)]}' { "log": [ { "commit": "024e6cb408307de41cbfcb1e5a170d9af60ab2a9", "tree": "a292ba561abe291f906cde4907e5956b0a5a5f5a", "parents": [ "a58578e47f004017cf47803ad372490806630e58" ], "author": { "name": "Andreas Schwab", "email": "schwab@linux-m68k.org", "time": "Tue Aug 18 22:14:29 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 19 08:42:56 2009 +1000" }, "message": "security: Fix prompt for LSM_MMAP_MIN_ADDR\n\nFix prompt for LSM_MMAP_MIN_ADDR.\n\n(Verbs are cool!)\n\nSigned-off-by: Andreas Schwab \u003cschwab@linux-m68k.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a58578e47f004017cf47803ad372490806630e58", "tree": "f815076f1956aa50d0eea5d0323eaae9c27b3424", "parents": [ "df4ecf1524c7793de3121b2d4e5fc6bcc0da3bfb" ], "author": { "name": "Dave Jones", "email": "davej@redhat.com", "time": "Tue Aug 18 13:47:37 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 19 08:38:29 2009 +1000" }, "message": "security: Make LSM_MMAP_MIN_ADDR default match its help text.\n\nCommit 788084aba2ab7348257597496befcbccabdc98a3 added the LSM_MMAP_MIN_ADDR\noption, whose help text states \"For most ia64, ppc64 and x86 users with lots\nof address space a value of 65536 is reasonable and should cause no problems.\"\nWhich implies that it\u0027s default setting was typoed.\n\nSigned-off-by: Dave Jones \u003cdavej@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "788084aba2ab7348257597496befcbccabdc98a3", "tree": "2da42d746d67b16ef705229a1b5a3528ec19c725", "parents": [ "8cf948e744e0218af604c32edecde10006dc8e9e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:54:11 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 17 15:09:11 2009 +1000" }, "message": "Security/SELinux: seperate lsm specific mmap_min_addr\n\nCurrently SELinux enforcement of controls on the ability to map low memory\nis determined by the mmap_min_addr tunable. This patch causes SELinux to\nignore the tunable and instead use a seperate Kconfig option specific to how\nmuch space the LSM should protect.\n\nThe tunable will now only control the need for CAP_SYS_RAWIO and SELinux\npermissions will always protect the amount of low memory designated by\nCONFIG_LSM_MMAP_MIN_ADDR.\n\nThis allows users who need to disable the mmap_min_addr controls (usual reason\nbeing they run WINE as a non-root user) to do so and still have SELinux\ncontrols preventing confined domains (like a web server) from being able to\nmap some area of low memory.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8cf948e744e0218af604c32edecde10006dc8e9e", "tree": "c5d48e9210976e28e5ce07d69ca9b87d4c437389", "parents": [ "9c0d90103c7e0eb6e638e5b649e9f6d8d9c1b4b3" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:54:05 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 17 15:08:48 2009 +1000" }, "message": "SELinux: call cap_file_mmap in selinux_file_mmap\n\nCurrently SELinux does not check CAP_SYS_RAWIO in the file_mmap hook. This\nmeans there is no DAC check on the ability to mmap low addresses in the\nmemory space. This function adds the DAC check for CAP_SYS_RAWIO while\nmaintaining the selinux check on mmap_zero. This means that processes\nwhich need to mmap low memory will need CAP_SYS_RAWIO and mmap_zero but will\nNOT need the SELinux sys_rawio capability.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9c0d90103c7e0eb6e638e5b649e9f6d8d9c1b4b3", "tree": "ba7c5fbed87e6ad6c395f4ca560e2e85d153a5dc", "parents": [ "894ef820b10d77e2d6d717342fc408bdd9825139" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:53:58 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 17 15:08:35 2009 +1000" }, "message": "Capabilities: move cap_file_mmap to commoncap.c\n\nCurrently we duplicate the mmap_min_addr test in cap_file_mmap and in\nsecurity_file_mmap if !CONFIG_SECURITY. This patch moves cap_file_mmap\ninto commoncap.c and then calls that function directly from\nsecurity_file_mmap ifndef CONFIG_SECURITY like all of the other capability\nchecks are done.