)]}' { "log": [ { "commit": "3cfc2c42c1cbc8e238bb9c0612c0df4565e3a8b4", "tree": "5adc1ff2eaf64d450bf28bb6b2ce890db2567288", "parents": [ "5cf65713f87775c548e3eb48dbafa32e12f28000", "0ea6e61122196509af82cc4f36cbdaacbefb8227" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 04 15:31:02 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 04 15:31:02 2010 -0700" }, "message": "Merge branch \u0027for-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\n* \u0027for-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (48 commits)\n Documentation: update broken web addresses.\n fix comment typo \"choosed\" -\u003e \"chosen\"\n hostap:hostap_hw.c Fix typo in comment\n Fix spelling contorller -\u003e controller in comments\n Kconfig.debug: FAIL_IO_TIMEOUT: typo Faul -\u003e Fault\n fs/Kconfig: Fix typo Userpace -\u003e Userspace\n Removing dead MACH_U300_BS26\n drivers/infiniband: Remove unnecessary casts of private_data\n fs/ocfs2: Remove unnecessary casts of private_data\n libfc: use ARRAY_SIZE\n scsi: bfa: use ARRAY_SIZE\n drm: i915: use ARRAY_SIZE\n drm: drm_edid: use ARRAY_SIZE\n synclink: use ARRAY_SIZE\n block: cciss: use ARRAY_SIZE\n comment typo fixes: charater \u003d\u003e character\n fix comment typos concerning \"challenge\"\n arm: plat-spear: fix typo in kerneldoc\n reiserfs: typo comment fix\n update email address\n ...\n" }, { "commit": "d790d4d583aeaed9fc6f8a9f4d9f8ce6b1c15c7f", "tree": "854ab394486288d40fa8179cbfaf66e8bdc44b0f", "parents": [ "73b2c7165b76b20eb1290e7efebc33cfd21db1ca", "3a09b1be53d23df780a0cd0e4087a05e2ca4a00c" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Aug 04 15:14:38 2010 +0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Aug 04 15:14:38 2010 +0200" }, "message": "Merge branch \u0027master\u0027 into for-next\n" }, { "commit": "77c80e6b2fd049848bfd1bdab67899ad3ac407a7", "tree": "672ccbe5316698e0ef4dae46ba0029fb234989bf", "parents": [ "6371dcd36f649d9d07823f31400618155a20dde1" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:49:00 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:49:00 2010 +1000" }, "message": "AppArmor: fix build warnings for non-const use of get_task_cred\n\nFix build warnings for non-const use of get_task_cred.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6371dcd36f649d9d07823f31400618155a20dde1", "tree": "a08c4ed2ec77225abbfcc099e78ae8d643429787", "parents": [ "016d825fe02cd20fd8803ca37a1e6d428fe878f6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jul 29 23:02:34 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:39 2010 +1000" }, "message": "selinux: convert the policy type_attr_map to flex_array\n\nCurrent selinux policy can have over 3000 types. The type_attr_map in\npolicy is an array sized by the number of types times sizeof(struct ebitmap)\n(12 on x86_64). Basic math tells us the array is going to be of length\n3000 x 12 \u003d 36,000 bytes. The largest \u0027safe\u0027 allocation on a long running\nsystem is 16k. Most of the time a 32k allocation will work. But on long\nrunning systems a 64k allocation (what we need) can fail quite regularly.\nIn order to deal with this I am converting the type_attr_map to use\nflex_arrays. Let the library code deal with breaking this into PAGE_SIZE\npieces.\n\n-v2\nrework some of the if(!obj) BUG() to be BUG_ON(!obj)\ndrop flex_array_put() calls and just use a _get() object directly\n\n-v3\nmake apply to James\u0027 tree (drop the policydb_write changes)\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "016d825fe02cd20fd8803ca37a1e6d428fe878f6", "tree": "b36bafad46e09a1a62f3521536a703c58540f675", "parents": [ "484ca79c653121d3c79fffb86e1deea724f2e20b" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri Jul 30 13:46:33 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:39 2010 +1000" }, "message": "AppArmor: Enable configuring and building of the AppArmor security module\n\nKconfig and Makefiles to enable configuration and building of AppArmor.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "484ca79c653121d3c79fffb86e1deea724f2e20b", "tree": "457aa73e37c9b5e5b4306430f40d1985b59ca226", "parents": [ "4d6ec10bb4461fdc9a9ab94ef32934e13564e873" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jul 29 14:29:55 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:38 2010 +1000" }, "message": "TOMOYO: Use pathname specified by policy rather than execve()\n\nCommit c9e69318 \"TOMOYO: Allow wildcard for execute permission.\" changed execute\npermission and domainname to accept wildcards. But tomoyo_find_next_domain()\nwas using pathname passed to execve() rather than pathname specified by the\nexecute permission. As a result, processes were not able to transit to domains\nwhich contain wildcards in their domainnames.\n\nThis patch passes pathname specified by the execute permission back to\ntomoyo_find_next_domain() so that processes can transit to domains which\ncontain wildcards in their domainnames.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4d6ec10bb4461fdc9a9ab94ef32934e13564e873", "tree": "b252da668c7485b864dd012b33f58d7c108d99a1", "parents": [ "c88d4c7b049e87998ac0a9f455aa545cc895ef92" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jul 30 09:02:04 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:37 2010 +1000" }, "message": "AppArmor: update path_truncate method to latest version\n\nRemove extraneous path_truncate arguments from the AppArmor hook,\nas they\u0027ve been removed from the LSM API.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c88d4c7b049e87998ac0a9f455aa545cc895ef92", "tree": "1859582b4afec1116b6831ea89ae27c35209991a", "parents": [ "736ec752d95e91e77cc0e8c97c057ab076ac2f51" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:00 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:37 2010 +1000" }, "message": "AppArmor: core policy routines\n\nThe basic routines and defines for AppArmor policy. AppArmor policy\nis defined by a few basic components.\n profiles - the basic unit of confinement contain all the information\n to enforce policy on a task\n\n Profiles tend to be named after an executable that they\n will attach to but this is not required.\n namespaces - a container for a set of profiles that will be used\n during attachment and transitions between profiles.\n sids - which provide a unique id for each profile\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "736ec752d95e91e77cc0e8c97c057ab076ac2f51", "tree": "128d330ecff67c5d83862062825b7975c92fee96", "parents": [ "0ed3b28ab8bf460a3a026f3f1782bf4c53840184" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:02 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:36 2010 +1000" }, "message": "AppArmor: policy routines for loading and unpacking policy\n\nAppArmor policy is loaded in a platform independent flattened binary\nstream. Verify and unpack the data converting it to the internal\nformat needed for enforcement.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0ed3b28ab8bf460a3a026f3f1782bf4c53840184", "tree": "9da3a2c6d9f55d3166726fe7c51671a6029c1269", "parents": [ "b5e95b48685e3481139a5634d14d630d12c7d5ce" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:05 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:35 2010 +1000" }, "message": "AppArmor: mediation of non file objects\n\nipc:\nAppArmor ipc is currently limited to mediation done by file mediation\nand basic ptrace tests. Improved mediation is a wip.\n\nrlimits:\nAppArmor provides basic abilities to set and control rlimits at\na per profile level. Only resources specified in a profile are controled\nor set. AppArmor rules set the hard limit to a value \u003c\u003d to the current\nhard limit (ie. they can not currently raise hard limits), and if\nnecessary will lower the soft limit to the new hard limit value.\n\nAppArmor does not track resource limits to reset them when a profile\nis left so that children processes inherit the limits set by the\nparent even if they are not confined by the same profile.\n\nCapabilities: AppArmor provides a per profile mask of capabilities,\nthat will further restrict.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b5e95b48685e3481139a5634d14d630d12c7d5ce", "tree": "1468141db6ff1a291bde0b6a960c2af7e520b52b", "parents": [ "f9ad1af53d5232a89a1ff1827102843999975dfa" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:07 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:35 2010 +1000" }, "message": "AppArmor: LSM interface, and security module initialization\n\nAppArmor hooks to interface with the LSM, module parameters and module\ninitialization.