)]}' { "log": [ { "commit": "1b9a3917366028cc451a98dd22e3bcd537d4e5c1", "tree": "d911058720e0a9aeeaf9f407ccdc6fbf4047f47d", "parents": [ "3661f00e2097676847deb01add1a0918044bd816", "71e1c784b24a026a490b3de01541fc5ee14ebc09" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 09:24:53 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 09:24:53 2006 -0800" }, "message": "Merge branch \u0027audit.b3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current\n\n* \u0027audit.b3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits)\n [PATCH] fix audit_init failure path\n [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format\n [PATCH] sem2mutex: audit_netlink_sem\n [PATCH] simplify audit_free() locking\n [PATCH] Fix audit operators\n [PATCH] promiscuous mode\n [PATCH] Add tty to syscall audit records\n [PATCH] add/remove rule update\n [PATCH] audit string fields interface + consumer\n [PATCH] SE Linux audit events\n [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c\n [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL\n [PATCH] Fix IA64 success/failure indication in syscall auditing.\n [PATCH] Miscellaneous bug and warning fixes\n [PATCH] Capture selinux subject/object context information.\n [PATCH] Exclude messages by message type\n [PATCH] Collect more inode information during syscall processing.\n [PATCH] Pass dentry, not just name, in fsnotify creation hooks.\n [PATCH] Define new range of userspace messages.\n [PATCH] Filter rule comparators\n ...\n\nFixed trivial conflict in security/selinux/hooks.c\n" }, { "commit": "d4eb82c783992551c574580eb55fddc8bb006ad0", "tree": "912aa24f162342bffae86a0c3e4713700a9e5c66", "parents": [ "12b5989be10011387a9da5dee82e5c0d6f9d02e7" ], "author": { "name": "Chris Wright", "email": "chrisw@sous-sol.org", "time": "Sat Mar 25 03:07:41 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 08:22:56 2006 -0800" }, "message": "[PATCH] make cap_ptrace enforce PTRACE_TRACME checks\n\nPTRACE_TRACEME doesn\u0027t have proper capabilities validation when parent is\nless privileged than child. Issue pointed out by Ram Gupta\n\u003cram.gupta5@gmail.com\u003e.\n\nNote: I haven\u0027t identified a strong security issue, and it\u0027s a small ABI\nchange that could break apps that rely on existing behaviour (which allows\nparent that is less privileged than child to ptrace when child does\nPTRACE_TRACEME).\n\nSigned-off-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Ram Gupta \u003cram.gupta5@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "12b5989be10011387a9da5dee82e5c0d6f9d02e7", "tree": "74da71d407bf26bf97c639bb2b473de233a736ac", "parents": [ "77d47582c2345e071df02afaf9191641009287c4" ], "author": { "name": "Chris Wright", "email": "chrisw@sous-sol.org", "time": "Sat Mar 25 03:07:41 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 08:22:56 2006 -0800" }, "message": "[PATCH] refactor capable() to one implementation, add __capable() helper\n\nMove capable() to kernel/capability.c and eliminate duplicate\nimplementations. Add __capable() function which can be used to check for\ncapabiilty of any process.\n\nSigned-off-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1d9b7d97d6661edb44ce08f17e47c66d4ac20e34", "tree": "aacf3d99c547d94e4fb1bbeb2a4eb887301c2319", "parents": [ "3dccff8dc00994428777f483922058c554db85bd" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Sat Mar 25 03:06:52 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 08:22:50 2006 -0800" }, "message": "[PATCH] Keys: Replace duplicate non-updateable keys rather than failing\n\nCause an attempt to add a duplicate non-updateable key (such as a keyring) to\na keyring to discard the extant copy in favour of the new one rather than\nfailing with EEXIST:\n\n\t# do the test in an empty session\n\tkeyctl session\n\t# create a new keyring called \"a\" and attach to session\n\tkeyctl newring a @s\n\t# create another new keyring called \"a\" and attach to session,\n\t# displacing the keyring added by the second command:\n\tkeyctl newring a @s\n\nWithout this patch, the third command will fail.\n\nFor updateable keys (such as those of \"user\" type), the update method will\nstill be called rather than a new key being created.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "3dccff8dc00994428777f483922058c554db85bd", "tree": "14c72fa82afa4e325c4aaa3f84c31ab154f60b1d", "parents": [ "a7d06ca7b626c9257bee4439d9d80a7e44ae237e" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Sat Mar 25 03:06:51 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 08:22:50 2006 -0800" }, "message": "[PATCH] Keys: Fix key quota management on key allocation\n\nMake key quota detection generate an error if either quota is exceeded rather\nthan only if both quotas are exceeded.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "0cb409d98e351e6817e0bc37fe6815fc14b2c036", "tree": "2d3636949d65d5e4911bc9106ddfdf75872c2380", "parents": [ "24277dda3a54aa5e6265487e1a3091e27f3c0c45" ], "author": { "name": "Davi Arnaut", "email": "davi.arnaut@gmail.com", "time": "Fri Mar 24 03:18:43 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Mar 24 07:33:31 2006 -0800" }, "message": "[PATCH] strndup_user: convert keyctl\n\nCopies user-space string with strndup_user() and moves the type string\nduplication code to a function (thus fixing a wrong check on the length of the\ntype.)\n\nSigned-off-by: Davi Arnaut \u003cdavi.arnaut@gmail.com\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6bb08da4773f584a7b4a838b6b770d7d18033af7", "tree": "5d19e8bb1c1f17e2e270f55bc238b326d5a6a3f6", "parents": [ "61808c2bbba127ecd9786401c55ea4c394aa0240" ], "author": { "name": "Davi Arnaut", "email": "davi.arnaut@gmail.com", "time": "Thu Mar 23 02:59:25 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Thu Mar 23 07:38:03 2006 -0800" }, "message": "[PATCH] Bug fixes and cleanup for the BSD Secure Levels LSM\n\nThis patch address several issues in the current BSD Secure Levels code:\n\no plaintext_to_sha1: Missing check for a NULL return from __get_free_page\n\no passwd_write_file: A page is leaked if the password is wrong.\n\no fix securityfs registration order\n\no seclvl_init is a mess and can\u0027t properly tolerate failures, failure\n path is upside down (deldif and delf should be switched)\n\nCleanups:\n\no plaintext_to_sha1: Use buffers passed in\no passwd_write_file: Use kmalloc() instead of get_zeroed_page()\no passwd_write_file: hashedPassword comparison is just memcmp\no s/ENOSYS/EINVAL/\no misc\n\n(akpm: after some discussion it appears that the BSD secure levels feature\nshould be scheduled for removal. But for now, let\u0027s fix these problems up).\n\nSigned-off-by: Davi Arnaut \u003cdavi.arnaut@gmail.com\u003e\nCc: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "7cae7e26f245151b9ccad868bf2edf8c8048d307", "tree": "db785f2a471c5b97db2551402e067b9559a8989d", "parents": [ "cf01efd098597f7ee88a61e645afacba987c4531" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 22 00:09:22 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:07 2006 -0800" }, "message": "[PATCH] SELinux: add slab cache for inode security struct\n\nAdd a slab cache for the SELinux inode security struct, one of which is\nallocated for every inode instantiated by the system.\n\nThe memory savings are considerable.\n\nOn 64-bit, instead of the size-128 cache, we have a slab object of 96\nbytes, saving 32 bytes per object. After booting, I see about 4000 of\nthese and then about 17,000 after a kernel compile. With this patch, we\nsave around 530KB of kernel memory in the latter case. On 32-bit, the\nsavings are about half of this.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "cf01efd098597f7ee88a61e645afacba987c4531", "tree": "8602df509dc2a2b067063f40084c83a4f698fb15", "parents": [ "edb20fb5be2ff6943920aca4ccab0f4fdacddb9c" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 22 00:09:21 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:07 2006 -0800" }, "message": "[PATCH] SELinux: cleanup stray variable in selinux_inode_init_security()\n\nRemove an unneded pointer variable in selinux_inode_init_security().\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "edb20fb5be2ff6943920aca4ccab0f4fdacddb9c", "tree": "6961017d5b02a6320b85826c33ccc81017c2e58f", "parents": [ "d6aafa65354cd2dbb089ab9e7dc618f22230fe32" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 22 00:09:20 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:07 2006 -0800" }, "message": "[PATCH] SELinux: fix hard link count for selinuxfs root directory\n\nA further fix is needed for selinuxfs link count management, to ensure that\nthe count is correct for the parent directory when a subdirectory is\ncreated. This is only required for the root directory currently, but the\ncode has been updated for the general case.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "d6aafa65354cd2dbb089ab9e7dc618f22230fe32", "tree": "b274daf127ac8500229754d9841c8af1547bd66f", "parents": [ "253a8b1db1af146d3a7eef0f3626781df12c7141" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 22 00:09:19 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:07 2006 -0800" }, "message": "[PATCH] selinuxfs cleanups: sel_make_avc_files\n\nFix copy \u0026 paste error in sel_make_avc_files(), removing a supurious call to\nd_genocide() in the error path. All of this will be cleaned up by\nkill_litter_super().\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "253a8b1db1af146d3a7eef0f3626781df12c7141", "tree": "9aea4b9864a3dc12df89c73e5cf156bd3e7932ad", "parents": [ "161ce45a8a34ba81673f60c603e6fc6d37d99c8f" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 22 00:09:18 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:07 2006 -0800" }, "message": "[PATCH] selinuxfs cleanups: sel_make_bools\n\nRemove the call to sel_make_bools() from sel_fill_super(), as policy needs to\nbe loaded before the boolean files can be created. Policy will never be\nloaded during sel_fill_super() as selinuxfs is kernel mounted during init and\nthe only means to load policy is via selinuxfs.\n\nAlso, the call to d_genocide() on the error path of sel_make_bools() is\nincorrect and replaced with sel_remove_bools().\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "161ce45a8a34ba81673f60c603e6fc6d37d99c8f", "tree": "7e3851140870164beb585f32a70e2dc81668f391", "parents": [ "cde174a885821b5eee7e00c8a9a426c9c8186a29" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 22 00:09:17 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:07 2006 -0800" }, "message": "[PATCH] selinuxfs cleanups: sel_fill_super exit path\n\nUnify the error path of sel_fill_super() so that all errors pass through the\nsame point and generate an error message. Also, removes a spurious dput() in\nthe error path which breaks the refcounting for the filesystem\n(litter_kill_super() will correctly clean things up itself on error).\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "cde174a885821b5eee7e00c8a9a426c9c8186a29", "tree": "95c36020357f26d6a7ebfc3cc9d6d6ac8d250844", "parents": [ "40e906f8224966ef65756cc75f9999ea2de0523d" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 22 00:09:17 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:07 2006 -0800" }, "message": "[PATCH] selinuxfs cleanups: use sel_make_dir()\n\nUse existing sel_make_dir() helper to create booleans directory rather than\nduplicating the logic.