)]}' { "log": [ { "commit": "32aaeffbd4a7457bf2f7448b33b5946ff2a960eb", "tree": "faf7ad871d87176423ff9ed1d1ba4d9c688fc23f", "parents": [ "208bca0860406d16398145ddd950036a737c3c9d", "67b84999b1a8b1af5625b1eabe92146c5eb42932" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Nov 06 19:44:47 2011 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Nov 06 19:44:47 2011 -0800" }, "message": "Merge branch \u0027modsplit-Oct31_2011\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux\n\n* \u0027modsplit-Oct31_2011\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux: (230 commits)\n Revert \"tracing: Include module.h in define_trace.h\"\n irq: don\u0027t put module.h into irq.h for tracking irqgen modules.\n bluetooth: macroize two small inlines to avoid module.h\n ip_vs.h: fix implicit use of module_get/module_put from module.h\n nf_conntrack.h: fix up fallout from implicit moduleparam.h presence\n include: replace linux/module.h with \"struct module\" wherever possible\n include: convert various register fcns to macros to avoid include chaining\n crypto.h: remove unused crypto_tfm_alg_modname() inline\n uwb.h: fix implicit use of asm/page.h for PAGE_SIZE\n pm_runtime.h: explicitly requires notifier.h\n linux/dmaengine.h: fix implicit use of bitmap.h and asm/page.h\n miscdevice.h: fix up implicit use of lists and types\n stop_machine.h: fix implicit use of smp.h for smp_processor_id\n of: fix implicit use of errno.h in include/linux/of.h\n of_platform.h: delete needless include \u003clinux/module.h\u003e\n acpi: remove module.h include from platform/aclinux.h\n miscdevice.h: delete unnecessary inclusion of module.h\n device_cgroup.h: delete needless include \u003clinux/module.h\u003e\n net: sch_generic remove redundant use of \u003clinux/module.h\u003e\n net: inet_timewait_sock doesnt need \u003clinux/module.h\u003e\n ...\n\nFix up trivial conflicts (other header files, and removal of the ab3550 mfd driver) in\n - drivers/media/dvb/frontends/dibx000_common.c\n - drivers/media/video/{mt9m111.c,ov6650.c}\n - drivers/mfd/ab3550-core.c\n - include/linux/dmaengine.h\n" }, { "commit": "2380078cdb7e6d520e33dcf834e0be979d542e48", "tree": "105a729f483b77453ea7a570f39e9efe76e38aa0", "parents": [ "6681ba7ec480bc839584fd0817991d248b4b9e44", "59df3166ef293288d164ab3362a717743e62d20c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 02 17:01:01 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 02 17:01:01 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://git.selinuxproject.org/~jmorris/linux-security:\n TOMOYO: Fix interactive judgment functionality.\n" }, { "commit": "de0a5345a55b8dd5a4695181275df0e691176830", "tree": "17530e824f7f46ce0b1757657179fb5957a6add5", "parents": [ "994c0e992522c123298b4a91b72f5e67ba2d1123", "8535639810e578960233ad39def3ac2157b0c3ec" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 02 09:45:39 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 02 09:45:39 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://github.com/richardweinberger/linux\n\n* \u0027for-linus\u0027 of git://github.com/richardweinberger/linux: (90 commits)\n um: fix ubd cow size\n um: Fix kmalloc argument order in um/vdso/vma.c\n um: switch to use of drivers/Kconfig\n UserModeLinux-HOWTO.txt: fix a typo\n UserModeLinux-HOWTO.txt: remove ^H characters\n um: we need sys/user.h only on i386\n um: merge delay_{32,64}.c\n um: distribute exports to where exported stuff is defined\n um: kill system-um.h\n um: generic ftrace.h will do...\n um: segment.h is x86-only and needed only there\n um: asm/pda.h is not needed anymore\n um: hw_irq.h can go generic as well\n um: switch to generic-y\n um: clean Kconfig up a bit\n um: a couple of missing dependencies...\n um: kill useless argument of free_chan() and free_one_chan()\n um: unify ptrace_user.h\n um: unify KSTK_...\n um: fix gcov build breakage\n ...\n" }, { "commit": "3369465ed1a6a9aa9b885a6d7d8e074ecbd782da", "tree": "ac60be76e1d363caab63156c1390f1ab0c4ee96c", "parents": [ "c039aff672a540f8976770e74599d350de1805cb" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Thu Aug 18 20:11:59 2011 +0100" }, "committer": { "name": "Richard Weinberger", "email": "richard@nod.at", "time": "Wed Nov 02 14:15:41 2011 +0100" }, "message": "um: switch to use of drivers/Kconfig\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Richard Weinberger \u003crichard@nod.at\u003e\n" }, { "commit": "02473119bc54b0b239c2501064c7a37314347f87", "tree": "e3f0cdfbe4ee67d089ab731f213b2e0f91a3daa1", "parents": [ "50e1499f468fd74c6db95deb2e1e6bfee578ae70" ], "author": { "name": "Andy Shevchenko", "email": "andriy.shevchenko@linux.intel.com", "time": "Mon Oct 31 17:12:55 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 31 17:30:56 2011 -0700" }, "message": "security: follow rename pack_hex_byte() to hex_byte_pack()\n\nThere is no functional change.\n\nSigned-off-by: Andy Shevchenko \u003candriy.shevchenko@linux.intel.com\u003e\nCc: Mimi Zohar \u003czohar@us.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "fcf634098c00dd9cd247447368495f0b79be12d1", "tree": "77fc98cd461bd52ba3b14e833d54a115ffbbd7bc", "parents": [ "32ea845d5bafc37b7406bea1aee3005407cb0900" ], "author": { "name": "Christopher Yeoh", "email": "cyeoh@au1.ibm.com", "time": "Mon Oct 31 17:06:39 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 31 17:30:44 2011 -0700" }, "message": "Cross Memory Attach\n\nThe basic idea behind cross memory attach is to allow MPI programs doing\nintra-node communication to do a single copy of the message rather than a\ndouble copy of the message via shared memory.\n\nThe following patch attempts to achieve this by allowing a destination\nprocess, given an address and size from a source process, to copy memory\ndirectly from the source process into its own address space via a system\ncall. There is also a symmetrical ability to copy from the current\nprocess\u0027s address space into a destination process\u0027s address space.\n\n- Use of /proc/pid/mem has been considered, but there are issues with\n using it:\n - Does not allow for specifying iovecs for both src and dest, assuming\n preadv or pwritev was implemented either the area read from or\n written to would need to be contiguous.\n - Currently mem_read allows only processes who are currently\n ptrace\u0027ing the target and are still able to ptrace the target to read\n from the target. This check could possibly be moved to the open call,\n but its not clear exactly what race this restriction is stopping\n (reason appears to have been lost)\n - Having to send the fd of /proc/self/mem via SCM_RIGHTS on unix\n domain socket is a bit ugly from a userspace point of view,\n especially when you may have hundreds if not (eventually) thousands\n of processes that all need to do this with each other\n - Doesn\u0027t allow for some future use of the interface we would like to\n consider adding in the future (see below)\n - Interestingly reading from /proc/pid/mem currently actually\n involves two copies! (But this could be fixed pretty easily)\n\nAs mentioned previously use of vmsplice instead was considered, but has\nproblems. Since you need the reader and writer working co-operatively if\nthe pipe is not drained then you block. Which requires some wrapping to\ndo non blocking on the send side or polling on the receive. In all to all\ncommunication it requires ordering otherwise you can deadlock. And in the\nexample of many MPI tasks writing to one MPI task vmsplice serialises the\ncopying.\n\nThere are some cases of MPI collectives where even a single copy interface\ndoes not get us the performance gain we could. For example in an\nMPI_Reduce rather than copy the data from the source we would like to\ninstead use it directly in a mathops (say the reduce is doing a sum) as\nthis would save us doing a copy. We don\u0027t need to keep a copy of the data\nfrom the source. I haven\u0027t implemented this, but I think this interface\ncould in the future do all this through the use of the flags - eg could\nspecify the math operation and type and the kernel rather than just\ncopying the data would apply the specified operation between the source\nand destination and store it in the destination.\n\nAlthough we don\u0027t have a \"second user\" of the interface (though I\u0027ve had\nsome nibbles from people who may be interested in using it for intra\nprocess messaging which is not MPI). This interface is something which\nhardware vendors are already doing for their custom drivers to implement\nfast local communication. And so in addition to this being useful for\nOpenMPI it would mean the driver maintainers don\u0027t have to fix things up\nwhen the mm changes.\n\nThere was some discussion about how much faster a true zero copy would\ngo. Here\u0027s a link back to the email with some testing I did on that:\n\nhttp://marc.info/?l\u003dlinux-mm\u0026m\u003d130105930902915\u0026w\u003d2\n\nThere is a basic man page for the proposed interface here:\n\nhttp://ozlabs.org/~cyeoh/cma/process_vm_readv.txt\n\nThis has been implemented for x86 and powerpc, other architecture should\nmainly (I think) just need to add syscall numbers for the process_vm_readv\nand process_vm_writev. There are 32 bit compatibility versions for\n64-bit kernels.\n\nFor arch maintainers there are some simple tests to be able to quickly\nverify that the syscalls are working correctly here:\n\nhttp://ozlabs.org/~cyeoh/cma/cma-test-20110718.tgz\n\nSigned-off-by: Chris Yeoh \u003cyeohc@au1.ibm.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: \"H. Peter Anvin\" \u003chpa@zytor.com\u003e\nCc: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nCc: Arnd Bergmann \u003carnd@arndb.de\u003e\nCc: Paul Mackerras \u003cpaulus@samba.org\u003e\nCc: Benjamin Herrenschmidt \u003cbenh@kernel.crashing.org\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: \u003clinux-man@vger.kernel.org\u003e\nCc: \u003clinux-arch@vger.kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "44fc7ea0bfe9143551649a42eb35f1460566c3c5", "tree": "7cfceedba653c69db90912427d140da996ab4f09", "parents": [ "a6ee87790b708dc4cdd3643104417793f0d985ec" ], "author": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Thu May 26 20:52:10 2011 -0400" }, "committer": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Mon Oct 31 19:31:32 2011 -0400" }, "message": "selinux: Add export.h to files using EXPORT_SYMBOL/THIS_MODULE\n\nThe pervasive, but implicit presence of \u003clinux/module.h\u003e meant\nthat things like this file would happily compile as-is. But\nwith the desire to phase out the module.h being included everywhere,\npoint this file at export.h which will give it THIS_MODULE and\nthe EXPORT_SYMBOL variants.\n\nSigned-off-by: Paul Gortmaker \u003cpaul.gortmaker@windriver.com\u003e\n" }, { "commit": "59df3166ef293288d164ab3362a717743e62d20c", "tree": "ee10bb9ae940bf59beaf05dd5925d03044eb6559", "parents": [ "c45ed235abf1b0b6666417e3c394f18717976acd" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Oct 20 06:48:57 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 29 08:34:41 2011 +1100" }, "message": "TOMOYO: Fix interactive judgment functionality.\n\nCommit 17fcfbd9 \"TOMOYO: Add interactive enforcing mode.