "parents": [ "9b3056cca09529d34af2d81305b2a9c6b622ca1b" ], "author": { "name": "KOSAKI Motohiro", "email": "kosaki.motohiro@jp.fujitsu.com", "time": "Fri Oct 15 04:21:18 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:44 2010 +1100" }, "message": "security: remove unused parameter from security_task_setscheduler()\n\nAll security modules shouldn\u0027t change sched_param parameter of\nsecurity_task_setscheduler(). This is not only meaningless, but also\nmake a harmful result if caller pass a static variable.\n\nThis patch remove policy and sched_param parameter from\nsecurity_task_setscheduler() becuase none of security module is\nusing it.\n\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: KOSAKI Motohiro \u003ckosaki.motohiro@jp.fujitsu.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "36f7f28416c97dbb725154930066d115b4447e17", "tree": "c09aed0142158c6fda679bab87012144e5a60372", "parents": [ "8b0c543e5cb1e47a54d3ea791b8a03b9c8a715db" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Thu Sep 30 11:49:55 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:41 2010 +1100" }, "message": "selinux: fix up style problem on /selinux/status\n\nThis patch fixes up coding-style problem at this commit:\n\n 4f27a7d49789b04404eca26ccde5f527231d01d5\n selinux: fast status update interface (/selinux/status)\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8b0c543e5cb1e47a54d3ea791b8a03b9c8a715db", "tree": "82391c4dc20e071f0ebcee867a7cc27119928114", "parents": [ "60272da0341e9eaa136e1dc072bfef72c995d851" ], "author": { "name": "matt mooney", "email": "mfm@muteddisk.com", "time": "Wed Sep 22 23:50:06 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:40 2010 +1100" }, "message": "selinux: change to new flag variable\n\nReplace EXTRA_CFLAGS with ccflags-y.\n\nSigned-off-by: matt mooney \u003cmfm@muteddisk.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "60272da0341e9eaa136e1dc072bfef72c995d851", "tree": "9441606f03330f1e2951ff0613d8059f90a353ec", "parents": [ "ceba72a68d17ee36ef24a71b80dde39ee934ece8" ], "author": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Wed Sep 15 20:14:53 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:39 2010 +1100" }, "message": "selinux: really fix dependency causing parallel compile failure.\n\nWhile the previous change to the selinux Makefile reduced the window\nsignificantly for this failure, it is still possible to see a compile\nfailure where cpp starts processing selinux files before the auto\ngenerated flask.h file is completed. This is easily reproduced by\nadding the following temporary change to expose the issue everytime:\n\n- cmd_flask \u003d scripts/selinux/genheaders/genheaders ...\n+ cmd_flask \u003d sleep 30 ; scripts/selinux/genheaders/genheaders ...\n\nThis failure happens because the creation of the object files in the ss\nsubdir also depends on flask.h. So simply incorporate them into the\nparent Makefile, as the ss/Makefile really doesn\u0027t do anything unique.\n\nWith this change, compiling of all selinux files is dependent on\ncompletion of the header file generation, and this test case with\nthe \"sleep 30\" now confirms it is functioning as expected.\n\nSigned-off-by: Paul Gortmaker \u003cpaul.gortmaker@windriver.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ceba72a68d17ee36ef24a71b80dde39ee934ece8", "tree": "912582b629745d650e9f8ae6fecb42e4345e3900", "parents": [ "119041672592d1890d89dd8f194bd0919d801dc8" ], "author": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Mon Aug 09 17:34:25 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:38 2010 +1100" }, "message": "selinux: fix parallel compile error\n\nSelinux has an autogenerated file, \"flask.h\" which is included by\ntwo other selinux files. The current makefile has a single dependency\non the first object file in the selinux-y list, assuming that will get\nflask.h generated before anyone looks for it, but that assumption breaks\ndown in a \"make -jN\" situation and you get:\n\n selinux/selinuxfs.c:35: fatal error: flask.h: No such file or directory\n compilation terminated.\n remake[9]: *** [security/selinux/selinuxfs.o] Error 1\n\nSince flask.h is included by security.h which in turn is included\nnearly everywhere, make the dependency apply to all of the selinux-y\nlist of objs.\n\nSigned-off-by: Paul Gortmaker \u003cpaul.gortmaker@windriver.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "119041672592d1890d89dd8f194bd0919d801dc8", "tree": "b994abb42446b8637f072194c57359fd80d52a97", "parents": [ "4b04a7cfc5ccb573ca3752429c81d37f8dd2f7c6" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Tue Sep 14 18:28:39 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:36 2010 +1100" }, "message": "selinux: fast status update interface (/selinux/status)\n\nThis patch provides a new /selinux/status entry which allows applications\nread-only mmap(2).\nThis region reflects selinux_kernel_status structure in kernel space.\n struct selinux_kernel_status\n {\n u32 length; /* length of this structure */\n u32 sequence; /* sequence number of seqlock logic */\n u32 enforcing; /* current setting of enforcing mode */\n u32 policyload; /* times of policy reloaded */\n u32 deny_unknown; /* current setting of deny_unknown */\n };\n\nWhen userspace object manager caches access control decisions provided\nby SELinux, it needs to invalidate the cache on policy reload and setenforce\nto keep consistency.\nHowever, the applications need to check the kernel state for each accesses\non userspace avc, or launch a background worker process.\nIn heuristic, frequency of invalidation is much less than frequency of\nmaking access control decision, so it is annoying to invoke a system call\nto check we don\u0027t need to invalidate the userspace cache.\nIf we can use a background worker thread, it allows to receive invalidation\nmessages from the kernel. But it requires us an invasive coding toward the\nbase application in some cases; E.g, when we provide a feature performing\nwith SELinux as a plugin module, it is unwelcome manner to launch its own\nworker thread from the module.\n\nIf we could map /selinux/status to process memory space, application can\nknow updates of selinux status; policy reload or setenforce.\n\nA typical application checks selinux_kernel_status::sequence when it tries\nto reference userspace avc. If it was changed from the last time when it\nchecked userspace avc, it means something was updated in the kernel space.\nThen, the application can reset userspace avc or update current enforcing\nmode, without any system call invocations.\nThis sequence number is updated according to the seqlock logic, so we need\nto wait for a while if it is odd number.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n--\n security/selinux/include/security.h | 21 ++++++\n security/selinux/selinuxfs.c | 56 +++++++++++++++\n security/selinux/ss/Makefile | 2 +-\n security/selinux/ss/services.c | 3 +\n security/selinux/ss/status.c | 129 +++++++++++++++++++++++++++++++++++\n 5 files changed, 210 insertions(+), 1 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "daa6d83a2863c28197b0c7dabfdf1e0606760b78", "tree": "0c1198f796847274aeead46e791bb8c84451bfd2", "parents": [ "68eda8f59081c74a51d037cc29893bd7c9b3c2d8" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Aug 03 15:26:05 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:33 2010 +1100" }, "message": "selinux: type_bounds_sanity_check has a meaningless variable declaration\n\ntype is not used at all, stop declaring and assigning it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d996b62a8df1d935b01319bf8defb95b5709f7b8", "tree": "d81f8240da776336845a2063555d7bb4dce684bd", "parents": [ "ee2ffa0dfdd2db19705f2ba1c6a4c0bfe8122dd8" ], "author": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Wed Aug 18 04:37:36 2010 +1000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Aug 18 08:35:47 2010 -0400" }, "message": "tty: fix fu_list abuse\n\ntty: fix fu_list abuse\n\ntty code abuses fu_list, which causes a bug in remount,ro handling.\n\nIf a tty device node is opened on a filesystem, then the last link to the inode\nremoved, the filesystem will be allowed to be remounted readonly. This is\nbecause fs_may_remount_ro does not find the 0 link tty inode on the file sb\nlist (because the tty code incorrectly removed it to use for its own purpose).\nThis can result in a filesystem with errors after it is marked \"clean\".\n\nTaking idea from Christoph\u0027s initial patch, allocate a tty private struct\nat file-\u003eprivate_data and put our required list fields in there, linking\nfile and tty. This makes tty nodes behave the same way as other device nodes\nand avoid meddling with the vfs, and avoids this bug.\n\nThe error handling is not trivial in the tty code, so for this bugfix, I take\nthe simple approach of using __GFP_NOFAIL and don\u0027t worry about memory errors.\nThis is not a problem because our allocator doesn\u0027t fail small allocs as a rule\nanyway. So proper error handling is left as an exercise for tty hackers.\n\n[ Arguably filesystem\u0027s device inode would ideally be divorced from the\ndriver\u0027s pseudo inode when it is opened, but in practice it\u0027s not clear whether\nthat will ever be worth implementing. ]\n\nCc: linux-kernel@vger.kernel.org\nCc: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nSigned-off-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ee2ffa0dfdd2db19705f2ba1c6a4c0bfe8122dd8", "tree": "e48400d1a33f8d2e68589ccfd61637aa64462f08", "parents": [ "b04f784e5d19ed58892833dae845738972cea260" ], "author": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Wed Aug 18 04:37:35 2010 +1000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Aug 18 08:35:47 2010 -0400" }, "message": "fs: cleanup files_lock locking\n\nfs: cleanup files_lock locking\n\nLock tty_files with a new spinlock, tty_files_lock; provide helpers to\nmanipulate the per-sb files list; unexport the files_lock spinlock.