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "40e906f8224966ef65756cc75f9999ea2de0523d", "tree": "6e72a24a93d1f36ae5d89e81d2020cd3d8a0bd9b", "parents": [ "68bdcf28a8d245208a02dc9caa60fe13cc1b0ea8" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 22 00:09:16 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:07 2006 -0800" }, "message": "[PATCH] selinuxfs cleanups: fix hard link count\n\nFix the hard link count for selinuxfs directories, which are currently one\nshort.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "68bdcf28a8d245208a02dc9caa60fe13cc1b0ea8", "tree": "4d50f43597d677c7b1b88b10696cb2358abaf83e", "parents": [ "bb0030797f55c9996ea1cebd16b65750ceb7e4fd" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Mar 22 00:09:15 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:07 2006 -0800" }, "message": "[PATCH] selinux: simplify sel_read_bool\n\nSimplify sel_read_bool to use the simple_read_from_buffer helper, like the\nother selinuxfs functions.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "bb0030797f55c9996ea1cebd16b65750ceb7e4fd", "tree": "58256f9840bf05f141d986b6329a08e38065616a", "parents": [ "8aad38752e81d1d4de67e3d8e2524618ce7c9276" ], "author": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Wed Mar 22 00:09:14 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:06 2006 -0800" }, "message": "[PATCH] sem2mutex: security/\n\nSemaphore to mutex conversion.\n\nThe conversion was generated via scripts, and the result was validated\nautomatically via a script as well.\n\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "8aad38752e81d1d4de67e3d8e2524618ce7c9276", "tree": "5813d3f31133313a5bcd77cb3298f7cb26b814ed", "parents": [ "b20a35035f983f4ac7e29c4a68f30e43510007e0" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Mar 22 00:09:13 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:06 2006 -0800" }, "message": "[PATCH] selinux: Disable automatic labeling of new inodes when no policy is loaded\n\nThis patch disables the automatic labeling of new inodes on disk\nwhen no policy is loaded.\n\nDiscussion is here:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id\u003d180296\n\nIn short, we\u0027re changing the behavior so that when no policy is loaded,\nSELinux does not label files at all. Currently it does add an \u0027unlabeled\u0027\nlabel in this case, which we\u0027ve found causes problems later.\n\nSELinux always maintains a safe internal label if there is none, so with this\npatch, we just stick with that and wait until a policy is loaded before adding\na persistent label on disk.\n\nThe effect is simply that if you boot with SELinux enabled but no policy\nloaded and create a file in that state, SELinux won\u0027t try to set a security\nextended attribute on the new inode on the disk. This is the only sane\nbehavior for SELinux in that state, as it cannot determine the right label to\nassign in the absence of a policy. That state usually doesn\u0027t occur, but the\nrawhide installer seemed to be misbehaving temporarily so it happened to show\nup on a test install.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e6f507196c2b50243beb09b1bfa4639f999d4d1e", "tree": "216886fba2700aa01970046e4c7412dce6638fa1", "parents": [ "543d9cfeec4d58ad3fd974db5531b06b6b95deb4" ], "author": { "name": "Catherine Zhang", "email": "cxzhang@watson.ibm.com", "time": "Mon Mar 20 22:49:00 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 22:49:00 2006 -0800" }, "message": "[SELINUX]: selinux_socket_getpeer_{stream,dgram} fixup\n\nSigned-off-by: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@mandriva.com\u003e\n" }, { "commit": "c841aa030437bdf1b6fb22d93eb760e35380a4ed", "tree": "f23ec860be9deb035eacc15359549d2808a7ee15", "parents": [ "e35fc385655ac584902edd98dd07ac488e986aa1" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@mandriva.com", "time": "Mon Mar 20 22:47:37 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 22:47:37 2006 -0800" }, "message": "[SECURITY] getpeersec: Fix build breakage\n\nA recent changeset removes dummy_socket_getpeersec, replacing it with\ntwo new functions, but still references the removed function in the\nsecurity_fixup_ops table, fix it by doing the replacement operation in\nthe fixup table too.\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@mandriva.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2c7946a7bf45ae86736ab3b43d0085e43947945c", "tree": "b956f301033ebaefe8d2701b257edfd947f537f3", "parents": [ "be33690d8fcf40377f16193c463681170eb6b295" ], "author": { "name": "Catherine Zhang", "email": "cxzhang@watson.ibm.com", "time": "Mon Mar 20 22:41:23 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 22:41:23 2006 -0800" }, "message": "[SECURITY]: TCP/UDP getpeersec\n\nThis patch implements an application of the LSM-IPSec networking\ncontrols whereby an application can determine the label of the\nsecurity association its TCP or UDP sockets are currently connected to\nvia getsockopt and the auxiliary data mechanism of recvmsg.\n\nPatch purpose:\n\nThis patch enables a security-aware application to retrieve the\nsecurity context of an IPSec security association a particular TCP or\nUDP socket is using. The application can then use this security\ncontext to determine the security context for processing on behalf of\nthe peer at the other end of this connection. In the case of UDP, the\nsecurity context is for each individual packet. An example\napplication is the inetd daemon, which could be modified to start\ndaemons running at security contexts dependent on the remote client.\n\nPatch design approach:\n\n- Design for TCP\nThe patch enables the SELinux LSM to set the peer security context for\na socket based on the security context of the IPSec security\nassociation. The application may retrieve this context using\ngetsockopt. When called, the kernel determines if the socket is a\nconnected (TCP_ESTABLISHED) TCP socket and, if so, uses the dst_entry\ncache on the socket to retrieve the security associations. If a\nsecurity association has a security context, the context string is\nreturned, as for UNIX domain sockets.\n\n- Design for UDP\nUnlike TCP, UDP is connectionless. This requires a somewhat different\nAPI to retrieve the peer security context. With TCP, the peer\nsecurity context stays the same throughout the connection, thus it can\nbe retrieved at any time between when the connection is established\nand when it is torn down. With UDP, each read/write can have\ndifferent peer and thus the security context might change every time.\nAs a result the security context retrieval must be done TOGETHER with\nthe packet retrieval.\n\nThe solution is to build upon the existing Unix domain socket API for\nretrieving user credentials. Linux offers the API for obtaining user\ncredentials via ancillary messages (i.e., out of band/control messages\nthat are bundled together with a normal message).\n\nPatch implementation details:\n\n- Implementation for TCP\nThe security context can be retrieved by applications using getsockopt\nwith the existing SO_PEERSEC flag. As an example (ignoring error\nchecking):\n\ngetsockopt(sockfd, SOL_SOCKET, SO_PEERSEC, optbuf, \u0026optlen);\nprintf(\"Socket peer context is: %s\\n\", optbuf);\n\nThe SELinux function, selinux_socket_getpeersec, is extended to check\nfor labeled security associations for connected (TCP_ESTABLISHED \u003d\u003d\nsk-\u003esk_state) TCP sockets only. If so, the socket has a dst_cache of\nstruct dst_entry values that may refer to security associations. If\nthese have security associations with security contexts, the security\ncontext is returned.\n\ngetsockopt returns a buffer that contains a security context string or\nthe buffer is unmodified.\n\n- Implementation for UDP\nTo retrieve the security context, the application first indicates to\nthe kernel such desire by setting the IP_PASSSEC option via\ngetsockopt. Then the application retrieves the security context using\nthe auxiliary data mechanism.\n\nAn example server application for UDP should look like this:\n\ntoggle \u003d 1;\ntoggle_len \u003d sizeof(toggle);\n\nsetsockopt(sockfd, SOL_IP, IP_PASSSEC, \u0026toggle, \u0026toggle_len);\nrecvmsg(sockfd, \u0026msg_hdr, 0);\nif (msg_hdr.msg_controllen \u003e sizeof(struct cmsghdr)) {\n cmsg_hdr \u003d CMSG_FIRSTHDR(\u0026msg_hdr);\n if (cmsg_hdr-\u003ecmsg_len \u003c\u003d CMSG_LEN(sizeof(scontext)) \u0026\u0026\n cmsg_hdr-\u003ecmsg_level \u003d\u003d SOL_IP \u0026\u0026\n cmsg_hdr-\u003ecmsg_type \u003d\u003d SCM_SECURITY) {\n memcpy(\u0026scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));\n }\n}\n\nip_setsockopt is enhanced with a new socket option IP_PASSSEC to allow\na server socket to receive security context of the peer. A new\nancillary message type SCM_SECURITY.\n\nWhen the packet is received we get the security context from the\nsec_path pointer which is contained in the sk_buff, and copy it to the\nancillary message space. An additional LSM hook,\nselinux_socket_getpeersec_udp, is defined to retrieve the security\ncontext from the SELinux space. The existing function,\nselinux_socket_getpeersec does not suit our purpose, because the\nsecurity context is copied directly to user space, rather than to\nkernel space.\n\nTesting:\n\nWe have tested the patch by setting up TCP and UDP connections between\napplications on two machines using the IPSec policies that result in\nlabeled security associations being built. For TCP, we can then\nextract the peer security context using getsockopt on either end. For\nUDP, the receiving end can retrieve the security context using the\nauxiliary data mechanism of recvmsg.\n\nSigned-off-by: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8c29bfe1cfbe6050c797a6364a0cc0ff57c377fc", "tree": "f5e48a81ea6b12d4a4d20960750ce5c87c241d1f", "parents": [ "6c5c8ca7ff20523e427b955aa84cef407934710f" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Mon Mar 20 19:17:39 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 19:17:39 2006 -0800" }, "message": "[IPSEC]: Sync series - update selinux\n\nAdd new netlink messages to selinux framework\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "93315ed6dd12dacfc941f9eb8ca0293aadf99793", "tree": "4fc070c92a1de21d3befe4ce48c733c65d044bb3", "parents": [ "af601e4623d0303bfafa54ec728b7ae8493a8e1b" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Tue Feb 07 12:05:27 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] audit string fields interface + consumer\n\nUpdated patch to dynamically allocate audit rule fields in kernel\u0027s\ninternal representation. Added unlikely() calls for testing memory\nallocation result.\n\nAmy Griffis wrote: [Wed Jan 11 2006, 02:02:31PM EST]\n\u003e Modify audit\u0027s kernel-userspace interface to allow the specification\n\u003e of string fields in audit rules.