\" introduced ability\nto query access decision using userspace programs. It was using global PID for\nreaching policy configuration of the process. However, use of PID returns stale\npolicy configuration when the process\u0027s subjective credentials and objective\ncredentials differ. Fix this problem by allowing reaching policy configuration\nvia query id.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "36b8d186e6cc8e32cb5227f5645a58e1bc0af190", "tree": "1000ad26e189e6ff2c53fb7eeff605f59c7ad94e", "parents": [ "cd85b557414fe4cd44ea6608825e96612a5fe2b2", "c45ed235abf1b0b6666417e3c394f18717976acd" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 25 09:45:31 2011 +0200" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 25 09:45:31 2011 +0200" }, "message": "Merge branch \u0027next\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027next\u0027 of git://selinuxproject.org/~jmorris/linux-security: (95 commits)\n TOMOYO: Fix incomplete read after seek.\n Smack: allow to access /smack/access as normal user\n TOMOYO: Fix unused kernel config option.\n Smack: fix: invalid length set for the result of /smack/access\n Smack: compilation fix\n Smack: fix for /smack/access output, use string instead of byte\n Smack: domain transition protections (v3)\n Smack: Provide information for UDS getsockopt(SO_PEERCRED)\n Smack: Clean up comments\n Smack: Repair processing of fcntl\n Smack: Rule list lookup performance\n Smack: check permissions from user space (v2)\n TOMOYO: Fix quota and garbage collector.\n TOMOYO: Remove redundant tasklist_lock.\n TOMOYO: Fix domain transition failure warning.\n TOMOYO: Remove tomoyo_policy_memory_lock spinlock.\n TOMOYO: Simplify garbage collector.\n TOMOYO: Fix make namespacecheck warnings.\n target: check hex2bin result\n encrypted-keys: check hex2bin result\n ...\n" }, { "commit": "c45ed235abf1b0b6666417e3c394f18717976acd", "tree": "e41dd99f2c217a8ce160b24d81a4aec1cccbfe02", "parents": [ "e0b057b406a33501a656dc8d67ea945d7bcdad61", "0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 22 22:23:58 2011 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 22 22:23:58 2011 +0200" }, "message": "Merge branch \u0027master\u0027 of git://gitorious.org/smack-next/kernel into next\n" }, { "commit": "e0b057b406a33501a656dc8d67ea945d7bcdad61", "tree": "16132a7c59322cb1d406a07b875518a3bbd3db39", "parents": [ "6afcb3b7393f5aa388a0d077c490ed411ab3cd27" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Oct 21 12:37:13 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 22 21:55:26 2011 +0200" }, "message": "TOMOYO: Fix incomplete read after seek.\n\nCommit f23571e8 \"TOMOYO: Copy directly to userspace buffer.\" introduced\ntomoyo_flush() that flushes data to be read as soon as possible.\ntomoyo_select_domain() (which is called by write()) enqueues data which meant\nto be read by next read(), but previous read()\u0027s read buffer\u0027s size was not\ncleared. As a result, since 2.6.36, sequence like\n\n char *cp \u003d \"select global-pid\u003d1\\n\";\n read(fd, buf1, sizeof(buf1));\n write(fd, cp, strlen(cp));\n read(fd, buf2, sizeof(buf2));\n\ncauses enqueued data to be flushed to buf1 rather than buf2.\nFix this bug by clearing read buffer\u0027s size upon write() request.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d", "tree": "eac36ba696cf33bbbe3fcd490589ef453d9c8ef1", "parents": [ "d86b2b61d4dea614d6f319772a90a8f98b55ed67" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.j.sakkinen@gmail.com", "time": "Tue Oct 18 21:21:36 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Thu Oct 20 16:07:31 2011 -0700" }, "message": "Smack: allow to access /smack/access as normal user\n\nAllow query access as a normal user removing the need\nfor CAP_MAC_ADMIN. Give RW access to /smack/access\nfor UGO. Do not import smack labels in access check.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.j.sakkinen@gmail.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "6afcb3b7393f5aa388a0d077c490ed411ab3cd27", "tree": "f2d0bca0df7ee7322dee3cfa914e8bb4febf434b", "parents": [ "16014d87509e26d6ed6935adbbf437a571fb5870" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Oct 16 09:43:46 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 19 16:58:59 2011 +0200" }, "message": "TOMOYO: Fix unused kernel config option.\n\nCONFIG_SECURITY_TOMOYO_MAX_{ACCEPT_ENTRY,AUDIT_LOG} introduced by commit\n0e4ae0e0 \"TOMOYO: Make several options configurable.\" were by error not used.\n\nReported-by: Paul Bolle \u003cpebolle@tiscali.nl\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6230c9b4f8957c8938ee4cf2d03166d3c2dc89de", "tree": "acb6aa03e5b34ab83c4945fdacefee66c5285af2", "parents": [ "835acf5da239b91edb9f7ebe36516999e156e6ee" ], "author": { "name": "Paul Moore", "email": "pmoore@redhat.com", "time": "Fri Oct 07 09:40:59 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Oct 18 23:36:43 2011 -0400" }, "message": "bluetooth: Properly clone LSM attributes to newly created child connections\n\nThe Bluetooth stack has internal connection handlers for all of the various\nBluetooth protocols, and unfortunately, they are currently lacking the LSM\nhooks found in the core network stack\u0027s connection handlers. I say\nunfortunately, because this can cause problems for users who have have an\nLSM enabled and are using certain Bluetooth devices. See one problem\nreport below:\n\n * http://bugzilla.redhat.com/show_bug.cgi?id\u003d741703\n\nIn order to keep things simple at this point in time, this patch fixes the\nproblem by cloning the parent socket\u0027s LSM attributes to the newly created\nchild socket. If we decide we need a more elaborate LSM marking mechanism\nfor Bluetooth (I somewhat doubt this) we can always revisit this decision\nin the future.\n\nReported-by: James M. Cape \u003cjcape@ignore-your.tv\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "d86b2b61d4dea614d6f319772a90a8f98b55ed67", "tree": "8d7647ea8d46630e3a09cd74210b9d4c94b86833", "parents": [ "16014d87509e26d6ed6935adbbf437a571fb5870" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.j.sakkinen@gmail.com", "time": "Tue Oct 18 14:34:28 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Tue Oct 18 09:02:57 2011 -0700" }, "message": "Smack: fix: invalid length set for the result of /smack/access\n\nForgot to update simple_transaction_set() to take terminator\ncharacter into account.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.j.sakkinen@gmail.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "16014d87509e26d6ed6935adbbf437a571fb5870", "tree": "bdf8641b1412d5e8cd1abe39eca5bc62caf99ad0", "parents": [ "f8859d98c1d1e73393285fb9dd57007839956247" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.j.sakkinen@gmail.com", "time": "Fri Oct 14 13:16:24 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Fri Oct 14 08:56:49 2011 -0700" }, "message": "Smack: compilation fix\n\nOn some build configurations PER_CLEAR_ON_SETID symbol was not\nfound when compiling smack_lsm.c. This patch fixes the issue by\nexplicitly doing #include \u003clinux/personality.h\u003e.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.j.sakkinen@gmail.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "f8859d98c1d1e73393285fb9dd57007839956247", "tree": "a6937380935074702febe48239bb891b4242752d", "parents": [ "84088ba239293abb24260c6c36d86e8775b6707f" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.sakkinen@intel.com", "time": "Mon Oct 10 14:29:28 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:30:07 2011 -0700" }, "message": "Smack: fix for /smack/access output, use string instead of byte\n\nSmall fix for the output of access SmackFS file. Use string\nis instead of byte. Makes it easier to extend API if it is\nneeded.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.sakkinen@intel.com\u003e\n" }, { "commit": "84088ba239293abb24260c6c36d86e8775b6707f", "tree": "7a8936d22156d108241725fae705979316fc6350", "parents": [ "975d5e55c2e78b755bd0b92b71db1c241c5a2665" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.sakkinen@intel.com", "time": "Fri Oct 07 09:27:53 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:28:15 2011 -0700" }, "message": "Smack: domain transition protections (v3)\n\nProtections for domain transition:\n\n- BPRM unsafe flags\n- Secureexec\n- Clear unsafe personality bits.\n- Clear parent death signal\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.sakkinen@intel.com\u003e\n" }, { "commit": "975d5e55c2e78b755bd0b92b71db1c241c5a2665", "tree": "7f39bc6c89720a5abdf617cd1e83c0904d04ec08", "parents": [ "ce8a432197d9892689eb4896f690b9fe6b3de598" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Sep 26 14:43:39 2011 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:27:05 2011 -0700" }, "message": "Smack: Provide information for UDS getsockopt(SO_PEERCRED)\n\nThis patch is targeted for the smack-next tree.\n\nThis patch takes advantage of the recent changes for performance\nand points the packet labels on UDS connect at the output label of\nthe far side. This makes getsockopt(...SO_PEERCRED...) function\nproperly. Without this change the getsockopt does not provide any\ninformation.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "ce8a432197d9892689eb4896f690b9fe6b3de598", "tree": "09dff875df15be3a36f3e0dcb760d0064d4da935", "parents": [ "531f1d453ed8a8acee4015bd64e7bcc2eab939e4" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Sep 29 18:21:01 2011 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:26:07 2011 -0700" }, "message": "Smack: Clean up comments\n\nThere are a number of comments in the Smack code that\nare either malformed or include code. This patch cleans\nthem up.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "531f1d453ed8a8acee4015bd64e7bcc2eab939e4", "tree": "0dd06c1ecc894444c42350c76c5712899d2ddb78", "parents": [ "272cd7a8c67dd40a31ecff76a503bbb84707f757" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Sep 19 12:41:42 2011 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:24:28 2011 -0700" }, "message": "Smack: Repair processing of fcntl\n\nAl Viro pointed out that the processing of fcntl done\nby Smack appeared poorly designed. He was right. There\nare three things that required change. Most obviously,\nthe list of commands that really imply writing is limited\nto those involving file locking and signal handling.\nThe initialization if the file security blob was\nincomplete, requiring use of a heretofore unused LSM hook.\nFinally, the audit information coming from a helper\nmasked the identity of the LSM hook. This patch corrects\nall three of these defects.\n\nThis is targeted for the smack-next tree pending comments.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "272cd7a8c67dd40a31ecff76a503bbb84707f757", "tree": "467f83c94eb14f8f34508efe891c0dcc62a7ac24", "parents": [ "828716c28fe4aa232ea280ea8ed6fb103eefb6ac" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Sep 20 12:24:36 2011 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:23:13 2011 -0700" }, "message": "Smack: Rule list lookup performance\n\nThis patch is targeted for the smack-next tree.