)]}' { "log": [ { "commit": "788e7dd4c22e6f41b3a118fd8c291f831f6fddbb", "tree": "cbe2d2a360aaf7dc243bef432e1c50507ae6db7b", "parents": [ "3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9" ], "author": { "name": "Yuichi Nakamura", "email": "ynakam@hitachisoft.jp", "time": "Fri Sep 14 09:27:07 2007 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 17 08:59:31 2007 +1000" }, "message": "SELinux: Improve read/write performance\n\nIt reduces the selinux overhead on read/write by only revalidating\npermissions in selinux_file_permission if the task or inode labels have\nchanged or the policy has changed since the open-time check. A new LSM\nhook, security_dentry_open, is added to capture the necessary state at open\ntime to allow this optimization.\n\n(see http://marc.info/?l\u003dselinux\u0026m\u003d118972995207740\u0026w\u003d2)\n\nSigned-off-by: Yuichi Nakamura\u003cynakam@hitachisoft.jp\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a224be766bf593f7bcd534ca0c48dbd3eaf7bfce", "tree": "b0a053b35fe654fb35199c1b5326a4d3932f79da", "parents": [ "762cc40801ad757a34527d5e548816cf3b6fc606" ], "author": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Oct 15 02:58:25 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Oct 15 12:26:44 2007 -0700" }, "message": "[SELINUX]: Update for netfilter -\u003ehook() arg changes.\n\nThey take a \"struct sk_buff *\" instead of a \"struct sk_buff **\" now.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "227b60f5102cda4e4ab792b526a59c8cb20cd9f8", "tree": "2c9e372601ba794894833b0618bc531a9f5d57c4", "parents": [ "06393009000779b00a558fd2f280882cc7dc2008" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@linux-foundation.org", "time": "Wed Oct 10 17:30:46 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Oct 10 17:30:46 2007 -0700" }, "message": "[INET]: local port range robustness\n\nExpansion of original idea from Denis V. Lunev \u003cden@openvz.org\u003e\n\nAdd robustness and locking to the local_port_range sysctl.\n1. Enforce that low \u003c high when setting.\n2. Use seqlock to ensure atomic update.\n\nThe locking might seem like overkill, but there are\ncases where sysadmin might want to change value in the\nmiddle of a DoS attack.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "31e879309474d1666d645b96de99d0b682fa055f", "tree": "bb9d45dc85e03044b5ee7635f3646774bcbb30d4", "parents": [ "a88a8eff1e6e32d3288986a9d36c6a449c032d3a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Sep 19 17:19:12 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 20 08:06:40 2007 +1000" }, "message": "SELinux: fix array out of bounds when mounting with selinux options\n\nGiven an illegal selinux option it was possible for match_token to work in\nrandom memory at the end of the match_table_t array.\n\nNote that privilege is required to perform a context mount, so this issue is\neffectively limited to root only.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4ac212ad4e8fafc22fa147fc255ff5fa5435cf33", "tree": "9ab703429a2b24ccafc6748c1e0f2147f2b47114", "parents": [ "a1c582d0720f2eff61043e90711767decf37b917" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Aug 29 08:51:50 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@localhost.localdomain", "time": "Thu Aug 30 20:22:47 2007 -0400" }, "message": "SELinux: clear parent death signal on SID transitions\n\nClear parent death signal on SID transitions to prevent unauthorized\nsignaling between SIDs.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: James Morris \u003cjmorris@localhost.localdomain\u003e\n" }, { "commit": "34b4e4aa3c470ce8fa2bd78abb1741b4b58baad7", "tree": "91d620288f1aaf63c12dc84ca1015465818601f2", "parents": [ "afe1ab4d577892822de2c8e803fbfaed6ec44ba3" ], "author": { "name": "Alan Cox", "email": "alan@lxorguk.ukuu.org.uk", "time": "Wed Aug 22 14:01:28 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Aug 22 19:52:45 2007 -0700" }, "message": "fix NULL pointer dereference in __vm_enough_memory()\n\nThe new exec code inserts an accounted vma into an mm struct which is not\ncurrent-\u003emm. The existing memory check code has a hard coded assumption\nthat this does not happen as does the security code.\n\nAs the correct mm is known we pass the mm to the security method and the\nhelper function. A new security test is added for the case where we need\nto pass the mm and the existing one is modified to pass current-\u003emm to\navoid the need to change large amounts of code.\n\n(Thanks to Tobias for fixing rejects and testing)\n\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nCc: WU Fengguang \u003cwfg@mail.ustc.edu.cn\u003e\nCc: James Morris \u003cjmorris@redhat.com\u003e\nCc: Tobias Diedrich \u003cranma+kernel@tdiedrich.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "088999e98b8caecd31adc3b62223a228555c5ab7", "tree": "ee16fd7c6cdde90642550ee9937fafb96e979f67", "parents": [ "9534f71ca33e5a9de26dfd43c76af86e005005dd" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Aug 01 11:12:58 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 02 11:52:23 2007 -0400" }, "message": "SELinux: remove redundant pointer checks before calling kfree()\n\nWe don\u0027t need to check for NULL pointers before calling kfree().\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "20c2df83d25c6a95affe6157a4c9cac4cf5ffaac", "tree": "415c4453d2b17a50abe7a3e515177e1fa337bd67", "parents": [ "64fb98fc40738ae1a98bcea9ca3145b89fb71524" ], "author": { "name": "Paul Mundt", "email": "lethal@linux-sh.org", "time": "Fri Jul 20 10:11:58 2007 +0900" }, "committer": { "name": "Paul Mundt", "email": "lethal@linux-sh.org", "time": "Fri Jul 20 10:11:58 2007 +0900" }, "message": "mm: Remove slab destructors from kmem_cache_create().\n\nSlab destructors were no longer supported after Christoph\u0027s\nc59def9f222d44bb7e2f0a559f2906191a0862d7 change. They\u0027ve been\nBUGs for both slab and slub, and slob never supported them\neither.\n\nThis rips out support for the dtor pointer from kmem_cache_create()\ncompletely and fixes up every single callsite in the kernel (there were\nabout 224, not including the slab allocator definitions themselves,\nor the documentation references).\n\nSigned-off-by: Paul Mundt \u003clethal@linux-sh.org\u003e\n" }, { "commit": "f36158c410651fe66f438c17b2ab3ae813f8c060", "tree": "644e57a36d918fe2b2fcdd2f59daffb847cd8d36", "parents": [ "23bcdc1adebd3cb47d5666f2e9ecada95c0134e4" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Jul 18 12:28:46 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jul 19 10:21:13 2007 -0400" }, "message": "SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel\n\nThese changes will make NetLabel behave like labeled IPsec where there is an\naccess check for both labeled and unlabeled packets as well as providing the\nability to restrict domains to receiving only labeled packets when NetLabel is\nin use. The changes to the policy are straight forward with the following\nnecessary to receive labeled traffic (with SECINITSID_NETMSG defined as\n\"netlabel_peer_t\"):\n\n allow mydom_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;\n\nThe policy for unlabeled traffic would be:\n\n allow mydom_t unlabeled_t:{ tcp_socket udp_socket rawip_socket } recvfrom;\n\nThese policy changes, as well as more general NetLabel support, are included in\nthe latest SELinux Reference Policy release 20070629 or later. Users who make\nuse of NetLabel are strongly encouraged to upgrade their policy to avoid\nnetwork problems. Users who do not make use of NetLabel will not notice any\ndifference.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3bd858ab1c451725c07a805dcb315215dc85b86e", "tree": "5d49c4300e350d64fd81eb3230b81f754117e0c1", "parents": [ "49c13b51a15f1ba9f6d47e26e4a3886c4f3931e2" ], "author": { "name": "Satyam Sharma", "email": "ssatyam@cse.iitk.ac.in", "time": "Tue Jul 17 15:00:08 2007 +0530" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Jul 17 12:00:03 2007 -0700" }, "message": "Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check\n\nIntroduce is_owner_or_cap() macro in fs.h, and convert over relevant\nusers to it. This is done because we want to avoid bugs in the future\nwhere we check for only effective fsuid of the current task against a\nfile\u0027s owning uid, without simultaneously checking for CAP_FOWNER as\nwell, thus violating its semantics.\n[ XFS uses special macros and structures, and in general looked ...\nuntouchable, so we leave it alone -- but it has been looked over. ]\n\nThe (current-\u003efsuid !\u003d inode-\u003ei_uid) check in generic_permission() and\nexec_permission_lite() is left alone, because those operations are\ncovered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH. Similarly operations\nfalling under the purview of CAP_CHOWN and CAP_LEASE are also left alone.\n\nSigned-off-by: Satyam Sharma \u003cssatyam@cse.iitk.ac.in\u003e\nCc: Al Viro \u003cviro@ftp.linux.org.uk\u003e\nAcked-by: Serge E. Hallyn \u003cserge@hallyn.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8d9107e8c50e1c4ff43c91c8841805833f3ecfb9", "tree": "abc57f38cf659d4031d5a9915a088f2c47b2cc7e", "parents": [ "16cefa8c3863721fd40445a1b34dea18cd16ccfe" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Jul 13 16:53:18 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Jul 13 16:53:18 2007 -0700" }, "message": "Revert \"SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel\"\n\nThis reverts commit 9faf65fb6ee2b4e08325ba2d69e5ccf0c46453d0.\n\nIt bit people like Michal Piotrowski:\n\n \"My system is too secure, I can not login :)\"\n\nbecause it changed how CONFIG_NETLABEL worked, and broke older SElinux\npolicies.\n\nAs a result, quoth James Morris:\n\n \"Can you please revert this patch?\n\n We thought it only affected people running MLS, but it will affect others.\n\n Sorry for the hassle.\"\n\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Michal Piotrowski \u003cmichal.k.k.piotrowski@gmail.com\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9faf65fb6ee2b4e08325ba2d69e5ccf0c46453d0", "tree": "ee167dc8c575dee062cdaf91d0b60a5997bba0c3", "parents": [ "ed0321895182ffb6ecf210e066d87911b270d587" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Jun 29 11:48:16 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:31 2007 -0400" }, "message": "SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel\n\nThese changes will make NetLabel behave like labeled IPsec where there is an\naccess check for both labeled and unlabeled packets as well as providing the\nability to restrict domains to receiving only labeled packets when NetLabel\nis in use. The changes to the policy are straight forward with the\nfollowing necessary to receive labeled traffic (with SECINITSID_NETMSG\ndefined as \"netlabel_peer_t\"):\n\n allow mydom_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;\n\nThe policy for unlabeled traffic would be:\n\n allow mydom_t unlabeled_t:{ tcp_socket udp_socket rawip_socket } recvfrom;\n\nThese policy changes, as well as more general NetLabel support, are included\nin the SELinux Reference Policy SVN tree, r2352 or later. Users who enable\nNetLabel support in the kernel are strongly encouraged to upgrade their\npolicy to avoid network problems.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ed0321895182ffb6ecf210e066d87911b270d587", "tree": "832bb54666f73b06e55322df40f915c5e9ef64d7", "parents": [ "13bddc2e9d591e31bf20020dc19ea6ca85de420e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 28 15:55:21 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:29 2007 -0400" }, "message": "security: Protection for exploiting null dereference using mmap\n\nAdd a new security check on mmap operations to see if the user is attempting\nto mmap to low area of the address space. The amount of space protected is\nindicated by the new proc tunable /proc/sys/vm/mmap_min_addr and defaults to\n0, preserving existing behavior.\n\nThis patch uses a new SELinux security class \"memprotect.