\n\u003e\n\u003e Signed-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n(cherry picked from 5ffc4a863f92351b720fe3e9c5cd647accff9e03 commit)\n" }, { "commit": "af601e4623d0303bfafa54ec728b7ae8493a8e1b", "tree": "5f79d5ae42eeccfc1ffaf8e82a1999e4d3af793e", "parents": [ "d884596f44ef5a0bcd8a66405dc04902aeaa6fc7" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Wed Jan 04 14:08:39 2006 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] SE Linux audit events\n\nAttached is a patch that hardwires important SE Linux events to the audit\nsystem. Please Apply.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "7306a0b9b3e2056a616c84841288ca2431a05627", "tree": "d3f61ef43c7079790d6b8ef9bf307689a7d9ea16", "parents": [ "8c8570fb8feef2bc166bee75a85748b25cda22d9" ], "author": { "name": "Dustin Kirkland", "email": "dustin.kirkland@us.ibm.com", "time": "Wed Nov 16 15:53:13 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Miscellaneous bug and warning fixes\n\nThis patch fixes a couple of bugs revealed in new features recently\nadded to -mm1:\n* fixes warnings due to inconsistent use of const struct inode *inode\n* fixes bug that prevent a kernel from booting with audit on, and SELinux off\n due to a missing function in security/dummy.c\n* fixes a bug that throws spurious audit_panic() messages due to a missing\n return just before an error_path label\n* some reasonable house cleaning in audit_ipc_context(),\n audit_inode_context(), and audit_log_task_context()\n\nSigned-off-by: Dustin Kirkland \u003cdustin.kirkland@us.ibm.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "8c8570fb8feef2bc166bee75a85748b25cda22d9", "tree": "ed783d405ea9d5f3d3ccc57fb56c7b7cb2cdfb82", "parents": [ "c8edc80c8b8c397c53f4f659a05b9ea6208029bf" ], "author": { "name": "Dustin Kirkland", "email": "dustin.kirkland@us.ibm.com", "time": "Thu Nov 03 17:15:16 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Capture selinux subject/object context information.\n\nThis patch extends existing audit records with subject/object context\ninformation. Audit records associated with filesystem inodes, ipc, and\ntasks now contain SELinux label information in the field \"subj\" if the\nitem is performing the action, or in \"obj\" if the item is the receiver\nof an action.\n\nThese labels are collected via hooks in SELinux and appended to the\nappropriate record in the audit code.\n\nThis additional information is required for Common Criteria Labeled\nSecurity Protection Profile (LSPP).\n\n[AV: fixed kmalloc flags use]\n[folded leak fixes]\n[folded cleanup from akpm (kfree(NULL)]\n[folded audit_inode_context() leak fix]\n[folded akpm\u0027s fix for audit_ipc_perm() definition in case of !CONFIG_AUDIT]\n\nSigned-off-by: Dustin Kirkland \u003cdustin.kirkland@us.ibm.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "90d526c074ae5db484388da56c399acf892b6c17", "tree": "edeb7c47d9144f3995846c5fc25db8e49ef12f5d", "parents": [ "b63862f46547487388e582e8ac9083830d34f058" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Thu Nov 03 15:48:08 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:53 2006 -0500" }, "message": "[PATCH] Define new range of userspace messages.\n\nThe attached patch updates various items for the new user space\nmessages. Please apply.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "341c2d806b71cc3596afeb2d9bd26cd718e75202", "tree": "851a5b5cab5b836c8021bdac89a9a257887ede69", "parents": [ "4136cabff33d6d73b8daf2f2612670cc0296f844" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sat Mar 11 03:27:16 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 11 09:19:34 2006 -0800" }, "message": "[PATCH] selinux: tracer SID fix\n\nFix SELinux to not reset the tracer SID when the child is already being\ntraced, since selinux_ptrace is also called by proc for access checking\noutside of the context of a ptrace attach.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "99f6d61bda82d09b2d94414d413d39f66a0b7da2", "tree": "7e204d1b3ffa642889905aa3a86c84d98e0c0af9", "parents": [ "46cd2f32baf181b74b16cceb123bab6fe1f61f85" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Tue Feb 07 12:58:51 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Feb 07 16:12:33 2006 -0800" }, "message": "[PATCH] selinux: require AUDIT\n\nMake SELinux depend on AUDIT as it requires the basic audit support to log\npermission denials at all. Note that AUDITSYSCALL remains optional for\nSELinux, although it can be useful in providing further information upon\ndenials.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "c2b507fda390b8ae90deba9b8cdc3fe727482193", "tree": "6c839e9682fd1610dc6a9fb7cca9df2899ff05ca", "parents": [ "5c0d5d262aa4c5e93f9f5de298cf25d6d8b558c4" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sat Feb 04 23:27:50 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Feb 05 11:06:52 2006 -0800" }, "message": "[PATCH] selinux: require SECURITY_NETWORK\n\nMake SELinux depend on SECURITY_NETWORK (which depends on SECURITY), as it\nrequires the socket hooks for proper operation even in the local case.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6d94074f0804143eac6bce72dc04447c0040e7d8", "tree": "2833a03682e12d81d4bd849435cd9f95e64e9350", "parents": [ "353368dffb56b066cbe00264581a56caf0241b29" ], "author": { "name": "Davi Arnaut", "email": "davi.arnaut@gmail.com", "time": "Fri Feb 03 03:04:46 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Feb 03 08:32:10 2006 -0800" }, "message": "[PATCH] Fix keyctl usage of strnlen_user()\n\nIn the small window between strnlen_user() and copy_from_user() userspace\ncould alter the terminating `\\0\u0027 character.\n\nSigned-off-by: Davi Arnaut \u003cdavi.arnaut@gmail.com\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nCc: \u003cstable@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9ac49d22138348198f729f07371ffb11991368e6", "tree": "4fb692731e6e72d0dc50add294128f6e5083d205", "parents": [ "26d2a4be6a56eec575dac651f6606756a971f0fb" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Feb 01 03:05:56 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Feb 01 08:53:19 2006 -0800" }, "message": "[PATCH] selinux: remove security struct magic number fields and tests\n\nRemove the SELinux security structure magic number fields and tests, along\nwith some unnecessary tests for NULL security pointers. These fields and\ntests are leftovers from the early attempts to support SELinux as a\nloadable module during LSM development.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "26d2a4be6a56eec575dac651f6606756a971f0fb", "tree": "3f27383674706bd535bc67c703827db8ecd5a1dc", "parents": [ "db4c9641def55d36a6f9df79deb8a949292313ca" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Feb 01 03:05:55 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Feb 01 08:53:18 2006 -0800" }, "message": "[PATCH] selinux: change file_alloc_security to use GFP_KERNEL\n\nThis patch changes the SELinux file_alloc_security function to use\nGFP_KERNEL rather than GFP_ATOMIC; the use of GFP_ATOMIC appears to be a\nremnant of when this function was being called with the files_lock spinlock\nheld, and is no longer necessary. Please apply.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "db4c9641def55d36a6f9df79deb8a949292313ca", "tree": "f3b786a346f0c987d796784e1e08154338263ad3", "parents": [ "ee13d785eac1fbe7e79ecca77bf7e902734a0b30" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Feb 01 03:05:54 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Feb 01 08:53:18 2006 -0800" }, "message": "[PATCH] selinux: fix and cleanup mprotect checks\n\nFix the SELinux mprotect checks on executable mappings so that they are not\nre-applied when the mapping is already executable as well as cleaning up\nthe code. This avoids a situation where e.g. an application is prevented\nfrom removing PROT_WRITE on an already executable mapping previously\nauthorized via execmem permission due to an execmod denial.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "951069e311a2a931bf7c9d838db860f90bf14c45", "tree": "0aaeb29c496036983b4e894477f9d9f4881286e1", "parents": [ "3ee68c4af3fd7228c1be63254b9f884614f9ebb2" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jan 31 10:16:55 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jan 31 10:16:55 2006 -0800" }, "message": "Don\u0027t try to \"validate\" a non-existing timeval.\n\nsettime() with a NULL timeval is silly but legal.\n\nNoticed by Dave Jones \u003cdavej@redhat.com\u003e\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "858119e159384308a5dde67776691a2ebf70df0f", "tree": "f360768f999d51edc0863917ce0bf79e88c0ec4c", "parents": [ "b0a9499c3dd50d333e2aedb7e894873c58da3785" ], "author": { "name": "Arjan van de Ven", "email": "arjan@infradead.org", "time": "Sat Jan 14 13:20:43 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Jan 14 18:27:06 2006 -0800" }, "message": "[PATCH] Unlinline a bunch of other functions\n\nRemove the \"inline\" keyword from a bunch of big functions in the kernel with\nthe goal of shrinking it by 30kb to 40kb\n\nSigned-off-by: Arjan van de Ven \u003carjan@infradead.org\u003e\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nAcked-by: Jeff Garzik \u003cjgarzik@pobox.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "46b86a2da0fd14bd49765330df63a62279833acb", "tree": "069b4741a970db9b03772a870b4d63398b1f56e0", "parents": [ "23b0ca5bf52cef0ab0f0fe247cb91cbef836e7eb" ], "author": { "name": "Joe Perches", "email": "joe@perches.com", "time": "Fri Jan 13 14:29:07 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Jan 13 14:29:07 2006 -0800" }, "message": "[NET]: Use NIP6_FMT in kernel.h\n\nThere are errors and inconsistency in the display of NIP6 strings.\n\tie: net/ipv6/ip6_flowlabel.c\n\nThere are errors and inconsistency in the display of NIPQUAD strings too.\n\tie: net/netfilter/nf_conntrack_ftp.c\n\nThis patch:\n\tadds NIP6_FMT to kernel.h\n\tchanges all code to use NIP6_FMT\n\tfixes net/ipv6/ip6_flowlabel.c\n\tadds NIPQUAD_FMT to kernel.h\n\tfixes net/netfilter/nf_conntrack_ftp.c\n\tchanges a few uses of \"%u.%u.%u.%u\" to NIPQUAD_FMT for symmetry to NIP6_FMT\n\nSigned-off-by: Joe Perches \u003cjoe@perches.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c59ede7b78db329949d9cdcd7064e22d357560ef", "tree": "f9dc9d464fdad5bfd464d983e77c1af031389dda", "parents": [ "e16885c5ad624a6efe1b1bf764e075d75f65a788" ], "author": { "name": "Randy.Dunlap", "email": "rdunlap@xenotime.net", "time": "Wed Jan 11 12:17:46 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Jan 11 18:42:13 2006 -0800" }, "message": "[PATCH] move capable() to capability.h\n\n- Move capable() from sched.h to capability.h;\n\n- Use \u003clinux/capability.h\u003e where capable() is used\n\t(in include/, block/, ipc/, kernel/, a few drivers/,\n\tmm/, security/, \u0026 sound/;\n\tmany more drivers/ to go)\n\nSigned-off-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e0795cf46d174d4faab35d13d0a088b5bcb2752a", "tree": "7b186963ba5ecd8f54097095432f82529d6835fb", "parents": [ "792db3af38a55b2079df504b9f5aa57b2dbee48d" ], "author": { "name": "Jesper Juhl", "email": "jesper.juhl@gmail.com", "time": "Mon Jan 09 20:54:46 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jan 10 08:02:02 2006 -0800" }, "message": "[PATCH] selinux: Remove unneeded k[cm]alloc() return value casts\n\nRemove redundant casts of k*alloc() return values in\nsecurity/selinux/ss/services.c\n\nSigned-off-by: Jesper Juhl \u003cjesper.juhl@gmail.com\u003e\nAcked-by: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1b1dcc1b57a49136f118a0f16367256ff9994a69", "tree": "b0b36d4f41d28c9d6514fb309d33c1a084d6309b", "parents": [ "794ee1baee1c26be40410233e6c20bceb2b03c08" ], "author": { "name": "Jes Sorensen", "email": "jes@sgi.com", "time": "Mon Jan 09 15:59:24 2006 -0800" }, "committer": { "name": "Ingo Molnar", "email": "mingo@hera.kernel.org", "time": "Mon Jan 09 15:59:24 2006 -0800" }, "message": "[PATCH] mutex subsystem, semaphore to mutex: VFS, -\u003ei_sem\n\nThis patch converts the inode semaphore to a mutex. I have tested it on\nXFS and compiled as much as one can consider on an ia64. Anyway your\nluck with it might be different.