\n\nSmack access checks suffer from two significant performance\nissues. In cases where there are large numbers of rules the\nsearch of the single list of rules is wasteful. Comparing the\nstring values of the smack labels is less efficient than a\nnumeric comparison would.\n\nThese changes take advantage of the Smack label list, which\nmaintains the mapping of Smack labels to secids and optional\nCIPSO labels. Because the labels are kept perpetually, an\naccess check can be done strictly based on the address of the\nlabel in the list without ever looking at the label itself.\nRather than keeping one global list of rules the rules with\na particular subject label can be based off of that label\nlist entry. The access check need never look at entries that\ndo not use the current subject label.\n\nThis requires that packets coming off the network with\nCIPSO direct Smack labels that have never been seen before\nbe treated carefully. The only case where they could be\ndelivered is where the receiving socket has an IPIN star\nlabel, so that case is explicitly addressed.\n\nOn a system with 39,800 rules (200 labels in all permutations)\na system with this patch runs an access speed test in 5% of\nthe time of the old version. That should be a best case\nimprovement. If all of the rules are associated with the\nsame subject label and all of the accesses are for processes\nwith that label (unlikely) the improvement is about 30%.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "828716c28fe4aa232ea280ea8ed6fb103eefb6ac", "tree": "f75377cf3e770a9a67feb64fb8bef867735a975b", "parents": [ "545a7260343bbaf11c7f1a4b8c3d9660bb9266e5" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.sakkinen@intel.com", "time": "Thu Sep 08 10:12:01 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:21:32 2011 -0700" }, "message": "Smack: check permissions from user space (v2)\n\nAdds a new file into SmackFS called \u0027access\u0027. Wanted\nSmack permission is written into /smack/access.\nAfter that result can be read from the opened file.\nIf access applies result contains 1 and otherwise\n0. File access is protected from race conditions\nby using simple_transaction_get()/set() API.\n\nFixes from the previous version:\n- Removed smack.h changes, refactoring left-over\nfrom previous version.\n- Removed #include \u003clinux/smack.h\u003e, refactoring\nleft-over from previous version.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.sakkinen@intel.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "545a7260343bbaf11c7f1a4b8c3d9660bb9266e5", "tree": "47f07960ef637b6475061575e7ae2fa7a4732a78", "parents": [ "e2b8b25a6795488eba7bb757706b3ac725c31fac" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Oct 11 14:06:41 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 12 12:15:20 2011 +1100" }, "message": "TOMOYO: Fix quota and garbage collector.\n\nCommit 059d84db \"TOMOYO: Add socket operation restriction support\" and\ncommit 731d37aa \"TOMOYO: Allow domain transition without execve().\" forgot to\nupdate tomoyo_domain_quota_is_ok() and tomoyo_del_acl() which results in\nincorrect quota counting and memory leak.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e2b8b25a6795488eba7bb757706b3ac725c31fac", "tree": "f77e43a01891938e8c83b56d2c249a725923b9ec", "parents": [ "e00fb3f7af111d1b3252f7d622213d2e22be65f5" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Oct 11 14:05:08 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 12 12:15:18 2011 +1100" }, "message": "TOMOYO: Remove redundant tasklist_lock.\n\nrcu_read_lock() is sufficient for calling find_task_by_pid_ns()/find_task_by_vpid().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e00fb3f7af111d1b3252f7d622213d2e22be65f5", "tree": "387b90728d0a1657e94d530c81e69c9b197f1c1c", "parents": [ "c6cb56fc94f4efaec2d4ad74bed2be7883179ccd" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Sep 27 11:48:53 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 28 11:53:15 2011 +1000" }, "message": "TOMOYO: Fix domain transition failure warning.\n\nCommit bd03a3e4 \"TOMOYO: Add policy namespace support.\" introduced policy\nnamespace. But as of /sbin/modprobe is executed from initramfs/initrd, profiles\nfor target domain\u0027s namespace is not defined because /sbin/tomoyo-init is not\nyet called.\n\nReported-by: Jamie Nguyen \u003cjamie@tomoyolinux.co.uk\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c6cb56fc94f4efaec2d4ad74bed2be7883179ccd", "tree": "cc4ebf2231093ab57c2e868fbdf176791de600db", "parents": [ "a427fd14d3edf6396c4b9638dbc8e2972afaa05b", "8c35ad20270de91d0f3bfe521daa3b7983ee8db7" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Sep 27 09:20:46 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Sep 27 09:20:46 2011 +1000" }, "message": "Merge branch \u0027next-hex2bin\u0027 of git://github.com/mzohar/linux-evm into next\n" }, { "commit": "a427fd14d3edf6396c4b9638dbc8e2972afaa05b", "tree": "2f8fdffa989f6e18f57bfb61f5ecfc4fdcf8d729", "parents": [ "f9732ea145886786a6f8b0493bc2239e70cbacdb" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Sep 25 17:51:06 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 26 10:46:22 2011 +1000" }, "message": "TOMOYO: Remove tomoyo_policy_memory_lock spinlock.\n\ntomoyo_policy_lock mutex already protects it.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f9732ea145886786a6f8b0493bc2239e70cbacdb", "tree": "e29b2441cc916a174d7cd0b03cd18986ae545250", "parents": [ "778c4a4d60d932c1df6d270dcbc88365823c3963" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Sep 25 17:50:23 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 26 10:46:20 2011 +1000" }, "message": "TOMOYO: Simplify garbage collector.\n\nWhen TOMOYO started using garbage collector at commit 847b173e \"TOMOYO: Add\ngarbage collector.\", we waited for close() before kfree(). Thus, elements to be\nkfree()d were queued up using tomoyo_gc_list list.\n\nBut it turned out that tomoyo_element_linked_by_gc() tends to choke garbage\ncollector when certain pattern of entries are queued.\n\nSince garbage collector is no longer waiting for close() since commit 2e503bbb\n\"TOMOYO: Fix lockdep warning.\", we can remove tomoyo_gc_list list and\ntomoyo_element_linked_by_gc() by doing sequential processing.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "778c4a4d60d932c1df6d270dcbc88365823c3963", "tree": "1c042bff1f11cf4e5d7267329091d878aba3d4d7", "parents": [ "6bce98edc3365a8f780ff3944ac7992544c194fe" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Sep 25 17:49:09 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 26 10:46:19 2011 +1000" }, "message": "TOMOYO: Fix make namespacecheck warnings.\n\nCommit efe836ab \"TOMOYO: Add built-in policy support.\" introduced\ntomoyo_load_builtin_policy() but was by error called from nowhere.\n\nCommit b22b8b9f \"TOMOYO: Rename meminfo to stat and show more statistics.\"\nintroduced tomoyo_update_stat() but was by error not called from\ntomoyo_assign_domain().\n\nAlso, mark tomoyo_io_printf() and tomoyo_path_permission() static functions,\nas reported by \"make namespacecheck\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2b3ff6319e2312656fbefe0209bef02d58b6836a", "tree": "43041b8a5e6fe31dadf2ad682d73fa873476b952", "parents": [ "2684bf7f29cfb13ef2c60f3b3a53ee47d0db7022" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Sep 20 11:23:55 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Sep 20 23:26:44 2011 -0400" }, "message": "encrypted-keys: check hex2bin result\n\nFor each hex2bin call in encrypted keys, check that the ascii hex string\nis valid. On failure, return -EINVAL.\n\nChangelog v1:\n- hex2bin now returns an int\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nAcked-by: Andy Shevchenko \u003candy.shevchenko@gmail.com\u003e\n" }, { "commit": "2684bf7f29cfb13ef2c60f3b3a53ee47d0db7022", "tree": "bbdc0709c643e58a22443ab086c6e4aa80329e17", "parents": [ "b78049831ffed65f0b4e61f69df14f3ab17922cb" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Sep 20 11:23:52 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Sep 20 23:26:05 2011 -0400" }, "message": "trusted-keys: check hex2bin result\n\nFor each hex2bin call in trusted keys, check that the ascii hex string is\nvalid. On failure, return -EINVAL.\n\nChangelog v1:\n- hex2bin now returns an int\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nAcked-by: Andy Shevchenko \u003candy.shevchenko@gmail.com\u003e\n" }, { "commit": "6bce98edc3365a8f780ff3944ac7992544c194fe", "tree": "ee10abf2345f651d65d7f10fd385c01e0dc891b3", "parents": [ "cc100551b4d92f47abebfa7c7918b2be71263b4a" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Sep 16 22:54:25 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 19 10:09:59 2011 +1000" }, "message": "TOMOYO: Allow specifying domain transition preference.\n\nI got an opinion that it is difficult to use exception policy\u0027s domain\ntransition control directives because they need to match the pathname specified\nto \"file execute\" directives. For example, if \"file execute /bin/\\*\\-ls\\-cat\"\nis given, corresponding domain transition control directive needs to be like\n\"no_keep_domain /bin/\\*\\-ls\\-cat from any\".\n\nIf we can specify like below, it will become more convenient.\n\n file execute /bin/ls keep exec.realpath\u003d\"/bin/ls\" exec.argv[0]\u003d\"ls\"\n file execute /bin/cat keep exec.realpath\u003d\"/bin/cat\" exec.argv[0]\u003d\"cat\"\n file execute /bin/\\*\\-ls\\-cat child\n file execute /usr/sbin/httpd \u003capache\u003e exec.realpath\u003d\"/usr/sbin/httpd\" exec.argv[0]\u003d\"/usr/sbin/httpd\"\n\nIn above examples, \"keep\" works as if keep_domain is specified, \"child\" works\nas if \"no_reset_domain\" and \"no_initialize_domain\" and \"no_keep_domain\" are\nspecified, \"\u003capache\u003e\" causes domain transition to \u003capache\u003e domain upon\nsuccessful execve() operation.\n\nMoreover, we can also allow transition to different domains based on conditions\nlike below example.\n\n \u003ckernel\u003e /usr/sbin/sshd\n file execute /bin/bash \u003ckernel\u003e /usr/sbin/sshd //batch-session exec.argc\u003d2 exec.argv[1]\u003d\"-c\"\n file execute /bin/bash \u003ckernel\u003e /usr/sbin/sshd //root-session task.uid\u003d0\n file execute /bin/bash \u003ckernel\u003e /usr/sbin/sshd //nonroot-session task.uid!\u003d0\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cc100551b4d92f47abebfa7c7918b2be71263b4a", "tree": "d603f15ff5ef28efd5f818817aca036045ac8a8b", "parents": [ "8de6ac7f58a22fdab399fbe97763e465ea49c735" ], "author": { "name": "Stephen Rothwell", "email": "sfr@canb.auug.org.au", "time": "Thu Sep 15 17:07:15 2011 +1000" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Sep 15 17:37:24 2011 -0400" }, "message": "encrypted-keys: IS_ERR need include/err.h\n\nFixes this build error:\n\nsecurity/keys/encrypted-keys/masterkey_trusted.c: In function \u0027request_trusted_key\u0027:\nsecurity/keys/encrypted-keys/masterkey_trusted.c:35:2: error: implicit declaration of function \u0027IS_ERR\u0027\n\nSigned-off-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "8de6ac7f58a22fdab399fbe97763e465ea49c735", "tree": "46104451c69f5270fcc11137aecff012a2ecf612", "parents": [ "843d183cdd816549b73e6bd3ae07f64adddf714b", "fb788d8b981fa55603873416882f8dcf835e7924" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 15 09:53:38 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 15 09:53:38 2011 +1000" }, "message": "Merge branch \u0027next-evm\u0027 of git://github.com/mzohar/linux-evm into next\n" }, { "commit": "843d183cdd816549b73e6bd3ae07f64adddf714b", "tree": "3421638e9c9d44be37e539a4ffed6216bc1f7f3c", "parents": [ "a8f7640963ada66c412314c3559c11ff6946c1a5" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Sep 14 17:03:19 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 15 08:14:21 2011 +1000" }, "message": "TOMOYO: Bump version.