\n\nCc: linux-kernel@vger.kernel.org\nCc: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nAcked-by: Andi Kleen \u003cak@linux.intel.com\u003e\nAcked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nSigned-off-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b34d8915c413acb51d837a45fb8747b61f65c020", "tree": "ced5fac166324634653d84b1afe2b958b3904f4d", "parents": [ "e8a89cebdbaab14caaa26debdb4ffd493b8831af", "f33ebbe9da2c3c24664a0ad4f8fd83f293547e63" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 10 12:07:51 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 10 12:07:51 2010 -0700" }, "message": "Merge branch \u0027writable_limits\u0027 of git://decibel.fi.muni.cz/~xslaby/linux\n\n* \u0027writable_limits\u0027 of git://decibel.fi.muni.cz/~xslaby/linux:\n unistd: add __NR_prlimit64 syscall numbers\n rlimits: implement prlimit64 syscall\n rlimits: switch more rlimit syscalls to do_prlimit\n rlimits: redo do_setrlimit to more generic do_prlimit\n rlimits: add rlimit64 structure\n rlimits: do security check under task_lock\n rlimits: allow setrlimit to non-current tasks\n rlimits: split sys_setrlimit\n rlimits: selinux, do rlimits changes under task_lock\n rlimits: make sure -\u003erlim_max never grows in sys_setrlimit\n rlimits: add task_struct to update_rlimit_cpu\n rlimits: security, add task_struct to setrlimit\n\nFix up various system call number conflicts. We not only added fanotify\nsystem calls in the meantime, but asm-generic/unistd.h added a wait4\nalong with a range of reserved per-architecture system calls.\n" }, { "commit": "a7a387cc596278af1516c534b50cc0bee171129d", "tree": "6b020262150ab47e2aaeb7ccdd57534460df2665", "parents": [ "06c22dadc6d3f9b65e55407a87faaf6a4a014112" ], "author": { "name": "Ralf Baechle", "email": "ralf@linux-mips.org", "time": "Fri Aug 06 20:37:56 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Aug 06 18:11:39 2010 -0400" }, "message": "SELINUX: Fix build error.\n\nFix build error caused by a stale security/selinux/av_permissions.h in the $(src)\ndirectory which will override a more recent version in $(obj) that is it\nappears to strike only when building with a separate object directory.\n\nSigned-off-by: Ralf Baechle \u003cralf@linux-mips.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6371dcd36f649d9d07823f31400618155a20dde1", "tree": "a08c4ed2ec77225abbfcc099e78ae8d643429787", "parents": [ "016d825fe02cd20fd8803ca37a1e6d428fe878f6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jul 29 23:02:34 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:39 2010 +1000" }, "message": "selinux: convert the policy type_attr_map to flex_array\n\nCurrent selinux policy can have over 3000 types. The type_attr_map in\npolicy is an array sized by the number of types times sizeof(struct ebitmap)\n(12 on x86_64). Basic math tells us the array is going to be of length\n3000 x 12 \u003d 36,000 bytes. The largest \u0027safe\u0027 allocation on a long running\nsystem is 16k. Most of the time a 32k allocation will work. But on long\nrunning systems a 64k allocation (what we need) can fail quite regularly.\nIn order to deal with this I am converting the type_attr_map to use\nflex_arrays. Let the library code deal with breaking this into PAGE_SIZE\npieces.\n\n-v2\nrework some of the if(!obj) BUG() to be BUG_ON(!obj)\ndrop flex_array_put() calls and just use a _get() object directly\n\n-v3\nmake apply to James\u0027 tree (drop the policydb_write changes)\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b424485abe2b16580a178b469917a7b6ee0c152a", "tree": "d90d4662dd1ad229976354e4caa1a7632fb2a6d3", "parents": [ "49b7b8de46d293113a0a0bb026ff7bd833c73367" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 23 11:44:15 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:09 2010 +1000" }, "message": "SELinux: Move execmod to the common perms\n\nexecmod \"could\" show up on non regular files and non chr files. The current\nimplementation would actually make these checks against non-existant bits\nsince the code assumes the execmod permission is same for all file types.\nTo make this line up for chr files we had to define execute_no_trans and\nentrypoint permissions. These permissions are unreachable and only existed\nto to make FILE__EXECMOD and CHR_FILE__EXECMOD the same. This patch drops\nthose needless perms as well.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "49b7b8de46d293113a0a0bb026ff7bd833c73367", "tree": "ff29778c49a8ac1511249cc268ddbb2c6ddb86a9", "parents": [ "b782e0a68d17894d9a618ffea55b33639faa6bb4" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 23 11:44:09 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:08 2010 +1000" }, "message": "selinux: place open in the common file perms\n\nkernel can dynamically remap perms. Drop the open lookup table and put open\nin the common file perms.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b782e0a68d17894d9a618ffea55b33639faa6bb4", "tree": "307bc615153075a6e92be5d839a58ff48d6525f3", "parents": [ "d09ca73979460b96d5d4684d588b188be9a1f57d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 23 11:44:03 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:07 2010 +1000" }, "message": "SELinux: special dontaudit for access checks\n\nCurrently there are a number of applications (nautilus being the main one) which\ncalls access() on files in order to determine how they should be displayed. It\nis normal and expected that nautilus will want to see if files are executable\nor if they are really read/write-able. access() should return the real\npermission. SELinux policy checks are done in access() and can result in lots\nof AVC denials as policy denies RWX on files which DAC allows. Currently\nSELinux must dontaudit actual attempts to read/write/execute a file in\norder to silence these messages (and not flood the logs.) But dontaudit rules\nlike that can hide real attacks. This patch addes a new common file\npermission audit_access. This permission is special in that it is meaningless\nand should never show up in an allow rule. Instead the only place this\npermission has meaning is in a dontaudit rule like so:\n\ndontaudit nautilus_t sbin_t:file audit_access\n\nWith such a rule if nautilus just checks access() we will still get denied and\nthus userspace will still get the correct answer but we will not log the denial.\nIf nautilus attempted to actually perform one of the forbidden actions\n(rather than just querying access(2) about it) we would still log a denial.\nThis type of dontaudit rule should be used sparingly, as it could be a\nmethod for an attacker to probe the system permissions without detection.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d09ca73979460b96d5d4684d588b188be9a1f57d", "tree": "217543affc5c1c76181ffca00c23cfa69f1dd4f6", "parents": [ "9cfcac810e8993fa7a5bfd24b1a21f1dbbb03a7b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 23 11:43:57 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:07 2010 +1000" }, "message": "security: make LSMs explicitly mask off permissions\n\nSELinux needs to pass the MAY_ACCESS flag so it can handle auditting\ncorrectly. Presently the masking of MAY_* flags is done in the VFS. In\norder to allow LSMs to decide what flags they care about and what flags\nthey don\u0027t just pass them all and the each LSM mask off what they don\u0027t\nneed. This patch should contain no functional changes to either the VFS or\nany LSM.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "692a8a231b212dfc68f612956d63f34abf098e0f", "tree": "4af3c03535ebc49e38c3c0c8f67061adbdf44c72", "parents": [ "d1b43547e56b163bc5c622243c47d8a13626175b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jul 21 12:51:03 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:06 2010 +1000" }, "message": "SELinux: break ocontext reading into a separate function\n\nMove the reading of ocontext type data out of policydb_read() in a separate\nfunction ocontext_read()\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d1b43547e56b163bc5c622243c47d8a13626175b", "tree": "29b2ddd50b3a0c6fe4dcf5f78c55c8698cd11679", "parents": [ "9a7982793c3aee6ce86d8e7e15306215257329f2" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jul 21 12:50:57 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:05 2010 +1000" }, "message": "SELinux: move genfs read to a separate function\n\nmove genfs read functionality out of policydb_read() and into a new\nfunction called genfs_read()\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9a7982793c3aee6ce86d8e7e15306215257329f2", "tree": "4d85f6f7a57260cefd938dca7593aabf9c02a59c", "parents": [ "338437f6a09861cdf76e1396ed5fa6dee9c7cabe" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:57:39 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:04 2010 +1000" }, "message": "selinux: fix error codes in symtab_init()\n\nhashtab_create() only returns NULL on allocation failures to -ENOMEM is\nappropriate here.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "338437f6a09861cdf76e1396ed5fa6dee9c7cabe", "tree": "e693392adf370b81af129b326bba45bf43f03862", "parents": [ "38184c522249dc377366d4edc41dc500c2c3bb9e" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:56:01 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:04 2010 +1000" }, "message": "selinux: fix error codes in cond_read_bool()\n\nThe original code always returned -1 (-EPERM) on error. The new code\nreturns either -ENOMEM, or -EINVAL or it propagates the error codes from\nlower level functions next_entry() or hashtab_insert().\n\nnext_entry() returns -EINVAL.\nhashtab_insert() returns -EINVAL, -EEXIST, or -ENOMEM.