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f9ad1af53d5232a89a1ff1827102843999975dfa", "tree": "2d7f4c35208b74995651fa6eb47031a37f928503", "parents": [ "c1c124e91e7c6d5a600c98f6fb5b443c403a14f4" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:08 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:34 2010 +1000" }, "message": "AppArmor: Enable configuring and building of the AppArmor security module\n\nKconfig and Makefiles to enable configuration and building of AppArmor.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "898127c34ec03291c86f4ff3856d79e9e18952bc", "tree": "c8845bd204b1c4b120f1be1cceea4ff96f749e53", "parents": [ "6380bd8ddf613b29f478396308b591867d401de4" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:06 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:14 2010 +1000" }, "message": "AppArmor: functions for domain transitions\n\nAppArmor routines for controling domain transitions, which can occur at\nexec or through self directed change_profile/change_hat calls.\n\nUnconfined tasks are checked at exec against the profiles in the confining\nprofile namespace to determine if a profile should be attached to the task.\n\nConfined tasks execs are controlled by the profile which provides rules\ndetermining which execs are allowed and if so which profiles should be\ntransitioned to.\n\nSelf directed domain transitions allow a task to request transition\nto a given profile. If the transition is allowed then the profile will\nbe applied, either immeditately or at exec time depending on the request.\nImmeditate self directed transitions have several security limitations\nbut have uses in setting up stub transition profiles and other limited\ncases.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6380bd8ddf613b29f478396308b591867d401de4", "tree": "6d8fc9356a652f8452ccf49e7f79cc700cc2768d", "parents": [ "63e2b423771ab0bc7ad4d407f3f6517c6d05cdc0" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:04 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:14 2010 +1000" }, "message": "AppArmor: file enforcement routines\n\nAppArmor does files enforcement via pathname matching. Matching is done\nat file open using a dfa match engine. Permission is against the final\nfile object not parent directories, ie. the traversal of directories\nas part of the file match is implicitly allowed. In the case of nonexistant\nfiles (creation) permissions are checked against the target file not the\ndirectory. eg. In case of creating the file /dir/new, permissions are\nchecked against the match /dir/new not against /dir/.\n\nThe permissions for matches are currently stored in the dfa accept table,\nbut this will change to allow for dfa reuse and also to allow for sharing\nof wider accept states.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "63e2b423771ab0bc7ad4d407f3f6517c6d05cdc0", "tree": "e50efc9593c7558d3700ec55869f9ddbac283a1d", "parents": [ "e06f75a6a2b43bd3a7a197bd21466f9da130e4af" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:03 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:13 2010 +1000" }, "message": "AppArmor: userspace interfaces\n\nThe /proc/\u003cpid\u003e/attr/* interface is used for process introspection and\ncommands. While the apparmorfs interface is used for global introspection\nand loading and removing policy.\n\nThe interface currently only contains the files necessary for loading\npolicy, and will be extended in the future to include sysfs style\nsingle per file introspection inteface.\n\nThe old AppArmor 2.4 interface files have been removed into a compatibility\npatch, that distros can use to maintain backwards compatibility.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e06f75a6a2b43bd3a7a197bd21466f9da130e4af", "tree": "bf5aabceae66c62e317a0403b05ffb320aef54d2", "parents": [ "c75afcd153f6147d3b094f45a1d87e5df7f4f053" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:01 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:13 2010 +1000" }, "message": "AppArmor: dfa match engine\n\nA basic dfa matching engine based off the dfa engine in the Dragon\nBook. It uses simple row comb compression with a check field.\n\nThis allows AppArmor to do pattern matching in linear time, and also\navoids stack issues that an nfa based engine may have. The dfa\nengine uses a byte based comparison, with all values being valid.\nAny potential character encoding are handled user side when the dfa\ntables are created. By convention AppArmor uses \\0 to separate two\ndependent path matches since \\0 is not a valid path character\n(this is done in the link permission check).\n\nThe dfa tables are generated in user space and are verified at load\ntime to be internally consistent.\n\nThere are several future improvements planned for the dfa engine:\n* The dfa engine may be converted to a hybrid nfa-dfa engine, with\n a fixed size limited stack. This would allow for size time\n tradeoffs, by inserting limited nfa states to help control\n state explosion that can occur with dfas.\n* The dfa engine may pickup the ability to do limited dynamic\n variable matching, instead of fixing all variables at policy\n load time.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c75afcd153f6147d3b094f45a1d87e5df7f4f053", "tree": "4d072c7b76a1e198427716f66a46712e508d4597", "parents": [ "67012e8209df95a8290d135753ff5145431a666e" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:47:59 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:12 2010 +1000" }, "message": "AppArmor: contexts used in attaching policy to system objects\n\nAppArmor contexts attach profiles and state to tasks, files, etc. when\na direct profile reference is not sufficient.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "67012e8209df95a8290d135753ff5145431a666e", "tree": "fc95b2c33d2e2d206500d7ec7e78dd855d4b3d2c", "parents": [ "cdff264264254e0fabc8107a33f3bb75a95e981f" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:47:58 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:11 2010 +1000" }, "message": "AppArmor: basic auditing infrastructure.\n\nUpdate lsm_audit for AppArmor specific data, and add the core routines for\nAppArmor uses for auditing.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cdff264264254e0fabc8107a33f3bb75a95e981f", "tree": "a20956e2a7a38e195071ded57fca02e1d1b1314c", "parents": [ "e6f6a4cc955d626ed26562d98de5766bf1f73526" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:47:57 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:11 2010 +1000" }, "message": "AppArmor: misc. base functions and defines\n\nMiscellaneous functions and defines needed by AppArmor, including\nthe base path resolution routines.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e6f6a4cc955d626ed26562d98de5766bf1f73526", "tree": "308ef4b42db0e3ebc0078550c7b9cca59f117cd6", "parents": [ "7e3d199a4009a4094a955282daf5ecd43f2c8152" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jul 27 17:17:06 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:10 2010 +1000" }, "message": "TOMOYO: Update version to 2.3.0\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7e3d199a4009a4094a955282daf5ecd43f2c8152", "tree": "ea65ba1835bc1465ab07d94e0f8c7e9a2e060b5f", "parents": [ "b424485abe2b16580a178b469917a7b6ee0c152a" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jul 27 10:08:29 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:09 2010 +1000" }, "message": "TOMOYO: Fix quota check.\n\nCommit d74725b9 \"TOMOYO: Use callback for updating entries.\" broke\ntomoyo_domain_quota_is_ok() by counting deleted entries. It needs to\ncount non-deleted entries.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b424485abe2b16580a178b469917a7b6ee0c152a", "tree": "d90d4662dd1ad229976354e4caa1a7632fb2a6d3", "parents": [ "49b7b8de46d293113a0a0bb026ff7bd833c73367" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 23 11:44:15 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:09 2010 +1000" }, "message": "SELinux: Move execmod to the common perms\n\nexecmod \"could\" show up on non regular files and non chr files. The current\nimplementation would actually make these checks against non-existant bits\nsince the code assumes the execmod permission is same for all file types.\nTo make this line up for chr files we had to define execute_no_trans and\nentrypoint permissions. These permissions are unreachable and only existed\nto to make FILE__EXECMOD and CHR_FILE__EXECMOD the same. This patch drops\nthose needless perms as well.