\n\nTell userland tools that this is TOMOYO 2.5.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fb788d8b981fa55603873416882f8dcf835e7924", "tree": "023d8410571f27e8d10bf6fc0a4a088cb9368df6", "parents": [ "566be59ab86c0e030b980645a580d683a015a483" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Aug 15 15:30:11 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:52 2011 -0400" }, "message": "evm: clean verification status\n\nWhen allocating from slab, initialization is done the first time in\ninit_once() and subsequently on free. Because evm_status was not\nre-initialized on free, evm_verify_hmac() skipped verifications.\n\nThis patch re-initializes evm_status.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "566be59ab86c0e030b980645a580d683a015a483", "tree": "c5d29c7db2f8ef93e970cb405621f59c57d01b94", "parents": [ "bf6d0f5dcda17df3cc5577e203d0f8ea1c2ad6aa" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Aug 22 09:14:18 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:52 2011 -0400" }, "message": "evm: permit mode bits to be updated\n\nBefore permitting \u0027security.evm\u0027 to be updated, \u0027security.evm\u0027 must\nexist and be valid. In the case that there are no existing EVM protected\nxattrs, it is safe for posix acls to update the mode bits.\n\nTo differentiate between no \u0027security.evm\u0027 xattr and no xattrs used to\ncalculate \u0027security.evm\u0027, this patch defines INTEGRITY_NOXATTR.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "bf6d0f5dcda17df3cc5577e203d0f8ea1c2ad6aa", "tree": "c6c5f39d43fe0d27bc1d3aedbd2f9b3ba2f8f537", "parents": [ "a924ce0b35875ef9512135b46a32f4150fd700b2" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Aug 18 18:07:44 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:51 2011 -0400" }, "message": "evm: posix acls modify i_mode\n\nThe posix xattr acls are \u0027system\u0027 prefixed, which normally would not\naffect security.evm. An interesting side affect of writing posix xattr\nacls is their modifying of the i_mode, which is included in security.evm.\n\nThis patch updates security.evm when posix xattr acls are written.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "a924ce0b35875ef9512135b46a32f4150fd700b2", "tree": "0e01ac679790fe96c03b341b2670a2ed9c56a122", "parents": [ "fb88c2b6cbb1265a8bef60694699b37f5cd4ba76" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Aug 11 01:22:30 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:51 2011 -0400" }, "message": "evm: limit verifying current security.evm integrity\n\nevm_protect_xattr unnecessarily validates the current security.evm\nintegrity, before updating non-evm protected extended attributes\nand other file metadata. This patch limits validating the current\nsecurity.evm integrity to evm protected metadata.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "fb88c2b6cbb1265a8bef60694699b37f5cd4ba76", "tree": "f747bf1f156c5537da77528a92a4e36eb342cb58", "parents": [ "1d714057ef8f6348eba7b28ace6d307513e57cef" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Aug 15 10:13:18 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:50 2011 -0400" }, "message": "evm: fix security/security_old_init_security return code\n\nsecurity_inode_init_security previously returned -EOPNOTSUPP, for S_PRIVATE\ninodes, and relied on the callers to change it to 0. As the callers do not\nchange the return code anymore, return 0, intead of -EOPNOTSUPP.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "1d714057ef8f6348eba7b28ace6d307513e57cef", "tree": "a848b86df6257b347b6929f9ad09666105996003", "parents": [ "982e617a313b57abee3bcfa53381c356d00fd64a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Sun Aug 28 08:57:11 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:49 2011 -0400" }, "message": "evm: remove TCG_TPM dependency\n\nAll tristates selected by EVM(boolean) are forced to be builtin, except\nin the TCG_TPM(tristate) dependency case. Arnaud Lacombe summarizes the\nKconfig bug as, \"So it would seem direct dependency state influence the\nstate of reverse dependencies..\" For a detailed explanation, refer to\nArnaud Lacombe\u0027s posting http://lkml.org/lkml/2011/8/23/498.\n\nWith the \"encrypted-keys: remove trusted-keys dependency\" patch, EVM\ncan now be built without a dependency on TCG_TPM. The trusted-keys\ndependency requires trusted-keys to either be builtin or not selected.\nThis dependency will prevent the boolean/tristate mismatch from\noccuring.\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e,\n Randy Dunlap \u003crdunlap@xenotimenet\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "982e617a313b57abee3bcfa53381c356d00fd64a", "tree": "ba23ab206aaff2331bca116cebd11ad4ef580c32", "parents": [ "61cf45d0199041df1a8ba334b6bf4a3a13b7f904" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Sat Aug 27 22:21:26 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:23:49 2011 -0400" }, "message": "encrypted-keys: remove trusted-keys dependency\n\nEncrypted keys are decrypted/encrypted using either a trusted-key or,\nfor those systems without a TPM, a user-defined key. This patch\nremoves the trusted-keys and TCG_TPM dependencies.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "61cf45d0199041df1a8ba334b6bf4a3a13b7f904", "tree": "b287399eb3704b766d2ba3d9a36de0bb57f70139", "parents": [ "a8f7640963ada66c412314c3559c11ff6946c1a5" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:06:00 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:22:26 2011 -0400" }, "message": "encrypted-keys: create encrypted-keys directory\n\nMove all files associated with encrypted keys to keys/encrypted-keys.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "a8f7640963ada66c412314c3559c11ff6946c1a5", "tree": "23d9fb5fe64bb431b610deb6c1b696356106f94d", "parents": [ "731d37aa70c7b9de3be6bf2c8287366223bf5ce5" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:27:12 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:07 2011 +1000" }, "message": "TOMOYO: Avoid race when retrying \"file execute\" permission check.\n\nThere was a race window that the pathname which is subjected to \"file execute\"\npermission check when retrying via supervisor\u0027s decision because the pathname\nwas recalculated upon retry. Though, there is an inevitable race window even\nwithout supervisor, for we have to calculate the symbolic link\u0027s pathname from\n\"struct linux_binprm\"-\u003efilename rather than from \"struct linux_binprm\"-\u003efile\nbecause we cannot back calculate the symbolic link\u0027s pathname from the\ndereferenced pathname.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "731d37aa70c7b9de3be6bf2c8287366223bf5ce5", "tree": "8ac6028511485862572695eb91e2d461e0636182", "parents": [ "1f067a682a9bd252107ac6f6946b7332fde42344" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:25:58 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:06 2011 +1000" }, "message": "TOMOYO: Allow domain transition without execve().\n\nTo be able to split permissions for Apache\u0027s CGI programs which are executed\nwithout execve(), add special domain transition which is performed by writing\na TOMOYO\u0027s domainname to /sys/kernel/security/tomoyo/self_domain interface.\n\nThis is an API for TOMOYO-aware userland applications. However, since I expect\nTOMOYO and other LSM modules to run in parallel, this patch does not use\n/proc/self/attr/ interface in order to avoid conflicts with other LSM modules\nwhen it became possible to run multiple LSM modules in parallel.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1f067a682a9bd252107ac6f6946b7332fde42344", "tree": "379bbbf02f0a802453e585a2a482192409308fbb", "parents": [ "059d84dbb3897d4ee494a9c842c5dda54316cb47" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:24:56 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:06 2011 +1000" }, "message": "TOMOYO: Allow controlling generation of access granted logs for per an entry basis.\n\nAdd per-entry flag which controls generation of grant logs because Xen and KVM\nissues ioctl requests so frequently. For example,\n\n file ioctl /dev/null 0x5401 grant_log\u003dno\n\nwill suppress /sys/kernel/security/tomoyo/audit even if preference says\ngrant_log\u003dyes .\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "059d84dbb3897d4ee494a9c842c5dda54316cb47", "tree": "483ca0cb613b1304184b92f075b3f5283d36c723", "parents": [ "d58e0da854376841ac99defeb117a83f086715c6" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:23:54 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:05 2011 +1000" }, "message": "TOMOYO: Add socket operation restriction support.\n\nThis patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIX\nsocket\u0027s bind()/listen()/connect()/send() operations.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d58e0da854376841ac99defeb117a83f086715c6", "tree": "b6e37d1030180680a7801ecb295d8d3990930375", "parents": [ "5dbe3040c74eef18e66951347eda05b153e69328" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:22:48 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:05 2011 +1000" }, "message": "TOMOYO: Add environment variable name restriction support.\n\nThis patch adds support for checking environment variable\u0027s names.\nAlthough TOMOYO already provides ability to check argv[]/envp[] passed to\nexecve() requests,\n\n file execute /bin/sh exec.envp[\"LD_LIBRARY_PATH\"]\u003d\"bar\"\n\nwill reject execution of /bin/sh if environment variable LD_LIBRARY_PATH is not\ndefined. To grant execution of /bin/sh if LD_LIBRARY_PATH is not defined,\nadministrators have to specify like\n\n file execute /bin/sh exec.envp[\"LD_LIBRARY_PATH\"]\u003d\"/system/lib\"\n file execute /bin/sh exec.envp[\"LD_LIBRARY_PATH\"]\u003dNULL\n\n. Since there are many environment variables whereas conditional checks are\napplied as \"\u0026\u0026\", it is difficult to cover all combinations. Therefore, this\npatch supports conditional checks that are applied as \"||\", by specifying like\n\n file execute /bin/sh\n misc env LD_LIBRARY_PATH exec.envp[\"LD_LIBRARY_PATH\"]\u003d\"/system/lib\"\n\nwhich means \"grant execution of /bin/sh if environment variable is not defined\nor is defined and its value is /system/lib\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5dbe3040c74eef18e66951347eda05b153e69328", "tree": "72c9e5f77deae00f1234e488254d4898cab32027", "parents": [ "7b98a5857c3fa86cb0a7e5f893643491a8b5b425" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 13:48:53 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:33 2011 -0700" }, "message": "security: sparse fix: Move security_fixup_op to security.h\n\nFix sparse warning by moving declaraion to global header.