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "38184c522249dc377366d4edc41dc500c2c3bb9e", "tree": "10c87bf5fdaea233a7842a79f04459792e1b5ba1", "parents": [ "fc5c126e4733e6fb3080d3d822ca63226e74fc84" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:55:01 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:03 2010 +1000" }, "message": "selinux: fix error codes in cond_policydb_init()\n\nIt\u0027s better to propagate the error code from avtab_init() instead of\nreturning -1 (-EPERM). It turns out that avtab_init() never fails so\nthis patch doesn\u0027t change how the code runs but it\u0027s still a clean up.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fc5c126e4733e6fb3080d3d822ca63226e74fc84", "tree": "3320c22b66107c984ac0cf07c365420df42a4977", "parents": [ "9d623b17a740d5a85c12108cdc71c64fb15484fc" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:53:46 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:02 2010 +1000" }, "message": "selinux: fix error codes in cond_read_node()\n\nOriginally cond_read_node() returned -1 (-EPERM) on errors which was\nincorrect. Now it either propagates the error codes from lower level\nfunctions next_entry() or cond_read_av_list() or it returns -ENOMEM or\n-EINVAL.\n\nnext_entry() returns -EINVAL.\ncond_read_av_list() returns -EINVAL or -ENOMEM.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9d623b17a740d5a85c12108cdc71c64fb15484fc", "tree": "15434839a75f9c46c53a201520c6c859fad3c74b", "parents": [ "5241c1074f6e2f2276d45d857eb5d19fbdc2e4b2" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:52:19 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:02 2010 +1000" }, "message": "selinux: fix error codes in cond_read_av_list()\n\nAfter this patch cond_read_av_list() no longer returns -1 for any\nerrors. It just propagates error code back from lower levels. Those can\neither be -EINVAL or -ENOMEM.\n\nI also modified cond_insertf() since cond_read_av_list() passes that as a\nfunction pointer to avtab_read_item(). It isn\u0027t used anywhere else.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5241c1074f6e2f2276d45d857eb5d19fbdc2e4b2", "tree": "cf41e959668f5a9ec7a5d75059df864133569c91", "parents": [ "9e0bd4cba4460bff64fb07cfb07849cdfd4d325a" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:51:40 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:01 2010 +1000" }, "message": "selinux: propagate error codes in cond_read_list()\n\nThese are passed back when the security module gets loaded.\n\nThe original code always returned -1 (-EPERM) on error but after this\npatch it can return -EINVAL, or -ENOMEM or propagate the error code from\ncond_read_node(). cond_read_node() still returns -1 all the time, but I\nfix that in a later patch.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9e0bd4cba4460bff64fb07cfb07849cdfd4d325a", "tree": "feebec6167012e461d286c02ae45348ad0b2d3a1", "parents": [ "dce3a3d2ee038d230323fe06b061dbaace6b8f94" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:50:35 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:01 2010 +1000" }, "message": "selinux: cleanup return codes in avtab_read_item()\n\nThe avtab_read_item() function tends to return -1 as a default error\ncode which is wrong (-1 means -EPERM). I modified it to return\nappropriate error codes which is -EINVAL or the error code from\nnext_entry() or insertf().\n\nnext_entry() returns -EINVAL.\ninsertf() is a function pointer to either avtab_insert() or\ncond_insertf().\navtab_insert() returns -EINVAL, -ENOMEM, and -EEXIST.\ncond_insertf() currently returns -1, but I will fix it in a later patch.\n\nThere is code in avtab_read() which translates the -1 returns from\navtab_read_item() to -EINVAL. The translation is no longer needed, so I\nremoved it.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "57a62c2317d60b21b7761c319a733a894482a6af", "tree": "03329d5df0a390640fbe5a41be064e5914673b02", "parents": [ "cdcd90f9e450d4edb5fab0490119f9540874e882" ], "author": { "name": "Arnd Bergmann", "email": "arnd@arndb.de", "time": "Wed Jul 07 23:40:10 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:59 2010 +1000" }, "message": "selinux: use generic_file_llseek\n\nThe default for llseek will change to no_llseek,\nso selinuxfs needs to add explicit .llseek\nassignments. Since we\u0027re dealing with regular\nfiles from a VFS perspective, use generic_file_llseek.\n\nSigned-off-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "af4f136056c984b0aa67feed7d3170b958370b2f", "tree": "30b62cd9174044cbdfdddc1fe5e0f21e7ddde85c", "parents": [ "5ad18a0d59ba9e65b3c8b2b489fd23bc6b3daf94" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jul 01 15:07:43 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:57 2010 +1000" }, "message": "security: move LSM xattrnames to xattr.h\n\nMake the security extended attributes names global. Updated to move\nthe remaining Smack xattrs.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5fb49870e6d48d81d8ca0e1ef979073dc9a820f7", "tree": "136fdf4f4181907b89916f24a8e828c00ba3e6bd", "parents": [ "253bfae6e0ad97554799affa0266052968a45808" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:19 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:39 2010 +1000" }, "message": "selinux: Use current_security() when possible\n\nThere were a number of places using the following code pattern:\n\n struct cred *cred \u003d current_cred();\n struct task_security_struct *tsec \u003d cred-\u003esecurity;\n\n... which were simplified to the following:\n\n struct task_security_struct *tsec \u003d current_security();\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "253bfae6e0ad97554799affa0266052968a45808", "tree": "c3599a18f06664160a55a20b30428ba4faf6e2c0", "parents": [ "84914b7ed1c5e0f3199a5a6997022758a70fcaff" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:19 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:39 2010 +1000" }, "message": "selinux: Convert socket related access controls to use socket labels\n\nAt present, the socket related access controls use a mix of inode and\nsocket labels; while there should be no practical difference (they\n_should_ always be the same), it makes the code more confusing. This\npatch attempts to convert all of the socket related access control\npoints (with the exception of some of the inode/fd based controls) to\nuse the socket\u0027s own label. In the process, I also converted the\nsocket_has_perm() function to take a \u0027sock\u0027 argument instead of a\n\u0027socket\u0027 since that was adding a bit more overhead in some cases.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "84914b7ed1c5e0f3199a5a6997022758a70fcaff", "tree": "a0ac9631fba19280516ec26819c884e6b086b183", "parents": [ "d4f2d97841827cb876da8b607df05a3dab812416" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:18 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:38 2010 +1000" }, "message": "selinux: Shuffle the sk_security_struct alloc and free routines\n\nThe sk_alloc_security() and sk_free_security() functions were only being\ncalled by the selinux_sk_alloc_security() and selinux_sk_free_security()\nfunctions so we just move the guts of the alloc/free routines to the\ncallers and eliminate a layer of indirection.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d4f2d97841827cb876da8b607df05a3dab812416", "tree": "8d3128128f465e23dbfc5ee4ccc50d9bc489f7d7", "parents": [ "4d1e24514d80cb266231d0c1b6c02161970ad019" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:18 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:37 2010 +1000" }, "message": "selinux: Consolidate sockcreate_sid logic\n\nConsolidate the basic sockcreate_sid logic into a single helper function\nwhich allows us to do some cleanups in the related code.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4d1e24514d80cb266231d0c1b6c02161970ad019", "tree": "2de35d44c52dc1afa28c8f1bf294180817834a9d", "parents": [ "e79acf0ef45e0b54aed47ebea7f25c540d3f527e" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:18 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:37 2010 +1000" }, "message": "selinux: Set the peer label correctly on connected UNIX domain sockets\n\nCorrect a problem where we weren\u0027t setting the peer label correctly on\nthe client end of a pair of connected UNIX sockets.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9ee0c823c18119914283358b35a1c3ebb14c2f90", "tree": "6e29e71f1c9c7ae65d92a15a3b3220ae1d173407", "parents": [ "d2f8b2348f3406652ee00ee7221441bd36fe0195" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jun 11 12:37:05 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:30 2010 +1000" }, "message": "SELinux: seperate range transition rules to a seperate function\n\nMove the range transition rule to a separate function, range_read(), rather\nthan doing it all in policydb_read()\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "babcd37821fba57048b30151969d28303f2a8b6b", "tree": "f3a22f93df9d0ccb95bc653c9b56476adab05876", "parents": [ "9fe6206f400646a2322096b56c59891d530e8d51" ], "author": { "name": "Paul E. McKenney", "email": "paulmck@linux.vnet.ibm.com", "time": "Tue May 18 12:11:25 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:35 2010 +1000" }, "message": "selinux: remove all rcu head initializations\n\nRemove all rcu head inits. We don\u0027t care about the RCU head state before passing\nit to call_rcu() anyway. Only leave the \"on_stack\" variants so debugobjects can\nkeep track of objects on stack.\n\nSigned-off-by: Mathieu Desnoyers \u003cmathieu.desnoyers@efficios.com\u003e\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "eb2d55a32b9a91bca0dea299eedb560bafa8b14e", "tree": "1ba1a701c56614fc03d282b572164e1c409a0df0", "parents": [ "2fb9d2689a0041b88b25bc3187eada2968e25995" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Wed Jun 23 22:43:32 2010 +0200" }, "committer": { "name": "Jiri Slaby", "email": "jirislaby@gmail.com", "time": "Fri Jul 16 09:48:46 2010 +0200" }, "message": "rlimits: selinux, do rlimits changes under task_lock\n\nWhen doing an exec, selinux updates rlimits in its code of current\nprocess depending on current max. Make sure max or cur doesn\u0027t change\nin the meantime by grabbing task_lock which do_prlimit needs for\nchanging limits too.