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "49b7b8de46d293113a0a0bb026ff7bd833c73367", "tree": "ff29778c49a8ac1511249cc268ddbb2c6ddb86a9", "parents": [ "b782e0a68d17894d9a618ffea55b33639faa6bb4" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 23 11:44:09 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:08 2010 +1000" }, "message": "selinux: place open in the common file perms\n\nkernel can dynamically remap perms. Drop the open lookup table and put open\nin the common file perms.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b782e0a68d17894d9a618ffea55b33639faa6bb4", "tree": "307bc615153075a6e92be5d839a58ff48d6525f3", "parents": [ "d09ca73979460b96d5d4684d588b188be9a1f57d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 23 11:44:03 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:07 2010 +1000" }, "message": "SELinux: special dontaudit for access checks\n\nCurrently there are a number of applications (nautilus being the main one) which\ncalls access() on files in order to determine how they should be displayed. It\nis normal and expected that nautilus will want to see if files are executable\nor if they are really read/write-able. access() should return the real\npermission. SELinux policy checks are done in access() and can result in lots\nof AVC denials as policy denies RWX on files which DAC allows. Currently\nSELinux must dontaudit actual attempts to read/write/execute a file in\norder to silence these messages (and not flood the logs.) But dontaudit rules\nlike that can hide real attacks. This patch addes a new common file\npermission audit_access. This permission is special in that it is meaningless\nand should never show up in an allow rule. Instead the only place this\npermission has meaning is in a dontaudit rule like so:\n\ndontaudit nautilus_t sbin_t:file audit_access\n\nWith such a rule if nautilus just checks access() we will still get denied and\nthus userspace will still get the correct answer but we will not log the denial.\nIf nautilus attempted to actually perform one of the forbidden actions\n(rather than just querying access(2) about it) we would still log a denial.\nThis type of dontaudit rule should be used sparingly, as it could be a\nmethod for an attacker to probe the system permissions without detection.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d09ca73979460b96d5d4684d588b188be9a1f57d", "tree": "217543affc5c1c76181ffca00c23cfa69f1dd4f6", "parents": [ "9cfcac810e8993fa7a5bfd24b1a21f1dbbb03a7b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 23 11:43:57 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:07 2010 +1000" }, "message": "security: make LSMs explicitly mask off permissions\n\nSELinux needs to pass the MAY_ACCESS flag so it can handle auditting\ncorrectly. Presently the masking of MAY_* flags is done in the VFS. In\norder to allow LSMs to decide what flags they care about and what flags\nthey don\u0027t just pass them all and the each LSM mask off what they don\u0027t\nneed. This patch should contain no functional changes to either the VFS or\nany LSM.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "692a8a231b212dfc68f612956d63f34abf098e0f", "tree": "4af3c03535ebc49e38c3c0c8f67061adbdf44c72", "parents": [ "d1b43547e56b163bc5c622243c47d8a13626175b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jul 21 12:51:03 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:06 2010 +1000" }, "message": "SELinux: break ocontext reading into a separate function\n\nMove the reading of ocontext type data out of policydb_read() in a separate\nfunction ocontext_read()\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d1b43547e56b163bc5c622243c47d8a13626175b", "tree": "29b2ddd50b3a0c6fe4dcf5f78c55c8698cd11679", "parents": [ "9a7982793c3aee6ce86d8e7e15306215257329f2" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jul 21 12:50:57 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:05 2010 +1000" }, "message": "SELinux: move genfs read to a separate function\n\nmove genfs read functionality out of policydb_read() and into a new\nfunction called genfs_read()\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9a7982793c3aee6ce86d8e7e15306215257329f2", "tree": "4d85f6f7a57260cefd938dca7593aabf9c02a59c", "parents": [ "338437f6a09861cdf76e1396ed5fa6dee9c7cabe" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:57:39 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:04 2010 +1000" }, "message": "selinux: fix error codes in symtab_init()\n\nhashtab_create() only returns NULL on allocation failures to -ENOMEM is\nappropriate here.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "338437f6a09861cdf76e1396ed5fa6dee9c7cabe", "tree": "e693392adf370b81af129b326bba45bf43f03862", "parents": [ "38184c522249dc377366d4edc41dc500c2c3bb9e" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:56:01 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:04 2010 +1000" }, "message": "selinux: fix error codes in cond_read_bool()\n\nThe original code always returned -1 (-EPERM) on error. The new code\nreturns either -ENOMEM, or -EINVAL or it propagates the error codes from\nlower level functions next_entry() or hashtab_insert().\n\nnext_entry() returns -EINVAL.\nhashtab_insert() returns -EINVAL, -EEXIST, or -ENOMEM.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "38184c522249dc377366d4edc41dc500c2c3bb9e", "tree": "10c87bf5fdaea233a7842a79f04459792e1b5ba1", "parents": [ "fc5c126e4733e6fb3080d3d822ca63226e74fc84" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:55:01 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:03 2010 +1000" }, "message": "selinux: fix error codes in cond_policydb_init()\n\nIt\u0027s better to propagate the error code from avtab_init() instead of\nreturning -1 (-EPERM). It turns out that avtab_init() never fails so\nthis patch doesn\u0027t change how the code runs but it\u0027s still a clean up.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fc5c126e4733e6fb3080d3d822ca63226e74fc84", "tree": "3320c22b66107c984ac0cf07c365420df42a4977", "parents": [ "9d623b17a740d5a85c12108cdc71c64fb15484fc" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:53:46 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:02 2010 +1000" }, "message": "selinux: fix error codes in cond_read_node()\n\nOriginally cond_read_node() returned -1 (-EPERM) on errors which was\nincorrect. Now it either propagates the error codes from lower level\nfunctions next_entry() or cond_read_av_list() or it returns -ENOMEM or\n-EINVAL.\n\nnext_entry() returns -EINVAL.\ncond_read_av_list() returns -EINVAL or -ENOMEM.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9d623b17a740d5a85c12108cdc71c64fb15484fc", "tree": "15434839a75f9c46c53a201520c6c859fad3c74b", "parents": [ "5241c1074f6e2f2276d45d857eb5d19fbdc2e4b2" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:52:19 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:02 2010 +1000" }, "message": "selinux: fix error codes in cond_read_av_list()\n\nAfter this patch cond_read_av_list() no longer returns -1 for any\nerrors. It just propagates error code back from lower levels. Those can\neither be -EINVAL or -ENOMEM.\n\nI also modified cond_insertf() since cond_read_av_list() passes that as a\nfunction pointer to avtab_read_item(). It isn\u0027t used anywhere else.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5241c1074f6e2f2276d45d857eb5d19fbdc2e4b2", "tree": "cf41e959668f5a9ec7a5d75059df864133569c91", "parents": [ "9e0bd4cba4460bff64fb07cfb07849cdfd4d325a" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:51:40 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:01 2010 +1000" }, "message": "selinux: propagate error codes in cond_read_list()\n\nThese are passed back when the security module gets loaded.\n\nThe original code always returned -1 (-EPERM) on error but after this\npatch it can return -EINVAL, or -ENOMEM or propagate the error code from\ncond_read_node(). cond_read_node() still returns -1 all the time, but I\nfix that in a later patch.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9e0bd4cba4460bff64fb07cfb07849cdfd4d325a", "tree": "feebec6167012e461d286c02ae45348ad0b2d3a1", "parents": [ "dce3a3d2ee038d230323fe06b061dbaace6b8f94" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:50:35 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:01 2010 +1000" }, "message": "selinux: cleanup return codes in avtab_read_item()\n\nThe avtab_read_item() function tends to return -1 as a default error\ncode which is wrong (-1 means -EPERM). I modified it to return\nappropriate error codes which is -EINVAL or the error code from\nnext_entry() or insertf().