\" Policy already\ncontains a number of allow rules like a_t self:process * (unconfined_t being\none of them) which mean that putting this check in the process class (its\nbest current fit) would make it useless as all user processes, which we also\nwant to protect against, would be allowed. By taking the memprotect name of\nthe new class it will also make it possible for us to move some of the other\nmemory protect permissions out of \u0027process\u0027 and into the new class next time\nwe bump the policy version number (which I also think is a good future idea)\n\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2c3c05dbcbc7b9d71549fe0e2b249f10f5a66518", "tree": "bab75df9fafc435f3370a6d773d3284716347249", "parents": [ "9dc9978084ea2a96b9f42752753d9e38a9f9d7b2" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jun 07 15:34:10 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:25 2007 -0400" }, "message": "SELinux: allow preemption between transition permission checks\n\nIn security_get_user_sids, move the transition permission checks\noutside of the section holding the policy rdlock, and use the AVC to\nperform the checks, calling cond_resched after each one. These\nchanges should allow preemption between the individual checks and\nenable caching of the results. It may however increase the overall\ntime spent in the function in some cases, particularly in the cache\nmiss case.\n\nThe long term fix will be to take much of this logic to userspace by\nexporting additional state via selinuxfs, and ultimately deprecating\nand eliminating this interface from the kernel.\n\nTested-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e63340ae6b6205fef26b40a75673d1c9c0c8bb90", "tree": "8d3212705515edec73c3936bb9e23c71d34a7b41", "parents": [ "04c9167f91e309c9c4ea982992aa08e83b2eb42e" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Tue May 08 00:28:08 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue May 08 11:15:07 2007 -0700" }, "message": "header cleaning: don\u0027t include smp_lock.h when not used\n\nRemove includes of \u003clinux/smp_lock.h\u003e where it is not used/needed.\nSuggested by Al Viro.\n\nBuilds cleanly on x86_64, i386, alpha, ia64, powerpc, sparc,\nsparc64, and arm (all 59 defconfigs).\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "98a27ba485c7508ef9d9527fe06e4686f3a163dc", "tree": "73d5dca7f1b5120ecf1bbcc664094044bc35dc56", "parents": [ "2a65f1d9fe78475720bd8f0e0fbbf1973b1b5ac2" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue May 08 00:26:56 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue May 08 11:15:04 2007 -0700" }, "message": "tty: introduce no_tty and use it in selinux\n\nWhile researching the tty layer pid leaks I found a weird case in selinux when\nwe drop a controlling tty because of inadequate permissions we don\u0027t do the\nnormal hangup processing. Which is a problem if it happens the session leader\nhas exec\u0027d something that can no longer access the tty.\n\nWe already have code in the kernel to handle this case in the form of the\nTIOCNOTTY ioctl. So this patch factors out a helper function that is the\nessence of that ioctl and calls it from the selinux code.\n\nThis removes the inconsistency in handling dropping of a controlling tty and\nwho knows it might even make some part of user space happy because it received\na SIGHUP it was expecting.\n\nIn addition since this removes the last user of proc_set_tty outside of\ntty_io.c proc_set_tty is made static and removed from tty.h\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nAcked-by: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a205752d1ad2d37d6597aaae5a56fc396a770868", "tree": "1def76b02da90b98cefd66c4ba3904697963c358", "parents": [ "39bc89fd4019b164002adaacef92c4140e37955a", "e900a7d90ae1486ac95c10e0b7337fc2c2eda529" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Apr 27 10:47:29 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Apr 27 10:47:29 2007 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n selinux: preserve boolean values across policy reloads\n selinux: change numbering of boolean directory inodes in selinuxfs\n selinux: remove unused enumeration constant from selinuxfs\n selinux: explicitly number all selinuxfs inodes\n selinux: export initial SID contexts via selinuxfs\n selinux: remove userland security class and permission definitions\n SELinux: move security_skb_extlbl_sid() out of the security server\n MAINTAINERS: update selinux entry\n SELinux: rename selinux_netlabel.h to netlabel.h\n SELinux: extract the NetLabel SELinux support from the security server\n NetLabel: convert a BUG_ON in the CIPSO code to a runtime check\n NetLabel: cleanup and document CIPSO constants\n" }, { "commit": "4f6a993f96a256e83b9be7612f958c7bc4ca9f00", "tree": "385e5ce4423583b65780d20fce075cd936fe1449", "parents": [ "588a31577f86a5cd8b0bcde6026e4e6dcac8c383" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Mar 01 14:35:22 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:35:56 2007 -0400" }, "message": "SELinux: move security_skb_extlbl_sid() out of the security server\n\nAs suggested, move the security_skb_extlbl_sid() function out of the security\nserver and into the SELinux hooks file.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c60475bf35fc5fa10198df89187ab148527e72f7", "tree": "5f8081082c8be5865049c2c446583b67a9c786b3", "parents": [ "5778eabd9cdbf16ea3e40248c452b4fd25554d11" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Feb 28 15:14:23 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:35:50 2007 -0400" }, "message": "SELinux: rename selinux_netlabel.h to netlabel.h\n\nIn the beginning I named the file selinux_netlabel.h to avoid potential\nnamespace colisions. However, over time I have realized that there are several\nother similar cases of multiple header files with the same name so I\u0027m changing\nthe name to something which better fits with existing naming conventions.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b529ccf2799c14346d1518e9bdf1f88f03643e99", "tree": "f899a5a5d66d2ca21724c1871ee3afeda6c4a670", "parents": [ "965ffea43d4ebe8cd7b9fee78d651268dd7d23c5" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@redhat.com", "time": "Wed Apr 25 19:08:35 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 25 22:26:34 2007 -0700" }, "message": "[NETLINK]: Introduce nlmsg_hdr() helper\n\nFor the common \"(struct nlmsghdr *)skb-\u003edata\" sequence, so that we reduce the\nnumber of direct accesses to skb-\u003edata and for consistency with all the other\ncast skb member helpers.\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "bbe735e4247dba32568a305553b010081c8dea99", "tree": "95d96619c85785a47ccee48965b68d99cf946854", "parents": [ "e7dd65dafda5737a983c04d652a69ab8da78ee3f" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@redhat.com", "time": "Sat Mar 10 22:16:10 2007 -0300" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 25 22:24:58 2007 -0700" }, "message": "[SK_BUFF]: Introduce skb_network_offset()\n\nFor the quite common \u0027skb-\u003enh.raw - skb-\u003edata\u0027 sequence.\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "04ff97086b1a3237bbd1fe6390fa80fe75207e23", "tree": "877e26055759d84a726c6bc68245bc6f9a4a5753", "parents": [ "c4823bce033be74c0fcfbcae2f1be0854fdc2e18" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Mon Mar 12 16:17:58 2007 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Mar 14 15:27:48 2007 -0700" }, "message": "[PATCH] sanitize security_getprocattr() API\n\nhave it return the buffer it had allocated\n\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "fadcdb451632d32d7c0d4c71df9ac2d3b7ae2348", "tree": "51e411452a4aa05bb5150d4d670324badf1a4bd0", "parents": [ "9654640d0af8f2de40ff3807d3695109d3463f54" ], "author": { "name": "Eric Paris", "email": "eparis@parisplace.org", "time": "Thu Feb 22 18:11:31 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 26 14:43:07 2007 -0500" }, "message": "Reassign printk levels in selinux kernel code\n\nBelow is a patch which demotes many printk lines to KERN_DEBUG from\nKERN_INFO. It should help stop the spamming of logs with messages in\nwhich users are not interested nor is there any action that users should\ntake. It also promotes some KERN_INFO to KERN_ERR such as when there\nare improper attempts to register/unregister security modules.\n\nA similar patch was discussed a while back on list:\nhttp://marc.theaimsgroup.com/?t\u003d116656343500003\u0026r\u003d1\u0026w\u003d2\nThis patch addresses almost all of the issues raised. I believe the\nonly advice not taken was in the demoting of messages related to\nundefined permissions and classes.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n\n security/selinux/hooks.c | 20 ++++++++++----------\n security/selinux/ss/avtab.c | 2 +-\n security/selinux/ss/policydb.c | 6 +++---\n security/selinux/ss/sidtab.c | 2 +-\n 4 files changed, 15 insertions(+), 15 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bbaca6c2e7ef0f663bc31be4dad7cf530f6c4962", "tree": "c90c927fa0547ba46cb01aaf7625008e350d84eb", "parents": [ "b599fdfdb4bb4941e9076308efcf3bb89e577db5" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Feb 14 00:34:16 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Feb 14 08:10:00 2007 -0800" }, "message": "[PATCH] selinux: enhance selinux to always ignore private inodes\n\nHmmm...turns out to not be quite enough, as the /proc/sys inodes aren\u0027t truly\nprivate to the fs, so we can run into them in a variety of security hooks\nbeyond just the inode hooks, such as security_file_permission (when reading\nand writing them via the vfs helpers), security_sb_mount (when mounting other\nfilesystems on directories in proc like binfmt_misc), and deeper within the\nsecurity module itself (as in flush_unauthorized_files upon inheritance across\nexecve). So I think we have to add an IS_PRIVATE() guard within SELinux, as\nbelow. Note however that the use of the private flag here could be confusing,\nas these inodes are _not_ private to the fs, are exposed to userspace, and\nsecurity modules must implement the sysctl hook to get any access control over\nthem.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b599fdfdb4bb4941e9076308efcf3bb89e577db5", "tree": "c224273f3ef29749bf3f62e06f7ffdee595996c0", "parents": [ "3fbfa98112fc3962c416452a0baf2214381030e6" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Feb 14 00:34:15 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Feb 14 08:10:00 2007 -0800" }, "message": "[PATCH] sysctl: fix the selinux_sysctl_get_sid\n\nI goofed and when reenabling the fine grained selinux labels for\nsysctls and forgot to add the \"/sys\" prefix before consulting\nthe policy database. When computing the same path using\nproc_dir_entries we got the \"/sys\" for free as it was part\nof the tree, but it isn\u0027t true for clt_table trees.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3fbfa98112fc3962c416452a0baf2214381030e6", "tree": "5a14a9d97ba05f415698de7b4ec5949363c268a6", "parents": [ "d912b0cc1a617d7c590d57b7ea971d50c7f02503" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Feb 14 00:34:14 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Feb 14 08:10:00 2007 -0800" }, "message": "[PATCH] sysctl: remove the proc_dir_entry member for the sysctl tables\n\nIt isn\u0027t needed anymore, all of the users are gone, and all of the ctl_table\ninitializers have been converted to use explicit names of the fields they are\ninitializing.\n\n[akpm@osdl.org: NTFS fix]\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b385a144ee790f00e8559bcb8024d042863f9be1", "tree": "c2f2df78805fe8eff006716cee7b8fa8010d3b62", "parents": [ "521dae191e5ba9362152da9fd3a12203e087df83" ], "author": { "name": "Robert P. J. Day", "email": "rpjday@mindspring.com", "time": "Sat Feb 10 01:46:25 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sun Feb 11 11:18:06 2007 -0800" }, "message": "[PATCH] Replace regular code with appropriate calls to container_of()\n\nReplace a small number of expressions with a call to the \"container_of()\"\nmacro.\n\nSigned-off-by: Robert P. J. Day \u003crpjday@mindspring.com\u003e\nAcked-by: Paul Mackerras \u003cpaulus@samba.org\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c376222960ae91d5ffb9197ee36771aaed1d9f90", "tree": "7f431c42529fec77433d33490bd9f2a8c47ba091", "parents": [ "1b135431abf5ea92e61bf4e91d93726c7b96da5f" ], "author": { "name": "Robert P. J. Day", "email": "rpjday@mindspring.com", "time": "Sat Feb 10 01:45:03 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sun Feb 11 10:51:27 2007 -0800" }, "message": "[PATCH] Transform kmem_cache_alloc()+memset(0) -\u003e kmem_cache_zalloc().\n\nReplace appropriate pairs of \"kmem_cache_alloc()\" + \"memset(0)\" with the\ncorresponding \"kmem_cache_zalloc()\" call.