\n\nWhile at it, use rlimit helper for accessing CPU rlimit a line below.\nTo have a volatile access too.\n\nSigned-off-by: Jiri Slaby \u003cjslaby@suse.cz\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\n" }, { "commit": "5ab46b345e418747b3a52f0892680c0745c4223c", "tree": "d7453221b7fc2764a7405b48b73b4ac7bf7a317a", "parents": [ "8fd00b4d7014b00448eb33cf0590815304769798" ], "author": { "name": "Jiri Slaby", "email": "jirislaby@gmail.com", "time": "Fri Aug 28 14:05:12 2009 +0200" }, "committer": { "name": "Jiri Slaby", "email": "jirislaby@gmail.com", "time": "Fri Jul 16 09:48:45 2010 +0200" }, "message": "rlimits: add task_struct to update_rlimit_cpu\n\nAdd task_struct as a parameter to update_rlimit_cpu to be able to set\nrlimit_cpu of different task than current.\n\nSigned-off-by: Jiri Slaby \u003cjirislaby@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8fd00b4d7014b00448eb33cf0590815304769798", "tree": "f97cc5b4401dd038e539dae7ad66066383012866", "parents": [ "2f7989efd4398d92b8adffce2e07dd043a0895fe" ], "author": { "name": "Jiri Slaby", "email": "jirislaby@gmail.com", "time": "Wed Aug 26 18:41:16 2009 +0200" }, "committer": { "name": "Jiri Slaby", "email": "jirislaby@gmail.com", "time": "Fri Jul 16 09:48:45 2010 +0200" }, "message": "rlimits: security, add task_struct to setrlimit\n\nAdd task_struct to task_setrlimit of security_operations to be able to set\nrlimit of task other than current.\n\nSigned-off-by: Jiri Slaby \u003cjirislaby@gmail.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e8c26255992474a2161c63ce9d385827302e4530", "tree": "08d247a53eca56a6e161ca784a4536b3ea7662f7", "parents": [ "01a05b337a5b647909e1d6670f57e7202318a5fb" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 23 06:36:54 2010 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 21 18:31:17 2010 -0400" }, "message": "switch selinux delayed superblock handling to iterate_supers()\n\n... kill their private list, while we are at it\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b3139bbc52762268769e7af842aade0e64372433", "tree": "eae65d208fdbeaefd9bdc9c6877d8eb18e617bf6", "parents": [ "9e4b50e93786d00c703f16ed46e6a4029c0dfdd1" ], "author": { "name": "Julia Lawall", "email": "julia@diku.dk", "time": "Fri May 14 21:30:30 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon May 17 09:00:27 2010 +1000" }, "message": "security/selinux/ss: Use kstrdup\n\nUse kstrdup when the goal of an allocation is copy a string into the\nallocated region.\n\nThe semantic patch that makes this change is as follows:\n(http://coccinelle.lip6.fr/)\n\n// \u003csmpl\u003e\n@@\nexpression from,to;\nexpression flag,E1,E2;\nstatement S;\n@@\n\n- to \u003d kmalloc(strlen(from) + 1,flag);\n+ to \u003d kstrdup(from, flag);\n ... when !\u003d \\(from \u003d E1 \\| to \u003d E1 \\)\n if (to\u003d\u003dNULL || ...) S\n ... when !\u003d \\(from \u003d E2 \\| to \u003d E2 \\)\n- strcpy(to, from);\n// \u003c/smpl\u003e\n\nSigned-off-by: Julia Lawall \u003cjulia@diku.dk\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0ffbe2699cda6afbe08501098dff8a8c2fe6ae09", "tree": "81b1a2305d16c873371b65c5a863c0268036cefe", "parents": [ "4e5d6f7ec3833c0da9cf34fa5c53c6058c5908b6", "7ebd467551ed6ae200d7835a84bbda0dcadaa511" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 10:56:07 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 10:56:07 2010 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "fcaaade1db63bb2d6f7611d7824eb50d2f07a546", "tree": "9091dbdd0c9bd1e3af9ece6f5cce5c0d6c258253", "parents": [ "cb84aa9b42b506299e5aea1ba4da26c03ab12877" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Apr 28 15:57:57 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 29 08:58:45 2010 +1000" }, "message": "selinux: generalize disabling of execmem for plt-in-heap archs\n\nOn Tue, 2010-04-27 at 11:47 -0700, David Miller wrote:\n\u003e From: \"Tom \\\"spot\\\" Callaway\" \u003ctcallawa@redhat.com\u003e\n\u003e Date: Tue, 27 Apr 2010 14:20:21 -0400\n\u003e\n\u003e \u003e [root@apollo ~]$ cat /proc/2174/maps\n\u003e \u003e 00010000-00014000 r-xp 00000000 fd:00 15466577\n\u003e \u003e /sbin/mingetty\n\u003e \u003e 00022000-00024000 rwxp 00002000 fd:00 15466577\n\u003e \u003e /sbin/mingetty\n\u003e \u003e 00024000-00046000 rwxp 00000000 00:00 0\n\u003e \u003e [heap]\n\u003e\n\u003e SELINUX probably barfs on the executable heap, the PLT is in the HEAP\n\u003e just like powerpc32 and that\u0027s why VM_DATA_DEFAULT_FLAGS has to set\n\u003e both executable and writable.\n\u003e\n\u003e You also can\u0027t remove the CONFIG_PPC32 ifdefs in selinux, since\n\u003e because of the VM_DATA_DEFAULT_FLAGS setting used still in that arch,\n\u003e the heap will always have executable permission, just like sparc does.\n\u003e You have to support those binaries forever, whether you like it or not.\n\u003e\n\u003e Let\u0027s just replace the CONFIG_PPC32 ifdef in SELINUX with CONFIG_PPC32\n\u003e || CONFIG_SPARC as in Tom\u0027s original patch and let\u0027s be done with\n\u003e this.\n\u003e\n\u003e In fact I would go through all the arch/ header files and check the\n\u003e VM_DATA_DEFAULT_FLAGS settings and add the necessary new ifdefs to the\n\u003e SELINUX code so that other platforms don\u0027t have the pain of having to\n\u003e go through this process too.\n\nTo avoid maintaining per-arch ifdefs, it seems that we could just\ndirectly use (VM_DATA_DEFAULT_FLAGS \u0026 VM_EXEC) as the basis for deciding\nwhether to enable or disable these checks. VM_DATA_DEFAULT_FLAGS isn\u0027t\nconstant on some architectures but instead depends on\ncurrent-\u003epersonality, but we want this applied uniformly. So we\u0027ll just\nuse the initial task state to determine whether or not to enable these\nchecks.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cb84aa9b42b506299e5aea1ba4da26c03ab12877", "tree": "af646c3d148f5c04f7362c8bddc59b8518cafd9e", "parents": [ "b03df87d119f50715891dcc09e487f6ae5c029f1" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 27 17:20:38 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 28 08:51:12 2010 +1000" }, "message": "LSM Audit: rename LSM_AUDIT_NO_AUDIT to LSM_AUDIT_DATA_NONE\n\nMost of the LSM common audit work uses LSM_AUDIT_DATA_* for the naming.\nThis was not so for LSM_AUDIT_NO_AUDIT which means the generic initializer\ncannot be used. This patch just renames the flag so the generic\ninitializer can be used.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a200005038955057063fc8ea82129ebc785df41c", "tree": "712fdedac2d15290cdbe7b8adc02cce844fde9f0", "parents": [ "6f262d8e1acb7b1605b811700326163fa707d355" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 20 10:29:42 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 21 08:58:49 2010 +1000" }, "message": "SELinux: return error codes on policy load failure\n\npolicy load failure always return EINVAL even if the failure was for some\nother reason (usually ENOMEM). This patch passes error codes back up the\nstack where they will make their way to userspace. This might help in\ndebugging future problems with policy load.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6c9ff1013b7a21099da838eeef7c3f23ee347957", "tree": "38fb14055ae1dcae110f0f77a959d9584e2466a0", "parents": [ "2ba3abd8186f24c7fb418927025b4e2120e3a362" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Mar 15 10:42:11 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 15 09:26:01 2010 +1000" }, "message": "SELinux: Reduce max avtab size to avoid page allocation failures\n\nReduce MAX_AVTAB_HASH_BITS so that the avtab allocation is an order 2\nallocation rather than an order 4 allocation on x86_64. This\naddresses reports of page allocation failures:\nhttp://marc.info/?l\u003dselinux\u0026m\u003d126757230625867\u0026w\u003d2\nhttps://bugzilla.redhat.com/show_bug.cgi?id\u003d570433\n\nReported-by: Russell Coker \u003crussell@coker.com.au\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c1a7368a6f0b18b10fdec87972da680ebdf03794", "tree": "17a8d306fe2332093e0e11e5fbb03199df011037", "parents": [ "e2902eb79fdea3c3bf679a8f15f3432b393cb2c0" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Fri Apr 09 19:30:29 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 09 15:13:48 2010 +1000" }, "message": "Security: Fix coding style in security/\n\nFix coding style in security/\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dd3e7836bfe093fc611f715c323cf53be9252b27", "tree": "5e789062f3b74ed7c0ec370785eba234ee1ff472", "parents": [ "d25d6fa1a95f465ff1ec4458ca15e30b2c8dffec" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:08:46 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 08 09:17:02 2010 +1000" }, "message": "selinux: always call sk_security_struct sksec\n\ntrying to grep everything that messes with a sk_security_struct isn\u0027t easy\nsince we don\u0027t always call it sksec. Just rename everything sksec.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d25d6fa1a95f465ff1ec4458ca15e30b2c8dffec", "tree": "7362b182dedd825fc762ef7706830837e42943af", "parents": [ "225a9be24d799aa16d543c31fb09f0c9ed1d9caa", "2eaa9cfdf33b8d7fb7aff27792192e0019ae8fc6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 31 08:39:27 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 31 08:39:27 2010 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "5a0e3ad6af8660be21ca98a971cd00f331318c05", "tree": "5bfb7be11a03176a87296a43ac6647975c00a1d1", "parents": [ "ed391f4ebf8f701d3566423ce8f17e614cde9806" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 24 17:04:11 2010 +0900" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Mar 30 22:02:32 2010 +0900" }, "message": "include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h\n\npercpu.h is included by sched.h and module.h and thus ends up being\nincluded when building most .c files. percpu.h includes slab.h which\nin turn includes gfp.h making everything defined by the two files\nuniversally available and complicating inclusion dependencies.