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "314dabb83a547ec4da819e8cbc78fac9cec605cd", "tree": "8e32efc47c52a218bfb4eb517ae2ba14d496adcc", "parents": [ "85dfd81dc57e8183a277ddd7a56aa65c96f3f487" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 10 22:00:13 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 11 08:37:13 2009 +1000" }, "message": "SELinux: fix memory leakage in /security/selinux/hooks.c\n\nFix memory leakage in /security/selinux/hooks.c\n\nThe buffer always needs to be freed here; we either error\nout or allocate more memory.\n\nReported-by: iceberg \u003cstrakh@ispras.ru\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "94e5d714f604d4cb4cb13163f01ede278e69258b", "tree": "1f7f50f5eddf74e6930eaf0384538549f263b8fe", "parents": [ "79b854c549c62c54fa27f87e04465c01db889f8d" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Jun 26 14:05:27 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jun 29 08:59:10 2009 +1000" }, "message": "integrity: add ima_counts_put (updated)\n\nThis patch fixes an imbalance message as reported by J.R. Okajima.\nThe IMA file counters are incremented in ima_path_check. If the\nactual open fails, such as ETXTBSY, decrement the counters to\nprevent unnecessary imbalance messages.\n\nReported-by: J.R. Okajima \u003chooanon05@yahoo.co.jp\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "79b854c549c62c54fa27f87e04465c01db889f8d", "tree": "5b49ad5ce83888a476fff7f1aa0d6ac82566f7f5", "parents": [ "46690f3718d95e9bb712b6f2b5c869f8494521de" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Jun 26 11:25:00 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jun 29 08:57:49 2009 +1000" }, "message": "integrity: ima audit hash_exists fix\n\nAudit the file name, not the template name.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cd5008196f7e583f4c558531a2bca59f6c674c5b", "tree": "c91a3d15b09545eddebbc09577b2763ef2e34235", "parents": [ "f9ab5b5b0f5be506640321d710b0acd3dca6154a" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Wed Jun 17 16:26:33 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jun 18 13:03:47 2009 -0700" }, "message": "devcgroup: skip superfluous checks when found the DEV_ALL elem\n\nWhile walking through the whitelist, if the DEV_ALL item is found, no more\ncheck is needed.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9cbc1cb8cd46ce1f7645b9de249b2ce8460129bb", "tree": "8d104ec2a459346b99413b0b77421ca7b9936c1a", "parents": [ "ca44d6e60f9de26281fda203f58b570e1748c015", "45e3e1935e2857c54783291107d33323b3ef33c8" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jun 15 03:02:23 2009 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jun 15 03:02:23 2009 -0700" }, "message": "Merge branch \u0027master\u0027 of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6\n\nConflicts:\n\tDocumentation/feature-removal-schedule.txt\n\tdrivers/scsi/fcoe/fcoe.c\n\tnet/core/drop_monitor.c\n\tnet/core/net-traces.c\n" }, { "commit": "3296ca27f50ecbd71db1d808c7a72d311027f919", "tree": "833eaa58b2013bda86d4bd95faf6efad7a2d5ca4", "parents": [ "e893123c7378192c094747dadec326b7c000c190", "73fbad283cfbbcf02939bdbda31fc4a30e729cca" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jun 11 10:01:41 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jun 11 10:01:41 2009 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (44 commits)\n nommu: Provide mmap_min_addr definition.\n TOMOYO: Add description of lists and structures.\n TOMOYO: Remove unused field.\n integrity: ima audit dentry_open failure\n TOMOYO: Remove unused parameter.\n security: use mmap_min_addr indepedently of security models\n TOMOYO: Simplify policy reader.\n TOMOYO: Remove redundant markers.\n SELinux: define audit permissions for audit tree netlink messages\n TOMOYO: Remove unused mutex.\n tomoyo: avoid get+put of task_struct\n smack: Remove redundant initialization.\n integrity: nfsd imbalance bug fix\n rootplug: Remove redundant initialization.