\n\nSigned-off-by: Robert P. J. Day \u003crpjday@mindspring.com\u003e\nCc: \"Luck, Tony\" \u003ctony.luck@intel.com\u003e\nCc: Andi Kleen \u003cak@muc.de\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: James Bottomley \u003cJames.Bottomley@steeleye.com\u003e\nCc: Greg KH \u003cgreg@kroah.com\u003e\nAcked-by: Joel Becker \u003cJoel.Becker@oracle.com\u003e\nCc: Steven Whitehouse \u003cswhiteho@redhat.com\u003e\nCc: Jan Kara \u003cjack@ucw.cz\u003e\nCc: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "bbea9f69668a3d0cf9feba15a724cd02896f8675", "tree": "bc58506e4daba4a04309181a5501ae4eb5424783", "parents": [ "f3d19c90fb117a5f080310a4592929aa8e1ad8e9" ], "author": { "name": "Vadim Lobanov", "email": "vlobanov@speakeasy.net", "time": "Sun Dec 10 02:21:12 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Sun Dec 10 09:57:22 2006 -0800" }, "message": "[PATCH] fdtable: Make fdarray and fdsets equal in size\n\nCurrently, each fdtable supports three dynamically-sized arrays of data: the\nfdarray and two fdsets. The code allows the number of fds supported by the\nfdarray (fdtable-\u003emax_fds) to differ from the number of fds supported by each\nof the fdsets (fdtable-\u003emax_fdset).\n\nIn practice, it is wasteful for these two sizes to differ: whenever we hit a\nlimit on the smaller-capacity structure, we will reallocate the entire fdtable\nand all the dynamic arrays within it, so any delta in the memory used by the\nlarger-capacity structure will never be touched at all.\n\nRather than hogging this excess, we shouldn\u0027t even allocate it in the first\nplace, and keep the capacities of the fdarray and the fdsets equal. This\npatch removes fdtable-\u003emax_fdset. As an added bonus, most of the supporting\ncode becomes simpler.\n\nSigned-off-by: Vadim Lobanov \u003cvlobanov@speakeasy.net\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Dipankar Sarma \u003cdipankar@in.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "3d5ff529ea222461a5fa3c4df05cbdc5eb56864d", "tree": "28ec8432eb9212bc04e345c2e85addc132f3a34e", "parents": [ "7ac6207b2a6a5b828bc333f2530a3bd48197af3e" ], "author": { "name": "Josef Sipek", "email": "jsipek@fsl.cs.sunysb.edu", "time": "Fri Dec 08 02:37:38 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:49 2006 -0800" }, "message": "[PATCH] struct path: convert selinux\n\nSigned-off-by: Josef Sipek \u003cjsipek@fsl.cs.sunysb.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "24ec839c431eb79bb8f6abc00c4e1eb3b8c4d517", "tree": "2ff478b1925159eeac007913c2a8f19d5f5e6010", "parents": [ "562f9c574e0707f9159a729ea41faf53b221cd30" ], "author": { "name": "Peter Zijlstra", "email": "a.p.zijlstra@chello.nl", "time": "Fri Dec 08 02:36:04 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:38 2006 -0800" }, "message": "[PATCH] tty: -\u003esignal-\u003etty locking\n\nFix the locking of signal-\u003etty.\n\nUse -\u003esighand-\u003esiglock to protect -\u003esignal-\u003etty; this lock is already used\nby most other members of -\u003esignal/-\u003esighand. And unless we are \u0027current\u0027\nor the tasklist_lock is held we need -\u003esiglock to access -\u003esignal anyway.\n\n(NOTE: sys_unshare() is broken wrt -\u003esighand locking rules)\n\nNote that tty_mutex is held over tty destruction, so while holding\ntty_mutex any tty pointer remains valid. Otherwise the lifetime of ttys\nare governed by their open file handles. This leaves some holes for tty\naccess from signal-\u003etty (or any other non file related tty access).\n\nIt solves the tty SLAB scribbles we were seeing.\n\n(NOTE: the change from group_send_sig_info to __group_send_sig_info needs to\n be examined by someone familiar with the security framework, I think\n it is safe given the SEND_SIG_PRIV from other __group_send_sig_info\n invocations)\n\n[schwidefsky@de.ibm.com: 3270 fix]\n[akpm@osdl.org: various post-viro fixes]\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nAcked-by: Alan Cox \u003calan@redhat.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: Prarit Bhargava \u003cprarit@redhat.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Jeff Dike \u003cjdike@addtoit.com\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Jan Kara \u003cjack@ucw.cz\u003e\nSigned-off-by: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e18b890bb0881bbab6f4f1a6cd20d9c60d66b003", "tree": "4828be07e1c24781c264b42c5a75bcd968223c3f", "parents": [ "441e143e95f5aa1e04026cb0aa71c801ba53982f" ], "author": { "name": "Christoph Lameter", "email": "clameter@sgi.com", "time": "Wed Dec 06 20:33:20 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:25 2006 -0800" }, "message": "[PATCH] slab: remove kmem_cache_t\n\nReplace all uses of kmem_cache_t with struct kmem_cache.\n\nThe patch was generated using the following script:\n\n\t#!/bin/sh\n\t#\n\t# Replace one string by another in all the kernel sources.\n\t#\n\n\tset -e\n\n\tfor file in `find * -name \"*.c\" -o -name \"*.h\"|xargs grep -l $1`; do\n\t\tquilt add $file\n\t\tsed -e \"1,\\$s/$1/$2/g\" $file \u003e/tmp/$$\n\t\tmv /tmp/$$ $file\n\t\tquilt refresh\n\tdone\n\nThe script was run like this\n\n\tsh replace kmem_cache_t \"struct kmem_cache\"\n\nSigned-off-by: Christoph Lameter \u003cclameter@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e94b1766097d53e6f3ccfb36c8baa562ffeda3fc", "tree": "93fa0a8ab84976d4e89c50768ca8b8878d642a0d", "parents": [ "54e6ecb23951b195d02433a741c7f7cb0b796c78" ], "author": { "name": "Christoph Lameter", "email": "clameter@sgi.com", "time": "Wed Dec 06 20:33:17 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:24 2006 -0800" }, "message": "[PATCH] slab: remove SLAB_KERNEL\n\nSLAB_KERNEL is an alias of GFP_KERNEL.\n\nSigned-off-by: Christoph Lameter \u003cclameter@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "87fcd70d983d30eca4b933fff2e97d9a31743d0a", "tree": "2c79943f7691f80123af0145a8909f14011b0761", "parents": [ "91f433cacc9d1ae95ae46ce26d7bcf3a724c72d0" ], "author": { "name": "Al Viro", "email": "viro@hera.kernel.org", "time": "Mon Dec 04 22:00:55 2006 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Mon Dec 04 19:32:44 2006 -0800" }, "message": "[PATCH] selinux endianness annotations\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "3de4bab5b9f8848a0c16a4b1ffe0452f0d670237", "tree": "f65c12b53bf2ad02645ea31522f67e7318019498", "parents": [ "9f2ad66509b182b399a5b03de487f45bde623524" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Nov 17 17:38:54 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:24:14 2006 -0800" }, "message": "SELinux: peer secid consolidation for external network labeling\n\nNow that labeled IPsec makes use of the peer_sid field in the\nsk_security_struct we can remove a lot of the special cases between labeled\nIPsec and NetLabel. In addition, create a new function,\nsecurity_skb_extlbl_sid(), which we can use in several places to get the\nsecurity context of the packet\u0027s external label which allows us to further\nsimplify the code in a few places.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9f2ad66509b182b399a5b03de487f45bde623524", "tree": "8376dc2db99a78c1b043644f019c4dc224187f16", "parents": [ "9bb5fd2b05cb4dba229e225536faa59eaadd837d" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Nov 17 17:38:53 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:24:13 2006 -0800" }, "message": "NetLabel: SELinux cleanups\n\nThis patch does a lot of cleanup in the SELinux NetLabel support code. A\nsummary of the changes include:\n\n* Use RCU locking for the NetLabel state variable in the skk_security_struct\n instead of using the inode_security_struct mutex.\n* Remove unnecessary parameters in selinux_netlbl_socket_post_create().\n* Rename selinux_netlbl_sk_clone_security() to\n selinux_netlbl_sk_security_clone() to better fit the other NetLabel\n sk_security functions.\n* Improvements to selinux_netlbl_inode_permission() to help reduce the cost of\n the common case.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2ee92d46c6cabedd50edf6f273fa8cf84f707618", "tree": "bdf7c64514a5063ba4ef41915f9efb6f803fc38a", "parents": [ "90833aa4f496d69ca374af6acef7d1614c8693ff" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 13 16:09:01 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:22:24 2006 -0800" }, "message": "[SELinux]: Add support for DCCP\n\nThis patch implements SELinux kernel support for DCCP\n(http://linux-net.osdl.org/index.php/DCCP), which is similar in\noperation to TCP in terms of connected state between peers.\n\nThe SELinux support for DCCP is thus modeled on existing handling of\nTCP.\n\nA new DCCP socket class is introduced, to allow protocol\ndifferentation. The permissions for this class inherit all of the\nsocket permissions, as well as the current TCP permissions (node_bind,\nname_bind etc). IPv4 and IPv6 are supported, although labeled\nnetworking is not, at this stage.\n\nPatches for SELinux userspace are at:\nhttp://people.redhat.com/jmorris/selinux/dccp/user/\n\nI\u0027ve performed some basic testing, and it seems to be working as\nexpected. Adding policy support is similar to TCP, the only real\ndifference being that it\u0027s a different protocol.\n\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "67f83cbf081a70426ff667e8d14f94e13ed3bdca", "tree": "776a40733eacb9071478f865e6791daa3f6fd602", "parents": [ "6b877699c6f1efede4545bcecc367786a472eedb" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@trustedcs.com", "time": "Wed Nov 08 17:04:26 2006 -0600" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:21:34 2006 -0800" }, "message": "SELinux: Fix SA selection semantics\n\nFix the selection of an SA for an outgoing packet to be at the same\ncontext as the originating socket/flow. This eliminates the SELinux\npolicy\u0027s ability to use/sendto SAs with contexts other than the socket\u0027s.\n\nWith this patch applied, the SELinux policy will require one or more of the\nfollowing for a socket to be able to communicate with/without SAs:\n\n1. To enable a socket to communicate without using labeled-IPSec SAs:\n\nallow socket_t unlabeled_t:association { sendto recvfrom }\n\n2. To enable a socket to communicate with labeled-IPSec SAs:\n\nallow socket_t self:association { sendto };\nallow socket_t peer_sa_t:association { recvfrom };\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6b877699c6f1efede4545bcecc367786a472eedb", "tree": "c0a60dc90578fa9f16d4496e2700bc285eab47c0", "parents": [ "c1a856c9640c9ff3d70bbd8214b6a0974609eef8" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@trustedcs.com", "time": "Wed Nov 08 17:04:09 2006 -0600" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:21:33 2006 -0800" }, "message": "SELinux: Return correct context for SO_PEERSEC\n\nFix SO_PEERSEC for tcp sockets to return the security context of\nthe peer (as represented by the SA from the peer) as opposed to the\nSA used by the local/source socket.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fc5d81e69d15c65ca20d9e5b4e242690e3e9c27d", "tree": "487e7c5e25fb91246712747cc9595f750cffa30b", "parents": [ "2ea5814472c3c910aed5c5b60f1f3b1000e353f1" ], "author": { "name": "Akinobu Mita", "email": "akinobu.mita@gmail.com", "time": "Mon Nov 27 15:16:48 2006 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 27 10:22:43 2006 -0500" }, "message": "selinux: fix dentry_open() error check\n\nThe return value of dentry_open() shoud be checked by IS_ERR().\n\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Akinobu Mita \u003cakinobu.mita@gmail.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f8687afefcc821fc47c75775eec87731fe3de360", "tree": "9835a3c95fb94597ede42cfdf732b97cc495c9bf", "parents": [ "920b868ae1dfdac77c5e8c97e7067b23680f043e" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Oct 30 15:22:15 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Oct 30 15:24:49 2006 -0800" }, "message": "[NetLabel]: protect the CIPSOv4 socket option from setsockopt()\n\nThis patch makes two changes to protect applications from either removing or\ntampering with the CIPSOv4 IP option on a socket. The first is the requirement\nthat applications have the CAP_NET_RAW capability to set an IPOPT_CIPSO option\non a socket; this prevents untrusted applications from setting their own\nCIPSOv4 security attributes on the packets they send. The second change is to\nSELinux and it prevents applications from setting any IPv4 options when there\nis an IPOPT_CIPSO option already present on the socket; this prevents\napplications from removing CIPSOv4 security attributes from the packets they\nsend.