\n\npercpu.h -\u003e slab.h dependency is about to be removed. Prepare for\nthis change by updating users of gfp and slab facilities include those\nheaders directly instead of assuming availability. As this conversion\nneeds to touch large number of source files, the following script is\nused as the basis of conversion.\n\n http://userweb.kernel.org/~tj/misc/slabh-sweep.py\n\nThe script does the followings.\n\n* Scan files for gfp and slab usages and update includes such that\n only the necessary includes are there. ie. if only gfp is used,\n gfp.h, if slab is used, slab.h.\n\n* When the script inserts a new include, it looks at the include\n blocks and try to put the new include such that its order conforms\n to its surrounding. It\u0027s put in the include block which contains\n core kernel includes, in the same order that the rest are ordered -\n alphabetical, Christmas tree, rev-Xmas-tree or at the end if there\n doesn\u0027t seem to be any matching order.\n\n* If the script can\u0027t find a place to put a new include (mostly\n because the file doesn\u0027t have fitting include block), it prints out\n an error message indicating which .h file needs to be added to the\n file.\n\nThe conversion was done in the following steps.\n\n1. The initial automatic conversion of all .c files updated slightly\n over 4000 files, deleting around 700 includes and adding ~480 gfp.h\n and ~3000 slab.h inclusions. The script emitted errors for ~400\n files.\n\n2. Each error was manually checked. Some didn\u0027t need the inclusion,\n some needed manual addition while adding it to implementation .h or\n embedding .c file was more appropriate for others. This step added\n inclusions to around 150 files.\n\n3. The script was run again and the output was compared to the edits\n from #2 to make sure no file was left behind.\n\n4. Several build tests were done and a couple of problems were fixed.\n e.g. lib/decompress_*.c used malloc/free() wrappers around slab\n APIs requiring slab.h to be added manually.\n\n5. The script was run on all .h files but without automatically\n editing them as sprinkling gfp.h and slab.h inclusions around .h\n files could easily lead to inclusion dependency hell. Most gfp.h\n inclusion directives were ignored as stuff from gfp.h was usually\n wildly available and often used in preprocessor macros. Each\n slab.h inclusion directive was examined and added manually as\n necessary.\n\n6. percpu.h was updated not to include slab.h.\n\n7. Build test were done on the following configurations and failures\n were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my\n distributed build env didn\u0027t work with gcov compiles) and a few\n more options had to be turned off depending on archs to make things\n build (like ipr on powerpc/64 which failed due to missing writeq).\n\n * x86 and x86_64 UP and SMP allmodconfig and a custom test config.\n * powerpc and powerpc64 SMP allmodconfig\n * sparc and sparc64 SMP allmodconfig\n * ia64 SMP allmodconfig\n * s390 SMP allmodconfig\n * alpha SMP allmodconfig\n * um on x86_64 SMP allmodconfig\n\n8. percpu.h modifications were reverted so that it could be applied as\n a separate patch and serve as bisection point.\n\nGiven the fact that I had only a couple of failures from tests on step\n6, I\u0027m fairly confident about the coverage of this conversion patch.\nIf there is a breakage, it\u0027s likely to be something in one of the arch\nheaders which should be easily discoverable easily on most builds of\nthe specific arch.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nGuess-its-ok-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Lee Schermerhorn \u003cLee.Schermerhorn@hp.com\u003e\n" }, { "commit": "77c160e7798b4141a0705c734397a9236bb0e726", "tree": "e163a4f3fac4fa6f6419d95bcdf78e842d510089", "parents": [ "a19c5bbefb37ebe22fb42bd3861a8d3b2a2652a1" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Mar 15 10:42:11 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 16 08:31:02 2010 +1100" }, "message": "SELinux: Reduce max avtab size to avoid page allocation failures\n\nReduce MAX_AVTAB_HASH_BITS so that the avtab allocation is an order 2\nallocation rather than an order 4 allocation on x86_64. This\naddresses reports of page allocation failures:\nhttp://marc.info/?l\u003dselinux\u0026m\u003d126757230625867\u0026w\u003d2\nhttps://bugzilla.redhat.com/show_bug.cgi?id\u003d570433\n\nReported-by: Russell Coker \u003crussell@coker.com.au\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c43a7523470dc2d9947fa114a0b54317975d4c04", "tree": "30a72ed1e9079f19b814263197761820f57c39ce", "parents": [ "eaa5eec739637f32f8733d528ff0b94fd62b1214", "634a539e16bd7a1ba31c3f832baa725565cc9f96" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 09 12:46:47 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 09 12:46:47 2010 +1100" }, "message": "Merge branch \u0027next-queue\u0027 into next\n" }, { "commit": "318ae2edc3b29216abd8a2510f3f80b764f06858", "tree": "ce595adde342f57f379d277b25e4dd206988a052", "parents": [ "25cf84cf377c0aae5dbcf937ea89bc7893db5176", "3e58974027b04e84f68b964ef368a6cd758e2f84" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Mar 08 16:55:37 2010 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Mar 08 16:55:37 2010 +0100" }, "message": "Merge branch \u0027for-next\u0027 into for-linus\n\nConflicts:\n\tDocumentation/filesystems/proc.txt\n\tarch/arm/mach-u300/include/mach/debug-macro.S\n\tdrivers/net/qlge/qlge_ethtool.c\n\tdrivers/net/qlge/qlge_main.c\n\tdrivers/net/typhoon.c\n" }, { "commit": "634a539e16bd7a1ba31c3f832baa725565cc9f96", "tree": "cdc26f167c3a2764fecdf3427b2303d28bf05671", "parents": [ "c8563473c1259f5686ceb918c548c80132089f79" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@vyatta.com", "time": "Thu Mar 04 21:59:03 2010 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Mar 08 09:33:53 2010 +1100" }, "message": "selinux: const strings in tables\n\nSeveral places strings tables are used that should be declared\nconst.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "06b9b72df43800b9ae4e77202c8bf5848c9d6998", "tree": "8618aedcf68de0193924b8e6c44d010c382c85b9", "parents": [ "dbba541f9d9bd2c200041bc1b37c59dbaf9beb75" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Wed Mar 03 21:29:37 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 04 08:51:06 2010 +1100" }, "message": "Selinux: Remove unused headers skbuff.h in selinux/nlmsgtab.c\n\nskbuff.h is already included by netlink.h, so remove it.\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dbba541f9d9bd2c200041bc1b37c59dbaf9beb75", "tree": "1f359b8f354759296d625f783ea32f4de9bfb399", "parents": [ "31637b55b09753de9d5e24afc3a1d7fbdb2108d8" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Tue Mar 02 17:03:43 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 03 09:22:16 2010 +1100" }, "message": "Selinux: Remove unused headers slab.h in selinux/ss/symtab.c\n\nslab.h is unused in symtab.c, so remove it.\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "31637b55b09753de9d5e24afc3a1d7fbdb2108d8", "tree": "92ab84b8a40aad0d1ec3f423a82033ebc8dce10a", "parents": [ "b380de9e54ec354ccac55fd9a611ffe28b4daa76" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Tue Mar 02 15:08:58 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 03 09:20:57 2010 +1100" }, "message": "Selinux: Remove unused headers list.h in selinux/netlink.c\n\nlist.h is unused in netlink.c, so remove it.\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b4ccebdd37ff70d349321a198f416ba737a5e833", "tree": "275d717070346722c3aacd8355fb4f743216e03b", "parents": [ "30ff056c42c665b9ea535d8515890857ae382540", "ef57471a73b67a7b65fd8708fd55c77cb7c619af" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Mar 01 09:36:31 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Mar 01 09:36:31 2010 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n" }, { "commit": "ef57471a73b67a7b65fd8708fd55c77cb7c619af", "tree": "0cb8f8dea197999d79bf69d192719be69cd36244", "parents": [ "1fcdc7c527010b144d3951f9ce25faedf264933c" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Feb 26 01:56:16 2010 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 26 14:54:23 2010 +1100" }, "message": "SELinux: Make selinux_kernel_create_files_as() shouldn\u0027t just always return 0\n\nMake selinux_kernel_create_files_as() return an error when it gets one, rather\nthan unconditionally returning 0.\n\nWithout this, cachefiles doesn\u0027t return an error if the SELinux policy doesn\u0027t\nlet it create files with the label of the directory at the base of the cache.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c36f74e67fa12202dbcb4ad92c5ac844f9d36b98", "tree": "13cf4be470470b32ce348202ab4ba6a342c39ed9", "parents": [ "baac35c4155a8aa826c70acee6553368ca5243a2" ], "author": { "name": "Joshua Roys", "email": "joshua.roys@gtri.gatech.edu", "time": "Wed Feb 24 18:52:44 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 25 17:49:20 2010 +1100" }, "message": "netlabel: fix export of SELinux categories \u003e 127\n\nThis fixes corrupted CIPSO packets when SELinux categories greater than 127\nare used. The bug occured on the second (and later) loops through the\nwhile; the inner for loop through the ebitmap-\u003emaps array used the same\nindex as the NetLabel catmap-\u003ebitmap array, even though the NetLabel bitmap\nis twice as long as the SELinux bitmap.