\n\nModified-by: Ingo Molnar \u003cmingo@elte.hu\u003e\n\n(finished the conversion)\n\nSigned-off-by: Jes Sorensen \u003cjes@sgi.com\u003e\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\n" }, { "commit": "5160ee6fc891a9ca114be0e90fa6655647bb64b2", "tree": "35d3740a777935582af1b78238f20d2c2971ed55", "parents": [ "21b6bf143d05d77c350d9c6764ae090a877b66ea" ], "author": { "name": "Eric Dumazet", "email": "dada1@cosmosbay.com", "time": "Sun Jan 08 01:03:32 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Jan 08 20:13:58 2006 -0800" }, "message": "[PATCH] shrink dentry struct\n\nSome long time ago, dentry struct was carefully tuned so that on 32 bits\nUP, sizeof(struct dentry) was exactly 128, ie a power of 2, and a multiple\nof memory cache lines.\n\nThen RCU was added and dentry struct enlarged by two pointers, with nice\nresults for SMP, but not so good on UP, because breaking the above tuning\n(128 + 8 \u003d 136 bytes)\n\nThis patch reverts this unwanted side effect, by using an union (d_u),\nwhere d_rcu and d_child are placed so that these two fields can share their\nmemory needs.\n\nAt the time d_free() is called (and d_rcu is really used), d_child is known\nto be empty and not touched by the dentry freeing.\n\nLockless lookups only access d_name, d_parent, d_lock, d_op, d_flags (so\nthe previous content of d_child is not needed if said dentry was unhashed\nbut still accessed by a CPU because of RCU constraints)\n\nAs dentry cache easily contains millions of entries, a size reduction is\nworth the extra complexity of the ugly C union.\n\nSigned-off-by: Eric Dumazet \u003cdada1@cosmosbay.com\u003e\nCc: Dipankar Sarma \u003cdipankar@in.ibm.com\u003e\nCc: Maneesh Soni \u003cmaneesh@in.ibm.com\u003e\nCc: Miklos Szeredi \u003cmiklos@szeredi.hu\u003e\nCc: \"Paul E. McKenney\" \u003cpaulmck@us.ibm.com\u003e\nCc: Ian Kent \u003craven@themaw.net\u003e\nCc: Paul Jackson \u003cpj@sgi.com\u003e\nCc: Al Viro \u003cviro@ftp.linux.org.uk\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nCc: Neil Brown \u003cneilb@cse.unsw.edu.au\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "b5f545c880a2a47947ba2118b2509644ab7a2969", "tree": "8720e02262b0ff6309ae79603f6c63965296d378", "parents": [ "cab8eb594e84b434d20412fc5a3985b0bee3ab9f" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Sun Jan 08 01:02:47 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Jan 08 20:13:53 2006 -0800" }, "message": "[PATCH] keys: Permit running process to instantiate keys\n\nMake it possible for a running process (such as gssapid) to be able to\ninstantiate a key, as was requested by Trond Myklebust for NFS4.\n\nThe patch makes the following changes:\n\n (1) A new, optional key type method has been added. This permits a key type\n to intercept requests at the point /sbin/request-key is about to be\n spawned and do something else with them - passing them over the\n rpc_pipefs files or netlink sockets for instance.\n\n The uninstantiated key, the authorisation key and the intended operation\n name are passed to the method.\n\n (2) The callout_info is no longer passed as an argument to /sbin/request-key\n to prevent unauthorised viewing of this data using ps or by looking in\n /proc/pid/cmdline.\n\n This means that the old /sbin/request-key program will not work with the\n patched kernel as it will expect to see an extra argument that is no\n longer there.\n\n A revised keyutils package will be made available tomorrow.\n\n (3) The callout_info is now attached to the authorisation key. Reading this\n key will retrieve the information.\n\n (4) A new field has been added to the task_struct. This holds the\n authorisation key currently active for a thread. Searches now look here\n for the caller\u0027s set of keys rather than looking for an auth key in the\n lowest level of the session keyring.\n\n This permits a thread to be servicing multiple requests at once and to\n switch between them. Note that this is per-thread, not per-process, and\n so is usable in multithreaded programs.\n\n The setting of this field is inherited across fork and exec.\n\n (5) A new keyctl function (KEYCTL_ASSUME_AUTHORITY) has been added that\n permits a thread to assume the authority to deal with an uninstantiated\n key. Assumption is only permitted if the authorisation key associated\n with the uninstantiated key is somewhere in the thread\u0027s keyrings.\n\n This function can also clear the assumption.\n\n (6) A new magic key specifier has been added to refer to the currently\n assumed authorisation key (KEY_SPEC_REQKEY_AUTH_KEY).\n\n (7) Instantiation will only proceed if the appropriate authorisation key is\n assumed first. The assumed authorisation key is discarded if\n instantiation is successful.\n\n (8) key_validate() is moved from the file of request_key functions to the\n file of permissions functions.\n\n (9) The documentation is updated.\n\nFrom: \u003cValdis.Kletnieks@vt.edu\u003e\n\n Build fix.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nCc: Alexander Zangerl \u003caz@bond.edu.au\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "cab8eb594e84b434d20412fc5a3985b0bee3ab9f", "tree": "307dc5bf813effdcabe439a74ad2ae866516adb0", "parents": [ "017679c4d45783158dba1dd6f79e712c22bb3d9a" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Sun Jan 08 01:02:45 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Jan 08 20:13:53 2006 -0800" }, "message": "[PATCH] keys: Discard duplicate keys from a keyring on link\n\nCause any links within a keyring to keys that match a key to be linked into\nthat keyring to be discarded as a link to the new key is added. The match is\ncontingent on the type and description strings being the same.\n\nThis permits requests, adds and searches to displace negative, expired,\nrevoked and dead keys easily. After some discussion it was concluded that\nduplicate valid keys should probably be discarded also as they would otherwise\nhide the new key.\n\nSince request_key() is intended to be the primary method by which keys are\nadded to a keyring, duplicate valid keys wouldn\u0027t be an issue there as that\nfunction would return an existing match in preference to creating a new key.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nCc: Alexander Zangerl \u003caz@bond.edu.au\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "017679c4d45783158dba1dd6f79e712c22bb3d9a", "tree": "a536f0b581eacd88a64077f5ff15b29d23fc6405", "parents": [ "cd140a5c1f456f50897af4a2e9a23d228a5fe719" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Sun Jan 08 01:02:43 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Jan 08 20:13:53 2006 -0800" }, "message": "[PATCH] keys: Permit key expiry time to be set\n\nAdd a new keyctl function that allows the expiry time to be set on a key or\nremoved from a key, provided the caller has attribute modification access.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nCc: Alexander Zangerl \u003caz@bond.edu.au\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "095975da26dba21698582e91e96be10f7417333f", "tree": "ce1ffac556d394ef56a18faa97d38f79b07f31e2", "parents": [ "a57004e1afb6ee03c509f1b1ec74a000682ab93b" ], "author": { "name": "Nick Piggin", "email": "nickpiggin@yahoo.com.au", "time": "Sun Jan 08 01:02:19 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Jan 08 20:13:48 2006 -0800" }, "message": "[PATCH] rcu file: use atomic primitives\n\nUse atomic_inc_not_zero for rcu files instead of special case rcuref.\n\nSigned-off-by: Nick Piggin \u003cnpiggin@suse.de\u003e\nCc: \"Paul E. McKenney\" \u003cpaulmck@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "ee2e6841b934d76cb944a3390bbea84da777d4fa", "tree": "839c2a904647d220d5188e942240b22a24403990", "parents": [ "aa0e4e4aea8d9e0a559a884336d728f0263063e0" ], "author": { "name": "Luiz Capitulino", "email": "lcapitulino@mandriva.com.br", "time": "Fri Jan 06 22:59:43 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Jan 07 12:57:27 2006 -0800" }, "message": "[XFRM]: Fix sparse warning.\n\nsecurity/selinux/xfrm.c:155:10: warning: Using plain integer as NULL pointer\n\nSigned-off-by: Luiz Capitulino \u003clcapitulino@mandriva.com.br\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "d8d8f6a4fd635dcc9e4f946394c1fbde85eeab66", "tree": "0a1bc8ff40c12bb30066467e11ae9153f89514e7", "parents": [ "57d1c91fa6d9146b309b7511f6432dea2a24858b", "a2167dc62e9142b9a4bfb20f7e001c0f0a26fd8c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jan 06 15:24:28 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jan 06 15:24:28 2006 -0800" }, "message": "Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6\n" }, { "commit": "57d1c91fa6d9146b309b7511f6432dea2a24858b", "tree": "d7958dd87eb950cc3eeaf8b32fc372c0e7ff6702", "parents": [ "47853e7fa588bef826c9799a87b33904b32bd905", "37193147991a53b2e9f573d0ec47f63a2d4de8dc" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jan 06 15:23:56 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jan 06 15:23:56 2006 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild\n" }, { "commit": "5f8ac64b15172c7ced7d7990eb28342092bc751b", "tree": "63046817c9a6e8db513379337f01289c045a5d63", "parents": [ "69549ddd2f894c4cead50ee2b60cc02990c389ad" ], "author": { "name": "Trent Jaeger", "email": "tjaeger@cse.psu.edu", "time": "Fri Jan 06 13:22:39 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Jan 06 13:22:39 2006 -0800" }, "message": "[LSM-IPSec]: Corrections to LSM-IPSec Nethooks\n\nThis patch contains two corrections to the LSM-IPsec Nethooks patches\npreviously applied. \n\n(1) free a security context on a failed insert via xfrm_user \ninterface in xfrm_add_policy. Memory leak.\n\n(2) change the authorization of the allocation of a security context\nin a xfrm_policy or xfrm_state from both relabelfrom and relabelto \nto setcontext.\n\nSigned-off-by: Trent Jaeger \u003ctjaeger@cse.psu.edu\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "367cb704212cd0c9273ba2b1e62523139210563b", "tree": "cda6402ea19e2b706ad8ac9a186f1e391ab3c6ea", "parents": [ "20ede2741551d4a1d24313292beb0da915a55911" ], "author": { "name": "Sam Ravnborg", "email": "sam@mars.ravnborg.org", "time": "Fri Jan 06 21:17:50 2006 +0100" }, "committer": { "name": "Sam Ravnborg", "email": "sam@mars.ravnborg.org", "time": "Fri Jan 06 21:17:50 2006 +0100" }, "message": "kbuild: un-stringnify KBUILD_MODNAME\n\nNow when kbuild passes KBUILD_MODNAME with \"\" do not __stringify it when\nused. Remove __stringnify for all users.