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7b98a5857c3fa86cb0a7e5f893643491a8b5b425", "tree": "9e8b83d35a9c70f2c02853de808184871df3aba9", "parents": [ "0ff53f5ddbaebeac1c2735125901275acc1fecc6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 12:52:32 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:32 2011 -0700" }, "message": "selinux: sparse fix: fix several warnings in the security server code\n\nFix several sparse warnings in the SELinux security server code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0ff53f5ddbaebeac1c2735125901275acc1fecc6", "tree": "7ceff5b004c1ae4e873002dc59be1ae6c4e7de14", "parents": [ "6a3fbe81179c85eb53054a0f4c8423ffec0276a7" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 12:36:39 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:32 2011 -0700" }, "message": "selinux: sparse fix: include selinux.h in exports.c\n\nFix warning:\nsecurity/selinux/exports.c:18:6: warning: symbol \u0027selinux_is_enabled\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6a3fbe81179c85eb53054a0f4c8423ffec0276a7", "tree": "b281fee66a005236bbdedf5f22eeacc37669ba4a", "parents": [ "ad3fa08c4ff84ed87649d72e8497735c85561a3d" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 12:09:15 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:31 2011 -0700" }, "message": "selinux: sparse fix: fix warnings in netlink code\n\nFix sparse warnings in SELinux Netlink code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ad3fa08c4ff84ed87649d72e8497735c85561a3d", "tree": "e6f22e6d42cf52c689e983be42b9292180564446", "parents": [ "d5813a571876c72766f125b1c6e63414f6822c28" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 10:50:12 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:30 2011 -0700" }, "message": "selinux: sparse fix: eliminate warnings for selinuxfs\n\nFixes several sparse warnings for selinuxfs.c\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d5813a571876c72766f125b1c6e63414f6822c28", "tree": "fe688a7aa64fa890741e5a87800a3f95ddcaaee6", "parents": [ "b97e14520207dccb5cdf93f322e571bf907df104" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 10:19:50 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:30 2011 -0700" }, "message": "ima: sparse fix: include linux/ima.h in ima_main.c\n\nFixes sparse warnings:\nsecurity/integrity/ima/ima_main.c:105:6: warning: symbol \u0027ima_file_free\u0027 was not declared. Should it be static?\nsecurity/integrity/ima/ima_main.c:167:5: warning: symbol \u0027ima_file_mmap\u0027 was not declared. Should it be static?\nsecurity/integrity/ima/ima_main.c:192:5: warning: symbol \u0027ima_bprm_check\u0027 was not declared. Should it be static?\nsecurity/integrity/ima/ima_main.c:211:5: warning: symbol \u0027ima_file_check\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b97e14520207dccb5cdf93f322e571bf907df104", "tree": "1757e5541378136752d608ecde87e1c7251afbb0", "parents": [ "cc7db09952faefc86187c67c4adf5cbdb6fe2c1b" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 10:18:30 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:29 2011 -0700" }, "message": "ima: sparse fix: make ima_open_policy static\n\nFixes sparse warning:\nsecurity/integrity/ima/ima_fs.c:290:5: warning: symbol \u0027ima_open_policy\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cc7db09952faefc86187c67c4adf5cbdb6fe2c1b", "tree": "1a3f81bb166b480fc505fe9af3a9b92cf613df04", "parents": [ "7ee95850bab6468f8213f36a84e872418d2faa00" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 29 11:45:44 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:29 2011 -0700" }, "message": "apparmor: sparse fix: include procattr.h in procattr.c\n\nFix sparse warnings:\nsecurity/apparmor/procattr.c:35:5: warning: symbol \u0027aa_getprocattr\u0027 was not declared. Should it be static?\nsecurity/apparmor/procattr.c:113:5: warning: symbol \u0027aa_setprocattr_changehat\u0027 was not declared. Should it be static?\nsecurity/apparmor/procattr.c:158:5: warning: symbol \u0027aa_setprocattr_changeprofile\u0027 was not declared. Should it be static?\nsecurity/apparmor/procattr.c:166:5: warning: symbol \u0027aa_setprocattr_permipc\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "7ee95850bab6468f8213f36a84e872418d2faa00", "tree": "d8502d9362912b1da4afa68156a9ad29c7787323", "parents": [ "32c3df631bc018109136a8f4f941ad591e76a0aa" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 29 11:43:02 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:28 2011 -0700" }, "message": "apparmor: sparse fix: rename shadowed variables in policy_unpack.c\n\nFix the following warnings:\n\nsecurity/apparmor/policy_unpack.c:384:35: warning: symbol \u0027size\u0027 shadows an earlier one\nsecurity/apparmor/policy_unpack.c:370:24: originally declared here\nsecurity/apparmor/policy_unpack.c:443:29: warning: symbol \u0027tmp\u0027 shadows an earlier one\nsecurity/apparmor/policy_unpack.c:434:21: originally declared here\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "32c3df631bc018109136a8f4f941ad591e76a0aa", "tree": "60768d4a7ba8278f01873f36b1787b35fcf188f1", "parents": [ "33f8bf588070e84bb29c3a726758dbb5791fc95e" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 29 11:15:25 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:28 2011 -0700" }, "message": "apparmor: sparse fix: add apparmor.h to lib.c\n\nFix the following sparse warnings:\nsecurity/apparmor/lib.c:37:6: warning: symbol \u0027aa_split_fqname\u0027 was not declared. Should it be static?\nsecurity/apparmor/lib.c:63:6: warning: symbol \u0027aa_info_message\u0027 was not declared. Should it be static?\nsecurity/apparmor/lib.c:83:6: warning: symbol \u0027kvmalloc\u0027 was not declared. Should it be static?\nsecurity/apparmor/lib.c:123:6: warning: symbol \u0027kvfree\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "33f8bf588070e84bb29c3a726758dbb5791fc95e", "tree": "569f68e7c8928a9845df47777017db6bf7534f34", "parents": [ "58982b74832917405a483a22beede729e3175376" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 29 10:40:54 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:27 2011 -0700" }, "message": "apparmor: sparse fix: include ipc.h\n\nInclude ipc.h to eliminate sparse warnings.\n\nsecurity/apparmor/ipc.c:61:5: warning: symbol \u0027aa_may_ptrace\u0027 was not declared. Should it be static?\nsecurity/apparmor/ipc.c:83:5: warning: symbol \u0027aa_ptrace\u0027 was not declared. Should it be static\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "58982b74832917405a483a22beede729e3175376", "tree": "fc6fa24b9cf15490de54501125ac08049abb5ea0", "parents": [ "cc59a582d6081b296e481b8bc9676b5c2faad818" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 11:17:14 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:26 2011 -0700" }, "message": "selinux: sparse fix: declare selinux_disable() in security.h\n\nSparse fix: declare selinux_disable() in security.h\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cc59a582d6081b296e481b8bc9676b5c2faad818", "tree": "5ed00269cea7ffef573c78e854a6369a32842437", "parents": [ "56a4ca996181b94b30e6b46509dc28e4ca3cc3f8" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 11:13:31 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:26 2011 -0700" }, "message": "selinux: sparse fix: move selinux_complete_init\n\nSparse fix: move selinux_complete_init\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "56a4ca996181b94b30e6b46509dc28e4ca3cc3f8", "tree": "ff238902759365d93b9ca8739f370fd3ba0f8659", "parents": [ "3417d8d5d4d584bd73e2f6265f7a06b51e4a70a1" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 11:08:43 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:25 2011 -0700" }, "message": "selinux: sparse fix: make selinux_secmark_refcount static\n\nSparse fix: make selinux_secmark_refcount static.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3417d8d5d4d584bd73e2f6265f7a06b51e4a70a1", "tree": "21a68483935288933c61e6d9271dc695ec967371", "parents": [ "4892722e06694fda1928bac4aa5af5505bd26a4c" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 11:05:21 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:25 2011 -0700" }, "message": "apparmor: sparse fix: make aa_create_aafs static\n\nSparse fix: make aa_create_aafs static.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "4892722e06694fda1928bac4aa5af5505bd26a4c", "tree": "eaeeb90d98ad1ad35bf32c75a579d28a70b722e2", "parents": [ "fc9ff9b7e3eaff3f49bc0fbbddfc1416212e888a" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 10:34:33 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:24 2011 -0700" }, "message": "integrity: sparse fix: move iint_initialized to integrity.h\n\nSparse fix: move iint_initialized to integrity.h\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "852584157c55c1689bcf3809ea44b79870c3e409", "tree": "9965e2ceb8fbb7ffaec131eb7c1963f9a32e1c0c", "parents": [ "403d1d0319ad73b5ccf251745af4c7000331a76b" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Aug 25 21:15:00 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:08:48 2011 -0700" }, "message": "TOMOYO: Fix incorrect enforce mode.\n\nIn tomoyo_get_mode() since 2.6.36, CONFIG::file::execute was by error used in\nplace of CONFIG::file if CONFIG::file::execute was set to other than default.\nAs a result, enforcing mode was not applied in a way documentation says.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0c061b5707ab84ebfe8f18f1c9c3110ae5cd6073", "tree": "cb6e83458126f3cc9ef9f5504937c8445f790b0f", "parents": [ "d199798bdf969873f78d48140600ff0a98a87e69" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:09:36 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:37 2011 +1000" }, "message": "KEYS: Correctly destroy key payloads when their keytype is removed\n\nunregister_key_type() has code to mark a key as dead and make it unavailable in\none loop and then destroy all those unavailable key payloads in the next loop.\nHowever, the loop to mark keys dead renders the key undetectable to the second\nloop by changing the key type pointer also.\n\nFix this by the following means:\n\n (1) The key code has two garbage collectors: one deletes unreferenced keys and\n the other alters keyrings to delete links to old dead, revoked and expired\n keys. They can end up holding each other up as both want to scan the key\n serial tree under spinlock. Combine these into a single routine.\n\n (2) Move the dead key marking, dead link removal and dead key removal into the\n garbage collector as a three phase process running over the three cycles\n of the normal garbage collection procedure. This is tracked by the\n KEY_GC_REAPING_DEAD_1, _2 and _3 state flags.\n\n unregister_key_type() then just unlinks the key type from the list, wakes\n up the garbage collector and waits for the third phase to complete.\n\n (3) Downgrade the key types sem in unregister_key_type() once it has deleted\n the key type from the list so that it doesn\u0027t block the keyctl() syscall.\n\n (4) Dead keys that cannot be simply removed in the third phase have their\n payloads destroyed with the key\u0027s semaphore write-locked to prevent\n interference by the keyctl() syscall. There should be no in-kernel users\n of dead keys of that type by the point of unregistration, though keyctl()\n may be holding a reference.