\n\nSigned-off-by: Joshua Roys \u003cjoshua.roys@gtri.gatech.edu\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "189b3b1c89761054fee3438f063d7f257306e2d8", "tree": "8099352fa731fca91b95d862ac0d7199f21ca54d", "parents": [ "2ae3ba39389b51d8502123de0a59374bec899c4d" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Tue Feb 23 23:15:28 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Feb 24 08:11:02 2010 +1100" }, "message": "Security: add static to security_ops and default_security_ops variable\n\nEnhance the security framework to support resetting the active security\nmodule. This eliminates the need for direct use of the security_ops and\ndefault_security_ops variables outside of security.c, so make security_ops\nand default_security_ops static. Also remove the secondary_ops variable as\na cleanup since there is no use for that. secondary_ops was originally used by\nSELinux to call the \"secondary\" security module (capability or dummy),\nbut that was replaced by direct calls to capability and the only\nremaining use is to save and restore the original security ops pointer\nvalue if SELinux is disabled by early userspace based on /etc/selinux/config.\nFurther, if we support this directly in the security framework, then we can\njust use \u0026default_security_ops for this purpose since that is now available.\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2ae3ba39389b51d8502123de0a59374bec899c4d", "tree": "54c552fa9fa6c17b769f6aca3fd438e542b504a4", "parents": [ "170800088666963de1111d62fb503889c8c82eda" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Wed Feb 17 08:49:41 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 22 08:27:41 2010 +1100" }, "message": "selinux: libsepol: remove dead code in check_avtab_hierarchy_callback()\n\nThis patch revert the commit of 7d52a155e38d5a165759dbbee656455861bf7801\nwhich removed a part of type_attribute_bounds_av as a dead code.\nHowever, at that time, we didn\u0027t find out the target side boundary allows\nto handle some of pseudo /proc/\u003cpid\u003e/* entries with its process\u0027s security\ncontext well.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n\n--\n security/selinux/ss/services.c | 43 ++++++++++++++++++++++++++++++++++++---\n 1 files changed, 39 insertions(+), 4 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2da5d31bc72d0a36dc16af7f5d5baa4f86df9c76", "tree": "9d5bd3cc7d9e5b1beecc954bb5337af8454d352d", "parents": [ "97d6931ead3e89a764cdaa3ad0924037367f0d34" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 16 17:29:06 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 16 17:29:06 2010 +1100" }, "message": "security: fix a couple of sparse warnings\n\nFix a couple of sparse warnings for callers of\ncontext_struct_to_string, which takes a *u32, not an *int.\n\nThese cases are harmless as the values are not used.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\n" }, { "commit": "8007f10259d04f37044c2c731bf9ccdd9161d825", "tree": "6accff6b70b4780bc62824c419582f4cace56f23", "parents": [ "ea13ddbad0eb4be9cdc406cd7e0804fa4011f6e4" ], "author": { "name": "Xiaotian Feng", "email": "dfeng@redhat.com", "time": "Tue Feb 09 08:22:24 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 09 08:22:24 2010 +1100" }, "message": "selinux: fix memory leak in sel_make_bools\n\nIn sel_make_bools, kernel allocates memory for bool_pending_names[i]\nwith security_get_bools. So if we just free bool_pending_names, those\nmemories for bool_pending_names[i] will be leaked.\n\nThis patch resolves dozens of following kmemleak report after resuming\nfrom suspend:\nunreferenced object 0xffff88022e4c7380 (size 32):\n comm \"init\", pid 1, jiffies 4294677173\n backtrace:\n [\u003cffffffff810f76b5\u003e] create_object+0x1a2/0x2a9\n [\u003cffffffff810f78bb\u003e] kmemleak_alloc+0x26/0x4b\n [\u003cffffffff810ef3eb\u003e] __kmalloc+0x18f/0x1b8\n [\u003cffffffff811cd511\u003e] security_get_bools+0xd7/0x16f\n [\u003cffffffff811c48c0\u003e] sel_write_load+0x12e/0x62b\n [\u003cffffffff810f9a39\u003e] vfs_write+0xae/0x10b\n [\u003cffffffff810f9b56\u003e] sys_write+0x4a/0x6e\n [\u003cffffffff81011b82\u003e] system_call_fastpath+0x16/0x1b\n [\u003cffffffffffffffff\u003e] 0xffffffffffffffff\n\nSigned-off-by: Xiaotian Feng \u003cdfeng@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6382dc334064bb0b41a95df0e3c438de35f2ffb7", "tree": "e58a375af2352638eb5930bfd79c9a893b35e484", "parents": [ "fb637f3cd31783db2b654842ea32ffec15c4bd62" ], "author": { "name": "Justin P. Mattock", "email": "justinmattock@gmail.com", "time": "Thu Jan 14 23:03:18 2010 -0800" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Fri Feb 05 12:22:35 2010 +0100" }, "message": "fix comment typos in avc.c\n\nSigned-off-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "d78ca3cd733d8a2c3dcd88471beb1a15d973eed8", "tree": "a27ccf86f5f7df3cc987d0203ed0bff2db46db57", "parents": [ "002345925e6c45861f60db6f4fc6236713fd8847" ], "author": { "name": "Kees Cook", "email": "kees.cook@canonical.com", "time": "Wed Feb 03 15:37:13 2010 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 04 14:20:41 2010 +1100" }, "message": "syslog: use defined constants instead of raw numbers\n\nRight now the syslog \"type\" action are just raw numbers which makes\nthe source difficult to follow. This patch replaces the raw numbers\nwith defined constants for some level of sanity.\n\nSigned-off-by: Kees Cook \u003ckees.cook@canonical.com\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "002345925e6c45861f60db6f4fc6236713fd8847", "tree": "d7849eafe1755116597166bbebf43e2bee86cb76", "parents": [ "0719aaf5ead7555b7b7a4a080ebf2826a871384e" ], "author": { "name": "Kees Cook", "email": "kees.cook@canonical.com", "time": "Wed Feb 03 15:36:43 2010 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 04 14:20:12 2010 +1100" }, "message": "syslog: distinguish between /proc/kmsg and syscalls\n\nThis allows the LSM to distinguish between syslog functions originating\nfrom /proc/kmsg access and direct syscalls. By default, the commoncaps\nwill now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg\nfile descriptor. For example the kernel syslog reader can now drop\nprivileges after opening /proc/kmsg, instead of staying privileged with\nCAP_SYS_ADMIN. MAC systems that implement security_syslog have unchanged\nbehavior.\n\nSigned-off-by: Kees Cook \u003ckees.cook@canonical.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0719aaf5ead7555b7b7a4a080ebf2826a871384e", "tree": "19c0b16b1013d84a8b8092737d38e60f3dd7e939", "parents": [ "42596eafdd75257a640f64701b9b07090bcd84b0" ], "author": { "name": "Guido Trentalancia", "email": "guido@trentalancia.com", "time": "Wed Feb 03 16:40:20 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 04 09:06:36 2010 +1100" }, "message": "selinux: allow MLS-\u003enon-MLS and vice versa upon policy reload\n\nAllow runtime switching between different policy types (e.g. from a MLS/MCS\npolicy to a non-MLS/non-MCS policy or viceversa).\n\nSigned-off-by: Guido Trentalancia \u003cguido@trentalancia.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "42596eafdd75257a640f64701b9b07090bcd84b0", "tree": "d5c4eb801d70ddd00a7a03814833d99cabf38962", "parents": [ "b6cac5a30b325e14cda425670bb3568d3cad0aa8" ], "author": { "name": "Guido Trentalancia", "email": "guido@trentalancia.com", "time": "Wed Feb 03 17:06:01 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 04 08:48:17 2010 +1100" }, "message": "selinux: load the initial SIDs upon every policy load\n\nAlways load the initial SIDs, even in the case of a policy\nreload and not just at the initial policy load. This comes\nparticularly handy after the introduction of a recent\npatch for enabling runtime switching between different\npolicy types, although this patch is in theory independent\nfrom that feature.\n\nSigned-off-by: Guido Trentalancia \u003cguido@trentalancia.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b6cac5a30b325e14cda425670bb3568d3cad0aa8", "tree": "276a3a2a985c862ac9439cb2f8facabb7d1f1944", "parents": [ "8e2d39a1665e680c095545993aac2fcac6916eb9" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Tue Feb 02 11:31:51 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Feb 03 08:49:10 2010 +1100" }, "message": "selinux: Only audit permissions specified in policy\n\nOnly audit the permissions specified by the policy rules.\n\nBefore:\ntype\u003dAVC msg\u003daudit(01/28/2010 14:30:46.690:3250) : avc: denied { read\nappend } for pid\u003d14092 comm\u003dfoo name\u003dtest_file dev\u003ddm-1 ino\u003d132932\nscontext\u003dunconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023\ntcontext\u003dunconfined_u:object_r:rpm_tmp_t:s0 tclass\u003dfile\n\nAfter:\ntype\u003dAVC msg\u003daudit(01/28/2010 14:52:37.448:26) : avc: denied\n{ append } for pid\u003d1917 comm\u003dfoo name\u003dtest_file dev\u003ddm-1 ino\u003d132932\nscontext\u003dunconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023\ntcontext\u003dunconfined_u:object_r:rpm_tmp_t:s0 tclass\u003dfile\n\nReference:\nhttps://bugzilla.redhat.com/show_bug.cgi?id\u003d558499\n\nReported-by: Tom London \u003cselinux@gmail.com\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7d52a155e38d5a165759dbbee656455861bf7801", "tree": "7b071cde283e98465744b5abb2c6140b9b6afcda", "parents": [ "2f3e82d694d3d7a2db019db1bb63385fbc1066f3" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Thu Jan 21 15:00:15 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 25 08:31:38 2010 +1100" }, "message": "selinux: remove dead code in type_attribute_bounds_av()\n\nThis patch removes dead code in type_attribute_bounds_av().\n\nDue to the historical reason, the type boundary feature is delivered\nfrom hierarchical types in libsepol, it has supported boundary features\nboth of subject type (domain; in most cases) and target type.\n\nHowever, we don\u0027t have any actual use cases in bounded target types,\nand it tended to make conceptual confusion.\nSo, this patch removes the dead code to apply boundary checks on the\ntarget types. I makes clear the TYPEBOUNDS restricts privileges of\na certain domain bounded to any other domain.