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2148ccc437a9eac9f0d4b3c27cb1e41f6a48194c", "tree": "03dc59734526aa654d29e1b81cdad18369598182", "parents": [ "9a69d1aeccf169d9a1e442c07d3a6e87f06a7b49" ], "author": { "name": "David Woodhouse", "email": "dwmw2@infradead.org", "time": "Fri Sep 29 15:50:25 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 29 15:58:21 2006 -0700" }, "message": "[PATCH] MLSXFRM: fix mis-labelling of child sockets\n\nAccepted connections of types other than AF_INET, AF_INET6, AF_UNIX won\u0027t\nhave an appropriate label derived from the peer, so don\u0027t use it.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "3528a95322b5c1ce882ab723f175a1845430cd89", "tree": "3aa8b456e08ed3e57fe23152c934b8ed1b234022", "parents": [ "79f5acf5d784492afe80723496624093079aed9c" ], "author": { "name": "Cory Olmo", "email": "colmo@TrustedCS.com", "time": "Fri Sep 29 01:58:44 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 29 09:18:03 2006 -0700" }, "message": "[PATCH] SELinux: support mls categories for context mounts\n\nAllows commas to be embedded into context mount options (i.e. \"-o\ncontext\u003dsome_selinux_context_t\"), to better support multiple categories,\nwhich are separated by commas and confuse mount.\n\nFor example, with the current code:\n\n mount -t iso9660 /dev/cdrom /media/cdrom -o \\\n ro,context\u003dsystem_u:object_r:iso9660_t:s0:c1,c3,c4,exec\n\nThe context option that will be interpreted by SELinux is\ncontext\u003dsystem_u:object_r:iso9660_t:s0:c1\n\ninstead of\ncontext\u003dsystem_u:object_r:iso9660_t:s0:c1,c3,c4\n\nThe options that will be passed on to the file system will be\nro,c3,c4,exec.\n\nThe proposed solution is to allow/require the SELinux context option\nspecified to mount to use quotes when the context contains a comma.\n\nThis patch modifies the option parsing in parse_opts(), contained in\nmount.c, to take options after finding a comma only if it hasn\u0027t seen a\nquote or if the quotes are matched. It also introduces a new function that\nwill strip the quotes from the context option prior to translation. The\nquotes are replaced after the translation is completed to insure that in\nthe event the raw context contains commas the kernel will be able to\ninterpret the correct context.\n\nSigned-off-by: Cory Olmo \u003ccolmo@TrustedCS.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "b20c8122a3204496fca8b5343c93b60fe11dad04", "tree": "f807fb699dcec3f40a8de1a5c64f3653cf68bb6a", "parents": [ "bc7e982b84aceef0a040c88ff659eb5c83818f72" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Sep 25 23:32:03 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:53 2006 -0700" }, "message": "[PATCH] selinux: fix tty locking\n\nTake tty_mutex when accessing -\u003esignal-\u003etty in selinux code. Noted by Alan\nCox. Longer term, we are looking at refactoring the code to provide better\nencapsulation of the tty layer, but this is a simple fix that addresses the\nimmediate bug.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Alan Cox \u003calan@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "bc7e982b84aceef0a040c88ff659eb5c83818f72", "tree": "0e351e00c5fa90cd5b6a9b9f710e95ecb953b1f2", "parents": [ "23970741720360de9dd0a4e87fbeb1d5927aa474" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Sep 25 23:32:02 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:53 2006 -0700" }, "message": "[PATCH] SELinux: convert sbsec semaphore to a mutex\n\nThis patch converts the semaphore in the superblock security struct to a\nmutex. No locking changes or other code changes are done.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "23970741720360de9dd0a4e87fbeb1d5927aa474", "tree": "2dc28ddfeae751a673d43e1925fd131d6ed3e222", "parents": [ "296fddf7513c155adbd3a443d12add1f62b5cddb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Sep 25 23:32:01 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:53 2006 -0700" }, "message": "[PATCH] SELinux: change isec semaphore to a mutex\n\nThis patch converts the remaining isec-\u003esem into a mutex. Very similar\nlocking is provided as before only in the faster smaller mutex rather than a\nsemaphore. An out_unlock path is introduced rather than the conditional\nunlocking found in the original code.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "296fddf7513c155adbd3a443d12add1f62b5cddb", "tree": "1fc7e3067f1b635b34a178fcb9a96b88bf5c626e", "parents": [ "f3f8771420737004da55159c2f2dc0b6f483a4ef" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Sep 25 23:32:00 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:53 2006 -0700" }, "message": "[PATCH] SELinux: eliminate inode_security_set_security\n\ninode_security_set_sid is only called by security_inode_init_security, which\nis called when a new file is being created and needs to have its incore\nsecurity state initialized and its security xattr set. This helper used to be\ncalled in other places in the past, but now only has the one. So this patch\nrolls inode_security_set_sid directly back into security_inode_init_security.\nThere also is no need to hold the isec-\u003esem while doing this, as the inode is\nnot available to other threads at this point in time.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "99f59ed073d3c1b890690064ab285a201dea2e35", "tree": "0f6ae012cf4f988d3ae0c665fd3b12ea05409ec8", "parents": [ "fc747e82b40ea50a62eb2aef55bedd4465607cb0" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Aug 29 17:53:48 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 15:18:34 2006 -0700" }, "message": "[NetLabel]: Correctly initialize the NetLabel fields.\n\nFix a problem where the NetLabel specific fields of the sk_security_struct\nstructure were not being initialized early enough in some cases.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "9a673e563e543a5c8a6f9824562e55e807b8a56c", "tree": "53d26641175411b04ce7c755df72e515b3bf79ad", "parents": [ "97a4f3e7110619568aa239fe19143d9ec42dede5" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Tue Aug 15 00:03:53 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:54:44 2006 -0700" }, "message": "[SELINUX]: security/selinux/hooks.c: Make 4 functions static.\n\nThis patch makes four needlessly global functions static.\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7420ed23a4f77480b5b7b3245e5da30dd24b7575", "tree": "016f5bb996c5eae66754b10243c5be6226d773f2", "parents": [ "96cb8e3313c7a12e026c1ed510522ae6f6023875" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Fri Aug 04 23:17:57 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:36 2006 -0700" }, "message": "[NetLabel]: SELinux support\n\nAdd NetLabel support to the SELinux LSM and modify the\nsocket_post_create() LSM hook to return an error code. The most\nsignificant part of this patch is the addition of NetLabel hooks into\nthe following SELinux LSM hooks:\n\n * selinux_file_permission()\n * selinux_socket_sendmsg()\n * selinux_socket_post_create()\n * selinux_socket_sock_rcv_skb()\n * selinux_socket_getpeersec_stream()\n * selinux_socket_getpeersec_dgram()\n * selinux_sock_graft()\n * selinux_inet_conn_request()\n\nThe basic reasoning behind this patch is that outgoing packets are\n\"NetLabel\u0027d\" by labeling their socket and the NetLabel security\nattributes are checked via the additional hook in\nselinux_socket_sock_rcv_skb(). NetLabel itself is only a labeling\nmechanism, similar to filesystem extended attributes, it is up to the\nSELinux enforcement mechanism to perform the actual access checks.\n\nIn addition to the changes outlined above this patch also includes\nsome changes to the extended bitmap (ebitmap) and multi-level security\n(mls) code to import and export SELinux TE/MLS attributes into and out\nof NetLabel.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a51c64f1e5c2876eab2a32955acd9e8015c91c15", "tree": "1cc49c6ee7a3135ea000956e5fef41ff4c8e2ebe", "parents": [ "4237c75c0a35535d7f9f2bfeeb4b4df1e068a0bf" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Thu Jul 27 22:01:34 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:30 2006 -0700" }, "message": "[MLSXFRM]: Fix build with SECURITY_NETWORK_XFRM disabled.\n\nThe following patch will fix the build problem (encountered by Andrew\nMorton) when SECURITY_NETWORK_XFRM is not enabled.\n\nAs compared to git-net-selinux_xfrm_decode_session-build-fix.patch in\n-mm, this patch sets the return parameter sid to SECSID_NULL in\nselinux_xfrm_decode_session() and handles this value in the caller\nselinux_inet_conn_request() appropriately.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4237c75c0a35535d7f9f2bfeeb4b4df1e068a0bf", "tree": "02adcb6fe6c346a8b99cf161ba5233ed1e572727", "parents": [ "cb969f072b6d67770b559617f14e767f47e77ece" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Mon Jul 24 23:32:50 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:29 2006 -0700" }, "message": "[MLSXFRM]: Auto-labeling of child sockets\n\nThis automatically labels the TCP, Unix stream, and dccp child sockets\nas well as openreqs to be at the same MLS level as the peer. This will\nresult in the selection of appropriately labeled IPSec Security\nAssociations.\n\nThis also uses the sock\u0027s sid (as opposed to the isec sid) in SELinux\nenforcement of secmark in rcv_skb and postroute_last hooks.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "beb8d13bed80f8388f1a9a107d07ddd342e627e8", "tree": "19d5763b9b3b8ff3969997565e5ec0edd6e4bd33", "parents": [ "4e2ba18eae7f370c7c3ed96eaca747cc9b39f917" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Fri Aug 04 23:12:42 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:27 2006 -0700" }, "message": "[MLSXFRM]: Add flow labeling\n\nThis labels the flows that could utilize IPSec xfrms at the points the\nflows are defined so that IPSec policy and SAs at the right label can\nbe used.\n\nThe following protos are currently not handled, but they should\ncontinue to be able to use single-labeled IPSec like they currently\ndo.\n\nipmr\nip_gre\nipip\nigmp\nsit\nsctp\nip6_tunnel (IPv6 over IPv6 tunnel device)\ndecnet\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "e0d1caa7b0d5f02e4f34aa09c695d04251310c6c", "tree": "bf023c17abf6813f2694ebf5fafff82edd6a1023", "parents": [ "b6340fcd761acf9249b3acbc95c4dc555d9beb07" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Mon Jul 24 23:29:07 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:24 2006 -0700" }, "message": "[MLSXFRM]: Flow based matching of xfrm policy and state\n\nThis implements a seemless mechanism for xfrm policy selection and\nstate matching based on the flow sid. This also includes the necessary\nSELinux enforcement pieces.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "892c141e62982272b9c738b5520ad0e5e1ad7b42", "tree": "c8e0c9b3e55106d2cb085a5047b9d02dbbb28653", "parents": [ "08554d6b33e60aa8ee40bbef94505941c0eefef2" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Fri Aug 04 23:08:56 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:22 2006 -0700" }, "message": "[MLSXFRM]: Add security sid to sock\n\nThis adds security for IP sockets at the sock level. Security at the\nsock level is needed to enforce the SELinux security policy for\nsecurity associations even when a sock is orphaned (such as in the TCP\nLAST_ACK state).\n\nThis will also be used to enforce SELinux controls over data arriving\nat or leaving a child socket while it\u0027s still waiting to be accepted.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "dc49c1f94e3469d94b952e8f5160dd4ccd791d79", "tree": "e47b1974c262a03dbabf0a148325d9089817e78e", "parents": [ "2b7e24b66d31d677d76b49918e711eb360c978b6" ], "author": { "name": "Catherine Zhang", "email": "cxzhang@watson.ibm.com", "time": "Wed Aug 02 14:12:06 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Aug 02 14:12:06 2006 -0700" }, "message": "[AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch\n\nFrom: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\n\nThis patch implements a cleaner fix for the memory leak problem of the\noriginal unix datagram getpeersec patch. Instead of creating a\nsecurity context each time a unix datagram is sent, we only create the\nsecurity context when the receiver requests it.