\nThis also fixes the output of:\n\n$ ls -l /sys/module/\ndrwxr-xr-x 4 root root 0 2006-01-05 14:24 pcmcia\ndrwxr-xr-x 4 root root 0 2006-01-05 14:24 pcmcia_core\ndrwxr-xr-x 3 root root 0 2006-01-05 14:24 \"processor\"\ndrwxr-xr-x 3 root root 0 2006-01-05 14:24 \"psmouse\"\n\nThe quoting of the module names will be gone again.\nThanks to GregKH + Kay Sievers for reproting this.\n\nSigned-off-by: Sam Ravnborg \u003csam@ravnborg.org\u003e\n" }, { "commit": "1ae8f40767a3afc6244719a2c8fbcf546767d5b0", "tree": "f41d957bbc60ad940132fd28ea13a8fced63a398", "parents": [ "8d9067bda99c68e1a17d93e78cf3a5a3f67e0c35" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Fri Jan 06 00:11:25 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jan 06 08:33:30 2006 -0800" }, "message": "[PATCH] security/: possible cleanups\n\nmake needlessly global code static\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "8d9067bda99c68e1a17d93e78cf3a5a3f67e0c35", "tree": "6f3c7fe665012c456b57840c290eafd4deabbeb2", "parents": [ "32725ad8430b58e42c5d54757ce7871e680d05cb" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Jan 06 00:11:24 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jan 06 08:33:29 2006 -0800" }, "message": "[PATCH] Keys: Remove key duplication\n\nRemove the key duplication stuff since there\u0027s nothing that uses it, no way\nto get at it and it\u0027s awkward to deal with for LSM purposes.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "32725ad8430b58e42c5d54757ce7871e680d05cb", "tree": "f1e08edf1e154ef3f64b9d1c6cb88e2c6b0b5d22", "parents": [ "6e20a64a3913819133fefeca466211c7eb8adda1" ], "author": { "name": "Tobias Klauser", "email": "tklauser@nuerscht.ch", "time": "Fri Jan 06 00:11:23 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jan 06 08:33:29 2006 -0800" }, "message": "[PATCH] selinux: more ARRAY_SIZE cleanups\n\nFurther ARRAY_SIZE cleanups under security/selinux.\n\nSigned-off-by: Tobias Klauser \u003ctklauser@nuerscht.ch\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6e20a64a3913819133fefeca466211c7eb8adda1", "tree": "65056023c41294514de2bbd032647942a2d188f9", "parents": [ "b09eb1c06a14641209e6b86e9a5b28ea8287f193" ], "author": { "name": "Nicolas Kaiser", "email": "nikai@nikai.net", "time": "Fri Jan 06 00:11:22 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jan 06 08:33:29 2006 -0800" }, "message": "[PATCH] selinux: ARRAY_SIZE cleanups\n\nUse ARRAY_SIZE macro instead of sizeof(x)/sizeof(x[0]).\n\nSigned-off-by: Nicolas Kaiser \u003cnikai@nikai.net\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "d28d1e080132f28ab773291f10ad6acca4c8bba2", "tree": "4cc6abef076393bc4c9f0d4e4c9952b78c04d3ee", "parents": [ "df71837d5024e2524cd51c93621e558aa7dd9f3f" ], "author": { "name": "Trent Jaeger", "email": "tjaeger@cse.psu.edu", "time": "Tue Dec 13 23:12:40 2005 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jan 03 13:10:25 2006 -0800" }, "message": "[LSM-IPSec]: Per-packet access control.\n\nThis patch series implements per packet access control via the\nextension of the Linux Security Modules (LSM) interface by hooks in\nthe XFRM and pfkey subsystems that leverage IPSec security\nassociations to label packets. Extensions to the SELinux LSM are\nincluded that leverage the patch for this purpose.\n\nThis patch implements the changes necessary to the SELinux LSM to\ncreate, deallocate, and use security contexts for policies\n(xfrm_policy) and security associations (xfrm_state) that enable\ncontrol of a socket\u0027s ability to send and receive packets.\n\nPatch purpose:\n\nThe patch is designed to enable the SELinux LSM to implement access\ncontrol on individual packets based on the strongly authenticated\nIPSec security association. Such access controls augment the existing\nones in SELinux based on network interface and IP address. The former\nare very coarse-grained, and the latter can be spoofed. By using\nIPSec, the SELinux can control access to remote hosts based on\ncryptographic keys generated using the IPSec mechanism. This enables\naccess control on a per-machine basis or per-application if the remote\nmachine is running the same mechanism and trusted to enforce the\naccess control policy.\n\nPatch design approach:\n\nThe patch\u0027s main function is to authorize a socket\u0027s access to a IPSec\npolicy based on their security contexts. Since the communication is\nimplemented by a security association, the patch ensures that the\nsecurity association\u0027s negotiated and used have the same security\ncontext. The patch enables allocation and deallocation of such\nsecurity contexts for policies and security associations. It also\nenables copying of the security context when policies are cloned.\nLastly, the patch ensures that packets that are sent without using a\nIPSec security assocation with a security context are allowed to be\nsent in that manner.\n\nA presentation available at\nwww.selinux-symposium.org/2005/presentations/session2/2-3-jaeger.pdf\nfrom the SELinux symposium describes the overall approach.\n\nPatch implementation details:\n\nThe function which authorizes a socket to perform a requested\noperation (send/receive) on a IPSec policy (xfrm_policy) is\nselinux_xfrm_policy_lookup. The Netfilter and rcv_skb hooks ensure\nthat if a IPSec SA with a securit y association has not been used,\nthen the socket is allowed to send or receive the packet,\nrespectively.\n\nThe patch implements SELinux function for allocating security contexts\nwhen policies (xfrm_policy) are created via the pfkey or xfrm_user\ninterfaces via selinux_xfrm_policy_alloc. When a security association\nis built, SELinux allocates the security context designated by the\nXFRM subsystem which is based on that of the authorized policy via\nselinux_xfrm_state_alloc.\n\nWhen a xfrm_policy is cloned, the security context of that policy, if\nany, is copied to the clone via selinux_xfrm_policy_clone.\n\nWhen a xfrm_policy or xfrm_state is freed, its security context, if\nany is also freed at selinux_xfrm_policy_free or\nselinux_xfrm_state_free.\n\nTesting:\n\nThe SELinux authorization function is tested using ipsec-tools. We\ncreated policies and security associations with particular security\ncontexts and added SELinux access control policy entries to verify the\nauthorization decision. We also made sure that packets for which no\nsecurity context was supplied (which either did or did not use\nsecurity associations) were authorized using an unlabelled context.\n\nSigned-off-by: Trent Jaeger \u003ctjaeger@cse.psu.edu\u003e\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "df71837d5024e2524cd51c93621e558aa7dd9f3f", "tree": "58938f1d46f3c6713b63e5a785e82fdbb10121a1", "parents": [ "88026842b0a760145aa71d69e74fbc9ec118ca44" ], "author": { "name": "Trent Jaeger", "email": "tjaeger@cse.psu.edu", "time": "Tue Dec 13 23:12:27 2005 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jan 03 13:10:24 2006 -0800" }, "message": "[LSM-IPSec]: Security association restriction.\n\nThis patch series implements per packet access control via the\nextension of the Linux Security Modules (LSM) interface by hooks in\nthe XFRM and pfkey subsystems that leverage IPSec security\nassociations to label packets. Extensions to the SELinux LSM are\nincluded that leverage the patch for this purpose.\n\nThis patch implements the changes necessary to the XFRM subsystem,\npfkey interface, ipv4/ipv6, and xfrm_user interface to restrict a\nsocket to use only authorized security associations (or no security\nassociation) to send/receive network packets.\n\nPatch purpose:\n\nThe patch is designed to enable access control per packets based on\nthe strongly authenticated IPSec security association. Such access\ncontrols augment the existing ones based on network interface and IP\naddress. The former are very coarse-grained, and the latter can be\nspoofed. By using IPSec, the system can control access to remote\nhosts based on cryptographic keys generated using the IPSec mechanism.\nThis enables access control on a per-machine basis or per-application\nif the remote machine is running the same mechanism and trusted to\nenforce the access control policy.\n\nPatch design approach:\n\nThe overall approach is that policy (xfrm_policy) entries set by\nuser-level programs (e.g., setkey for ipsec-tools) are extended with a\nsecurity context that is used at policy selection time in the XFRM\nsubsystem to restrict the sockets that can send/receive packets via\nsecurity associations (xfrm_states) that are built from those\npolicies.\n\nA presentation available at\nwww.selinux-symposium.org/2005/presentations/session2/2-3-jaeger.pdf\nfrom the SELinux symposium describes the overall approach.\n\nPatch implementation details:\n\nOn output, the policy retrieved (via xfrm_policy_lookup or\nxfrm_sk_policy_lookup) must be authorized for the security context of\nthe socket and the same security context is required for resultant\nsecurity association (retrieved or negotiated via racoon in\nipsec-tools). This is enforced in xfrm_state_find.\n\nOn input, the policy retrieved must also be authorized for the socket\n(at __xfrm_policy_check), and the security context of the policy must\nalso match the security association being used.\n\nThe patch has virtually no impact on packets that do not use IPSec.\nThe existing Netfilter (outgoing) and LSM rcv_skb hooks are used as\nbefore.\n\nAlso, if IPSec is used without security contexts, the impact is\nminimal. The LSM must allow such policies to be selected for the\ncombination of socket and remote machine, but subsequent IPSec\nprocessing proceeds as in the original case.\n\nTesting:\n\nThe pfkey interface is tested using the ipsec-tools. ipsec-tools have\nbeen modified (a separate ipsec-tools patch is available for version\n0.5) that supports assignment of xfrm_policy entries and security\nassociations with security contexts via setkey and the negotiation\nusing the security contexts via racoon.\n\nThe xfrm_user interface is tested via ad hoc programs that set\nsecurity contexts. These programs are also available from me, and\ncontain programs for setting, getting, and deleting policy for testing\nthis interface. Testing of sa functions was done by tracing kernel\nbehavior.\n\nSigned-off-by: Trent Jaeger \u003ctjaeger@cse.psu.edu\u003e\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "db1d1d57e97700b4131fe80556dc6ef976d534c4", "tree": "abdc78339b1c1bd4e37cb496c68424d9d7d98592", "parents": [ "5c72c343719a8c5dba675cd1b27b63c06bfe23d1" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Dec 01 00:51:18 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Thu Dec 01 15:48:56 2005 -0800" }, "message": "[PATCH] Keys: Fix permissions check for update vs add\n\nPermit add_key() to once again update a matching key rather than adding a\nnew one if a matching key already exists in the target keyring.\n\nThis bug causes add_key() to always add a new key, displacing the old from\nthe target keyring.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "ce9982d048bb498c38ec1fe2ae59a44350882f3f", "tree": "29bee4fd0b59777f6878d25ff13b6fcd33d94d8a", "parents": [ "25a74f3ba8efb394e9a30d6de37566bf03fd3de8" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Tue Nov 08 21:34:33 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Nov 09 07:55:51 2005 -0800" }, "message": "[PATCH] selinux: extend selinuxfs context interface\n\nThis patch extends the selinuxfs context interface to allow return the\ncanonical form of the context to userspace.