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n\n--\n security/selinux/ss/services.c | 43 +++------------------------------------\n 1 files changed, 4 insertions(+), 39 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2f3e82d694d3d7a2db019db1bb63385fbc1066f3", "tree": "9d99a883eb2ab097a3ff1ee4e1c9bf2fa851d832", "parents": [ "2457552d1e6f3183cd93f81c49a8da5fe8bb0e42" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jan 07 15:55:16 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 25 08:29:05 2010 +1100" }, "message": "selinux: convert range transition list to a hashtab\n\nPer https://bugzilla.redhat.com/show_bug.cgi?id\u003d548145\nthere are sufficient range transition rules in modern (Fedora) policy to\nmake mls_compute_sid a significant factor on the shmem file setup path\ndue to the length of the range_tr list. Replace the simple range_tr\nlist with a hashtab inside the security server to help mitigate this\nproblem.\n\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2457552d1e6f3183cd93f81c49a8da5fe8bb0e42", "tree": "7ca46caa910012d75617700e4083b3657053cb31", "parents": [ "19439d05b88dafc4e55d9ffce84ccc27cf8b2bcc", "6ccf80eb15ccaca4d3f1ab5162b9ded5eecd9971" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 18 09:56:22 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 18 09:56:22 2010 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "19439d05b88dafc4e55d9ffce84ccc27cf8b2bcc", "tree": "e529e1bbba49f30684c3b88a67df1d62ba3e11b1", "parents": [ "8d9525048c74786205b99f3fcd05a839721edfb7" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jan 14 17:28:10 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 18 09:54:26 2010 +1100" }, "message": "selinux: change the handling of unknown classes\n\nIf allow_unknown\u003d\u003ddeny, SELinux treats an undefined kernel security\nclass as an error condition rather than as a typical permission denial\nand thus does not allow permissions on undefined classes even when in\npermissive mode. Change the SELinux logic so that this case is handled\nas a typical permission denial, subject to the usual permissive mode and\npermissive domain handling.\n\nAlso drop the \u0027requested\u0027 argument from security_compute_av() and\nhelpers as it is a legacy of the original security server interface and\nis unused.\n\nChanges:\n- Handle permissive domains consistently by moving up the test for a\npermissive domain.\n- Make security_compute_av_user() consistent with security_compute_av();\nthe only difference now is that security_compute_av() performs mapping\nbetween the kernel-private class and permission indices and the policy\nvalues. In the userspace case, this mapping is handled by libselinux.\n- Moved avd_init inside the policy lock.\n\nBased in part on a patch by Paul Moore \u003cpaul.moore@hp.com\u003e.\n\nReported-by: Andrew Worsley \u003camworsley@gmail.com\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "17740d89785aeb4143770923d67c293849414710", "tree": "58f332b0eb828017eb4571e2f7323e859b6c268d", "parents": [ "45d28b097280a78893ce25a5d0db41e6a2717853" ], "author": { "name": "Jiri Slaby", "email": "jirislaby@gmail.com", "time": "Fri Aug 28 10:47:16 2009 +0200" }, "committer": { "name": "Jiri Slaby", "email": "jslaby@suse.cz", "time": "Mon Jan 04 11:27:18 2010 +0100" }, "message": "SECURITY: selinux, fix update_rlimit_cpu parameter\n\nDon\u0027t pass current RLIMIT_RTTIME to update_rlimit_cpu() in\nselinux_bprm_committing_creds, since update_rlimit_cpu expects\nRLIMIT_CPU limit.\n\nUse proper rlim[RLIMIT_CPU].rlim_cur instead to fix that.\n\nSigned-off-by: Jiri Slaby \u003cjirislaby@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "4ef58d4e2ad1fa2a3e5bbf41af2284671fca8cf8", "tree": "856ba96302a36014736747e8464f80eeb827bbdd", "parents": [ "f6c4c8195b5e7878823caa1181be404d9e86d369", "d014d043869cdc591f3a33243d3481fa4479c2d0" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 09 19:43:33 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 09 19:43:33 2009 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (42 commits)\n tree-wide: fix misspelling of \"definition\" in comments\n reiserfs: fix misspelling of \"journaled\"\n doc: Fix a typo in slub.txt.\n inotify: remove superfluous return code check\n hdlc: spelling fix in find_pvc() comment\n doc: fix regulator docs cut-and-pasteism\n mtd: Fix comment in Kconfig\n doc: Fix IRQ chip docs\n tree-wide: fix assorted typos all over the place\n drivers/ata/libata-sff.c: comment spelling fixes\n fix typos/grammos in Documentation/edac.txt\n sysctl: add missing comments\n fs/debugfs/inode.c: fix comment typos\n sgivwfb: Make use of ARRAY_SIZE.\n sky2: fix sky2_link_down copy/paste comment error\n tree-wide: fix typos \"couter\" -\u003e \"counter\"\n tree-wide: fix typos \"offest\" -\u003e \"offset\"\n fix kerneldoc for set_irq_msi()\n spidev: fix double \"of of\" in comment\n comment typo fix: sybsystem -\u003e subsystem\n ...\n" }, { "commit": "1ad1f10cd915744bbe52b19423653b38287d827d", "tree": "ae072aace36b45a55d80b8cbf1b6d92523a88ea0", "parents": [ "08e3daff217059c84c360cc71212686e0a7995af", "2b876f95d03e226394b5d360c86127cbefaf614b" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 09 19:01:03 2009 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 09 19:01:03 2009 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "08e3daff217059c84c360cc71212686e0a7995af", "tree": "ac2dd60ab2309a82b72e57f15fef72401f5102d1", "parents": [ "937bf6133b21b16965f75223085f4314ae32b8eb" ], "author": { "name": "Amerigo Wang", "email": "amwang@redhat.com", "time": "Thu Dec 03 03:48:28 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Dec 08 14:58:11 2009 +1100" }, "message": "selinux: remove a useless return\n\nThe last return is unreachable, remove the \u0027return\u0027\nin default, let it fall through.\n\nSigned-off-by: WANG Cong \u003camwang@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9f59f90bf57cff8be07faddc608c400b6e7c5d05", "tree": "621e4fa6dae193b3427913a1945eee473f47b153", "parents": [ "6ec22f9b037fc0c2e00ddb7023fad279c365324d" ], "author": { "name": "Julia Lawall", "email": "julia@diku.dk", "time": "Sun Dec 06 10:16:51 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Dec 08 14:57:54 2009 +1100" }, "message": "security/selinux/ss: correct size computation\n\nThe size argument to kcalloc should be the size of desired structure,\nnot the pointer to it.\n\nThe semantic patch that makes this change is as follows:\n(http://coccinelle.lip6.fr/)\n\n// \u003csmpl\u003e\n@expression@\nexpression *x;\n@@\n\nx \u003d\n \u003c+...\n-sizeof(x)\n+sizeof(*x)\n...+\u003e// \u003c/smpl\u003e\n\nSigned-off-by: Julia Lawall \u003cjulia@diku.dk\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d014d043869cdc591f3a33243d3481fa4479c2d0", "tree": "63626829498e647ba058a1ce06419fe7e4d5f97d", "parents": [ "6ec22f9b037fc0c2e00ddb7023fad279c365324d", "6070d81eb5f2d4943223c96e7609a53cdc984364" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Dec 07 18:36:35 2009 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Dec 07 18:36:35 2009 +0100" }, "message": "Merge branch \u0027for-next\u0027 into for-linus\n\nConflicts:\n\n\tkernel/irq/chip.c\n" }, { "commit": "28b4d5cc17c20786848cdc07b7ea237a309776bb", "tree": "bae406a4b17229dcce7c11be5073f7a67665e477", "parents": [ "d29cecda036f251aee4947f47eea0fe9ed8cc931", "96fa2b508d2d3fe040cf4ef2fffb955f0a537ea1" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Dec 05 15:22:26 2009 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Dec 05 15:22:26 2009 -0800" }, "message": "Merge branch \u0027master\u0027 of /home/davem/src/GIT/linux-2.6/\n\nConflicts:\n\tdrivers/net/pcmcia/fmvj18x_cs.c\n\tdrivers/net/pcmcia/nmclan_cs.c\n\tdrivers/net/pcmcia/xirc2ps_cs.c\n\tdrivers/net/wireless/ray_cs.c\n" }, { "commit": "af901ca181d92aac3a7dc265144a9081a86d8f39", "tree": "380054af22521144fbe1364c3bcd55ad24c9bde4", "parents": [ "972b94ffb90ea6d20c589d9a47215df103388ddd" ], "author": { "name": "André Goddard Rosa", "email": "andre.goddard@gmail.com", "time": "Sat Nov 14 13:09:05 2009 -0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Fri Dec 04 15:39:55 2009 +0100" }, "message": "tree-wide: fix assorted typos all over the place\n\nThat is \"success\", \"unknown\", \"through\", \"performance\", \"[re|un]mapping\"\n, \"access\", \"default\", \"reasonable\", \"[con]currently\", \"temperature\"\n, \"channel\", \"[un]used\", \"application\", \"example\",\"hierarchy\", \"therefore\"\n, \"[over|under]flow\", \"contiguous\", \"threshold\", \"enough\" and others.\n\nSigned-off-by: André Goddard Rosa \u003candre.goddard@gmail.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "0bce95279909aa4cc401a2e3140b4295ca22e72a", "tree": "5b98e4ebe7ef30fa1edf627c79501c531b346a8b", "parents": [ "c4a5af54c8ef277a59189fc9358e190f3c1b8206" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 23 16:47:23 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 24 14:30:49 2009 +1100" }, "message": "SELinux: print denials for buggy kernel with unknown perms\n\nHistorically we\u0027ve seen cases where permissions are requested for classes\nwhere they do not exist. In particular we have seen CIFS forget to set\ni_mode to indicate it is a directory so when we later check something like\nremove_name we have problems since it wasn\u0027t defined in tclass file. This\nused to result in a avc which included the permission 0x2000 or something.\nCurrently the kernel will deny the operations (good thing) but will not\nprint ANY information (bad thing). First the auditdeny field is no\nextended to include unknown permissions. After that is fixed the logic in\navc_dump_query to output this information isn\u0027t right since it will remove\nthe permission from the av and print the phrase \"\u003cNULL\u003e\". This takes us\nback to the behavior before the classmap rewrite.