\n\nThis new design requires modification of the current\nunix_getsecpeer_dgram LSM hook and addition of two new hooks, namely,\nsecid_to_secctx and release_secctx. The former retrieves the security\ncontext and the latter releases it. A hook is required for releasing\nthe security context because it is up to the security module to decide\nhow that\u0027s done. In the case of Selinux, it\u0027s a simple kfree\noperation.\n\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b04ea3cebf79d6808632808072f276dbc98aaf01", "tree": "7620a01477510d9e4ae042baab17bce103b59185", "parents": [ "517e7aa5b022f9dc486639c7689666663daee24f" ], "author": { "name": "Eric Paris", "email": "eparis@parisplace.org", "time": "Fri Jul 14 00:24:33 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jul 14 21:53:55 2006 -0700" }, "message": "[PATCH] Fix security check for joint context\u003d and fscontext\u003d mount options\n\nAfter some discussion on the actual meaning of the filesystem class\nsecurity check in try context mount it was determined that the checks for\nthe context\u003d mount options were not correct if fscontext mount option had\nalready been used.\n\nWhen labeling the superblock we should be checking relabel_from and\nrelabel_to. But if the superblock has already been labeled (with\nfscontext) then context\u003d is actually labeling the inodes, and so we should\nbe checking relabel_from and associate. This patch fixes which checks are\ncalled depending on the mount options.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "0808925ea5684a0ce25483b30e94d4f398804978", "tree": "62456726442d656d21bc4fa6b1339f0236f0a6e8", "parents": [ "c312feb2931ded0582378712727b7ea017a951bd" ], "author": { "name": "Eric Paris", "email": "eparis@parisplace.org", "time": "Mon Jul 10 04:43:55 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jul 10 13:24:13 2006 -0700" }, "message": "[PATCH] SELinux: add rootcontext\u003d option to label root inode when mounting\n\nIntroduce a new rootcontext\u003d option to FS mounting. This option will allow\nyou to explicitly label the root inode of an FS being mounted before that\nFS or inode because visible to userspace. This was found to be useful for\nthings like stateless linux, see\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id\u003d190001\n\nSigned-off-by: Eric Paris \u003ceparis@parisplace.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "c312feb2931ded0582378712727b7ea017a951bd", "tree": "dd985aa4dd0b759690af9557a5170dabf589d87f", "parents": [ "2ed6e34f88a0d896a6f889b00693cae0fadacfd0" ], "author": { "name": "Eric Paris", "email": "eparis@parisplace.org", "time": "Mon Jul 10 04:43:53 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jul 10 13:24:13 2006 -0700" }, "message": "[PATCH] SELinux: decouple fscontext/context mount options\n\nRemove the conflict between fscontext and context mount options. If\ncontext\u003d is specified without fscontext it will operate just as before, if\nboth are specified we will use mount point labeling and all inodes will get\nthe label specified by context\u003d. The superblock will be labeled with the\nlabel of fscontext\u003d, thus affecting operations which check the superblock\nsecurity context, such as associate permissions.\n\nSigned-off-by: Eric Paris \u003ceparis@parisplace.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "22a3e233ca08a2ddc949ba1ae8f6e16ec7ef1a13", "tree": "7ef158ba2c30e0dde2dc103d1904fae243759a6b", "parents": [ "39302175c26d74be35715c05a0f342c9e64c21bf", "6ab3d5624e172c553004ecc862bfeac16d9d68b7" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jun 30 15:39:30 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jun 30 15:39:30 2006 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial:\n Remove obsolete #include \u003clinux/config.h\u003e\n remove obsolete swsusp_encrypt\n arch/arm26/Kconfig typos\n Documentation/IPMI typos\n Kconfig: Typos in net/sched/Kconfig\n v9fs: do not include linux/version.h\n Documentation/DocBook/mtdnand.tmpl: typo fixes\n typo fixes: specfic -\u003e specific\n typo fixes in Documentation/networking/pktgen.txt\n typo fixes: occuring -\u003e occurring\n typo fixes: infomation -\u003e information\n typo fixes: disadvantadge -\u003e disadvantage\n typo fixes: aquire -\u003e acquire\n typo fixes: mecanism -\u003e mechanism\n typo fixes: bandwith -\u003e bandwidth\n fix a typo in the RTC_CLASS help text\n smb is no longer maintained\n\nManually merged trivial conflict in arch/um/kernel/vmlinux.lds.S\n" }, { "commit": "a1836a42daf5ddfe9a891973734bd9a7d62eb504", "tree": "e8819aec40aff3fa0eecd2ef9d92df8213bce58b", "parents": [ "7a01955f99b65622a00ba5c8b39202ddc6fa65f8" ], "author": { "name": "David Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Fri Jun 30 01:55:49 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jun 30 11:25:37 2006 -0700" }, "message": "[PATCH] SELinux: Add security hook definition for getioprio and insert hooks\n\nAdd a new security hook definition for the sys_ioprio_get operation. At\npresent, the SELinux hook function implementation for this hook is\nidentical to the getscheduler implementation but a separate hook is\nintroduced to allow this check to be specialized in the future if\nnecessary.\n\nThis patch also creates a helper function get_task_ioprio which handles the\naccess check in addition to retrieving the ioprio value for the task.\n\nSigned-off-by: David Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Jens Axboe \u003caxboe@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "f9008e4c5c525941967b67777945aa6266ab6326", "tree": "a0c9436485b80d548ef74d5f1aec0f6d0309af6e", "parents": [ "ed11d9eb2228acc483c819ab353e3c41bcb158fa" ], "author": { "name": "David Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Fri Jun 30 01:55:46 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jun 30 11:25:36 2006 -0700" }, "message": "[PATCH] SELinux: extend task_kill hook to handle signals sent by AIO completion\n\nThis patch extends the security_task_kill hook to handle signals sent by AIO\ncompletion. In this case, the secid of the task responsible for the signal\nneeds to be obtained and saved earlier, so a security_task_getsecid() hook is\nadded, and then this saved value is passed subsequently to the extended\ntask_kill hook for use in checking.\n\nSigned-off-by: David Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6ab3d5624e172c553004ecc862bfeac16d9d68b7", "tree": "6d98881fe91fd9583c109208d5c27131b93fa248", "parents": [ "e02169b682bc448ccdc819dc8639ed34a23cedd8" ], "author": { "name": "Jörn Engel", "email": "joern@wohnheim.fh-wedel.de", "time": "Fri Jun 30 19:25:36 2006 +0200" }, "committer": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Fri Jun 30 19:25:36 2006 +0200" }, "message": "Remove obsolete #include \u003clinux/config.h\u003e\n\nSigned-off-by: Jörn Engel \u003cjoern@wohnheim.fh-wedel.de\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\n" }, { "commit": "877ce7c1b3afd69a9b1caeb1b9964c992641f52a", "tree": "740c6c0d4a2858af53c09c4635cadf06833536c1", "parents": [ "d6b4991ad5d1a9840e12db507be1a6593def01fe" ], "author": { "name": "Catherine Zhang", "email": "cxzhang@watson.ibm.com", "time": "Thu Jun 29 12:27:47 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Thu Jun 29 16:58:06 2006 -0700" }, "message": "[AF_UNIX]: Datagram getpeersec\n\nThis patch implements an API whereby an application can determine the\nlabel of its peer\u0027s Unix datagram sockets via the auxiliary data mechanism of\nrecvmsg.\n\nPatch purpose:\n\nThis patch enables a security-aware application to retrieve the\nsecurity context of the peer of a Unix datagram socket. The application\ncan then use this security context to determine the security context for\nprocessing on behalf of the peer who sent the packet.\n\nPatch design and implementation:\n\nThe design and implementation is very similar to the UDP case for INET\nsockets. Basically we build upon the existing Unix domain socket API for\nretrieving user credentials. Linux offers the API for obtaining user\ncredentials via ancillary messages (i.e., out of band/control messages\nthat are bundled together with a normal message). To retrieve the security\ncontext, the application first indicates to the kernel such desire by\nsetting the SO_PASSSEC option via getsockopt. Then the application\nretrieves the security context using the auxiliary data mechanism.\n\nAn example server application for Unix datagram socket should look like this:\n\ntoggle \u003d 1;\ntoggle_len \u003d sizeof(toggle);\n\nsetsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, \u0026toggle, \u0026toggle_len);\nrecvmsg(sockfd, \u0026msg_hdr, 0);\nif (msg_hdr.msg_controllen \u003e sizeof(struct cmsghdr)) {\n cmsg_hdr \u003d CMSG_FIRSTHDR(\u0026msg_hdr);\n if (cmsg_hdr-\u003ecmsg_len \u003c\u003d CMSG_LEN(sizeof(scontext)) \u0026\u0026\n cmsg_hdr-\u003ecmsg_level \u003d\u003d SOL_SOCKET \u0026\u0026\n cmsg_hdr-\u003ecmsg_type \u003d\u003d SCM_SECURITY) {\n memcpy(\u0026scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));\n }\n}\n\nsock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow\na server socket to receive security context of the peer.\n\nTesting:\n\nWe have tested the patch by setting up Unix datagram client and server\napplications. We verified that the server can retrieve the security context\nusing the auxiliary data mechanism of recvmsg.\n\nSigned-off-by: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\nAcked-by: Acked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c7bdb545d23026b18be53289fd866d1ac07f5f8c", "tree": "6d9a218871d88f7579dd53f14692df2529b6e712", "parents": [ "576a30eb6453439b3c37ba24455ac7090c247b5a" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@trustedcs.com", "time": "Tue Jun 27 13:26:11 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Thu Jun 29 16:57:55 2006 -0700" }, "message": "[NETLINK]: Encapsulate eff_cap usage within security framework.\n\nThis patch encapsulates the usage of eff_cap (in netlink_skb_params) within\nthe security framework by extending security_netlink_recv to include a required\ncapability parameter and converting all direct usage of eff_caps outside\nof the lsm modules to use the interface. It also updates the SELinux\nimplementation of the security_netlink_send and security_netlink_recv\nhooks to take advantage of the sid in the netlink_skb_params struct.\nThis also enables SELinux to perform auditing of netlink capability checks.\nPlease apply, for 2.6.18 if possible.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "28eba5bf9d4bf3ba4d58d985abf3a2903b7f2125", "tree": "e825fc3fb6bdd81ae0aa146572406eb69bc5404b", "parents": [ "76b67ed9dce69a6a329cdd66f94af1787f417b62" ], "author": { "name": "Michael LeMay", "email": "mdlemay@epoch.ncsc.mil", "time": "Tue Jun 27 02:53:42 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jun 27 17:32:37 2006 -0700" }, "message": "[PATCH] selinux: inherit /proc/self/attr/keycreate across fork\n\nUpdate SELinux to cause the keycreate process attribute held in\n/proc/self/attr/keycreate to be inherited across a fork and reset upon\nexecve. This is consistent with the handling of the other process\nattributes provided by SELinux and also makes it simpler to adapt logon\nprograms to properly handle the keycreate attribute.\n\nSigned-off-by: Michael LeMay \u003cmdlemay@epoch.ncsc.mil\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "42c3e03ef6b298813557cdb997bd6db619cd65a2", "tree": "c2fba776ccf7015d45651ff7d2aee89f06da6f42", "parents": [ "c1df7fb88a011b39ea722ac00975c5b8a803261b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jun 26 00:26:03 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jun 26 09:58:26 2006 -0700" }, "message": "[PATCH] SELinux: Add sockcreate node to procattr API\n\nBelow is a patch to add a new /proc/self/attr/sockcreate A process may write a\ncontext into this interface and all subsequent sockets created will be labeled\nwith that context. This is the same idea as the fscreate interface where a\nprocess can specify the label of a file about to be created. At this time one\nenvisioned user of this will be xinetd. It will be able to better label\nsockets for the actual services. At this time all sockets take the label of\nthe creating process, so all xinitd sockets would just be labeled the same.\n\nI tested this by creating a tcp sender and listener. The sender was able to\nwrite to this new proc file and then create sockets with the specified label.