\n\nnext_entry() returns -EINVAL.\ninsertf() is a function pointer to either avtab_insert() or\ncond_insertf().\navtab_insert() returns -EINVAL, -ENOMEM, and -EEXIST.\ncond_insertf() currently returns -1, but I will fix it in a later patch.\n\nThere is code in avtab_read() which translates the -1 returns from\navtab_read_item() to -EINVAL. The translation is no longer needed, so I\nremoved it.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dce3a3d2ee038d230323fe06b061dbaace6b8f94", "tree": "0c3f258fe162379db0fbbb2de783d8dbd8b15c92", "parents": [ "b8bc83ab4dcbc9938b95a90bbb50d89d1904d5ab" ], "author": { "name": "Chihau Chau", "email": "chihau@gmail.com", "time": "Fri Jul 16 12:11:54 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:00 2010 +1000" }, "message": "Security: capability: code style issue\n\nThis fix a little code style issue deleting a space between a function\nname and a open parenthesis.\n\nSigned-off-by: Chihau Chau \u003cchihau@gmail.com\u003e\nAcked-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b8bc83ab4dcbc9938b95a90bbb50d89d1904d5ab", "tree": "7ccdfa1ad932b8556052aa0de65d017816a4470e", "parents": [ "57a62c2317d60b21b7761c319a733a894482a6af" ], "author": { "name": "Tvrtko Ursulin", "email": "tvrtko.ursulin@sophos.com", "time": "Thu Jul 15 13:25:06 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:59 2010 +1000" }, "message": "securityfs: Drop dentry reference count when mknod fails\n\nlookup_one_len increments dentry reference count which is not decremented\nwhen the create operation fails. This can cause a kernel BUG at\nfs/dcache.c:676 at unmount time. Also error code returned when new_inode()\nfails was replaced with more appropriate -ENOMEM.\n\nSigned-off-by: Tvrtko Ursulin \u003ctvrtko.ursulin@sophos.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge@hallyn.com\u003e\nAcked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "57a62c2317d60b21b7761c319a733a894482a6af", "tree": "03329d5df0a390640fbe5a41be064e5914673b02", "parents": [ "cdcd90f9e450d4edb5fab0490119f9540874e882" ], "author": { "name": "Arnd Bergmann", "email": "arnd@arndb.de", "time": "Wed Jul 07 23:40:10 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:59 2010 +1000" }, "message": "selinux: use generic_file_llseek\n\nThe default for llseek will change to no_llseek,\nso selinuxfs needs to add explicit .llseek\nassignments. Since we\u0027re dealing with regular\nfiles from a VFS perspective, use generic_file_llseek.\n\nSigned-off-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cdcd90f9e450d4edb5fab0490119f9540874e882", "tree": "5b1a5b5d00d19d6fa9ba13261ff22ffb0b8aa154", "parents": [ "7e2deb7ce8f662bce877dbfd3b0053e9559c25a3" ], "author": { "name": "Arnd Bergmann", "email": "arnd@arndb.de", "time": "Wed Jul 07 23:40:15 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:58 2010 +1000" }, "message": "ima: use generic_file_llseek for securityfs\n\nThe default for llseek will change to no_llseek,\nso securityfs users need to add explicit .llseek\nassignments. Since we\u0027re dealing with regular\nfiles from a VFS perspective, use generic_file_llseek.\n\nSigned-off-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nCc: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7e2deb7ce8f662bce877dbfd3b0053e9559c25a3", "tree": "525c2a048a361bda568ff19bf422430999b64984", "parents": [ "af4f136056c984b0aa67feed7d3170b958370b2f" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jul 08 21:57:41 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:57 2010 +1000" }, "message": "TOMOYO: Explicitly set file_operations-\u003ellseek pointer.\n\nTOMOYO does not deal offset pointer. Thus seek operation makes\nno sense. Changing default seek operation from default_llseek()\nto no_llseek() might break some applications. Thus, explicitly\nset noop_llseek().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "af4f136056c984b0aa67feed7d3170b958370b2f", "tree": "30b62cd9174044cbdfdddc1fe5e0f21e7ddde85c", "parents": [ "5ad18a0d59ba9e65b3c8b2b489fd23bc6b3daf94" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jul 01 15:07:43 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:57 2010 +1000" }, "message": "security: move LSM xattrnames to xattr.h\n\nMake the security extended attributes names global. Updated to move\nthe remaining Smack xattrs.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5ad18a0d59ba9e65b3c8b2b489fd23bc6b3daf94", "tree": "9de21bbe321012bd8e51d9d8ed09b81785cfcbec", "parents": [ "94fd8405ea62bd2d4a40f3013e8e6935b6643235" ], "author": { "name": "Justin P. Mattock", "email": "justinmattock@gmail.com", "time": "Wed Jun 30 10:39:11 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:56 2010 +1000" }, "message": "KEYS: Reinstate lost passing of process keyring ID in call_sbin_request_key()\n\nIn commit bb952bb98a7e479262c7eb25d5592545a3af147d there was the accidental\ndeletion of a statement from call_sbin_request_key() to render the process\nkeyring ID to a text string so that it can be passed to /sbin/request-key.\n\nWith gcc 4.6.0 this causes the following warning:\n\n CC security/keys/request_key.o\nsecurity/keys/request_key.c: In function \u0027call_sbin_request_key\u0027:\nsecurity/keys/request_key.c:102:15: warning: variable \u0027prkey\u0027 set but not used\n\nThis patch reinstates that statement.\n\nWithout this statement, /sbin/request-key will get some random rubbish from the\nstack as that parameter.\n\nSigned-off-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "94fd8405ea62bd2d4a40f3013e8e6935b6643235", "tree": "14bff044866db418ec7f84944fc80998df851a99", "parents": [ "0849e3ba53c3ef603dffa9758a73e07ed186a937" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Jun 28 14:05:04 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:56 2010 +1000" }, "message": "KEYS: Use the variable \u0027key\u0027 in keyctl_describe_key()\n\nkeyctl_describe_key() turns the key reference it gets into a usable key pointer\nand assigns that to a variable called \u0027key\u0027, which it then ignores in favour of\nrecomputing the key pointer each time it needs it. Make it use the precomputed\npointer instead.\n\nWithout this patch, gcc 4.6 reports that the variable key is set but not used:\n\n\tbuilding with gcc 4.6 I\u0027m getting a warning message:\n\t CC security/keys/keyctl.o\n\tsecurity/keys/keyctl.c: In function \u0027keyctl_describe_key\u0027:\n\tsecurity/keys/keyctl.c:472:14: warning: variable \u0027key\u0027 set but not used\n\nReported-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0849e3ba53c3ef603dffa9758a73e07ed186a937", "tree": "5aaaa02db9be90287bfcc6e00e48d0b50c18d6cd", "parents": [ "e2bf69077acefee5247bb661faac2552d29ba7ba" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Jun 25 12:22:09 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:55 2010 +1000" }, "message": "TOMOYO: Add missing poll() hook.\n\nCommit 1dae08c \"TOMOYO: Add interactive enforcing mode.\" forgot to register\npoll() hook. As a result, /usr/sbin/tomoyo-queryd was doing busy loop.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e2bf69077acefee5247bb661faac2552d29ba7ba", "tree": "946adb588df8647f2476fb2f66996e6231521687", "parents": [ "8e5686874bcb882f69d5c04e6b38dc92b97facea" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Jun 25 11:16:00 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:54 2010 +1000" }, "message": "TOMOYO: Rename symbols.\n\nUse shorter name in order to make it easier to fit 80 columns limit.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8e5686874bcb882f69d5c04e6b38dc92b97facea", "tree": "522733e1e4a172d29252a98d340cea3942296684", "parents": [ "f23571e866309a2048030ef6a5f0725cf139d4c9" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Jun 25 09:30:09 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:54 2010 +1000" }, "message": "TOMOYO: Small cleanup.\n\nSplit tomoyo_write_profile() into several functions.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f23571e866309a2048030ef6a5f0725cf139d4c9", "tree": "0116bcef462f367307b2db927b249b7ce21039c2", "parents": [ "5db5a39b6462c8360c9178b28f4b07c320dfca1c" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 24 14:57:16 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:45 2010 +1000" }, "message": "TOMOYO: Copy directly to userspace buffer.\n\nWhen userspace program reads policy from /sys/kernel/security/tomoyo/\ninterface, TOMOYO uses line buffered mode. A line has at least one word.\n\nCommit 006dacc \"TOMOYO: Support longer pathname.