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8964be4a9a5ca8cab1219bb046db2f6d1936227c", "tree": "8838c73a03cc69c010b55928fce3725d17bc26a9", "parents": [ "fa9a6fed87df1b50804405e700f8d30251d3aaf1" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Fri Nov 20 15:35:04 2009 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 20 15:35:04 2009 -0800" }, "message": "net: rename skb-\u003eiif to skb-\u003eskb_iif\n\nTo help grep games, rename iif to skb_iif\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "dd8dbf2e6880e30c00b18600c962d0cb5a03c555", "tree": "24835aaf40cec5ceb2aeecccde9240ee173f70f1", "parents": [ "6e65f92ff0d6f18580737321718d09035085a3fb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 03 16:35:32 2009 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 10 09:33:46 2009 +1100" }, "message": "security: report the module name to security_module_request\n\nFor SELinux to do better filtering in userspace we send the name of the\nmodule along with the AVC denial when a program is denied module_request.\n\nExample output:\n\ntype\u003dSYSCALL msg\u003daudit(11/03/2009 10:59:43.510:9) : arch\u003dx86_64 syscall\u003dwrite success\u003dyes exit\u003d2 a0\u003d3 a1\u003d7fc28c0d56c0 a2\u003d2 a3\u003d7fffca0d7440 items\u003d0 ppid\u003d1727 pid\u003d1729 auid\u003dunset uid\u003droot gid\u003droot euid\u003droot suid\u003droot fsuid\u003droot egid\u003droot sgid\u003droot fsgid\u003droot tty\u003d(none) ses\u003dunset comm\u003drpc.nfsd exe\u003d/usr/sbin/rpc.nfsd subj\u003dsystem_u:system_r:nfsd_t:s0 key\u003d(null)\ntype\u003dAVC msg\u003daudit(11/03/2009 10:59:43.510:9) : avc: denied { module_request } for pid\u003d1729 comm\u003drpc.nfsd kmod\u003d\"net-pf-10\" scontext\u003dsystem_u:system_r:nfsd_t:s0 tcontext\u003dsystem_u:system_r:kernel_t:s0 tclass\u003dsystem\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6e8e16c7bc298d7887584c3d027e05db3e86eed9", "tree": "355403813b5945a5a5fdd24054a76a446d05b206", "parents": [ "3e1c2515acf70448cad1ae3ab835ca80be043d33" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Oct 22 15:38:26 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 24 09:42:27 2009 +0800" }, "message": "SELinux: add .gitignore files for dynamic classes\n\nThe SELinux dynamic class work in c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c\ncreates a number of dynamic header files and scripts. Add .gitignore files\nso git doesn\u0027t complain about these.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b7f3008ad1d795935551e4dd810b0255a7bfa3c9", "tree": "1933b20fd16d30f6f9b3043ee6a66f0ddedb4009", "parents": [ "825332e4ff1373c55d931b49408df7ec2298f71e" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Oct 19 10:08:50 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Oct 20 09:22:07 2009 +0900" }, "message": "SELinux: fix locking issue introduced with c6d3aaa4e35c71a3\n\nEnsure that we release the policy read lock on all exit paths from\nsecurity_compute_av.\n\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e", "tree": "c2f579e6fcc5bee6659527db7ccfb661acfe196c", "parents": [ "8753f6bec352392b52ed9b5e290afb34379f4612" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Oct 01 14:48:23 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 07 21:56:46 2009 +1100" }, "message": "selinux: drop remapping of netlink classes\n\nDrop remapping of netlink classes and bypass of permission checking\nbased on netlink message type for policy version \u003c 18. This removes\ncompatibility code introduced when the original single netlink\nsecurity class used for all netlink sockets was split into\nfiner-grained netlink classes based on netlink protocol and when\npermission checking was added based on netlink message type in Linux\n2.6.8. The only known distribution that shipped with SELinux and\npolicy \u003c 18 was Fedora Core 2, which was EOL\u0027d on 2005-04-11.\n\nGiven that the remapping code was never updated to address the\naddition of newer netlink classes, that the corresponding userland\nsupport was dropped in 2005, and that the assumptions made by the\nremapping code about the fixed ordering among netlink classes in the\npolicy may be violated in the future due to the dynamic class/perm\ndiscovery support, we should drop this compatibility code now.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8753f6bec352392b52ed9b5e290afb34379f4612", "tree": "b5f381be9f56125309bfbfcaa73d68e08c309747", "parents": [ "c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Sep 30 13:41:02 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 07 21:56:44 2009 +1100" }, "message": "selinux: generate flask headers during kernel build\n\nAdd a simple utility (scripts/selinux/genheaders) and invoke it to\ngenerate the kernel-private class and permission indices in flask.h\nand av_permissions.h automatically during the kernel build from the\nsecurity class mapping definitions in classmap.h. Adding new kernel\nclasses and permissions can then be done just by adding them to classmap.h.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c", "tree": "1a5475b4370655a22670fd6eb35e54d8b131b362", "parents": [ "23acb98de5a4109a60b5fe3f0439389218b039d7" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Sep 30 13:37:50 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 07 21:56:42 2009 +1100" }, "message": "selinux: dynamic class/perm discovery\n\nModify SELinux to dynamically discover class and permission values\nupon policy load, based on the dynamic object class/perm discovery\nlogic from libselinux. A mapping is created between kernel-private\nclass and permission indices used outside the security server and the\npolicy values used within the security server.\n\nThe mappings are only applied upon kernel-internal computations;\nsimilar mappings for the private indices of userspace object managers\nis handled on a per-object manager basis by the userspace AVC. The\ninterfaces for compute_av and transition_sid are split for kernel\nvs. userspace; the userspace functions are distinguished by a _user\nsuffix.\n\nThe kernel-private class indices are no longer tied to the policy\nvalues and thus do not need to skip indices for userspace classes;\nthus the kernel class index values are compressed. The flask.h\ndefinitions were regenerated by deleting the userspace classes from\nrefpolicy\u0027s definitions and then regenerating the headers. Going\nforward, we can just maintain the flask.h, av_permissions.h, and\nclassmap.h definitions separately from policy as they are no longer\ntied to the policy values. The next patch introduces a utility to\nautomate generation of flask.h and av_permissions.h from the\nclassmap.h definitions.\n\nThe older kernel class and permission string tables are removed and\nreplaced by a single security class mapping table that is walked at\npolicy load to generate the mapping. The old kernel class validation\nlogic is completely replaced by the mapping logic.\n\nThe handle unknown logic is reworked. reject_unknown\u003d1 is handled\nwhen the mappings are computed at policy load time, similar to the old\nhandling by the class validation logic. allow_unknown\u003d1 is handled\nwhen computing and mapping decisions - if the permission was not able\nto be mapped (i.e. undefined, mapped to zero), then it is\nautomatically added to the allowed vector. If the class was not able\nto be mapped (i.e. undefined, mapped to zero), then all permissions\nare allowed for it if allow_unknown\u003d1.\n\navc_audit leverages the new security class mapping table to lookup the\nclass and permission names from the kernel-private indices.\n\nThe mdp program is updated to use the new table when generating the\nclass definitions and allow rules for a minimal boot policy for the\nkernel. It should be noted that this policy will not include any\nuserspace classes, nor will its policy index values for the kernel\nclasses correspond with the ones in refpolicy (they will instead match\nthe kernel-private indices).\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "af8ff04917169805b151280155bf772d3ca9bec0", "tree": "1a1ec17d0926b4bbe9f8b243231582dde02ef1f5", "parents": [ "1669b049db50fc7f1d4e694fb115a0f408c63fce" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Sun Sep 20 21:23:01 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 30 19:17:06 2009 +1000" }, "message": "SELinux: reset the security_ops before flushing the avc cache\n\nThis patch resets the security_ops to the secondary_ops before it flushes\nthe avc. It\u0027s still possible that a task on another processor could have\nalready passed the security_ops dereference and be executing an selinux hook\nfunction which would add a new avc entry. That entry would still not be\nfreed. This should however help to reduce the number of needless avcs the\nkernel has when selinux is disabled at run time. There is no wasted\nmemory if selinux is disabled on the command line or not compiled.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0b7570e77f7c3abd43107dabc47ea89daf9a1cba", "tree": "8dd93b4a189b4e98384d4470a289ecfb7818cc26", "parents": [ "a2322e1d272938d192d8c24cdacf57c0c7a2683f" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Wed Sep 23 15:56:46 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Sep 24 07:20:59 2009 -0700" }, "message": "do_wait() wakeup optimization: change __wake_up_parent() to use filtered wakeup\n\nRatan Nalumasu reported that in a process with many threads doing\nunnecessary wakeups. Every waiting thread in the process wakes up to loop\nthrough the children and see that the only ones it cares about are still\nnot ready.\n\nNow that we have struct wait_opts we can change do_wait/__wake_up_parent\nto use filtered wakeups.\n\nWe can make child_wait_callback() more clever later, right now it only\nchecks eligible_child().\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: Roland McGrath \u003croland@redhat.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Ratan Nalumasu \u003crnalumasu@gmail.com\u003e\nCc: Vitaly Mayatskikh \u003cvmayatsk@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nTested-by: Valdis Kletnieks \u003cvaldis.kletnieks@vt.edu\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" } ], "next": "5224ee086321fec78970e2f2805892d2b34e8957" }