\n smack: do not beyond ARRAY_SIZE of data\n integrity: move ima_counts_get\n integrity: path_check update\n IMA: Add __init notation to ima functions\n IMA: Minimal IMA policy and boot param for TCB IMA policy\n selinux: remove obsolete read buffer limit from sel_read_bool\n ...\n" }, { "commit": "20f3f3ca499d2c211771ba552685398b65d83859", "tree": "41b460196a0860e11d12e33e3172463973cb0078", "parents": [ "769f3e8c384795cc350e2aae27de2a12374d19d4", "41c51c98f588edcdf6141cff1895df738e03ddd4" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jun 10 19:50:03 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jun 10 19:50:03 2009 -0700" }, "message": "Merge branch \u0027rcu-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip\n\n* \u0027rcu-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:\n rcu: rcu_sched_grace_period(): kill the bogus flush_signals()\n rculist: use list_entry_rcu in places where it\u0027s appropriate\n rculist.h: introduce list_entry_rcu() and list_first_entry_rcu()\n rcu: Update RCU tracing documentation for __rcu_pending\n rcu: Add __rcu_pending tracing to hierarchical RCU\n RCU: make treercu be default\n" }, { "commit": "c3fa109a5894077d1eaf8731ea741a15dd117b3c", "tree": "a3d5f58ea878868b48a1493055e6f2cb6dd3c9de", "parents": [ "5bf1692f65c12a8aa359dc883468284ffc3c4587" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Mon Jun 08 12:37:39 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jun 09 09:30:24 2009 +1000" }, "message": "TOMOYO: Add description of lists and structures.\n\nThis patch adds some descriptions of lists and structures.\nThis patch contains no code changes.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5bf1692f65c12a8aa359dc883468284ffc3c4587", "tree": "bab96097b51791985d6361b6bdfaf0280b0fc995", "parents": [ "0b4ec6e4e01d98e55ae325a41304cccd87fa4c0f" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Fri Jun 05 14:44:58 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jun 09 09:30:21 2009 +1000" }, "message": "TOMOYO: Remove unused field.\n\nTOMOYO 2.2.0 is not using total_len field of \"struct tomoyo_path_info\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0b4ec6e4e01d98e55ae325a41304cccd87fa4c0f", "tree": "1e075fdf4aaf0c5c003564b3f3414bb4a92ef2ed", "parents": [ "04288f42033607099cebf5ca15ce8dcec3a9688b", "3af968e066d593bc4dacc021715f3e95ddf0996f" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jun 09 09:27:53 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jun 09 09:27:53 2009 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "04288f42033607099cebf5ca15ce8dcec3a9688b", "tree": "41d07beeefcadc4c591699c779406f556cc3433b", "parents": [ "bcb86975dbcc24f820f1a37918d53914af29ace7" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jun 04 13:53:10 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 05 08:02:39 2009 +1000" }, "message": "integrity: ima audit dentry_open failure\n\nUntil we start appraising measurements, the ima_path_check()\nreturn code should always be 0.\n\n- Update the ima_path_check() return code comment\n- Instead of the pr_info, audit the dentry_open failure\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bcb86975dbcc24f820f1a37918d53914af29ace7", "tree": "887bf8bd4d7d896a1357a21ad1df576e5f3ad3b9", "parents": [ "e0a94c2a63f2644826069044649669b5e7ca75d3" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Thu Jun 04 15:14:34 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 04 17:35:18 2009 +1000" }, "message": "TOMOYO: Remove unused parameter.\n\nTOMOYO 2.2.0 does not check argv[] and envp[] upon execve().\nWe don\u0027t need to pass \"struct tomoyo_page_buffer\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e0a94c2a63f2644826069044649669b5e7ca75d3", "tree": "debf8a9af6ac23dadd116dc1cd1f9dcefe9629c6", "parents": [ "7d2948b1248109dbc7f4aaf9867c54b1912d494c" ], "author": { "name": "Christoph Lameter", "email": "cl@linux-foundation.org", "time": "Wed Jun 03 16:04:31 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 04 12:07:48 2009 +1000" }, "message": "security: use mmap_min_addr indepedently of security models\n\nThis patch removes the dependency of mmap_min_addr on CONFIG_SECURITY.