\" changed a word\u0027s max length\nfrom 4000 bytes to max kmalloc()able bytes. By that commit, a line\u0027s max length\nchanged from 8192 bytes to more than max kmalloc()able bytes.\n\nMax number of words in a line remains finite. This patch changes the way of\nbuffering so that all words in a line are firstly directly copied to userspace\nbuffer as much as possible and are secondly queued for next read request.\nWords queued are guaranteed to be valid until /sys/kernel/security/tomoyo/\ninterface is close()d.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5db5a39b6462c8360c9178b28f4b07c320dfca1c", "tree": "0350d94c0e134820e035381bcff81515dbda9666", "parents": [ "063821c8160568b3390044390c8328e36c5696ad" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 24 12:24:19 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:45 2010 +1000" }, "message": "TOMOYO: Use common code for policy reading.\n\ntomoyo_print_..._acl() are similar. Merge them.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "063821c8160568b3390044390c8328e36c5696ad", "tree": "68a61753cdc6b0edaf0358eebdea8c20aaa713b1", "parents": [ "475e6fa3d340e75a454ea09191a29e52e2ee6e71" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 24 12:00:25 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:44 2010 +1000" }, "message": "TOMOYO: Allow reading only execute permission.\n\nPolicy editor needs to know allow_execute entries in order to build domain\ntransition tree. Reading all entries is slow. Thus, allow reading only\nallow_execute entries.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "475e6fa3d340e75a454ea09191a29e52e2ee6e71", "tree": "44e8222ec250f8573199fc3132eaeb2f8922f85e", "parents": [ "5448ec4f5062ef75ce74f8d7784d4cea9c46ad00" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 24 11:28:14 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:44 2010 +1000" }, "message": "TOMOYO: Change list iterator.\n\nChange list_for_each_cookie to\n\n(1) start from current position rather than next position\n(2) remove temporary cursor\n(3) check that srcu_read_lock() is held\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5448ec4f5062ef75ce74f8d7784d4cea9c46ad00", "tree": "c4c742b928c799e03328e345e1d4af738f315afb", "parents": [ "0617c7ff34dc9b1d641640c3953274bb2dbe21a6" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Jun 21 11:14:39 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:43 2010 +1000" }, "message": "TOMOYO: Use common code for domain transition control.\n\nUse common code for \"initialize_domain\"/\"no_initialize_domain\"/\"keep_domain\"/\n\"no_keep_domain\" keywords.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0617c7ff34dc9b1d641640c3953274bb2dbe21a6", "tree": "6be51af32ad65380aff9b7fa385f65ef15b3d53b", "parents": [ "7c2ea22e3c5463627ca98924cd65cb9e480dc29c" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Jun 21 09:58:53 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:42 2010 +1000" }, "message": "TOMOYO: Remove alias keyword.\n\nSome programs behave differently depending on argv[0] passed to execve().\nTOMOYO has \"alias\" keyword in order to allow administrators to define different\ndomains if requested pathname passed to execve() is a symlink. But \"alias\"\nkeyword is incomplete because this keyword assumes that requested pathname and\nargv[0] are identical. Thus, remove \"alias\" keyword (by this patch) and add\nsyntax for checking argv[0] (by future patches).\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7c2ea22e3c5463627ca98924cd65cb9e480dc29c", "tree": "3a105a08cf75c77689bdfe890c64f9ae433748b9", "parents": [ "31845e8c6d3f4f26702e567c667277f9fd1f73a3" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 17 16:55:58 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:42 2010 +1000" }, "message": "TOMOYO: Merge path_group and number_group.\n\nUse common code for \"path_group\" and \"number_group\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "31845e8c6d3f4f26702e567c667277f9fd1f73a3", "tree": "5c457513fcdae4e7e39b19d36e1698ae298ce8d4", "parents": [ "a230f9e7121cbcbfe23bd5a630abf6b53cece555" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 17 16:54:33 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:41 2010 +1000" }, "message": "TOMOYO: Aggregate reader functions.\n\nNow lists are accessible via array index. Aggregate reader functions using index.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a230f9e7121cbcbfe23bd5a630abf6b53cece555", "tree": "a81820f41d57ffd8704aaef4331f696030d7ba77", "parents": [ "a98aa4debe2728abb3353e35fc5d110dcc0d7f0d" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 17 16:53:24 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:40 2010 +1000" }, "message": "TOMOYO: Use array of \"struct list_head\".\n\nAssign list id and make the lists as array of \"struct list_head\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a98aa4debe2728abb3353e35fc5d110dcc0d7f0d", "tree": "0334194761e26961339dd126e997c23e4060ce72", "parents": [ "5fb49870e6d48d81d8ca0e1ef979073dc9a820f7" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 17 16:52:29 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:40 2010 +1000" }, "message": "TOMOYO: Merge tomoyo_path_group and tomoyo_number_group\n\n\"struct tomoyo_path_group\" and \"struct tomoyo_number_group\" are identical.\nRename tomoyo_path_group/tomoyo_number_group to tomoyo_group and\ntomoyo_path_group_member to tomoyo_path_group and\ntomoyo_number_group_member to tomoyo_unmber_group.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5fb49870e6d48d81d8ca0e1ef979073dc9a820f7", "tree": "136fdf4f4181907b89916f24a8e828c00ba3e6bd", "parents": [ "253bfae6e0ad97554799affa0266052968a45808" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:19 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:39 2010 +1000" }, "message": "selinux: Use current_security() when possible\n\nThere were a number of places using the following code pattern:\n\n struct cred *cred \u003d current_cred();\n struct task_security_struct *tsec \u003d cred-\u003esecurity;\n\n... which were simplified to the following:\n\n struct task_security_struct *tsec \u003d current_security();\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "253bfae6e0ad97554799affa0266052968a45808", "tree": "c3599a18f06664160a55a20b30428ba4faf6e2c0", "parents": [ "84914b7ed1c5e0f3199a5a6997022758a70fcaff" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:19 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:39 2010 +1000" }, "message": "selinux: Convert socket related access controls to use socket labels\n\nAt present, the socket related access controls use a mix of inode and\nsocket labels; while there should be no practical difference (they\n_should_ always be the same), it makes the code more confusing. This\npatch attempts to convert all of the socket related access control\npoints (with the exception of some of the inode/fd based controls) to\nuse the socket\u0027s own label. In the process, I also converted the\nsocket_has_perm() function to take a \u0027sock\u0027 argument instead of a\n\u0027socket\u0027 since that was adding a bit more overhead in some cases.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "84914b7ed1c5e0f3199a5a6997022758a70fcaff", "tree": "a0ac9631fba19280516ec26819c884e6b086b183", "parents": [ "d4f2d97841827cb876da8b607df05a3dab812416" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:18 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:38 2010 +1000" }, "message": "selinux: Shuffle the sk_security_struct alloc and free routines\n\nThe sk_alloc_security() and sk_free_security() functions were only being\ncalled by the selinux_sk_alloc_security() and selinux_sk_free_security()\nfunctions so we just move the guts of the alloc/free routines to the\ncallers and eliminate a layer of indirection.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d4f2d97841827cb876da8b607df05a3dab812416", "tree": "8d3128128f465e23dbfc5ee4ccc50d9bc489f7d7", "parents": [ "4d1e24514d80cb266231d0c1b6c02161970ad019" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:18 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:37 2010 +1000" }, "message": "selinux: Consolidate sockcreate_sid logic\n\nConsolidate the basic sockcreate_sid logic into a single helper function\nwhich allows us to do some cleanups in the related code.