\nI am able to be sure the new label was used since the avc denial messages\nkicked out by the kernel included both the new security permission\nsetsockcreate and all the socket denials were for the new label, not the label\nof the running process.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "4eb582cf1fbd7b9e5f466e3718a59c957e75254e", "tree": "4387e460a50efa8d46a54526d0cf0959c0e3b428", "parents": [ "06ec7be557a1259611d6093a00463c42650dc71a" ], "author": { "name": "Michael LeMay", "email": "mdlemay@epoch.ncsc.mil", "time": "Mon Jun 26 00:24:57 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jun 26 09:58:18 2006 -0700" }, "message": "[PATCH] keys: add a way to store the appropriate context for newly-created keys\n\nAdd a /proc/\u003cpid\u003e/attr/keycreate entry that stores the appropriate context for\nnewly-created keys. Modify the selinux_key_alloc hook to make use of the new\nentry. Update the flask headers to include a new \"setkeycreate\" permission\nfor processes. Update the flask headers to include a new \"create\" permission\nfor keys. Use the create permission to restrict which SIDs each task can\nassign to newly-created keys. Add a new parameter to the security hook\n\"security_key_alloc\" to indicate whether it is being invoked by the kernel, or\nfrom userspace. If it is being invoked by the kernel, the security hook\nshould never fail. Update the documentation to reflect these changes.\n\nSigned-off-by: Michael LeMay \u003cmdlemay@epoch.ncsc.mil\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "7e047ef5fe2d52e83020e856b1bf2556a6a2ce98", "tree": "97656e2c56a27be9d1da451dde627b693b8643f2", "parents": [ "f116629d03655adaf7832b93b03c99391d09d4a7" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Jun 26 00:24:50 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jun 26 09:58:18 2006 -0700" }, "message": "[PATCH] keys: sort out key quota system\n\nAdd the ability for key creation to overrun the user\u0027s quota in some\ncircumstances - notably when a session keyring is created and assigned to a\nprocess that didn\u0027t previously have one.\n\nThis means it\u0027s still possible to log in, should PAM require the creation of a\nnew session keyring, and fix an overburdened key quota.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "35601547baf92d984b6e59cf3583649da04baea5", "tree": "a392501e6e004ed33789dbf3f7a9fe43295439e1", "parents": [ "22fb52dd736a62e24c44c50739007496265dc38c" ], "author": { "name": "David Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Fri Jun 23 02:04:01 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jun 23 07:42:54 2006 -0700" }, "message": "[PATCH] SELinux: add task_movememory hook\n\nThis patch adds new security hook, task_movememory, to be called when memory\nowened by a task is to be moved (e.g. when migrating pages to a this hook is\nidentical to the setscheduler implementation, but a separate hook introduced\nto allow this check to be specialized in the future if necessary.\n\nSince the last posting, the hook has been renamed following feedback from\nChristoph Lameter.\n\nSigned-off-by: David Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Christoph Lameter \u003cclameter@sgi.com\u003e\nCc: Andi Kleen \u003cak@muc.de\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "03e68060636e05989ea94bcb671ab633948f328c", "tree": "aee5e7b55f31998536dd3a4f54f38caeee6105d6", "parents": [ "9216dfad4fc97ab639ef0885efc713f3d7a20d5b" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 23 02:03:58 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jun 23 07:42:53 2006 -0700" }, "message": "[PATCH] lsm: add task_setioprio hook\n\nImplement an LSM hook for setting a task\u0027s IO priority, similar to the hook\nfor setting a tasks\u0027s nice value.\n\nA previous version of this LSM hook was included in an older version of\nmultiadm by Jan Engelhardt, although I don\u0027t recall it being submitted\nupstream.\n\nAlso included is the corresponding SELinux hook, which re-uses the setsched\npermission in the proccess class.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Jan Engelhardt \u003cjengelh@linux01.gwdg.de\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Jens Axboe \u003caxboe@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "726c334223180e3c0197cc980a432681370d4baf", "tree": "8327b354bb3dc959a6606051ae6f8d4d035e38a2", "parents": [ "454e2398be9b9fa30433fccc548db34d19aa9958" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Jun 23 02:02:58 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jun 23 07:42:45 2006 -0700" }, "message": "[PATCH] VFS: Permit filesystem to perform statfs with a known root dentry\n\nGive the statfs superblock operation a dentry pointer rather than a superblock\npointer.\n\nThis complements the get_sb() patch. That reduced the significance of\nsb-\u003es_root, allowing NFS to place a fake root there. However, NFS does\nrequire a dentry to use as a target for the statfs operation. This permits\nthe root in the vfsmount to be used instead.\n\nlinux/mount.h has been added where necessary to make allyesconfig build\nsuccessfully.\n\nInterest has also been expressed for use with the FUSE and XFS filesystems.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Nathan Scott \u003cnathans@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "d720024e94de4e8b7f10ee83c532926f3ad5d708", "tree": "8f21613c29a26bfbeb334cb0104b8b998b09fbdc", "parents": [ "f893afbe1262e27e91234506f72e17716190dd2f" ], "author": { "name": "Michael LeMay", "email": "mdlemay@epoch.ncsc.mil", "time": "Thu Jun 22 14:47:17 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Thu Jun 22 15:05:55 2006 -0700" }, "message": "[PATCH] selinux: add hooks for key subsystem\n\nIntroduce SELinux hooks to support the access key retention subsystem\nwithin the kernel. Incorporate new flask headers from a modified version\nof the SELinux reference policy, with support for the new security class\nrepresenting retained keys. Extend the \"key_alloc\" security hook with a\ntask parameter representing the intended ownership context for the key\nbeing allocated. Attach security information to root\u0027s default keyrings\nwithin the SELinux initialization routine.\n\nHas passed David\u0027s testsuite.\n\nSigned-off-by: Michael LeMay \u003cmdlemay@epoch.ncsc.mil\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "4e5ab4cb85683cf77b507ba0c4d48871e1562305", "tree": "aef7ba8b6050fcaccbaf0d05f8e5ba860a143eaf", "parents": [ "100468e9c05c10fb6872751c1af523b996d6afa9" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 09 00:33:33 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Jun 17 21:30:05 2006 -0700" }, "message": "[SECMARK]: Add new packet controls to SELinux\n\nAdd new per-packet access controls to SELinux, replacing the old\npacket controls.\n\nPackets are labeled with the iptables SECMARK and CONNSECMARK targets,\nthen security policy for the packets is enforced with these controls.\n\nTo allow for a smooth transition to the new controls, the old code is\nstill present, but not active by default. To restore previous\nbehavior, the old controls may be activated at runtime by writing a\n\u00271\u0027 to /selinux/compat_net, and also via the kernel boot parameter\nselinux_compat_net. Switching between the network control models\nrequires the security load_policy permission. The old controls will\nprobably eventually be removed and any continued use is discouraged.\n\nWith this patch, the new secmark controls for SElinux are disabled by\ndefault, so existing behavior is entirely preserved, and the user is\nnot affected at all.\n\nIt also provides a config option to enable the secmark controls by\ndefault (which can always be overridden at boot and runtime). It is\nalso noted in the kconfig help that the user will need updated\nuserspace if enabling secmark controls for SELinux and that they\u0027ll\nprobably need the SECMARK and CONNMARK targets, and conntrack protocol\nhelpers, although such decisions are beyond the scope of kernel\nconfiguration.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3e3ff15e6d8ba931fa9a6c7f9fe711edc77e96e5", "tree": "e3b3edcf5092e9533539f6e8abdda83eee2cb96d", "parents": [ "6f68dc37759b1d6ff3b4d4a9d097605a09f8f043" ], "author": { "name": "Christopher J. PeBenito", "email": "cpebenito@tresys.com", "time": "Fri Jun 09 00:25:03 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Jun 17 21:29:51 2006 -0700" }, "message": "[SELINUX]: add security class for appletalk sockets\n\nAdd a security class for appletalk sockets so that they can be\ndistinguished in SELinux policy. Please apply.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c8c05a8eec6f1258f6d5cb71a44ee5dc1e989b63", "tree": "b4a04dd9e2b940cb5b2911fb67fbe49c5f8b3fbf", "parents": [ "cec6f7f39c3db7d9f6091bf2f8fc8d520f372719" ], "author": { "name": "Catherine Zhang", "email": "cxzhang@watson.ibm.com", "time": "Thu Jun 08 23:39:49 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Jun 17 21:29:45 2006 -0700" }, "message": "[LSM-IPsec]: SELinux Authorize\n\nThis patch contains a fix for the previous patch that adds security\ncontexts to IPsec policies and security associations. In the previous\npatch, no authorization (besides the check for write permissions to\nSAD and SPD) is required to delete IPsec policies and security\nassocations with security contexts. Thus a user authorized to change\nSAD and SPD can bypass the IPsec policy authorization by simply\ndeleteing policies with security contexts. To fix this security hole,\nan additional authorization check is added for removing security\npolicies and security associations with security contexts.\n\nNote that if no security context is supplied on add or present on\npolicy to be deleted, the SELinux module allows the change\nunconditionally. The hook is called on deletion when no context is\npresent, which we may want to change. At present, I left it up to the\nmodule.\n\nLSM changes:\n\nThe patch adds two new LSM hooks: xfrm_policy_delete and\nxfrm_state_delete. The new hooks are necessary to authorize deletion\nof IPsec policies that have security contexts. The existing hooks\nxfrm_policy_free and xfrm_state_free lack the context to do the\nauthorization, so I decided to split authorization of deletion and\nmemory management of security data, as is typical in the LSM\ninterface.\n\nUse:\n\nThe new delete hooks are checked when xfrm_policy or xfrm_state are\ndeleted by either the xfrm_user interface (xfrm_get_policy,\nxfrm_del_sa) or the pfkey interface (pfkey_spddelete, pfkey_delete).\n\nSELinux changes:\n\nThe new policy_delete and state_delete functions are added.\n\nSigned-off-by: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\nSigned-off-by: Trent Jaeger \u003ctjaeger@cse.psu.edu\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ba0c19ed6a61a96d4b42b81cb19d4bc81b5f728c", "tree": "5e6d1774265140f1f4eddab043c90920414abe59", "parents": [ "93ff66bf1ef29881dffd6fdc344555dab03cdb42" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sun Jun 04 02:51:30 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jun 05 12:29:16 2006 -0700" }, "message": "[PATCH] selinux: fix sb_lock/sb_security_lock nesting\n\nFrom: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n\nFix unsafe nesting of sb_lock inside sb_security_lock in\nselinux_complete_init. Detected by the kernel locking validator.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "d4e9dc63dca91cd89086b5a686d7f7635c8319e5", "tree": "c6ec1b8801d8e526e0d7373b7cd91e46f20a4299", "parents": [ "df88912a2165f56a7402db80126cf8ea075221fe" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Sat May 20 15:00:02 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun May 21 12:59:17 2006 -0700" }, "message": "[PATCH] selinux: endian fix\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "30d55280b867aa0cae99f836ad0181bb0bf8f9cb", "tree": "8df537addd3709f36f24dbd654662568b79ca943", "parents": [ "e17df688f7064dae1417ce425dd1e4b71d24d63b" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed May 03 10:52:36 2006 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed May 03 10:08:11 2006 -0700" }, "message": "[PATCH] selinux: Clear selinux_enabled flag upon runtime disable.\n\nClear selinux_enabled flag upon runtime disable of SELinux by userspace,\nand make sure it is defined even if selinux\u003d boot parameter support is\nnot enabled in configuration.