\nIt also sets a default mmap_min_addr of 4096.\n\nmmapping of addresses below 4096 will only be possible for processes\nwith CAP_SYS_RAWIO.\n\nSigned-off-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nLooks-ok-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "adf30907d63893e4208dfe3f5c88ae12bc2f25d5", "tree": "0f07542bb95de2ad537540868aba6cf87a86e17d", "parents": [ "511c3f92ad5b6d9f8f6464be1b4f85f0422be91a" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Tue Jun 02 05:19:30 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Jun 03 02:51:04 2009 -0700" }, "message": "net: skb-\u003edst accessors\n\nDefine three accessors to get/set dst attached to a skb\n\nstruct dst_entry *skb_dst(const struct sk_buff *skb)\n\nvoid skb_dst_set(struct sk_buff *skb, struct dst_entry *dst)\n\nvoid skb_dst_drop(struct sk_buff *skb)\nThis one should replace occurrences of :\ndst_release(skb-\u003edst)\nskb-\u003edst \u003d NULL;\n\nDelete skb-\u003edst field\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7d2948b1248109dbc7f4aaf9867c54b1912d494c", "tree": "24edc8fa319598bc32b7d53c7b61fb3ec9ae9e92", "parents": [ "ab588ccadc80f6ef5495e83e176e88c5c0fc2d0e" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jun 02 20:42:24 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 03 07:51:51 2009 +1000" }, "message": "TOMOYO: Simplify policy reader.\n\nWe can directly assign the result of tomoyo_io_printf() to done flag.\n\nSigned-off-by: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Toshiharu Harada \u003charadats@nttdata.co.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ab588ccadc80f6ef5495e83e176e88c5c0fc2d0e", "tree": "ffb995eba759218fd07795f00a1303518621c119", "parents": [ "850b0cee165576f969363a8c52021b5cf9ecbe67" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Tue Jun 02 14:23:39 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 03 07:50:06 2009 +1000" }, "message": "TOMOYO: Remove redundant markers.\n\nRemove \u0027/***** START/STOP *****/\u0027 markers.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "850b0cee165576f969363a8c52021b5cf9ecbe67", "tree": "47d8da2840492950b89a8a1a597c8c18b7cccff8", "parents": [ "fe67e6f2d6df371b58ba721954d45a196df5e8b8" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jun 02 17:01:16 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 03 07:44:53 2009 +1000" }, "message": "SELinux: define audit permissions for audit tree netlink messages\n\nAudit trees defined 2 new netlink messages but the netlink mapping tables for\nselinux permissions were not set up. This patch maps these 2 new operations\nto AUDIT_WRITE.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fe67e6f2d6df371b58ba721954d45a196df5e8b8", "tree": "b4b186aa4b222bdc45839ff4bdbde6f80c413395", "parents": [ "fbeb4a9c20d00e2550156f9e5a34473fbde59de2" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Tue Jun 02 17:00:45 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jun 02 21:19:54 2009 +1000" }, "message": "TOMOYO: Remove unused mutex.\n\nI forgot to remove on TOMOYO\u0027s 15th posting.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fbeb4a9c20d00e2550156f9e5a34473fbde59de2", "tree": "d08881a9eb2d768722363d7022d2ae4da81494d9", "parents": [ "13b297d943828c4594527a2bd9c30ecd04e37886" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Jun 01 22:47:19 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jun 02 15:13:13 2009 +1000" }, "message": "tomoyo: avoid get+put of task_struct\n\nUse task_cred_xxx(task, security) in tomoyo_real_domain() to\navoid a get+put of the target cred.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "13b297d943828c4594527a2bd9c30ecd04e37886", "tree": "9a4e7ea9e0f161f5a3edecfa8300d2677b24cfd9", "parents": [ "14dba5331b90c20588ae6504fea8049c7283028d" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Tue May 26 14:18:07 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 28 11:57:09 2009 +1000" }, "message": "smack: Remove redundant initialization.