)]}'
{
  "log": [
    {
      "commit": "b5f545c880a2a47947ba2118b2509644ab7a2969",
      "tree": "8720e02262b0ff6309ae79603f6c63965296d378",
      "parents": [
        "cab8eb594e84b434d20412fc5a3985b0bee3ab9f"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Sun Jan 08 01:02:47 2006 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Sun Jan 08 20:13:53 2006 -0800"
      },
      "message": "[PATCH] keys: Permit running process to instantiate keys\n\nMake it possible for a running process (such as gssapid) to be able to\ninstantiate a key, as was requested by Trond Myklebust for NFS4.\n\nThe patch makes the following changes:\n\n (1) A new, optional key type method has been added. This permits a key type\n     to intercept requests at the point /sbin/request-key is about to be\n     spawned and do something else with them - passing them over the\n     rpc_pipefs files or netlink sockets for instance.\n\n     The uninstantiated key, the authorisation key and the intended operation\n     name are passed to the method.\n\n (2) The callout_info is no longer passed as an argument to /sbin/request-key\n     to prevent unauthorised viewing of this data using ps or by looking in\n     /proc/pid/cmdline.\n\n     This means that the old /sbin/request-key program will not work with the\n     patched kernel as it will expect to see an extra argument that is no\n     longer there.\n\n     A revised keyutils package will be made available tomorrow.\n\n (3) The callout_info is now attached to the authorisation key. Reading this\n     key will retrieve the information.\n\n (4) A new field has been added to the task_struct. This holds the\n     authorisation key currently active for a thread. Searches now look here\n     for the caller\u0027s set of keys rather than looking for an auth key in the\n     lowest level of the session keyring.\n\n     This permits a thread to be servicing multiple requests at once and to\n     switch between them. Note that this is per-thread, not per-process, and\n     so is usable in multithreaded programs.\n\n     The setting of this field is inherited across fork and exec.\n\n (5) A new keyctl function (KEYCTL_ASSUME_AUTHORITY) has been added that\n     permits a thread to assume the authority to deal with an uninstantiated\n     key. Assumption is only permitted if the authorisation key associated\n     with the uninstantiated key is somewhere in the thread\u0027s keyrings.\n\n     This function can also clear the assumption.\n\n (6) A new magic key specifier has been added to refer to the currently\n     assumed authorisation key (KEY_SPEC_REQKEY_AUTH_KEY).\n\n (7) Instantiation will only proceed if the appropriate authorisation key is\n     assumed first. The assumed authorisation key is discarded if\n     instantiation is successful.\n\n (8) key_validate() is moved from the file of request_key functions to the\n     file of permissions functions.\n\n (9) The documentation is updated.\n\nFrom: \u003cValdis.Kletnieks@vt.edu\u003e\n\n    Build fix.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nCc: Alexander Zangerl \u003caz@bond.edu.au\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "29db9190634067c5a328ee5fcc2890251b836b4b",
      "tree": "07ec242789230824f1fa8bcbbe681fd5bf166fa8",
      "parents": [
        "2aa349f6e37ce030060c994d3aebbff4ab703565"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Sun Oct 30 15:02:44 2005 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Sun Oct 30 17:37:23 2005 -0800"
      },
      "message": "[PATCH] Keys: Add LSM hooks for key management [try #3]\n\nThe attached patch adds LSM hooks for key management facilities. The notable\nchanges are:\n\n (1) The key struct now supports a security pointer for the use of security\n     modules. This will permit key labelling and restrictions on which\n     programs may access a key.\n\n (2) Security modules get a chance to note (or abort) the allocation of a key.\n\n (3) The key permission checking can now be enhanced by the security modules;\n     the permissions check consults LSM if all other checks bear out.\n\n (4) The key permissions checking functions now return an error code rather\n     than a boolean value.\n\n (5) An extra permission has been added to govern the modification of\n     attributes (UID, GID, permissions).\n\nNote that there isn\u0027t an LSM hook specifically for each keyctl() operation,\nbut rather the permissions hook allows control of individual operations based\non the permission request bits.\n\nKey management access control through LSM is enabled by automatically if both\nCONFIG_KEYS and CONFIG_SECURITY are enabled.\n\nThis should be applied on top of the patch ensubjected:\n\n\t[PATCH] Keys: Possessor permissions should be additive\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Chris Wright \u003cchrisw@osdl.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "7ab501db8cb6659efdf04034e0de6b44c059a51b",
      "tree": "cdcf34873ab91219e17b265610a83bea213ec3c4",
      "parents": [
        "468ed2b0c85ec4310b429e60358213b6d077289e"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Fri Oct 07 16:41:24 2005 +0100"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Sat Oct 08 14:54:48 2005 -0700"
      },
      "message": "[PATCH] Keys: Possessor permissions should be additive\n\nThis patch makes the possessor permissions on a key additive with\nuser/group/other permissions on the same key.\n\nThis permits extra rights to be granted to the possessor of a key without\ntaking away any rights conferred by them owning the key or having common group\nmembership.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "468ed2b0c85ec4310b429e60358213b6d077289e",
      "tree": "d1f570c1b89df450753cbec8768b1c1cfac6d9a2",
      "parents": [
        "f1a9badcf6ecad9975240d94514721cb93932151"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Fri Oct 07 15:07:38 2005 +0100"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Sat Oct 08 14:53:31 2005 -0700"
      },
      "message": "[PATCH] Keys: Split key permissions checking into a .c file\n\nThe attached patch splits key permissions checking out of key-ui.h and\nmoves it into a .c file.  It\u0027s quite large and called quite a lot, and\nit\u0027s about to get bigger with the addition of LSM support for keys...\n\nkey_any_permission() is also discarded as it\u0027s no longer used.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    }
  ]
}