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nTested-by: Jon Smirl \u003cjonsmirl@gmail.com\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9c7aa6aa74fa8a5cda36e54cbbe4fffe0214497d", "tree": "1e1489ed5080ea4aff6206bfa904f549de8e56ca", "parents": [ "1b50eed9cac0e8e5e4d3a522d8aa267f7f8f8acb" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Fri Mar 31 15:22:49 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:09:56 2006 -0400" }, "message": "[PATCH] change lspp ipc auditing\n\nHi,\n\nThe patch below converts IPC auditing to collect sid\u0027s and convert to context\nstring only if it needs to output an audit record. This patch depends on the\ninode audit change patch already being applied.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1b9a3917366028cc451a98dd22e3bcd537d4e5c1", "tree": "d911058720e0a9aeeaf9f407ccdc6fbf4047f47d", "parents": [ "3661f00e2097676847deb01add1a0918044bd816", "71e1c784b24a026a490b3de01541fc5ee14ebc09" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 09:24:53 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 09:24:53 2006 -0800" }, "message": "Merge branch \u0027audit.b3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current\n\n* \u0027audit.b3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits)\n [PATCH] fix audit_init failure path\n [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format\n [PATCH] sem2mutex: audit_netlink_sem\n [PATCH] simplify audit_free() locking\n [PATCH] Fix audit operators\n [PATCH] promiscuous mode\n [PATCH] Add tty to syscall audit records\n [PATCH] add/remove rule update\n [PATCH] audit string fields interface + consumer\n [PATCH] SE Linux audit events\n [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c\n [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL\n [PATCH] Fix IA64 success/failure indication in syscall auditing.\n [PATCH] Miscellaneous bug and warning fixes\n [PATCH] Capture selinux subject/object context information.\n [PATCH] Exclude messages by message type\n [PATCH] Collect more inode information during syscall processing.\n [PATCH] Pass dentry, not just name, in fsnotify creation hooks.\n [PATCH] Define new range of userspace messages.\n [PATCH] Filter rule comparators\n ...\n\nFixed trivial conflict in security/selinux/hooks.c\n" }, { "commit": "7cae7e26f245151b9ccad868bf2edf8c8048d307", "tree": "db785f2a471c5b97db2551402e067b9559a8989d", "parents": [ "cf01efd098597f7ee88a61e645afacba987c4531" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 22 00:09:22 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:07 2006 -0800" }, "message": "[PATCH] SELinux: add slab cache for inode security struct\n\nAdd a slab cache for the SELinux inode security struct, one of which is\nallocated for every inode instantiated by the system.\n\nThe memory savings are considerable.\n\nOn 64-bit, instead of the size-128 cache, we have a slab object of 96\nbytes, saving 32 bytes per object. After booting, I see about 4000 of\nthese and then about 17,000 after a kernel compile. With this patch, we\nsave around 530KB of kernel memory in the latter case. On 32-bit, the\nsavings are about half of this.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "cf01efd098597f7ee88a61e645afacba987c4531", "tree": "8602df509dc2a2b067063f40084c83a4f698fb15", "parents": [ "edb20fb5be2ff6943920aca4ccab0f4fdacddb9c" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 22 00:09:21 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:07 2006 -0800" }, "message": "[PATCH] SELinux: cleanup stray variable in selinux_inode_init_security()\n\nRemove an unneded pointer variable in selinux_inode_init_security().\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "8aad38752e81d1d4de67e3d8e2524618ce7c9276", "tree": "5813d3f31133313a5bcd77cb3298f7cb26b814ed", "parents": [ "b20a35035f983f4ac7e29c4a68f30e43510007e0" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Mar 22 00:09:13 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:06 2006 -0800" }, "message": "[PATCH] selinux: Disable automatic labeling of new inodes when no policy is loaded\n\nThis patch disables the automatic labeling of new inodes on disk\nwhen no policy is loaded.\n\nDiscussion is here:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id\u003d180296\n\nIn short, we\u0027re changing the behavior so that when no policy is loaded,\nSELinux does not label files at all. Currently it does add an \u0027unlabeled\u0027\nlabel in this case, which we\u0027ve found causes problems later.\n\nSELinux always maintains a safe internal label if there is none, so with this\npatch, we just stick with that and wait until a policy is loaded before adding\na persistent label on disk.\n\nThe effect is simply that if you boot with SELinux enabled but no policy\nloaded and create a file in that state, SELinux won\u0027t try to set a security\nextended attribute on the new inode on the disk. This is the only sane\nbehavior for SELinux in that state, as it cannot determine the right label to\nassign in the absence of a policy. That state usually doesn\u0027t occur, but the\nrawhide installer seemed to be misbehaving temporarily so it happened to show\nup on a test install.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "2c7946a7bf45ae86736ab3b43d0085e43947945c", "tree": "b956f301033ebaefe8d2701b257edfd947f537f3", "parents": [ "be33690d8fcf40377f16193c463681170eb6b295" ], "author": { "name": "Catherine Zhang", "email": "cxzhang@watson.ibm.com", "time": "Mon Mar 20 22:41:23 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 22:41:23 2006 -0800" }, "message": "[SECURITY]: TCP/UDP getpeersec\n\nThis patch implements an application of the LSM-IPSec networking\ncontrols whereby an application can determine the label of the\nsecurity association its TCP or UDP sockets are currently connected to\nvia getsockopt and the auxiliary data mechanism of recvmsg.\n\nPatch purpose:\n\nThis patch enables a security-aware application to retrieve the\nsecurity context of an IPSec security association a particular TCP or\nUDP socket is using. The application can then use this security\ncontext to determine the security context for processing on behalf of\nthe peer at the other end of this connection. In the case of UDP, the\nsecurity context is for each individual packet. An example\napplication is the inetd daemon, which could be modified to start\ndaemons running at security contexts dependent on the remote client.\n\nPatch design approach:\n\n- Design for TCP\nThe patch enables the SELinux LSM to set the peer security context for\na socket based on the security context of the IPSec security\nassociation. The application may retrieve this context using\ngetsockopt. When called, the kernel determines if the socket is a\nconnected (TCP_ESTABLISHED) TCP socket and, if so, uses the dst_entry\ncache on the socket to retrieve the security associations. If a\nsecurity association has a security context, the context string is\nreturned, as for UNIX domain sockets.\n\n- Design for UDP\nUnlike TCP, UDP is connectionless. This requires a somewhat different\nAPI to retrieve the peer security context. With TCP, the peer\nsecurity context stays the same throughout the connection, thus it can\nbe retrieved at any time between when the connection is established\nand when it is torn down. With UDP, each read/write can have\ndifferent peer and thus the security context might change every time.\nAs a result the security context retrieval must be done TOGETHER with\nthe packet retrieval.\n\nThe solution is to build upon the existing Unix domain socket API for\nretrieving user credentials. Linux offers the API for obtaining user\ncredentials via ancillary messages (i.e., out of band/control messages\nthat are bundled together with a normal message).\n\nPatch implementation details:\n\n- Implementation for TCP\nThe security context can be retrieved by applications using getsockopt\nwith the existing SO_PEERSEC flag. As an example (ignoring error\nchecking):\n\ngetsockopt(sockfd, SOL_SOCKET, SO_PEERSEC, optbuf, \u0026optlen);\nprintf(\"Socket peer context is: %s\\n\", optbuf);\n\nThe SELinux function, selinux_socket_getpeersec, is extended to check\nfor labeled security associations for connected (TCP_ESTABLISHED \u003d\u003d\nsk-\u003esk_state) TCP sockets only. If so, the socket has a dst_cache of\nstruct dst_entry values that may refer to security associations. If\nthese have security associations with security contexts, the security\ncontext is returned.\n\ngetsockopt returns a buffer that contains a security context string or\nthe buffer is unmodified.\n\n- Implementation for UDP\nTo retrieve the security context, the application first indicates to\nthe kernel such desire by setting the IP_PASSSEC option via\ngetsockopt. Then the application retrieves the security context using\nthe auxiliary data mechanism.\n\nAn example server application for UDP should look like this:\n\ntoggle \u003d 1;\ntoggle_len \u003d sizeof(toggle);\n\nsetsockopt(sockfd, SOL_IP, IP_PASSSEC, \u0026toggle, \u0026toggle_len);\nrecvmsg(sockfd, \u0026msg_hdr, 0);\nif (msg_hdr.msg_controllen \u003e sizeof(struct cmsghdr)) {\n cmsg_hdr \u003d CMSG_FIRSTHDR(\u0026msg_hdr);\n if (cmsg_hdr-\u003ecmsg_len \u003c\u003d CMSG_LEN(sizeof(scontext)) \u0026\u0026\n cmsg_hdr-\u003ecmsg_level \u003d\u003d SOL_IP \u0026\u0026\n cmsg_hdr-\u003ecmsg_type \u003d\u003d SCM_SECURITY) {\n memcpy(\u0026scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));\n }\n}\n\nip_setsockopt is enhanced with a new socket option IP_PASSSEC to allow\na server socket to receive security context of the peer. A new\nancillary message type SCM_SECURITY.\n\nWhen the packet is received we get the security context from the\nsec_path pointer which is contained in the sk_buff, and copy it to the\nancillary message space. An additional LSM hook,\nselinux_socket_getpeersec_udp, is defined to retrieve the security\ncontext from the SELinux space. The existing function,\nselinux_socket_getpeersec does not suit our purpose, because the\nsecurity context is copied directly to user space, rather than to\nkernel space.\n\nTesting:\n\nWe have tested the patch by setting up TCP and UDP connections between\napplications on two machines using the IPSec policies that result in\nlabeled security associations being built. For TCP, we can then\nextract the peer security context using getsockopt on either end. For\nUDP, the receiving end can retrieve the security context using the\nauxiliary data mechanism of recvmsg.\n\nSigned-off-by: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7306a0b9b3e2056a616c84841288ca2431a05627", "tree": "d3f61ef43c7079790d6b8ef9bf307689a7d9ea16", "parents": [ "8c8570fb8feef2bc166bee75a85748b25cda22d9" ], "author": { "name": "Dustin Kirkland", "email": "dustin.kirkland@us.ibm.com", "time": "Wed Nov 16 15:53:13 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Miscellaneous bug and warning fixes\n\nThis patch fixes a couple of bugs revealed in new features recently\nadded to -mm1:\n* fixes warnings due to inconsistent use of const struct inode *inode\n* fixes bug that prevent a kernel from booting with audit on, and SELinux off\n due to a missing function in security/dummy.c\n* fixes a bug that throws spurious audit_panic() messages due to a missing\n return just before an error_path label\n* some reasonable house cleaning in audit_ipc_context(),\n audit_inode_context(), and audit_log_task_context()\n\nSigned-off-by: Dustin Kirkland \u003cdustin.kirkland@us.ibm.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "8c8570fb8feef2bc166bee75a85748b25cda22d9", "tree": "ed783d405ea9d5f3d3ccc57fb56c7b7cb2cdfb82", "parents": [ "c8edc80c8b8c397c53f4f659a05b9ea6208029bf" ], "author": { "name": "Dustin Kirkland", "email": "dustin.kirkland@us.ibm.com", "time": "Thu Nov 03 17:15:16 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Capture selinux subject/object context information.\n\nThis patch extends existing audit records with subject/object context\ninformation. Audit records associated with filesystem inodes, ipc, and\ntasks now contain SELinux label information in the field \"subj\" if the\nitem is performing the action, or in \"obj\" if the item is the receiver\nof an action.\n\nThese labels are collected via hooks in SELinux and appended to the\nappropriate record in the audit code.\n\nThis additional information is required for Common Criteria Labeled\nSecurity Protection Profile (LSPP).