\n\nWe don\u0027t need to explicitly initialize to cap_* because\nit will be filled by security_fixup_ops().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "76b0187525f024cb391c8043adf2e359b2adb988", "tree": "5e94b6c2b2b0a9cb4e55a10e40fda7e0f6e5a70a", "parents": [ "2c9e703c618106f5383226fbb1f526cb11034f8a" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Tue May 26 14:16:31 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed May 27 13:30:46 2009 +1000" }, "message": "rootplug: Remove redundant initialization.\n\nWe don\u0027t need to explicitly initialize to cap_* because\nit will be filled by security_fixup_ops().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b1338d199dda6681d9af0297928af0a7eb9cba7b", "tree": "bdfcdf710df69eed78e7c4a2b86383ec3db9a230", "parents": [ "e2a1b9ee2335c35e0e34c88a024481b194b3c9cc" ], "author": { "name": "Herton Ronaldo Krzesinski", "email": "herton@mandriva.com.br", "time": "Tue May 26 12:15:53 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed May 27 09:46:48 2009 +1000" }, "message": "tomoyo: add missing call to cap_bprm_set_creds\n\ncap_bprm_set_creds() has to be called from security_bprm_set_creds().\nTOMOYO forgot to call cap_bprm_set_creds() from tomoyo_bprm_set_creds()\nand suid executables were not being working.\n\nMake sure we call cap_bprm_set_creds() with TOMOYO, to set credentials\nproperly inside tomoyo_bprm_set_creds().\n\nSigned-off-by: Herton Ronaldo Krzesinski \u003cherton@mandriva.com.br\u003e\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2c9e703c618106f5383226fbb1f526cb11034f8a", "tree": "87d7548001ea82f655fede0640466fc16aabcdf7", "parents": [ "6470c077cae12227318f40f3e6d756caadcce4b0", "5805977e63a36ad56594a623f3bd2bebcb7db233" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 22 18:40:59 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 22 18:40:59 2009 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n\nConflicts:\n\tfs/exec.c\n\nRemoved IMA changes (the IMA checks are now performed via may_open()).\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6470c077cae12227318f40f3e6d756caadcce4b0", "tree": "c8a543bccd29dfcf7d4bbb104a4786da0c93cf56", "parents": [ "c9d9ac525a0285a5b5ad9c3f9aa8b7c1753e6121" ], "author": { "name": "Roel Kluin", "email": "roel.kluin@gmail.com", "time": "Thu May 21 18:42:54 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 22 12:34:48 2009 +1000" }, "message": "smack: do not beyond ARRAY_SIZE of data\n\nDo not go beyond ARRAY_SIZE of data\n\nSigned-off-by: Roel Kluin \u003croel.kluin@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b9fc745db833bbf74b4988493b8cd902a84c9415", "tree": "45a15174efb3b1c3dcbe5f0dc503e790c4f6fd70", "parents": [ "932995f0ce52525b32ff5127b522c2c164de3810" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue May 19 13:25:57 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 22 09:43:41 2009 +1000" }, "message": "integrity: path_check update\n\n- Add support in ima_path_check() for integrity checking without\nincrementing the counts. (Required for nfsd.)\n- rename and export opencount_get to ima_counts_get\n- replace ima_shm_check calls with ima_counts_get\n- export ima_path_check\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "932995f0ce52525b32ff5127b522c2c164de3810", "tree": "648cfe2ac09025eb3922d2a84ed983a7ac70a060", "parents": [ "5789ba3bd0a3cd20df5980ebf03358f2eb44fd67" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu May 21 15:43:32 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 22 09:34:21 2009 +1000" }, "message": "IMA: Add __init notation to ima functions\n\nA number of IMA functions only used during init are not marked with __init.\nAdd those notations so they are freed automatically.