\n\n (5) Only perform timer recalculation in the GC if the timer actually expired.\n If it didn\u0027t, we\u0027ll get another cycle when it goes off - and if the key\n that actually triggered it has been removed, it\u0027s not a problem.\n\n (6) Only garbage collect link if the timer expired or if we\u0027re doing dead key\n clean up phase 2.\n\n (7) As only key_garbage_collector() is permitted to use rb_erase() on the key\n serial tree, it doesn\u0027t need to revalidate its cursor after dropping the\n spinlock as the node the cursor points to must still exist in the tree.\n\n (8) Drop the spinlock in the GC if there is contention on it or if we need to\n reschedule. After dealing with that, get the spinlock again and resume\n scanning.\n\nThis has been tested in the following ways:\n\n (1) Run the keyutils testsuite against it.\n\n (2) Using the AF_RXRPC and RxKAD modules to test keytype removal:\n\n Load the rxrpc_s key type:\n\n\t# insmod /tmp/af-rxrpc.ko\n\t# insmod /tmp/rxkad.ko\n\n Create a key (http://people.redhat.com/~dhowells/rxrpc/listen.c):\n\n\t# /tmp/listen \u0026\n\t[1] 8173\n\n Find the key:\n\n\t# grep rxrpc_s /proc/keys\n\t091086e1 I--Q-- 1 perm 39390000 0 0 rxrpc_s 52:2\n\n Link it to a session keyring, preferably one with a higher serial number:\n\n\t# keyctl link 0x20e36251 @s\n\n Kill the process (the key should remain as it\u0027s linked to another place):\n\n\t# fg\n\t/tmp/listen\n\t^C\n\n Remove the key type:\n\n\trmmod rxkad\n\trmmod af-rxrpc\n\n This can be made a more effective test by altering the following part of\n the patch:\n\n\tif (unlikely(gc_state \u0026 KEY_GC_REAPING_DEAD_2)) {\n\t\t/* Make sure everyone revalidates their keys if we marked a\n\t\t * bunch as being dead and make sure all keyring ex-payloads\n\t\t * are destroyed.\n\t\t */\n\t\tkdebug(\"dead sync\");\n\t\tsynchronize_rcu();\n\n To call synchronize_rcu() in GC phase 1 instead. That causes that the\n keyring\u0027s old payload content to hang around longer until it\u0027s RCU\n destroyed - which usually happens after GC phase 3 is complete. This\n allows the destroy_dead_key branch to be tested.\n\nReported-by: Benjamin Coddington \u003cbcodding@gmail.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d199798bdf969873f78d48140600ff0a98a87e69", "tree": "fb0fbfe0eda27054eae9c9efe0240ace297c3661", "parents": [ "b072e9bc2fe9aeff4e104e80e479160349f474a9" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:09:28 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:36 2011 +1000" }, "message": "KEYS: The dead key link reaper should be non-reentrant\n\nThe dead key link reaper should be non-reentrant as it relies on global state\nto keep track of where it\u0027s got to when it returns to the work queue manager to\ngive it some air.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b072e9bc2fe9aeff4e104e80e479160349f474a9", "tree": "4f243698284aace64f4b5c9e5b9bee107c10e13b", "parents": [ "8bc16deabce7649e480e94b648c88d4e90c34352" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:09:20 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:36 2011 +1000" }, "message": "KEYS: Make the key reaper non-reentrant\n\nMake the key reaper non-reentrant by sticking it on the appropriate system work\nqueue when we queue it. This will allow it to have global state and drop\nlocks. It should probably be non-reentrant already as it may spend a long time\nholding the key serial spinlock, and so multiple entrants can spend long\nperiods of time just sitting there spinning, waiting to get the lock.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8bc16deabce7649e480e94b648c88d4e90c34352", "tree": "d9e28a921375e7448801b0b89ff43a7e0d2e61ff", "parents": [ "012146d0728f85f7a5c7c36fb84bba33e2760507" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:09:11 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:36 2011 +1000" }, "message": "KEYS: Move the unreferenced key reaper to the keys garbage collector file\n\nMove the unreferenced key reaper function to the keys garbage collector file\nas that\u0027s a more appropriate place with the dead key link reaper.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6d528b082294f0ddabd6368297546a2c0b67d4fe", "tree": "268bf5dbd454c689947c51867bf5b77e21c97eae", "parents": [ "3ecf1b4f347210e39b156177e5b8a26ff8d00279" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:08:51 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:34 2011 +1000" }, "message": "KEYS: __key_link() should use the RCU deref wrapper for keyring payloads\n\n__key_link() should use the RCU deref wrapper rcu_dereference_locked_keyring()\nfor accessing keyring payloads rather than calling rcu_dereference_protected()\ndirectly.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3ecf1b4f347210e39b156177e5b8a26ff8d00279", "tree": "ba3cf0155e5dd29c4963e6a8895d7262e0ef13d5", "parents": [ "995995378f996a8aa1cf4e4ddc0f79fbfd45496f" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:08:43 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:34 2011 +1000" }, "message": "KEYS: keyctl_get_keyring_ID() should create a session keyring if create flag set\n\nThe keyctl call:\n\n\tkeyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 1)\n\nshould create a session keyring if the process doesn\u0027t have one of its own\nbecause the create flag argument is set - rather than subscribing to and\nreturning the user-session keyring as:\n\n\tkeyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0)\n\nwill do.\n\nThis can be tested by commenting out pam_keyinit in the /etc/pam.d files and\nrunning the following program a couple of times in a row:\n\n\t#include \u003cstdio.h\u003e\n\t#include \u003cstdlib.h\u003e\n\t#include \u003ckeyutils.h\u003e\n\tint main(int argc, char *argv[])\n\t{\n\t\tkey_serial_t uk, usk, sk, nsk;\n\t\tuk \u003d keyctl_get_keyring_ID(KEY_SPEC_USER_KEYRING, 0);\n\t\tusk \u003d keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);\n\t\tsk \u003d keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);\n\t\tnsk \u003d keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 1);\n\t\tprintf(\"keys: %08x %08x %08x %08x\\n\", uk, usk, sk, nsk);\n\t\treturn 0;\n\t}\n\nWithout this patch, I see:\n\n\tkeys: 3975ddc7 119c0c66 119c0c66 119c0c66\n\tkeys: 3975ddc7 119c0c66 119c0c66 119c0c66\n\nWith this patch, I see:\n\n\tkeys: 2cb4997b 34112878 34112878 17db2ce3\n\tkeys: 2cb4997b 34112878 34112878 39f3c73e\n\nAs can be seen, the session keyring starts off the same as the user-session\nkeyring each time, but with the patch a new session keyring is created when\nthe create flag is set.\n\nReported-by: Greg Wettstein \u003cgreg@enjellic.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nTested-by: Greg Wettstein \u003cgreg@enjellic.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "995995378f996a8aa1cf4e4ddc0f79fbfd45496f", "tree": "ddc0c1305767e683535120361a5f5848b7ae3803", "parents": [ "c5532b09bf40c398f2acfdd8f100c796d1d3f881" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:08:33 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:33 2011 +1000" }, "message": "KEYS: If install_session_keyring() is given a keyring, it should install it\n\nIf install_session_keyring() is given a keyring, it should install it rather\nthan just creating a new one anyway. This was accidentally broken in:\n\n\tcommit d84f4f992cbd76e8f39c488cf0c5d123843923b1\n\tAuthor: David Howells \u003cdhowells@redhat.com\u003e\n\tDate: Fri Nov 14 10:39:23 2008 +1100\n\tSubject: CRED: Inaugurate COW credentials\n\nThe impact of that commit is that pam_keyinit no longer works correctly if\n\u0027force\u0027 isn\u0027t specified against a login process. This is because:\n\n\tkeyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0)\n\nnow always creates a new session keyring and thus the check whether the session\nkeyring and the user-session keyring are the same is always false. This leads\npam_keyinit to conclude that a session keyring is installed and it shouldn\u0027t be\nrevoked by pam_keyinit here if \u0027revoke\u0027 is specified.\n\nAny system that specifies \u0027force\u0027 against pam_keyinit in the PAM configuration\nfiles for login methods (login, ssh, su -l, kdm, etc.) is not affected since\nthat bypasses the broken check and forces the creation of a new session keyring\nanyway (for which the revoke flag is not cleared) - and any subsequent call to\npam_keyinit really does have a session keyring already installed, and so the\ncheck works correctly there.\n\nReverting to the previous behaviour will cause the kernel to subscribe the\nprocess to the user-session keyring as its session keyring if it doesn\u0027t have a\nsession keyring of its own. pam_keyinit will detect this and install a new\nsession keyring anyway (and won\u0027t clear the revert flag).\n\nThis can be tested by commenting out pam_keyinit in the /etc/pam.d files and\nrunning the following program a couple of times in a row:\n\n\t#include \u003cstdio.h\u003e\n\t#include \u003cstdlib.h\u003e\n\t#include \u003ckeyutils.h\u003e\n\tint main(int argc, char *argv[])\n\t{\n\t\tkey_serial_t uk, usk, sk;\n\t\tuk \u003d keyctl_get_keyring_ID(KEY_SPEC_USER_KEYRING, 0);\n\t\tusk \u003d keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);\n\t\tsk \u003d keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);\n\t\tprintf(\"keys: %08x %08x %08x\\n\", uk, usk, sk);\n\t\treturn 0;\n\t}\n\nWithout the patch, I see:\n\n\tkeys: 3884e281 24c4dfcf 22825f8e\n\tkeys: 3884e281 24c4dfcf 068772be\n\nWith the patch, I see:\n\n\tkeys: 26be9c83 0e755ce0 0e755ce0\n\tkeys: 26be9c83 0e755ce0 0e755ce0\n\nAs can be seen, with the patch, the session keyring is the same as the\nuser-session keyring each time; without the patch a new session keyring is\ngenerated each time.\n\nReported-by: Greg Wettstein \u003cgreg@enjellic.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nTested-by: Greg Wettstein \u003cgreg@enjellic.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dbe5ad17ec62fbd3be7789f9a5ab71d23da8acf0", "tree": "60e4ae2f8b5d66faac484f5774d22290a51c21e4", "parents": [ "09f464bf0961aba3cd917d4939597bafb269fb95" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Aug 17 18:51:36 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 18 12:58:12 2011 +1000" }, "message": "evm: add Kconfig TCG_TPM dependency\n\nAlthough the EVM encrypted-key should be encrypted/decrypted using a\ntrusted-key, a user-defined key could be used instead. When using a user-\ndefined key, a TCG_TPM dependency should not be required. Unfortunately,\nthe encrypted-key code needs to be refactored a bit in order to remove\nthis dependency.\n\nThis patch adds the TCG_TPM dependency.\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e,\n\t Randy Dunlap \u003crdunlap@xenotimenet\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "09f464bf0961aba3cd917d4939597bafb269fb95", "tree": "ffdbb860514012bc2c8fef75cff3aa77c94fb9fc", "parents": [ "1e39f384bb01b0395b69cb70c2cacae65012f203" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Tue Aug 16 20:34:05 2011 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 09:48:41 2011 +1000" }, "message": "tomoyo: remove tomoyo_gc_thread()-\u003edaemonize()\n\ndaemonize() is only needed when a user-space task does kernel_thread().