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4d1e24514d80cb266231d0c1b6c02161970ad019", "tree": "2de35d44c52dc1afa28c8f1bf294180817834a9d", "parents": [ "e79acf0ef45e0b54aed47ebea7f25c540d3f527e" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:18 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:37 2010 +1000" }, "message": "selinux: Set the peer label correctly on connected UNIX domain sockets\n\nCorrect a problem where we weren\u0027t setting the peer label correctly on\nthe client end of a pair of connected UNIX sockets.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e79acf0ef45e0b54aed47ebea7f25c540d3f527e", "tree": "02a593a5cb616b4b95e8f60aac786e57517442cf", "parents": [ "8fbe71f0e0ac28a39e4a93694c34d670c2f31e88" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:31:50 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:36 2010 +1000" }, "message": "TOMOYO: Pass \"struct list_head\" rather than \"void *\".\n\nPass \"struct list_head\" to tomoyo_add_to_gc() and bring\nlist_del_rcu() to tomoyo_add_to_gc().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8fbe71f0e0ac28a39e4a93694c34d670c2f31e88", "tree": "95dc6db6aaaa31a8876bc99c1531bfc26d0e838c", "parents": [ "cb917cf517075a357ce43b74e8a5a57f2c69a734" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:29:59 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:35 2010 +1000" }, "message": "TOMOYO: Make read function to void.\n\nRead functions do not fail. Make them from int to void.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cb917cf517075a357ce43b74e8a5a57f2c69a734", "tree": "5d7a5abdf135b566d0e764a4c767c15b317e7998", "parents": [ "71c282362d0672235c5205a7db1f3ac3fcf32981" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:28:21 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:35 2010 +1000" }, "message": "TOMOYO: Merge functions.\n\nEmbed tomoyo_path_number_perm2() into tomoyo_path_number_perm().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "71c282362d0672235c5205a7db1f3ac3fcf32981", "tree": "b359947179fad844767fc5b54a0761b7353babc1", "parents": [ "d795ef9e751b72c94600c91e31bdaef55987a9f6" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:26:38 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:34 2010 +1000" }, "message": "TOMOYO: Remove wrapper function for reading keyword.\n\nKeyword strings are read-only. We can directly access them to reduce code size.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d795ef9e751b72c94600c91e31bdaef55987a9f6", "tree": "f845fcc73cfad0fc2e9bb27e6e1a6110d7461e28", "parents": [ "75093152a97ee0ec281895b4f6229ff3c481fd64" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:24:58 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:34 2010 +1000" }, "message": "TOMOYO: Loosen parameter check for mount operation.\n\nIf invalid combination of mount flags are given, it will be rejected later.\nThus, no need for TOMOYO to reject invalid combination of mount flags.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "75093152a97ee0ec281895b4f6229ff3c481fd64", "tree": "960bdf1d441f43c2dfa3c4d54c48af5fc524a1a8", "parents": [ "99a852596beb26cc449ca1a79834c107ef4080e1" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:23:55 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:33 2010 +1000" }, "message": "TOMOYO: Rename symbols.\n\nUse shorter name in order to make it easier to fix 80 columns limit.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "99a852596beb26cc449ca1a79834c107ef4080e1", "tree": "8d593b0af85f6cbbfe73b916f7449148ccf93133", "parents": [ "cf6e9a6468ec82a94cbc707b607452ec4454182c" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:22:51 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:32 2010 +1000" }, "message": "TOMOYO: Use callback for permission check.\n\nWe can use callback function since parameters are passed via\n\"const struct tomoyo_request_info\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cf6e9a6468ec82a94cbc707b607452ec4454182c", "tree": "6b289c8575f1915395d3c1348d473ab07fbe34a8", "parents": [ "05336dee9f5a23c042e5938b42f996dd35e31ee6" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:21:36 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:32 2010 +1000" }, "message": "TOMOYO: Pass parameters via structure.\n\nTo make it possible to use callback function, pass parameters via\n\"struct tomoyo_request_info\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "05336dee9f5a23c042e5938b42f996dd35e31ee6", "tree": "c5dd4abb5bf15e06b399aa1b1e5db56bd848c762", "parents": [ "9ee0c823c18119914283358b35a1c3ebb14c2f90" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:20:24 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:31 2010 +1000" }, "message": "TOMOYO: Use common code for open and mkdir etc.\n\ntomoyo_file_perm() and tomoyo_path_permission() are similar.\nWe can embed tomoyo_file_perm() into tomoyo_path_permission().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9ee0c823c18119914283358b35a1c3ebb14c2f90", "tree": "6e29e71f1c9c7ae65d92a15a3b3220ae1d173407", "parents": [ "d2f8b2348f3406652ee00ee7221441bd36fe0195" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jun 11 12:37:05 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:30 2010 +1000" }, "message": "SELinux: seperate range transition rules to a seperate function\n\nMove the range transition rule to a separate function, range_read(), rather\nthan doing it all in policydb_read()\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d2f8b2348f3406652ee00ee7221441bd36fe0195", "tree": "5860237612bfefe2ec2006830048842b2fc94ad1", "parents": [ "36f5e1ffbf2bb951105ae4e261bcc1de3eaf510c" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jun 15 10:10:37 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:30 2010 +1000" }, "message": "TOMOYO: Use common code for garbage collection.\n\nUse common code for elements using \"struct list_head\" + \"bool\" structure.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "36f5e1ffbf2bb951105ae4e261bcc1de3eaf510c", "tree": "80e01278296477b4d30288081267d35ff771d720", "parents": [ "82e0f001a4c1112dcff9cafa9812a33889ad9b8a" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jun 15 09:23:26 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:29 2010 +1000" }, "message": "TOMOYO: Use callback for updating entries.\n\nUse common code for elements using \"struct list_head\" + \"bool\" structure.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "82e0f001a4c1112dcff9cafa9812a33889ad9b8a", "tree": "55c7e99f8773129b602f837f0c79f8d542021195", "parents": [ "237ab459f12cb98eadd3fe7b85343e183a1076a4" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jun 15 09:22:42 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:28 2010 +1000" }, "message": "TOMOYO: Use common structure for list element.\n\nUse common \"struct list_head\" + \"bool\" structure.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "237ab459f12cb98eadd3fe7b85343e183a1076a4", "tree": "f2835e2945016beb4e29b6a2ed8f9d372dc1b412", "parents": [ "927942aabbbe506bf9bc70a16dc5460ecc64c148" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Jun 12 20:46:22 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:28 2010 +1000" }, "message": "TOMOYO: Use callback for updating entries.\n\nUse common \"struct list_head\" + \"bool\" + \"u8\" structure and\nuse common code for elements using that structure.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "927942aabbbe506bf9bc70a16dc5460ecc64c148", "tree": "2c53ccb405bd4afb03ff9f7acab892fafc7e9b0f", "parents": [ "9156235b3427d6f01c5c95022f72f381f07583f5" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Jun 11 17:31:10 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:27 2010 +1000" }, "message": "KEYS: Make /proc/keys check to see if a key is possessed before security check\n\nMake /proc/keys check to see if the calling process possesses each key before\nperforming the security check. The possession check can be skipped if the key\ndoesn\u0027t have the possessor-view permission bit set.\n\nThis causes the keys a process possesses to show up in /proc/keys, even if they\ndon\u0027t have matching user/group/other view permissions.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9156235b3427d6f01c5c95022f72f381f07583f5", "tree": "16df30be93847e73a3b188b98f9ef2e034d82a90", "parents": [ "57c2590fb7fd38bd52708ff2716a577d0c2b3c5a" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Jun 11 17:31:05 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:27 2010 +1000" }, "message": "KEYS: Authorise keyctl_set_timeout() on a key if we have its authorisation key\n\nAuthorise a process to perform keyctl_set_timeout() on an uninstantiated key if\nthat process has the authorisation key for it.