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5789ba3bd0a3cd20df5980ebf03358f2eb44fd67", "tree": "4ad5dc0496f0d6bc06e9614ff5edbc0400fcdb5d", "parents": [ "c5642f4bbae30122beb696e723f6da273caa570e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu May 21 15:47:06 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 22 09:31:20 2009 +1000" }, "message": "IMA: Minimal IMA policy and boot param for TCB IMA policy\n\nThe IMA TCB policy is dangerous. A normal use can use all of a system\u0027s\nmemory (which cannot be freed) simply by building and running lots of\nexecutables. The TCB policy is also nearly useless because logging in as root\noften causes a policy violation when dealing with utmp, thus rendering the\nmeasurements meaningless.\n\nThere is no good fix for this in the kernel. A full TCB policy would need to\nbe loaded in userspace using LSM rule matching to get both a protected and\nuseful system. But, if too little is measured before userspace can load a real\npolicy one again ends up with a meaningless set of measurements. One option\nwould be to put the policy load inside the initrd in order to get it early\nenough in the boot sequence to be useful, but this runs into trouble with the\nLSM. For IMA to measure the LSM policy and the LSM policy loading mechanism\nit needs rules to do so, but we already talked about problems with defaulting\nto such broad rules....\n\nIMA also depends on the files being measured to be on an FS which implements\nand supports i_version. Since the only FS with this support (ext4) doesn\u0027t\neven use it by default it seems silly to have any IMA rules by default.\n\nThis should reduce the performance overhead of IMA to near 0 while still\nletting users who choose to configure their machine as such to inclue the\nima_tcb kernel paramenter and get measurements during boot before they can\nload a customized, reasonable policy in userspace.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c5642f4bbae30122beb696e723f6da273caa570e", "tree": "caf9da5048c6083df90d97d7612d761840fdfbcf", "parents": [ "75834fc3b6fcff00327f5d2a18760c1e8e0179c5" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Tue May 19 09:02:23 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 19 23:56:11 2009 +1000" }, "message": "selinux: remove obsolete read buffer limit from sel_read_bool\n\nOn Tue, 2009-05-19 at 00:05 -0400, Eamon Walsh wrote:\n\u003e Recent versions of coreutils have bumped the read buffer size from 4K to\n\u003e 32K in several of the utilities.\n\u003e\n\u003e This means that \"cat /selinux/booleans/xserver_object_manager\" no longer\n\u003e works, it returns \"Invalid argument\" on F11. getsebool works fine.\n\u003e\n\u003e sel_read_bool has a check for \"count \u003e PAGE_SIZE\" that doesn\u0027t seem to\n\u003e be present in the other read functions. Maybe it could be removed?\n\nYes, that check is obsoleted by the conversion of those functions to\nusing simple_read_from_buffer(), which will reduce count if necessary to\nwhat is available in the buffer.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "75834fc3b6fcff00327f5d2a18760c1e8e0179c5", "tree": "28b1085d2aa76517024709d2f077fdc41aeec4c2", "parents": [ "c3d20103d08e5c0b6738fbd0acf3ca004e5356c5" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon May 18 10:26:10 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 19 08:19:00 2009 +1000" }, "message": "SELinux: move SELINUX_MAGIC into magic.h\n\nThe selinuxfs superblock magic is used inside the IMA code, but is being\ndefined in two places and could someday get out of sync. This patch moves the\ndeclaration into magic.h so it is only done once.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c3d20103d08e5c0b6738fbd0acf3ca004e5356c5", "tree": "4231ff475f11231b3cbca949a7bcad37a9a8cc17", "parents": [ "f850a7c040d9faafb41bceb0a05d6bb7432c8c7a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue May 12 15:14:23 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 15 09:55:44 2009 +1000" }, "message": "IMA: do not measure everything opened by root by default\n\nThe IMA default policy measures every single file opened by root. This is\nterrible for most users. Consider a system (like mine) with virtual machine\nimages. When those images are touched (which happens at boot for me) those\nimages are measured. This is just way too much for the default case.