\n\ntomoyo_gc_thread() is kthread_create()\u0027ed and thus it doesn\u0027t need\nthe soon-to-be-deprecated daemonize().\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Matt Fleming \u003cmatt.fleming@intel.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7d8db1808a2001077a9f966180c5e4f7cc20d4c7", "tree": "db2e93f805316300e4ec3d0f6ab15b01f641a4f5", "parents": [ "4d49f6710bfbd2271feab074f8c1053387e5d9fe" ], "author": { "name": "Serge Hallyn", "email": "serge.hallyn@canonical.com", "time": "Mon Aug 15 08:29:50 2011 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 16 09:20:45 2011 +1000" }, "message": "capabilities: initialize has_cap\n\nInitialize has_cap in cap_bprm_set_creds()\n\nReported-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4d49f6710bfbd2271feab074f8c1053387e5d9fe", "tree": "87a508aa2a51d2d855c3b67961a711bd636d842c", "parents": [ "f995e74087402c482c55c29bf11da8bcf631245a" ], "author": { "name": "Zhi Li", "email": "lizhi1215@gmail.com", "time": "Thu Aug 11 13:27:50 2011 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Aug 12 15:06:57 2011 +1000" }, "message": "capabilities: do not grant full privs for setuid w/ file caps + no effective caps\n\nA task (when !SECURE_NOROOT) which executes a setuid-root binary will\nobtain root privileges while executing that binary. If the binary also\nhas effective capabilities set, then only those capabilities will be\ngranted. The rationale is that the same binary can carry both setuid-root\nand the minimal file capability set, so that on a filesystem not\nsupporting file caps the binary can still be executed with privilege,\nwhile on a filesystem supporting file caps it will run with minimal\nprivilege.\n\nThis special case currently does NOT happen if there are file capabilities\nbut no effective capabilities. Since capability-aware programs can very\nwell start with empty pE but populated pP and move those caps to pE when\nneeded. In other words, if the file has file capabilities but NOT\neffective capabilities, then we should do the same thing as if there\nwere file capabilities, and not grant full root privileges.\n\nThis patchset does that.\n\n(Changelog by Serge Hallyn).\n\nSigned-off-by: Zhi Li \u003clizhi1215@gmail.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5a4730ba9517cf2793175991243436a24b1db18f", "tree": "2c9c26d4662a31c851aed525d4d032d08e54e297", "parents": [ "e1c9b23adbe86c725738402857397d7a29f9d6ef" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Aug 11 00:22:52 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 11 17:42:41 2011 +1000" }, "message": "evm: fix evm_inode_init_security return code\n\nevm_inode_init_security() should return 0, when EVM is not enabled.\n(Returning an error is a remnant of evm_inode_post_init_security.)\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0b024d2446474c6a7c47573af5a35db83f557ce3", "tree": "56d1d380cd4f87581a0e276ee80cc52e438738b8", "parents": [ "5a2f3a02aea164f4f59c0c3497772090a411b462" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 11:33:36 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 11:33:36 2011 +1000" }, "message": "EVM: ensure trusted and encypted key symbols are available to EVM\n\nSelect trusted and encrypted keys if EVM is selected, to ensure\nthe requisite symbols are available. Otherwise, these can be\nselected as modules while EVM is static, leading to a kernel\nbuild failure.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5a2f3a02aea164f4f59c0c3497772090a411b462", "tree": "d3ebe03d4f97575290087843960baa01de3acd0a", "parents": [ "1d568ab068c021672d6cd7f50f92a3695a921ffb", "817b54aa45db03437c6d09a7693fc6926eb8e822" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 10:31:03 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 10:31:03 2011 +1000" }, "message": "Merge branch \u0027next-evm\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/ima-2.6 into next\n\nConflicts:\n\tfs/attr.c\n\nResolve conflict manually.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4d81897139ffb738ee14b6f84f63f93ecda1136b", "tree": "27bbf6c03ccc9087e6bdc73b7fed31b471eb8048", "parents": [ "322a8b034003c0d46d39af85bf24fee27b902f48" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Aug 06 23:38:30 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 08 13:13:45 2011 +1000" }, "message": "TOMOYO: Fix incomplete read of /sys/kernel/security/tomoyo/profile\n\nCommit bd03a3e4 \"TOMOYO: Add policy namespace support.\" forgot to set EOF flag\nand forgot to print namespace at PREFERENCE line.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "82c21bfab41a77bc01affe21bea9727d776774a7", "tree": "b0c5850be07c7f6d747df389f8f15780887da630", "parents": [ "87a0874cf19f1bc9bd25bd7d053a0ea25ccf8373" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Aug 01 11:10:33 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Aug 01 17:58:33 2011 -0700" }, "message": "doc: Update the email address for Paul Moore in various source files\n\nMy @hp.com will no longer be valid starting August 5, 2011 so an update is\nnecessary. My new email address is employer independent so we don\u0027t have\nto worry about doing this again any time soon.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "95b6886526bb510b8370b625a49bc0ab3b8ff10f", "tree": "2862606224820d200be12d2092dcd26df1654b80", "parents": [ "22712200e175e0df5c7f9edfe6c6bf5c94c23b83", "29412f0f6a19e34336368f13eab848091c343952" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jul 27 19:26:38 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jul 27 19:26:38 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (54 commits)\n tpm_nsc: Fix bug when loading multiple TPM drivers\n tpm: Move tpm_tis_reenable_interrupts out of CONFIG_PNP block\n tpm: Fix compilation warning when CONFIG_PNP is not defined\n TOMOYO: Update kernel-doc.\n tpm: Fix a typo\n tpm_tis: Probing function for Intel iTPM bug\n tpm_tis: Fix the probing for interrupts\n tpm_tis: Delay ACPI S3 suspend while the TPM is busy\n tpm_tis: Re-enable interrupts upon (S3) resume\n tpm: Fix display of data in pubek sysfs entry\n tpm_tis: Add timeouts sysfs entry\n tpm: Adjust interface timeouts if they are too small\n tpm: Use interface timeouts returned from the TPM\n tpm_tis: Introduce durations sysfs entry\n tpm: Adjust the durations if they are too small\n tpm: Use durations returned from TPM\n TOMOYO: Enable conditional ACL.\n TOMOYO: Allow using argv[]/envp[] of execve() as conditions.\n TOMOYO: Allow using executable\u0027s realpath and symlink\u0027s target as conditions.\n TOMOYO: Allow using owner/group etc. of file objects as conditions.\n ...\n\nFix up trivial conflict in security/tomoyo/realpath.c\n" }, { "commit": "e371d46ae45488bcb112a99a7de462e9e3aa6764", "tree": "9e2eceb292018e52304053bd8013cdb0a7f31dcc", "parents": [ "b0189cd087aa82bd23277cb5c8960ab030e13e5c", "e57712ebebbb9db7d8dcef216437b3171ddcf115" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jul 26 18:30:20 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jul 26 18:30:20 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:\n merge fchmod() and fchmodat() guts, kill ancient broken kludge\n xfs: fix misspelled S_IS...()\n xfs: get rid of open-coded S_ISREG(), etc.\n vfs: document locking requirements for d_move, __d_move and d_materialise_unique\n omfs: fix (mode \u0026 S_IFDIR) abuse\n btrfs: S_ISREG(mode) is not mode \u0026 S_IFREG...\n ima: fmode_t misspelled as mode_t...\n pci-label.c: size_t misspelled as mode_t\n jffs2: S_ISLNK(mode \u0026 S_IFMT) is pointless\n snd_msnd -\u003emode is fmode_t, not mode_t\n v9fs_iop_get_acl: get rid of unused variable\n vfs: dont chain pipe/anon/socket on superblock s_inodes list\n Documentation: Exporting: update description of d_splice_alias\n fs: add missing unlock in default_llseek()\n" }, { "commit": "60063497a95e716c9a689af3be2687d261f115b4", "tree": "6ce0d68db76982c53df46aee5f29f944ebf2c320", "parents": [ "148817ba092f9f6edd35bad3c6c6b8e8f90fe2ed" ], "author": { "name": "Arun Sharma", "email": "asharma@fb.com", "time": "Tue Jul 26 16:09:06 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jul 26 16:49:47 2011 -0700" }, "message": "atomic: use \u003clinux/atomic.h\u003e\n\nThis allows us to move duplicated code in \u003casm/atomic.h\u003e\n(atomic_inc_not_zero() for now) to \u003clinux/atomic.h\u003e\n\nSigned-off-by: Arun Sharma \u003casharma@fb.com\u003e\nReviewed-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: David Miller \u003cdavem@davemloft.net\u003e\nCc: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Mike Frysinger \u003cvapier@gentoo.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4b2a2c67415f1ab128f1d0b340fe6d13363335e5", "tree": "4553a90b12550980ac1dc40288458865e3eb186f", "parents": [ "ed476418394f12d47f27a75424c237a94d244f10" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 04:30:35 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 13:04:32 2011 -0400" }, "message": "ima: fmode_t misspelled as mode_t...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d3ec4844d449cf7af9e749f73ba2052fb7b72fc2", "tree": "c515913e85f7e50878c83da2a88bc5a7269d087c", "parents": [ "0003230e8200699860f0b10af524dc47bf8aecad", "df2e301fee3c2c2a87592151397ad7699bb14c37" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jul 25 13:56:39 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jul 25 13:56:39 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (43 commits)\n fs: Merge split strings\n treewide: fix potentially dangerous trailing \u0027;\u0027 in #defined values/expressions\n uwb: Fix misspelling of neighbourhood in comment\n net, netfilter: Remove redundant goto in ebt_ulog_packet\n trivial: don\u0027t touch files that are removed in the staging tree\n lib/vsprintf: replace link to Draft by final RFC number\n doc: Kconfig: `to be\u0027 -\u003e `be\u0027\n doc: Kconfig: Typo: square -\u003e squared\n doc: Konfig: Documentation/power/{pm \u003d\u003e apm-acpi}.txt\n drivers/net: static should be at beginning of declaration\n drivers/media: static should be at beginning of declaration\n drivers/i2c: static should be at beginning of declaration\n XTENSA: static should be at beginning of declaration\n SH: static should be at beginning of declaration\n MIPS: static should be at beginning of declaration\n ARM: static should be at beginning of declaration\n rcu: treewide: Do not use rcu_read_lock_held when calling rcu_dereference_check\n Update my e-mail address\n PCIe ASPM: forcedly -\u003e forcibly\n gma500: push through device driver tree\n ...\n\nFix up trivial conflicts:\n - arch/arm/mach-ep93xx/dma-m2p.c (deleted)\n - drivers/gpio/gpio-ep93xx.c (renamed and context nearby)\n - drivers/net/r8169.c (just context changes)\n" }, { "commit": "423e0ab086ad8b33626e45fa94ac7613146b7ffa", "tree": "249c9337a02254fe5dbede7436f78dfcc1ec508f", "parents": [ "bbd9d6f7fbb0305c9a592bf05a32e87eb364a4ff" ], "author": { "name": "Tim Chen", "email": "tim.c.chen@linux.intel.com", "time": "Tue Jul 19 09:32:38 2011 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 24 10:08:32 2011 -0400" }, "message": "VFS : mount lock scalability for internal mounts\n\nFor a number of file systems that don\u0027t have a mount point (e.g. sockfs\nand pipefs), they are not marked as long term. Therefore in\nmntput_no_expire, all locks in vfs_mount lock are taken instead of just\nlocal cpu\u0027s lock to aggregate reference counts when we release\nreference to file objects. In fact, only local lock need to have been\ntaken to update ref counts as these file systems are in no danger of\ngoing away until we are ready to unregister them.