\n\nThis allows the instantiator to set the timeout on a key it is instantiating -\nprovided it does it before instantiating the key.\n\nFor instance, the test upcall script provided with the keyutils package could\nbe modified to set the expiry to an hour hence before instantiating the key:\n\n\t[/usr/share/keyutils/request-key-debug.sh]\n\t if [ \"$3\" !\u003d \"neg\" ]\n\t then\n\t+ keyctl timeout $1 3600\n\t keyctl instantiate $1 \"Debug $3\" $4 || exit 1\n\t else\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "57c2590fb7fd38bd52708ff2716a577d0c2b3c5a", "tree": "19db2e176e1e49d85482995249ba18aebbb8f7eb", "parents": [ "1084307ca097745ed6e40a192329b133a49271ac" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 03 20:38:44 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:43 2010 +1000" }, "message": "TOMOYO: Update profile structure.\n\nThis patch allows users to change access control mode for per-operation basis.\nThis feature comes from non LSM version of TOMOYO which is designed for\npermitting users to use SELinux and TOMOYO at the same time.\n\nSELinux does not care filename in a directory whereas TOMOYO does. Change of\nfilename can change how the file is used. For example, renaming index.txt to\n.htaccess will change how the file is used. Thus, letting SELinux to enforce\nread()/write()/mmap() etc. restriction and letting TOMOYO to enforce rename()\nrestriction is an example usage of this feature.\n\nWhat is unfortunate for me is that currently LSM does not allow users to use\nSELinux and LSM version of TOMOYO at the same time...\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1084307ca097745ed6e40a192329b133a49271ac", "tree": "f3b2e81705afb4ca3006ebb931aa0aad426ace02", "parents": [ "3f629636320dfa65804779a3fc333f3147f3b064" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 03 20:38:03 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:42 2010 +1000" }, "message": "TOMOYO: Add pathname aggregation support.\n\nThis patch allows users to aggregate programs which provide similar\nfunctionality (e.g. /usr/bin/vi and /usr/bin/emacs ).\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3f629636320dfa65804779a3fc333f3147f3b064", "tree": "e44dc9f63ae8c6cd37d5471d014cd9b0449027e7", "parents": [ "c8c57e842720d8cc92ac8607f2d1c16d92314573" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 03 20:37:26 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:42 2010 +1000" }, "message": "TOMOYO: Allow wildcard for execute permission.\n\nSome applications create and execute programs dynamically. We need to accept\nwildcard for execute permission because such programs contain random suffix\nin their filenames. This patch loosens up regulation of string parameters.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c8c57e842720d8cc92ac8607f2d1c16d92314573", "tree": "dc921366b931ba5817ad530433f3b1ee178bc56a", "parents": [ "9b244373da3eab671da6c5125482121528a9ebf3" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 03 20:36:43 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:41 2010 +1000" }, "message": "TOMOYO: Support longer pathname.\n\nAllow pathnames longer than 4000 bytes.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9b244373da3eab671da6c5125482121528a9ebf3", "tree": "abbe091de54a260aec57e56ce79c164834354fc8", "parents": [ "ea0d3ab239fba48d6e998b19c28d78f765963007" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 03 20:35:53 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:41 2010 +1000" }, "message": "TOMOYO: Several fixes for TOMOYO\u0027s management programs.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ea0d3ab239fba48d6e998b19c28d78f765963007", "tree": "c1e20273bf121a4f404ca7ac2a012161b0e0201e", "parents": [ "3e62cbb8436f6c0cb799c8b7f106de7f662a7b8d" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 02 13:24:43 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:40 2010 +1000" }, "message": "LSM: Remove unused arguments from security_path_truncate().\n\nWhen commit be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d \"introduce new LSM hooks\nwhere vfsmount is available.\" was proposed, regarding security_path_truncate(),\nonly \"struct file *\" argument (which AppArmor wanted to use) was removed.\nBut length and time_attrs arguments are not used by TOMOYO nor AppArmor.\nThus, let\u0027s remove these arguments.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Nick Piggin \u003cnpiggin@suse.de\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3e62cbb8436f6c0cb799c8b7f106de7f662a7b8d", "tree": "d36565a4a6f7e0372a1fd9a8750b005635c9c335", "parents": [ "c3ef1500ec833890275172c7d063333404b64d60" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Tue Jun 01 09:14:04 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:39 2010 +1000" }, "message": "smack: opt_dentry is never null in in smack_d_instantiate()\n\nThis patch removes some unneeded code for if opt_dentry is null because\nthat can never happen.\n\nThe function dereferences \"opt_dentry\" earlier when it checks\n\"if (opt_dentry-\u003ed_parent \u003d\u003d opt_dentry) {\". That code was added in\n2008.\n\nThis function called from security_d_instantiate(). I checked all the\nplaces which call security_d_instantiate() and dentry is always non-null.\nI also checked the selinux version of this hook and there is a comment\nwhich says that dentry should be non-null if called from\nd_instantiate().\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c3ef1500ec833890275172c7d063333404b64d60", "tree": "2453368e521a1f7a00098eef06afbedb8404503d", "parents": [ "17fcfbd9d45b57f38d40e31f9d28db53f4af5c88" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon May 17 10:12:46 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:39 2010 +1000" }, "message": "TOMOYO: Split files into some pieces.\n\nsecurity/tomoyo/common.c became too large to read.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "17fcfbd9d45b57f38d40e31f9d28db53f4af5c88", "tree": "e221937affe4d886706e880f39e1424333490cc0", "parents": [ "2106ccd972dcd9fda7df9b181505fac1741b3508" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon May 17 10:11:36 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:38 2010 +1000" }, "message": "TOMOYO: Add interactive enforcing mode.\n\nSince the behavior of the system is restricted by policy, we may need to update\npolicy when you update packages.\n\nWe need to update policy in the following cases.\n\n * The pathname of files has changed.\n * The dependency of files has changed.\n * The access permissions required has increased.\n\nThe ideal way to update policy is to rebuild from the scratch using learning\nmode. But it is not desirable to change from enforcing mode to other mode if\nthe system has once entered in production state. Suppose MAC could support\nper-application enforcing mode, the MAC becomes useless if an application that\nis not running in enforcing mode was cracked. For example, the whole system\nbecomes vulnerable if only HTTP server application is running in learning mode\nto rebuild policy for the application. So, in TOMOYO Linux, updating policy is\ndone while the system is running in enforcing mode.\n\nThis patch implements \"interactive enforcing mode\" which allows administrators\nto judge whether to accept policy violation in enforcing mode or not.\nA demo movie is available at http://www.youtube.com/watch?v\u003db9q1Jo25LPA .\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2106ccd972dcd9fda7df9b181505fac1741b3508", "tree": "4361f9498c303cabc20abc85c1b5ee0afa677b0f", "parents": [ "a1f9bb6a375a8dbf7797ffbd6739c46b338a77f7" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon May 17 10:10:31 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:37 2010 +1000" }, "message": "TOMOYO: Add mount restriction.\n\nmount(2) has three string and one numeric parameters.\nSplit mount restriction code from security/tomoyo/file.c .\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a1f9bb6a375a8dbf7797ffbd6739c46b338a77f7", "tree": "44df8f05e6ad6bd7cf9ce398c99efbd7cff24c20", "parents": [ "cb0abe6a5b58499bd4bc1403f4987af9ead0642c" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon May 17 10:09:15 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:37 2010 +1000" }, "message": "TOMOYO: Split file access control functions by type of parameters.\n\nCheck numeric parameters for operations that deal them\n(e.g. chmod/chown/ioctl).