\n\n[AV: fixed kmalloc flags use]\n[folded leak fixes]\n[folded cleanup from akpm (kfree(NULL)]\n[folded audit_inode_context() leak fix]\n[folded akpm\u0027s fix for audit_ipc_perm() definition in case of !CONFIG_AUDIT]\n\nSigned-off-by: Dustin Kirkland \u003cdustin.kirkland@us.ibm.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "341c2d806b71cc3596afeb2d9bd26cd718e75202", "tree": "851a5b5cab5b836c8021bdac89a9a257887ede69", "parents": [ "4136cabff33d6d73b8daf2f2612670cc0296f844" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sat Mar 11 03:27:16 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 11 09:19:34 2006 -0800" }, "message": "[PATCH] selinux: tracer SID fix\n\nFix SELinux to not reset the tracer SID when the child is already being\ntraced, since selinux_ptrace is also called by proc for access checking\noutside of the context of a ptrace attach.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "c2b507fda390b8ae90deba9b8cdc3fe727482193", "tree": "6c839e9682fd1610dc6a9fb7cca9df2899ff05ca", "parents": [ "5c0d5d262aa4c5e93f9f5de298cf25d6d8b558c4" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sat Feb 04 23:27:50 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Feb 05 11:06:52 2006 -0800" }, "message": "[PATCH] selinux: require SECURITY_NETWORK\n\nMake SELinux depend on SECURITY_NETWORK (which depends on SECURITY), as it\nrequires the socket hooks for proper operation even in the local case.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9ac49d22138348198f729f07371ffb11991368e6", "tree": "4fb692731e6e72d0dc50add294128f6e5083d205", "parents": [ "26d2a4be6a56eec575dac651f6606756a971f0fb" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Feb 01 03:05:56 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Feb 01 08:53:19 2006 -0800" }, "message": "[PATCH] selinux: remove security struct magic number fields and tests\n\nRemove the SELinux security structure magic number fields and tests, along\nwith some unnecessary tests for NULL security pointers. These fields and\ntests are leftovers from the early attempts to support SELinux as a\nloadable module during LSM development.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "26d2a4be6a56eec575dac651f6606756a971f0fb", "tree": "3f27383674706bd535bc67c703827db8ecd5a1dc", "parents": [ "db4c9641def55d36a6f9df79deb8a949292313ca" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Feb 01 03:05:55 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Feb 01 08:53:18 2006 -0800" }, "message": "[PATCH] selinux: change file_alloc_security to use GFP_KERNEL\n\nThis patch changes the SELinux file_alloc_security function to use\nGFP_KERNEL rather than GFP_ATOMIC; the use of GFP_ATOMIC appears to be a\nremnant of when this function was being called with the files_lock spinlock\nheld, and is no longer necessary. Please apply.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "db4c9641def55d36a6f9df79deb8a949292313ca", "tree": "f3b786a346f0c987d796784e1e08154338263ad3", "parents": [ "ee13d785eac1fbe7e79ecca77bf7e902734a0b30" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Feb 01 03:05:54 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Feb 01 08:53:18 2006 -0800" }, "message": "[PATCH] selinux: fix and cleanup mprotect checks\n\nFix the SELinux mprotect checks on executable mappings so that they are not\nre-applied when the mapping is already executable as well as cleaning up\nthe code. This avoids a situation where e.g. an application is prevented\nfrom removing PROT_WRITE on an already executable mapping previously\nauthorized via execmem permission due to an execmod denial.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "858119e159384308a5dde67776691a2ebf70df0f", "tree": "f360768f999d51edc0863917ce0bf79e88c0ec4c", "parents": [ "b0a9499c3dd50d333e2aedb7e894873c58da3785" ], "author": { "name": "Arjan van de Ven", "email": "arjan@infradead.org", "time": "Sat Jan 14 13:20:43 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Jan 14 18:27:06 2006 -0800" }, "message": "[PATCH] Unlinline a bunch of other functions\n\nRemove the \"inline\" keyword from a bunch of big functions in the kernel with\nthe goal of shrinking it by 30kb to 40kb\n\nSigned-off-by: Arjan van de Ven \u003carjan@infradead.org\u003e\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nAcked-by: Jeff Garzik \u003cjgarzik@pobox.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "095975da26dba21698582e91e96be10f7417333f", "tree": "ce1ffac556d394ef56a18faa97d38f79b07f31e2", "parents": [ "a57004e1afb6ee03c509f1b1ec74a000682ab93b" ], "author": { "name": "Nick Piggin", "email": "nickpiggin@yahoo.com.au", "time": "Sun Jan 08 01:02:19 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Jan 08 20:13:48 2006 -0800" }, "message": "[PATCH] rcu file: use atomic primitives\n\nUse atomic_inc_not_zero for rcu files instead of special case rcuref.\n\nSigned-off-by: Nick Piggin \u003cnpiggin@suse.de\u003e\nCc: \"Paul E. McKenney\" \u003cpaulmck@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "d28d1e080132f28ab773291f10ad6acca4c8bba2", "tree": "4cc6abef076393bc4c9f0d4e4c9952b78c04d3ee", "parents": [ "df71837d5024e2524cd51c93621e558aa7dd9f3f" ], "author": { "name": "Trent Jaeger", "email": "tjaeger@cse.psu.edu", "time": "Tue Dec 13 23:12:40 2005 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jan 03 13:10:25 2006 -0800" }, "message": "[LSM-IPSec]: Per-packet access control.\n\nThis patch series implements per packet access control via the\nextension of the Linux Security Modules (LSM) interface by hooks in\nthe XFRM and pfkey subsystems that leverage IPSec security\nassociations to label packets. Extensions to the SELinux LSM are\nincluded that leverage the patch for this purpose.\n\nThis patch implements the changes necessary to the SELinux LSM to\ncreate, deallocate, and use security contexts for policies\n(xfrm_policy) and security associations (xfrm_state) that enable\ncontrol of a socket\u0027s ability to send and receive packets.\n\nPatch purpose:\n\nThe patch is designed to enable the SELinux LSM to implement access\ncontrol on individual packets based on the strongly authenticated\nIPSec security association. Such access controls augment the existing\nones in SELinux based on network interface and IP address. The former\nare very coarse-grained, and the latter can be spoofed. By using\nIPSec, the SELinux can control access to remote hosts based on\ncryptographic keys generated using the IPSec mechanism. This enables\naccess control on a per-machine basis or per-application if the remote\nmachine is running the same mechanism and trusted to enforce the\naccess control policy.\n\nPatch design approach:\n\nThe patch\u0027s main function is to authorize a socket\u0027s access to a IPSec\npolicy based on their security contexts. Since the communication is\nimplemented by a security association, the patch ensures that the\nsecurity association\u0027s negotiated and used have the same security\ncontext. The patch enables allocation and deallocation of such\nsecurity contexts for policies and security associations. It also\nenables copying of the security context when policies are cloned.\nLastly, the patch ensures that packets that are sent without using a\nIPSec security assocation with a security context are allowed to be\nsent in that manner.\n\nA presentation available at\nwww.selinux-symposium.org/2005/presentations/session2/2-3-jaeger.pdf\nfrom the SELinux symposium describes the overall approach.\n\nPatch implementation details:\n\nThe function which authorizes a socket to perform a requested\noperation (send/receive) on a IPSec policy (xfrm_policy) is\nselinux_xfrm_policy_lookup. The Netfilter and rcv_skb hooks ensure\nthat if a IPSec SA with a securit y association has not been used,\nthen the socket is allowed to send or receive the packet,\nrespectively.\n\nThe patch implements SELinux function for allocating security contexts\nwhen policies (xfrm_policy) are created via the pfkey or xfrm_user\ninterfaces via selinux_xfrm_policy_alloc. When a security association\nis built, SELinux allocates the security context designated by the\nXFRM subsystem which is based on that of the authorized policy via\nselinux_xfrm_state_alloc.\n\nWhen a xfrm_policy is cloned, the security context of that policy, if\nany, is copied to the clone via selinux_xfrm_policy_clone.\n\nWhen a xfrm_policy or xfrm_state is freed, its security context, if\nany is also freed at selinux_xfrm_policy_free or\nselinux_xfrm_state_free.\n\nTesting:\n\nThe SELinux authorization function is tested using ipsec-tools. We\ncreated policies and security associations with particular security\ncontexts and added SELinux access control policy entries to verify the\nauthorization decision. We also made sure that packets for which no\nsecurity context was supplied (which either did or did not use\nsecurity associations) were authorized using an unlabelled context.\n\nSigned-off-by: Trent Jaeger \u003ctjaeger@cse.psu.edu\u003e\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "25a74f3ba8efb394e9a30d6de37566bf03fd3de8", "tree": "8fbe98b01a13946c02a56ab7bab2c4ed077aee3f", "parents": [ "e517a0cd859ae0c4d9451107113fc2b076456f8f" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Tue Nov 08 21:34:33 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Nov 09 07:55:51 2005 -0800" }, "message": "[PATCH] selinux: disable setxattr on mountpoint labeled filesystems\n\nThis patch disables the setting of SELinux xattrs on files created in\nfilesystems labeled via mountpoint labeling (mounted with the context\u003d\noption). selinux_inode_setxattr already prevents explicit setxattr from\nuserspace on such filesystems, so this provides consistent behavior for\nfile creation.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "621d31219d9a788bda924a0613048053f3f5f211", "tree": "9fb9846fdd999ba04c436aa84c7da0d8233ac545", "parents": [ "b67a1b9e4bf878aa5d4b6b44cb5a251a2f425f0d" ], "author": { "name": "Oleg Nesterov", "email": "oleg@tv-sign.ru", "time": "Sun Oct 30 15:03:45 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:31 2005 -0800" }, "message": "[PATCH] cleanup the usage of SEND_SIG_xxx constants\n\nThis patch simplifies some checks for magic siginfo values. It should not\nchange the behaviour in any way.\n\nSigned-off-by: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "b67a1b9e4bf878aa5d4b6b44cb5a251a2f425f0d", "tree": "8fa921440476083be42f21ce6d0c4091a3757742", "parents": [ "3e6716e748609a3a899e8d670e42832921bd45bc" ], "author": { "name": "Oleg Nesterov", "email": "oleg@tv-sign.ru", "time": "Sun Oct 30 15:03:44 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:31 2005 -0800" }, "message": "[PATCH] remove hardcoded SEND_SIG_xxx constants\n\nThis patch replaces hardcoded SEND_SIG_xxx constants with\ntheir symbolic names.\n\nNo changes in affected .o files.\n\nSigned-off-by: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "2f51201662b28dbf8c15fb7eb972bc51c6cc3fa5", "tree": "96826df796058560bc5dd1f7d8d476c5a741d7bc", "parents": [ "503af334ecf23b9d65d2ff0cc759f3a0bf338290" ], "author": { "name": "Eric Dumazet", "email": "dada1@cosmosbay.com", "time": "Sun Oct 30 15:02:16 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:19 2005 -0800" }, "message": "[PATCH] reduce sizeof(struct file)\n\nNow that RCU applied on \u0027struct file\u0027 seems stable, we can place f_rcuhead\nin a memory location that is not anymore used at call_rcu(\u0026f-\u003ef_rcuhead,\nfile_free_rcu) time, to reduce the size of this critical kernel object.\n\nThe trick I used is to move f_rcuhead and f_list in an union called f_u\n\nThe callers are changed so that f_rcuhead becomes f_u.fu_rcuhead and f_list\nbecomes f_u.f_list\n\nSigned-off-by: Eric Dumazet \u003cdada1@cosmosbay.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "ce4c2bd1a9dfebaefadc2d34b17c6f12101751be", "tree": "dde9437929d9b15ced25758c8389360ba4073cdb", "parents": [ "d381d8a9a08cac9824096213069159be17fd2e2f" ], "author": { "name": "Andrew Morton", "email": "akpm@osdl.org", "time": "Sun Oct 30 14:59:23 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:11 2005 -0800" }, "message": "[PATCH] selinux-canonicalize-getxattr-fix\n\nsecurity/selinux/hooks.c: In function `selinux_inode_getxattr\u0027:\nsecurity/selinux/hooks.c:2193: warning: unused variable `sbsec\u0027\n\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" } ], "next": "d381d8a9a08cac9824096213069159be17fd2e2f" }