\n\nThe attached patch marks file systems using kern_mount without\nmount point as long term. The contentions of vfs_mount lock\nis now eliminated. Before un-registering such file system,\nkern_unmount should be called to remove the long term flag and\nmake the mount point ready to be freed.\n\nSigned-off-by: Tim Chen \u003ctim.c.chen@linux.intel.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "bbd9d6f7fbb0305c9a592bf05a32e87eb364a4ff", "tree": "12b2bb4202b05f6ae6a43c6ce830a0472043dbe5", "parents": [ "8e204874db000928e37199c2db82b7eb8966cc3c", "5a9a43646cf709312d71eca71cef90ad802f28f9" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 22 19:02:39 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 22 19:02:39 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: (107 commits)\n vfs: use ERR_CAST for err-ptr tossing in lookup_instantiate_filp\n isofs: Remove global fs lock\n jffs2: fix IN_DELETE_SELF on overwriting rename() killing a directory\n fix IN_DELETE_SELF on overwriting rename() on ramfs et.al.\n mm/truncate.c: fix build for CONFIG_BLOCK not enabled\n fs:update the NOTE of the file_operations structure\n Remove dead code in dget_parent()\n AFS: Fix silly characters in a comment\n switch d_add_ci() to d_splice_alias() in \"found negative\" case as well\n simplify gfs2_lookup()\n jfs_lookup(): don\u0027t bother with . or ..\n get rid of useless dget_parent() in btrfs rename() and link()\n get rid of useless dget_parent() in fs/btrfs/ioctl.c\n fs: push i_mutex and filemap_write_and_wait down into -\u003efsync() handlers\n drivers: fix up various -\u003ellseek() implementations\n fs: handle SEEK_HOLE/SEEK_DATA properly in all fs\u0027s that define their own llseek\n Ext4: handle SEEK_HOLE/SEEK_DATA generically\n Btrfs: implement our own -\u003ellseek\n fs: add SEEK_HOLE and SEEK_DATA flags\n reiserfs: make reiserfs default to barrier\u003dflush\n ...\n\nFix up trivial conflicts in fs/xfs/linux-2.6/xfs_super.c due to the new\nshrinker callout for the inode cache, that clashed with the xfs code to\nstart the periodic workers later.\n" }, { "commit": "0342cbcfced2ee937d7c8e1c63f3d3082da7c7dc", "tree": "fb98291d321a50de2dfd99f9bcaa33274f0c3952", "parents": [ "391d6276db9fbdedfbc30e1b56390414f0e55988", "7f70893173b056df691b2ee7546bb44fd9abae6a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 22 16:44:08 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 22 16:44:08 2011 -0700" }, "message": "Merge branch \u0027core-rcu-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip\n\n* \u0027core-rcu-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:\n rcu: Fix wrong check in list_splice_init_rcu()\n net,rcu: Convert call_rcu(xt_rateest_free_rcu) to kfree_rcu()\n sysctl,rcu: Convert call_rcu(free_head) to kfree\n vmalloc,rcu: Convert call_rcu(rcu_free_vb) to kfree_rcu()\n vmalloc,rcu: Convert call_rcu(rcu_free_va) to kfree_rcu()\n ipc,rcu: Convert call_rcu(ipc_immediate_free) to kfree_rcu()\n ipc,rcu: Convert call_rcu(free_un) to kfree_rcu()\n security,rcu: Convert call_rcu(sel_netport_free) to kfree_rcu()\n security,rcu: Convert call_rcu(sel_netnode_free) to kfree_rcu()\n ia64,rcu: Convert call_rcu(sn_irq_info_free) to kfree_rcu()\n block,rcu: Convert call_rcu(disk_free_ptbl_rcu_cb) to kfree_rcu()\n scsi,rcu: Convert call_rcu(fc_rport_free_rcu) to kfree_rcu()\n audit_tree,rcu: Convert call_rcu(__put_tree) to kfree_rcu()\n security,rcu: Convert call_rcu(whitelist_item_free) to kfree_rcu()\n md,rcu: Convert call_rcu(free_conf) to kfree_rcu()\n" }, { "commit": "8209f53d79444747782a28520187abaf689761f2", "tree": "726270ea29e037f026d77a99787b9d844531ac42", "parents": [ "22a3b9771117d566def0150ea787fcc95f16e724", "eac1b5e57d7abc836e78fd3fbcf77dbeed01edc9" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 22 15:06:50 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 22 15:06:50 2011 -0700" }, "message": "Merge branch \u0027ptrace\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/oleg/misc\n\n* \u0027ptrace\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/oleg/misc: (39 commits)\n ptrace: do_wait(traced_leader_killed_by_mt_exec) can block forever\n ptrace: fix ptrace_signal() \u0026\u0026 STOP_DEQUEUED interaction\n connector: add an event for monitoring process tracers\n ptrace: dont send SIGSTOP on auto-attach if PT_SEIZED\n ptrace: mv send-SIGSTOP from do_fork() to ptrace_init_task()\n ptrace_init_task: initialize child-\u003ejobctl explicitly\n has_stopped_jobs: s/task_is_stopped/SIGNAL_STOP_STOPPED/\n ptrace: make former thread ID available via PTRACE_GETEVENTMSG after PTRACE_EVENT_EXEC stop\n ptrace: wait_consider_task: s/same_thread_group/ptrace_reparented/\n ptrace: kill real_parent_is_ptracer() in in favor of ptrace_reparented()\n ptrace: ptrace_reparented() should check same_thread_group()\n redefine thread_group_leader() as exit_signal \u003e\u003d 0\n do not change dead_task-\u003eexit_signal\n kill task_detached()\n reparent_leader: check EXIT_DEAD instead of task_detached()\n make do_notify_parent() __must_check, update the callers\n __ptrace_detach: avoid task_detached(), check do_notify_parent()\n kill tracehook_notify_death()\n make do_notify_parent() return bool\n ptrace: s/tracehook_tracer_task()/ptrace_parent()/\n ...\n" }, { "commit": "449a68cc656fddeda448e324c57062a19cf451b9", "tree": "d192d6582aa8a93f8e84d3b1784340c03b9d0b0e", "parents": [ "9801c60e99ed76c5730fb290c00bfad12a419972" ], "author": { "name": "Lai Jiangshan", "email": "laijs@cn.fujitsu.com", "time": "Fri Mar 18 12:05:57 2011 +0800" }, "committer": { "name": "Paul E. McKenney", "email": "paulmck@linux.vnet.ibm.com", "time": "Wed Jul 20 14:10:15 2011 -0700" }, "message": "security,rcu: Convert call_rcu(sel_netport_free) to kfree_rcu()\n\nThe rcu callback sel_netport_free() just calls a kfree(),\nso we use kfree_rcu() instead of the call_rcu(sel_netport_free).\n\nSigned-off-by: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nReviewed-by: Josh Triplett \u003cjosh@joshtriplett.org\u003e\n" }, { "commit": "9801c60e99ed76c5730fb290c00bfad12a419972", "tree": "4c010680b33015e237f0761a3a3c79d180f13857", "parents": [ "f218a7ee7a1c37058eef4bb5fefff9bdb0f52766" ], "author": { "name": "Lai Jiangshan", "email": "laijs@cn.fujitsu.com", "time": "Fri Mar 18 12:05:22 2011 +0800" }, "committer": { "name": "Paul E. McKenney", "email": "paulmck@linux.vnet.ibm.com", "time": "Wed Jul 20 14:10:14 2011 -0700" }, "message": "security,rcu: Convert call_rcu(sel_netnode_free) to kfree_rcu()\n\nThe rcu callback sel_netnode_free() just calls a kfree(),\nso we use kfree_rcu() instead of the call_rcu(sel_netnode_free).\n\nSigned-off-by: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nReviewed-by: Josh Triplett \u003cjosh@joshtriplett.org\u003e\n" }, { "commit": "6034f7e603cd2dae8ed9a1d8d2ccfeb6b5c48d73", "tree": "dc18a4d1374dbd4e15414c67cb44bd359aefd62d", "parents": [ "b119cbab3aecd19dbd748a9823c02d200b96b2f8" ], "author": { "name": "Lai Jiangshan", "email": "laijs@cn.fujitsu.com", "time": "Tue Mar 15 18:07:57 2011 +0800" }, "committer": { "name": "Paul E. McKenney", "email": "paulmck@linux.vnet.ibm.com", "time": "Wed Jul 20 11:05:30 2011 -0700" }, "message": "security,rcu: Convert call_rcu(whitelist_item_free) to kfree_rcu()\n\nThe rcu callback whitelist_item_free() just calls a kfree(),\nso we use kfree_rcu() instead of the call_rcu(whitelist_item_free).\n\nSigned-off-by: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Josh Triplett \u003cjosh@joshtriplett.org\u003e\n" }, { "commit": "fb408e6ccc32404a05783911b6f3fed56bd17b06", "tree": "ad19408c2e4b2f8eaac9e3dc541f432fc85bc2fd", "parents": [ "a4464dbc0ca6a3ab8e9d1206bc05059dae2a559d" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jul 07 15:12:51 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jul 20 01:44:19 2011 -0400" }, "message": "get rid of pointless checks for dentry-\u003esb \u003d\u003d NULL\n\nit never is...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "eecdd358b467405a084d400d5ec571bbdbfe97a3", "tree": "357332873b909a19964e77dbae3c4aed5c100dc6", "parents": [ "cf1dd1dae851ce5765cda5de16aa965eef7c2dbf" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jun 20 19:48:41 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jul 20 01:43:29 2011 -0400" }, "message": "-\u003epermission() sanitizing: don\u0027t pass flags to exec_permission()\n\npass mask instead; kill security_inode_exec_permission() since we can use\nsecurity_inode_permission() instead.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cf1dd1dae851ce5765cda5de16aa965eef7c2dbf", "tree": "5ee564e56eca307701ce155e30a2cbb05b9937e3", "parents": [ "e74f71eb78a4a8b9eaf1bc65f20f761648e85f76" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jun 20 19:44:08 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jul 20 01:43:27 2011 -0400" }, "message": "selinux: don\u0027t transliterate MAY_NOT_BLOCK to IPERM_FLAG_RCU\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e74f71eb78a4a8b9eaf1bc65f20f761648e85f76", "tree": "7bc7fc1344f5ed6e3ce8132b36125ef5cec6407c", "parents": [ "10556cb21a0d0b24d95f00ea6df16f599a3345b2" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jun 20 19:38:15 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jul 20 01:43:26 2011 -0400" }, "message": "-\u003epermission() sanitizing: don\u0027t pass flags to -\u003einode_permission()\n\npass that via mask instead.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "817b54aa45db03437c6d09a7693fc6926eb8e822", "tree": "03d43f3abfbd8670e3a30a33ef868ec7705ef2c4", "parents": [ "7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri May 13 12:53:38 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:50 2011 -0400" }, "message": "evm: add evm_inode_setattr to prevent updating an invalid security.evm\n\nPermit changing of security.evm only when valid, unless in fixmode.\n\nReported-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac", "tree": "1de4ac95b25e6bebab103e4377047c8f76038dac", "parents": [ "24e0198efe0df50034ec1c14b2d7b5bb0f66d54a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu May 12 18:33:20 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:49 2011 -0400" }, "message": "evm: permit only valid security.evm xattrs to be updated\n\nIn addition to requiring CAP_SYS_ADMIN permission to modify/delete\nsecurity.evm, prohibit invalid security.evm xattrs from changing,\nunless in fixmode. This patch prevents inadvertent \u0027fixing\u0027 of\nsecurity.evm to reflect offline modifications.\n\nChangelog v7:\n- rename boot paramater \u0027evm_mode\u0027 to \u0027evm\u0027\n\nReported-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" } ], "next": "24e0198efe0df50034ec1c14b2d7b5bb0f66d54a" }