\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cb0abe6a5b58499bd4bc1403f4987af9ead0642c", "tree": "3a48c36dcfe0cfe1e4b6f3faf5ca3e7fae4327c7", "parents": [ "4c3e9e2ded48bcf696a45945ea7d25bb15b873fd" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon May 17 10:08:05 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:36 2010 +1000" }, "message": "TOMOYO: Use structure for passing common arguments.\n\nUse \"struct tomoyo_request_info\" instead of passing individual arguments.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4c3e9e2ded48bcf696a45945ea7d25bb15b873fd", "tree": "0be326f0f90b0279ae83594e9244c3739d348df1", "parents": [ "babcd37821fba57048b30151969d28303f2a8b6b" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon May 17 10:06:58 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:35 2010 +1000" }, "message": "TOMOYO: Add numeric values grouping support.\n\nThis patch adds numeric values grouping support, which is useful for grouping\nnumeric values such as file\u0027s UID, DAC\u0027s mode, ioctl()\u0027s cmd number.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "babcd37821fba57048b30151969d28303f2a8b6b", "tree": "f3a22f93df9d0ccb95bc653c9b56476adab05876", "parents": [ "9fe6206f400646a2322096b56c59891d530e8d51" ], "author": { "name": "Paul E. McKenney", "email": "paulmck@linux.vnet.ibm.com", "time": "Tue May 18 12:11:25 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:35 2010 +1000" }, "message": "selinux: remove all rcu head initializations\n\nRemove all rcu head inits. We don\u0027t care about the RCU head state before passing\nit to call_rcu() anyway. Only leave the \"on_stack\" variants so debugobjects can\nkeep track of objects on stack.\n\nSigned-off-by: Mathieu Desnoyers \u003cmathieu.desnoyers@efficios.com\u003e\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4303ef19c6e6d16ea845c04b02b9cf086bcb8ed7", "tree": "83e649d3b9d3583c7576920a0feb08e38a19d1b5", "parents": [ "7e27d6e778cd87b6f2415515d7127eba53fe5d02" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Fri Jun 11 17:30:05 2010 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jun 27 07:02:34 2010 -0700" }, "message": "KEYS: Propagate error code instead of returning -EINVAL\n\nThis is from a Smatch check I\u0027m writing.\n\nstrncpy_from_user() returns -EFAULT on error so the first change just\nsilences a warning but doesn\u0027t change how the code works.\n\nThe other change is a bug fix because install_thread_keyring_to_cred()\ncan return a variety of errors such as -EINVAL, -EEXIST, -ENOMEM or\n-EKEYREVOKED.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f1bbbb6912662b9f6070c5bfc4ca9eb1f06a9d5b", "tree": "c2c130a74be25b0b2dff992e1a195e2728bdaadd", "parents": [ "fd0961ff67727482bb20ca7e8ea97b83e9de2ddb", "7e27d6e778cd87b6f2415515d7127eba53fe5d02" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Jun 16 18:08:13 2010 +0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Jun 16 18:08:13 2010 +0200" }, "message": "Merge branch \u0027master\u0027 into for-next\n" }, { "commit": "421f91d21ad6f799dc7b489bb33cc560ccc56f98", "tree": "aaf9f6385233fdf9277e634603156c89ede7f770", "parents": [ "65155b3708137fabee865dc4da822763c0c41208" ], "author": { "name": "Uwe Kleine-König", "email": "u.kleine-koenig@pengutronix.de", "time": "Fri Jun 11 12:17:00 2010 +0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Jun 16 18:05:05 2010 +0200" }, "message": "fix typos concerning \"initiali[zs]e\"\n\nSigned-off-by: Uwe Kleine-König \u003cu.kleine-koenig@pengutronix.de\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "dd98acf74762764fbc4382a1d9a244f11a2658cc", "tree": "e194cc516ccc8812a0424dfd2ca1c32bf1052cd4", "parents": [ "5089a9768041206c76fac299ccd82a528c24c254" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Wed May 26 14:43:23 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 27 09:12:47 2010 -0700" }, "message": "keyctl_session_to_parent(): use thread_group_empty() to check singlethreadness\n\nNo functional changes.\n\nkeyctl_session_to_parent() is the only user of signal-\u003ecount which needs\nthe correct value. Change it to use thread_group_empty() instead, this\nmust be strictly equivalent under tasklist, and imho looks better.\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Peter Zijlstra \u003cpeterz@infradead.org\u003e\nAcked-by: Roland McGrath \u003croland@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "685bfd2c48bb3284d31e73ff3151c957d76deda9", "tree": "177210787515f48c0eaad5216bd012f4a2fb2149", "parents": [ "898b374af6f71041bd3bceebe257e564f3f1d458" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Wed May 26 14:43:00 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 27 09:12:45 2010 -0700" }, "message": "umh: creds: convert call_usermodehelper_keys() to use subprocess_info-\u003einit()\n\ncall_usermodehelper_keys() uses call_usermodehelper_setkeys() to change\nsubprocess_info-\u003ecred in advance. Now that we have info-\u003einit() we can\nchange this code to set tgcred-\u003esession_keyring in context of execing\nkernel thread.\n\nNote: since currently call_usermodehelper_keys() is never called with\nUMH_NO_WAIT, call_usermodehelper_keys()-\u003ekey_get() and umh_keys_cleanup()\nare not really needed, we could rely on install_session_keyring_to_cred()\nwhich does key_get() on success.\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: Neil Horman \u003cnhorman@tuxdriver.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4be929be34f9bdeffa40d815d32d7d60d2c7f03b", "tree": "4d2c6e2b8ef766e565e2e050ee151de2e02081d3", "parents": [ "940370fc86b920b51a34217a1facc3e9e97c2456" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Mon May 24 14:33:03 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue May 25 08:07:02 2010 -0700" }, "message": "kernel-wide: replace USHORT_MAX, SHORT_MAX and SHORT_MIN with USHRT_MAX, SHRT_MAX and SHRT_MIN\n\n- C99 knows about USHRT_MAX/SHRT_MAX/SHRT_MIN, not\n USHORT_MAX/SHORT_MAX/SHORT_MIN.\n\n- Make SHRT_MIN of type s16, not int, for consistency.\n\n[akpm@linux-foundation.org: fix drivers/dma/timb_dma.c]\n[akpm@linux-foundation.org: fix security/keys/keyring.c]\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nAcked-by: WANG Cong \u003cxiyou.wangcong@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e8c26255992474a2161c63ce9d385827302e4530", "tree": "08d247a53eca56a6e161ca784a4536b3ea7662f7", "parents": [ "01a05b337a5b647909e1d6670f57e7202318a5fb" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 23 06:36:54 2010 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 21 18:31:17 2010 -0400" }, "message": "switch selinux delayed superblock handling to iterate_supers()\n\n... kill their private list, while we are at it\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "db1afffab0b5d9f6d31f8f4bea44c9cb3bc59351", "tree": "5ba8fd7a5018c0772d999b8c3aa945c0efb929e0", "parents": [ "dd336c554d8926c3348a2d5f2a5ef5597f6d1a06" ], "author": { "name": "NeilBrown", "email": "neilb@suse.de", "time": "Tue Mar 16 15:14:51 2010 +1100" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Fri May 21 09:37:29 2010 -0700" }, "message": "kref: remove kref_set\n\nOf the three uses of kref_set in the kernel:\n\n One really should be kref_put as the code is letting go of a\n reference,\n Two really should be kref_init because the kref is being\n initialised.\n\nThis suggests that making kref_set available encourages bad code.\nSo fix the three uses and remove kref_set completely.\n\nSigned-off-by: NeilBrown \u003cneilb@suse.de\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n\n" }, { "commit": "4d09ec0f705cf88a12add029c058b53f288cfaa2", "tree": "d756921f5391953295404ccf3ba570ddaaca404f", "parents": [ "c80901f2755c582e3096e6708028a8daca59e6e2" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Mon May 17 14:42:35 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 18 08:50:55 2010 +1000" }, "message": "KEYS: Return more accurate error codes\n\nWe were using the wrong variable here so the error codes weren\u0027t being returned\nproperly. The original code returns -ENOKEY.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c80901f2755c582e3096e6708028a8daca59e6e2", "tree": "eaf353e1736d7f7f99f04b4c086e4bbbff4af854", "parents": [ "7762fbfffdbce8191f5236d5053b290035d3d749" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri May 14 12:01:26 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon May 17 09:27:20 2010 +1000" }, "message": "LSM: Add __init to fixup function.\n\nregister_security() became __init function.\nSo do verify() and security_fixup_ops().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "7762fbfffdbce8191f5236d5053b290035d3d749" }