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "25a74f3ba8efb394e9a30d6de37566bf03fd3de8", "tree": "8fbe98b01a13946c02a56ab7bab2c4ed077aee3f", "parents": [ "e517a0cd859ae0c4d9451107113fc2b076456f8f" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Tue Nov 08 21:34:33 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Nov 09 07:55:51 2005 -0800" }, "message": "[PATCH] selinux: disable setxattr on mountpoint labeled filesystems\n\nThis patch disables the setting of SELinux xattrs on files created in\nfilesystems labeled via mountpoint labeling (mounted with the context\u003d\noption). selinux_inode_setxattr already prevents explicit setxattr from\nuserspace on such filesystems, so this provides consistent behavior for\nfile creation.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e517a0cd859ae0c4d9451107113fc2b076456f8f", "tree": "cf1c23d7d6715267ff7ee2b3dd5ba1c5ea8c0345", "parents": [ "d34d7ae266b23932809c43f115fda71fc5e5fcb1" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Tue Nov 08 21:34:32 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Nov 09 07:55:51 2005 -0800" }, "message": "[PATCH] selinux: MLS compatibility\n\nThis patch enables files created on a MLS-enabled SELinux system to be\naccessible on a non-MLS SELinux system, by skipping the MLS component of\nthe security context in the non-MLS case.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "a7f988ba304c5f6e78f937a06d120a0097b4d351", "tree": "7a19e078e12ff093fa7daa3ea207a8e442ebf0c7", "parents": [ "b2325fe1b7e5654fac9e9419423aa2c58a3dbd83" ], "author": { "name": "Jesper Juhl", "email": "jesper.juhl@gmail.com", "time": "Mon Nov 07 01:01:35 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Nov 07 07:54:06 2005 -0800" }, "message": "[PATCH] kfree cleanup: security\n\nThis is the security/ part of the big kfree cleanup patch.\n\nRemove pointless checks for NULL prior to calling kfree() in security/.\n\nSigned-off-by: Jesper Juhl \u003cjesper.juhl@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "0f6ed7c2641fe4cea83cd09c21928ca30c0983ec", "tree": "15662837acd37f24dddeb11eb12980429c8c4ef4", "parents": [ "28ef35845f2c8da8e1bed068277d2fab1e8c8979" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Nov 07 00:59:30 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Nov 07 07:53:37 2005 -0800" }, "message": "[PATCH] Keys: Remove incorrect and obsolete \u0027!\u0027 operators\n\nThe attached patch removes a couple of incorrect and obsolete \u0027!\u0027 operators\nleft over from the conversion of the key permission functions from\ntrue/false returns to zero/error returns.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "621d31219d9a788bda924a0613048053f3f5f211", "tree": "9fb9846fdd999ba04c436aa84c7da0d8233ac545", "parents": [ "b67a1b9e4bf878aa5d4b6b44cb5a251a2f425f0d" ], "author": { "name": "Oleg Nesterov", "email": "oleg@tv-sign.ru", "time": "Sun Oct 30 15:03:45 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:31 2005 -0800" }, "message": "[PATCH] cleanup the usage of SEND_SIG_xxx constants\n\nThis patch simplifies some checks for magic siginfo values. It should not\nchange the behaviour in any way.\n\nSigned-off-by: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "b67a1b9e4bf878aa5d4b6b44cb5a251a2f425f0d", "tree": "8fa921440476083be42f21ce6d0c4091a3757742", "parents": [ "3e6716e748609a3a899e8d670e42832921bd45bc" ], "author": { "name": "Oleg Nesterov", "email": "oleg@tv-sign.ru", "time": "Sun Oct 30 15:03:44 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:31 2005 -0800" }, "message": "[PATCH] remove hardcoded SEND_SIG_xxx constants\n\nThis patch replaces hardcoded SEND_SIG_xxx constants with\ntheir symbolic names.\n\nNo changes in affected .o files.\n\nSigned-off-by: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "29db9190634067c5a328ee5fcc2890251b836b4b", "tree": "07ec242789230824f1fa8bcbbe681fd5bf166fa8", "parents": [ "2aa349f6e37ce030060c994d3aebbff4ab703565" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Sun Oct 30 15:02:44 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:23 2005 -0800" }, "message": "[PATCH] Keys: Add LSM hooks for key management [try #3]\n\nThe attached patch adds LSM hooks for key management facilities. The notable\nchanges are:\n\n (1) The key struct now supports a security pointer for the use of security\n modules. This will permit key labelling and restrictions on which\n programs may access a key.\n\n (2) Security modules get a chance to note (or abort) the allocation of a key.\n\n (3) The key permission checking can now be enhanced by the security modules;\n the permissions check consults LSM if all other checks bear out.\n\n (4) The key permissions checking functions now return an error code rather\n than a boolean value.\n\n (5) An extra permission has been added to govern the modification of\n attributes (UID, GID, permissions).\n\nNote that there isn\u0027t an LSM hook specifically for each keyctl() operation,\nbut rather the permissions hook allows control of individual operations based\non the permission request bits.\n\nKey management access control through LSM is enabled by automatically if both\nCONFIG_KEYS and CONFIG_SECURITY are enabled.\n\nThis should be applied on top of the patch ensubjected:\n\n\t[PATCH] Keys: Possessor permissions should be additive\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Chris Wright \u003cchrisw@osdl.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "2aa349f6e37ce030060c994d3aebbff4ab703565", "tree": "7a0937469f0376931b82d9c3392727dba13c9d45", "parents": [ "1426d7a81dea8e9d85f9d69de85ab04ba37018ab" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Sun Oct 30 15:02:42 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:22 2005 -0800" }, "message": "[PATCH] Keys: Export user-defined keyring operations\n\nExport user-defined key operations so that those who wish to define their\nown key type based on the user-defined key operations may do so (as has\nbeen requested).\n\nThe header file created has been placed into include/keys/user-type.h, thus\ncreating a directory where other key types may also be placed. Any\nobjections to doing this?\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-Off-By: Arjan van de Ven \u003carjan@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "2f51201662b28dbf8c15fb7eb972bc51c6cc3fa5", "tree": "96826df796058560bc5dd1f7d8d476c5a741d7bc", "parents": [ "503af334ecf23b9d65d2ff0cc759f3a0bf338290" ], "author": { "name": "Eric Dumazet", "email": "dada1@cosmosbay.com", "time": "Sun Oct 30 15:02:16 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:19 2005 -0800" }, "message": "[PATCH] reduce sizeof(struct file)\n\nNow that RCU applied on \u0027struct file\u0027 seems stable, we can place f_rcuhead\nin a memory location that is not anymore used at call_rcu(\u0026f-\u003ef_rcuhead,\nfile_free_rcu) time, to reduce the size of this critical kernel object.\n\nThe trick I used is to move f_rcuhead and f_list in an union called f_u\n\nThe callers are changed so that f_rcuhead becomes f_u.fu_rcuhead and f_list\nbecomes f_u.f_list\n\nSigned-off-by: Eric Dumazet \u003cdada1@cosmosbay.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "bfd51626cbf61cb23f787d8ff972ef0d5ddacc0b", "tree": "63e2a8e552b33509130822ed9222d7266cbeb69f", "parents": [ "ce4c2bd1a9dfebaefadc2d34b17c6f12101751be" ], "author": { "name": "Davi Arnaut", "email": "davi.arnaut@gmail.com", "time": "Sun Oct 30 14:59:24 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:11 2005 -0800" }, "message": "[PATCH] SELinux: remove unecessary size_t checks in selinuxfs\n\nThis patch removes a bunch of unecessary checks for (size_t \u003c 0) in\nselinuxfs.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "ce4c2bd1a9dfebaefadc2d34b17c6f12101751be", "tree": "dde9437929d9b15ced25758c8389360ba4073cdb", "parents": [ "d381d8a9a08cac9824096213069159be17fd2e2f" ], "author": { "name": "Andrew Morton", "email": "akpm@osdl.org", "time": "Sun Oct 30 14:59:23 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:11 2005 -0800" }, "message": "[PATCH] selinux-canonicalize-getxattr-fix\n\nsecurity/selinux/hooks.c: In function `selinux_inode_getxattr\u0027:\nsecurity/selinux/hooks.c:2193: warning: unused variable `sbsec\u0027\n\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "d381d8a9a08cac9824096213069159be17fd2e2f", "tree": "0c19722b8f67c29b7c08c6ab8776a9c146395d03", "parents": [ "89d155ef62e5e0c10e4b37aaa5056f0beafe10e6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sun Oct 30 14:59:22 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:11 2005 -0800" }, "message": "[PATCH] SELinux: canonicalize getxattr()\n\nThis patch allows SELinux to canonicalize the value returned from\ngetxattr() via the security_inode_getsecurity() hook, which is called after\nthe fs level getxattr() function.\n\nThe purpose of this is to allow the in-core security context for an inode\nto override the on-disk value. This could happen in cases such as\nupgrading a system to a different labeling form (e.g. standard SELinux to\nMLS) without needing to do a full relabel of the filesystem.\n\nIn such cases, we want getxattr() to return the canonical security context\nthat the kernel is using rather than what is stored on disk.\n\nThe implementation hooks into the inode_getsecurity(), adding another\nparameter to indicate the result of the preceding fs-level getxattr() call,\nso that SELinux knows whether to compare a value obtained from disk with\nthe kernel value.\n\nWe also now allow getxattr() to work for mountpoint labeled filesystems\n(i.e. mount with option context\u003dfoo_t), as we are able to return the\nkernel value to the user.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "89d155ef62e5e0c10e4b37aaa5056f0beafe10e6", "tree": "7de1f357efd619000970526ca2688f79b9022417", "parents": [ "0d078f6f96809c95c69b99d6605a502b0ac63d3d" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sun Oct 30 14:59:21 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:11 2005 -0800" }, "message": "[PATCH] SELinux: convert to kzalloc\n\nThis patch converts SELinux code from kmalloc/memset to the new kazalloc\nunction. On i386, this results in a text saving of over 1K.\n\nBefore:\ntext data bss dec hex filename\n86319 4642 15236 106197 19ed5 security/selinux/built-in.o\n\nAfter:\ntext data bss dec hex filename\n85278 4642 15236 105156 19ac4 security/selinux/built-in.o\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "7d877f3bda870ab5f001bd92528654471d5966b3", "tree": "1c05b62abead153956c4ca250ffb1891887e77c9", "parents": [ "fd4f2df24bc23e6b8fc069765b425c7dacf52347" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 21 03:20:43 2005 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Oct 28 08:16:47 2005 -0700" }, "message": "[PATCH] gfp_t: net/*\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "20c19e4179884d7e843314071e2dfb1ea7b0afcd", "tree": "1ed0cc19c51b10336c14a1b9c35095ef8ebfd138", "parents": [ "282c1f5eba150d0b156ffa9e6b064f1d92f8315f" ], "author": { "name": "Davi Arnaut", "email": "davi.arnaut@gmail.com", "time": "Sun Oct 23 12:57:16 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 23 16:38:39 2005 -0700" }, "message": "[PATCH] SELinux: handle sel_make_bools() failure in selinuxfs\n\nThis patch fixes error handling in sel_make_bools(), where currently we\u0027d\nget a memory leak via security_get_bools() and try to kfree() the wrong\npointer if called again.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "282c1f5eba150d0b156ffa9e6b064f1d92f8315f", "tree": "1b4446dc0a2651a340be0c0485c8e053cdb27407", "parents": [ "8766ce41018a0cb80fbe0ce7dbf747f357c752da" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sun Oct 23 12:57:15 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 23 16:38:38 2005 -0700" }, "message": "[PATCH] selinux: Fix NULL deref in policydb_destroy\n\nThis patch fixes a possible NULL dereference in policydb_destroy, where\np-\u003etype_attr_map can be NULL if policydb_destroy is called to clean up a\npartially loaded policy upon an error during policy load. Please apply.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "7ab501db8cb6659efdf04034e0de6b44c059a51b", "tree": "cdcf34873ab91219e17b265610a83bea213ec3c4", "parents": [ "468ed2b0c85ec4310b429e60358213b6d077289e" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Oct 07 16:41:24 2005 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Oct 08 14:54:48 2005 -0700" }, "message": "[PATCH] Keys: Possessor permissions should be additive\n\nThis patch makes the possessor permissions on a key additive with\nuser/group/other permissions on the same key.\n\nThis permits extra rights to be granted to the possessor of a key without\ntaking away any rights conferred by them owning the key or having common group\nmembership.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "468ed2b0c85ec4310b429e60358213b6d077289e", "tree": "d1f570c1b89df450753cbec8768b1c1cfac6d9a2", "parents": [ "f1a9badcf6ecad9975240d94514721cb93932151" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Oct 07 15:07:38 2005 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Oct 08 14:53:31 2005 -0700" }, "message": "[PATCH] Keys: Split key permissions checking into a .c file\n\nThe attached patch splits key permissions checking out of key-ui.h and\nmoves it into a .c file. It\u0027s quite large and called quite a lot, and\nit\u0027s about to get bigger with the addition of LSM support for keys...\n\nkey_any_permission() is also discarded as it\u0027s no longer used.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "f1a9badcf6ecad9975240d94514721cb93932151", "tree": "dc37fe427d645dd84331b7385523b39efa41ffad", "parents": [ "74fd92c511bd4a0771ac0faaaef38bb1be3a29f6" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Oct 07 15:04:52 2005 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Oct 08 14:53:31 2005 -0700" }, "message": "[PATCH] Keys: Add request-key process documentation\n\nThe attached patch adds documentation for the process by which request-key\nworks, including how it permits helper processes to gain access to the\nrequestor\u0027s keyrings.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "74fd92c511bd4a0771ac0faaaef38bb1be3a29f6", "tree": "86d0006605f5abe600a2b3a7f6d03cf554c4e761", "parents": [ "c2059b2e0b209a0674c21f78337bb158d3ccb22b" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Oct 07 15:01:09 2005 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Oct 08 14:53:31 2005 -0700" }, "message": "[PATCH] key: plug request_key_auth memleak\n\nPlug request_key_auth memleak. This can be triggered by unprivileged\nusers, so is local DoS.\n\nSigned-off-by: Chris Wright \u003cchrisw@osdl.org\u003e\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "13402580021a52e49c6d1068ff28ade4d5a175f1", "tree": "5617d1eaa7409d8ac3680cdada5e5ef45d0c8753", "parents": [ "b33fa1f3c3ec05e54e73f06c4578948c55d89ef6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 30 14:24:34 2005 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 30 11:36:04 2005 -0700" }, "message": "[PATCH] SELinux - fix SCTP socket bug and general IP protocol handling\n\nThe following patch updates the way SELinux classifies and handles IP\nbased protocols.\n\nCurrently, IP sockets are classified by SELinux as being either TCP, UDP\nor \u0027Raw\u0027, the latter being a default for IP socket that is not TCP or UDP.\n\nThe classification code is out of date and uses only the socket type\nparameter to socket(2) to determine the class of IP socket. So, any\nsocket created with SOCK_STREAM will be classified by SELinux as TCP, and\nSOCK_DGRAM as UDP. Also, other socket types such as SOCK_SEQPACKET and\nSOCK_DCCP are currently ignored by SELinux, which classifies them as\ngeneric sockets, which means they don\u0027t even get basic IP level checking.\n\nThis patch changes the SELinux IP socket classification logic, so that\nonly an IPPROTO_IP protocol value passed to socket(2) classify the socket\nas TCP or UDP. The patch also drops the check for SOCK_RAW and converts\nit into a default, so that socket types like SOCK_DCCP and SOCK_SEQPACKET\nare classified as SECCLASS_RAWIP_SOCKET (instead of generic sockets).\n\nNote that protocol-specific support for SCTP, DCCP etc. is not addressed\nhere, we\u0027re just getting these protocols checked at the IP layer.\n\nThis fixes a reported problem where SCTP sockets were being recognized as\ngeneric SELinux sockets yet still being passed in one case to an IP level\ncheck, which then fails for generic sockets.\n\nIt will also fix bugs where any SOCK_STREAM socket is classified as TCP or\nany SOCK_DGRAM socket is classified as UDP.\n\nThis patch also unifies the way IP sockets classes are determined in\nselinux_socket_bind(), so we use the already calculated value instead of\ntrying to recalculate it.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "664cceb0093b755739e56572b836a99104ee8a75", "tree": "dbaa3ab802803879f29532db4d8a91a54294cf88", "parents": [ "5134fc15b643dc36eb9aa77e4318b886844a9ac5" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 28 17:03:15 2005 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Sep 28 09:10:47 2005 -0700" }, "message": "[PATCH] Keys: Add possessor permissions to keys [try #3]\n\nThe attached patch adds extra permission grants to keys for the possessor of a\nkey in addition to the owner, group and other permissions bits. This makes\nSUID binaries easier to support without going as far as labelling keys and key\ntargets using the LSM facilities.\n\nThis patch adds a second \"pointer type\" to key structures (struct key_ref *)\nthat can have the bottom bit of the address set to indicate the possession of\na key. This is propagated through searches from the keyring to the discovered\nkey. It has been made a separate type so that the compiler can spot attempts\nto dereference a potentially incorrect pointer.\n\nThe \"possession\" attribute can\u0027t be attached to a key structure directly as\nit\u0027s not an intrinsic property of a key.\n\nPointers to keys have been replaced with struct key_ref *\u0027s wherever\npossession information needs to be passed through.\n\nThis does assume that the bottom bit of the pointer will always be zero on\nreturn from kmem_cache_alloc().\n\nThe key reference type has been made into a typedef so that at least it can be\nlocated in the sources, even though it\u0027s basically a pointer to an undefined\ntype. I\u0027ve also renamed the accessor functions to be more useful, and all\nreference variables should now end in \"_ref\".\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9afa57b04ca08ff061e54787e3becf5c40283149", "tree": "0289bc53611919aaf87c455633fe0b3a9eff2c87", "parents": [ "d15c5749eb81dee94d40fe12584ca8461858b4cb" ], "author": { "name": "Serge Hallyn", "email": "serue@us.ibm.com", "time": "Fri Sep 16 19:27:57 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Sep 17 11:50:01 2005 -0700" }, "message": "[PATCH] seclvl: use securityfs (fix)\n\nThat should be -EINVAL for both.\n\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Greg KH \u003cgreg@kroah.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "d15c5749eb81dee94d40fe12584ca8461858b4cb", "tree": "b265834c83b80c25bf140d918edf0838405dc3d5", "parents": [ "73a0b538ee573a76cba59cdc9f177a71776d4678" ], "author": { "name": "Andrew Morton", "email": "akpm@osdl.org", "time": "Fri Sep 16 19:27:56 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Sep 17 11:50:01 2005 -0700" }, "message": "[PATCH] seclvl-use-securityfs tidy\n\nWe don\u0027t put braces around single statements, thanks.\n\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@osdl.org\u003e\nCc: Greg KH \u003cgreg@kroah.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "ddbf9ef385bfbef897210733abfb73cb9b94ecec", "tree": "64a9e965a71eef13e813a3327f8d74aa7168ee19", "parents": [ "5d54e69c68c05b162a56f9914cae72afd7e6f40a", "2c40579bdc2a94977fcff2521d5b53a97c33e77a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 09:48:54 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 09:48:54 2005 -0700" }, "message": "Merge master.kernel.org:/pub/scm/linux/kernel/git/chrisw/lsm-2.6 \n" }, { "commit": "5d54e69c68c05b162a56f9914cae72afd7e6f40a", "tree": "c5933858c4861bc3e358559f64ef459a1f56ab75", "parents": [ "63f3d1df1ad276a30b75339dd682a6e1f9d0c181", "b6ddc518520887a62728b0414efbf802a9dfdd55" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 09:47:30 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 09:47:30 2005 -0700" }, "message": "Merge master.kernel.org:/pub/scm/linux/kernel/git/dwmw2/audit-2.6 \n" }, { "commit": "b835996f628eadb55c5fb222ba46fe9395bf73c7", "tree": "d63d80585d197e1ffc299af4a0034049790fb197", "parents": [ "ab2af1f5005069321c5d130f09cce577b03f43ef" ], "author": { "name": "Dipankar Sarma", "email": "dipankar@in.ibm.com", "time": "Fri Sep 09 13:04:14 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:55 2005 -0700" }, "message": "[PATCH] files: lock-free fd look-up\n\nWith the use of RCU in files structure, the look-up of files using fds can now\nbe lock-free. The lookup is protected by rcu_read_lock()/rcu_read_unlock().\nThis patch changes the readers to use lock-free lookup.\n\nSigned-off-by: Maneesh Soni \u003cmaneesh@in.ibm.com\u003e\nSigned-off-by: Ravikiran Thirumalai \u003ckiran_th@gmail.com\u003e\nSigned-off-by: Dipankar Sarma \u003cdipankar@in.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "badf16621c1f9d1ac753be056fce11b43d6e0be5", "tree": "3fdf833fdf2e3d3a439090743539680449ec3428", "parents": [ "c0dfb2905126e9e94edebbce8d3e05001301f52d" ], "author": { "name": "Dipankar Sarma", "email": "dipankar@in.ibm.com", "time": "Fri Sep 09 13:04:10 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:55 2005 -0700" }, "message": "[PATCH] files: break up files struct\n\nIn order for the RCU to work, the file table array, sets and their sizes must\nbe updated atomically. Instead of ensuring this through too many memory\nbarriers, we put the arrays and their sizes in a separate structure. This\npatch takes the first step of putting the file table elements in a separate\nstructure fdtable that is embedded withing files_struct. It also changes all\nthe users to refer to the file table using files_fdtable() macro. Subsequent\napplciation of RCU becomes easier after this.\n\nSigned-off-by: Dipankar Sarma \u003cdipankar@in.ibm.com\u003e\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e31e14ec356f36b131576be5bc31d8fef7e95483", "tree": "5597419cf186904d77c4b4ecf117287bcc1db986", "parents": [ "a74574aafea3a63add3251047601611111f44562" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Sep 09 13:01:45 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:28 2005 -0700" }, "message": "[PATCH] remove the inode_post_link and inode_post_rename LSM hooks\n\nThis patch removes the inode_post_link and inode_post_rename LSM hooks as\nthey are unused (and likely useless).\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "a74574aafea3a63add3251047601611111f44562", "tree": "a8f4a809589513c666c6f5518cbe84f50ee5523e", "parents": [ "570bc1c2e5ccdb408081e77507a385dc7ebed7fa" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Sep 09 13:01:44 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:28 2005 -0700" }, "message": "[PATCH] Remove security_inode_post_create/mkdir/symlink/mknod hooks\n\nThis patch removes the inode_post_create/mkdir/mknod/symlink LSM hooks as\nthey are obsoleted by the new inode_init_security hook that enables atomic\ninode security labeling.\n\nIf anyone sees any reason to retain these hooks, please speak now. Also,\nis anyone using the post_rename/link hooks; if not, those could also be\nremoved.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "570bc1c2e5ccdb408081e77507a385dc7ebed7fa", "tree": "d00d2df7c93899fa2028128c40961fec46ede471", "parents": [ "ac50960afa31877493add6d941d8402fa879c452" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Sep 09 13:01:43 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:28 2005 -0700" }, "message": "[PATCH] tmpfs: Enable atomic inode security labeling\n\nThis patch modifies tmpfs to call the inode_init_security LSM hook to set\nup the incore inode security state for new inodes before the inode becomes\naccessible via the dcache.\n\nAs there is no underlying storage of security xattrs in this case, it is\nnot necessary for the hook to return the (name, value, len) triple to the\ntmpfs code, so this patch also modifies the SELinux hook function to\ncorrectly handle the case where the (name, value, len) pointers are NULL.\n\nThe hook call is needed in tmpfs in order to support proper security\nlabeling of tmpfs inodes (e.g. for udev with tmpfs /dev in Fedora). With\nthis change in place, we should then be able to remove the\nsecurity_inode_post_create/mkdir/... hooks safely.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Hugh Dickins \u003chugh@veritas.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "5e41ff9e0650f327a6c819841fa412da95d57319", "tree": "a525df8bda34c2aa52f30326f94cd15109bb58b3", "parents": [ "f5ee56cc184e0944ebc9ff1691985219959596f6" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Sep 09 13:01:35 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:27 2005 -0700" }, "message": "[PATCH] security: enable atomic inode security labeling\n\nThe following patch set enables atomic security labeling of newly created\ninodes by altering the fs code to invoke a new LSM hook to obtain the security\nattribute to apply to a newly created inode and to set up the incore inode\nsecurity state during the inode creation transaction. This parallels the\nexisting processing for setting ACLs on newly created inodes. Otherwise, it\nis possible for new inodes to be accessed by another thread via the dcache\nprior to complete security setup (presently handled by the\npost_create/mkdir/... LSM hooks in the VFS) and a newly created inode may be\nleft unlabeled on the disk in the event of a crash. SELinux presently works\naround the issue by ensuring that the incore inode security label is\ninitialized to a special SID that is inaccessible to unprivileged processes\n(in accordance with policy), thereby preventing inappropriate access but\npotentially causing false denials on legitimate accesses. A simple test\nprogram demonstrates such false denials on SELinux, and the patch solves the\nproblem. Similar such false denials have been encountered in real\napplications.\n\nThis patch defines a new inode_init_security LSM hook to obtain the security\nattribute to apply to a newly created inode and to set up the incore inode\nsecurity state for it, and adds a corresponding hook function implementation\nto SELinux.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "48467641bcc057f7cba3b6cbbe66cb834d64cc81", "tree": "f7c5c5e964c220de30fcdcd06b0f1efdb3e22439", "parents": [ "3863e72414fa2ebf5f3b615d1bf99de32e59980a", "d70063c4634af060a5387337b7632f6334ca3458" ], "author": { "name": "Linus Torvalds", "email": "torvalds@evo.osdl.org", "time": "Mon Sep 05 00:11:50 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@evo.osdl.org", "time": "Mon Sep 05 00:11:50 2005 -0700" }, "message": "Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 \n" }, { "commit": "b5bf6c55edf94e9c7fc01724d5b271f78eaf1d3f", "tree": "0f2be4478fa5886f467fce8b4a8d56b5e8dbed46", "parents": [ "782ebb992ec20b5afdd5786ee8c2f1b58b631f24" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Sat Sep 03 15:55:17 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@evo.osdl.org", "time": "Mon Sep 05 00:05:51 2005 -0700" }, "message": "[PATCH] selinux: endian notations\n\nThis patch adds endian notations to the SELinux code.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "782ebb992ec20b5afdd5786ee8c2f1b58b631f24", "tree": "adf0af44fa591d803ec6b9ab7541ff3e5745dd93", "parents": [ "720d6c29e146e96cca858057469951e91e0e6850" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sat Sep 03 15:55:16 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@evo.osdl.org", "time": "Mon Sep 05 00:05:50 2005 -0700" }, "message": "[PATCH] selinux: Reduce memory use by avtab\n\nThis patch improves memory use by SELinux by both reducing the avtab node\nsize and reducing the number of avtab nodes. The memory savings are\nsubstantial, e.g. on a 64-bit system after boot, James Morris reported the\nfollowing data for the targeted and strict policies:\n\n #objs objsize kernmem\nTargeted:\n Before: 237888 40 9.1MB\n After: 19968 24 468KB\n\nStrict:\n Before: 571680 40 21.81MB\n After: 221052 24 5.06MB\n\nThe improvement in memory use comes at a cost in the speed of security\nserver computations of access vectors, but these computations are only\nrequired on AVC cache misses, and performance measurements by James Morris\nusing a number of benchmarks have shown that the change does not cause any\nsignificant degradation.\n\nNote that a rebuilt policy via an updated policy toolchain\n(libsepol/checkpolicy) is required in order to gain the full benefits of\nthis patch, although some memory savings benefits are immediately applied\neven to older policies (in particular, the reduction in avtab node size).\nSources for the updated toolchain are presently available from the\nsourceforge CVS tree (http://sourceforge.net/cvs/?group_id\u003d21266), and\ntarballs are available from http://www.flux.utah.edu/~sds.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "eb6f1160ddb2fdadf50f350da79d0796c37f17e2", "tree": "e7b048b089b4b0ec9f121eea9a7f5864999dbac3", "parents": [ "64baf3cfea974d2b9e671ccfdbc03e030ea5ebc6" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Thu Sep 01 17:43:25 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Sep 01 17:43:25 2005 -0700" }, "message": "[CRYPTO]: Use CRYPTO_TFM_REQ_MAY_SLEEP where appropriate\n\nThis patch goes through the current users of the crypto layer and sets\nCRYPTO_TFM_REQ_MAY_SLEEP at crypto_alloc_tfm() where all crypto operations\nare performed in process context.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "216efaaaa006d2f3ecbb5bbc2b6673423813254e", "tree": "c05cd2d0ec829d18a8f85ff8611c0e1424303f52", "parents": [ "066286071d3542243baa68166acb779187c848b3" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 15 20:34:48 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 16:01:15 2005 -0700" }, "message": "[SELINUX]: Update for tcp_diag rename to inet_diag.\n\nAlso, support dccp sockets.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "066286071d3542243baa68166acb779187c848b3", "tree": "ef6604f16ceb13842a30311654e6a64aac716c48", "parents": [ "9a4595bc7e67962f13232ee55a64e063062c3a99" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Mon Aug 15 12:33:26 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 16:01:11 2005 -0700" }, "message": "[NETLINK]: Add \"groups\" argument to netlink_kernel_create\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ac6d439d2097b72ea0cbc2322ce1263a38bc1fd0", "tree": "19e638a226993dddede5a2da577e2572f7555a95", "parents": [ "d629b836d151d43332492651dd841d32e57ebe3b" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Sun Aug 14 19:29:52 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 16:00:54 2005 -0700" }, "message": "[NETLINK]: Convert netlink users to use group numbers instead of bitmasks\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "43e943c32b9213b5d25407b281c94aaa474fd9a6", "tree": "7844a1aa95d697ae378bc799085e1b29eb0b8a48", "parents": [ "ad93e266a17c6f606e96304c866eb73665ae34fa" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Sun Aug 14 19:25:47 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 16:00:34 2005 -0700" }, "message": "[NETLINK]: Fix missing dst_groups initializations in netlink_broadcast users\n\nnetlink_broadcast users must initialize NETLINK_CB(skb).dst_groups to the\ndestination group mask for netlink_recvmsg.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4fdb3bb723db469717c6d38fda667d8b0fa86ebd", "tree": "43d82e717922e6319cf8a8f9dc5ee902c651b491", "parents": [ "020b4c12dbe3868d792a01d7c1470cd837abe10f" ], "author": { "name": "Harald Welte", "email": "laforge@netfilter.org", "time": "Tue Aug 09 19:40:55 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 15:35:08 2005 -0700" }, "message": "[NETLINK]: Add properly module refcounting for kernel netlink sockets.\n\n- Remove bogus code for compiling netlink as module\n- Add module refcounting support for modules implementing a netlink\n protocol\n- Add support for autoloading modules that implement a netlink protocol\n as soon as someone opens a socket for that protocol\n\nSigned-off-by: Harald Welte \u003claforge@netfilter.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2c40579bdc2a94977fcff2521d5b53a97c33e77a", "tree": "04da3ba2070d46115e93ddbb148e035666862d84", "parents": [ "5a73c308754e27829c94544e010f133019cbd432" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Mon Aug 22 18:20:50 2005 +0200" }, "committer": { "name": "Chris Wright", "email": "chrisw@osdl.org", "time": "Mon Aug 22 14:10:22 2005 -0700" }, "message": "[PATCH] SECURITY must depend on SYSFS\n\nCONFIG_SECURITY\u003dy and CONFIG_SYSFS\u003dn results in the following compile\nerror:\n\n\u003c-- snip --\u003e\n\n...\n LD vmlinux\nsecurity/built-in.o: In function `securityfs_init\u0027:\ninode.c:(.init.text+0x1c2): undefined reference to `kernel_subsys\u0027\nmake: *** [vmlinux] Error 1\n\n\u003c-- snip --\u003e\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Chris Wright \u003cchrisw@osdl.org\u003e\n" } ], "next": "c973b112c76c9d8fd042991128f218a738cc8d0a" }