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f850a7c040d9faafb41bceb0a05d6bb7432c8c7a", "tree": "e4e1fa97be0bd3e749f993b99d18746c8a9737ba", "parents": [ "b103387037cea2ba0f04b44d408d54c53f678061" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue May 12 15:13:55 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 15 09:55:41 2009 +1000" }, "message": "IMA: remove read permissions on the ima policy file\n\nThe IMA policy file does not implement read. Trying to just open/read/close\nthe file will load a blank policy and you cannot then change the policy\nwithout a reboot. This removes the read permission from the file so one must\nat least be attempting to write...\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d93e4c940f51ae06b59c14523c4d55947f9597d6", "tree": "2dfe72da55eab4bd12e059f7d9de6f9c37eedbbf", "parents": [ "1a62e958fa4aaeeb752311b4f5e16b2a86737b23" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon May 11 20:47:15 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 12 11:06:11 2009 +1000" }, "message": "securityfs: securityfs_remove should handle IS_ERR pointers\n\nBoth of the securityfs users (TPM and IMA) can call securityfs_remove and pass\nan IS_ERR(dentry) in their failure paths. This patch handles those rather\nthan panicing when it tries to start deferencing some negative memory.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1a62e958fa4aaeeb752311b4f5e16b2a86737b23", "tree": "53d983ebdde45e00ad2079f8035792450b046d56", "parents": [ "f06dd16a03f6f7f72fab4db03be36e28c28c6fd6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon May 11 13:59:22 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 12 11:06:08 2009 +1000" }, "message": "IMA: open all files O_LARGEFILE\n\nIf IMA tried to measure a file which was larger than 4G dentry_open would fail\nwith -EOVERFLOW since IMA wasn\u0027t passing O_LARGEFILE. This patch passes\nO_LARGEFILE to all IMA opens to avoid this problem.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f06dd16a03f6f7f72fab4db03be36e28c28c6fd6", "tree": "6542e8474a2eff0543b20ac4eb2bb2811d23fc3e", "parents": [ "37bcbf13d32e4e453e9def79ee72bd953b88302f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon May 11 13:59:16 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 12 11:06:04 2009 +1000" }, "message": "IMA: Handle dentry_open failures\n\nCurrently IMA does not handle failures from dentry_open(). This means that we\nleave a pointer set to ERR_PTR(errno) and then try to use it just a few lines\nlater in fput(). Oops.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "37bcbf13d32e4e453e9def79ee72bd953b88302f", "tree": "30f2dac25dc846b483558bf5ac9afec0d4ac4e5e", "parents": [ "107db7c7dd137aeb7361b8c2606ac936c0be58ff" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon May 11 13:59:10 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 12 11:06:01 2009 +1000" }, "message": "IMA: use current_cred() instead of current-\u003ecred\n\nProper invocation of the current credentials is to use current_cred() not\ncurrent-\u003ecred. This patches makes IMA use the new method.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e24977d45f45d1675e050dc1a0aaf4bfc4ca9866", "tree": "ee39b590596e9ca6cd18b8ece11a1f6d24278c29", "parents": [ "6b3304b531704711286c3359b06922b83fdba015" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Apr 02 21:17:03 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat May 09 10:49:42 2009 -0400" }, "message": "Reduce path_lookup() abuses\n\n... use kern_path() where possible\n\n[folded a fix from rdd]\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d254117099d711f215e62427f55dfb8ebd5ad011", "tree": "0848ff8dd74314fec14a86497f8d288c86ba7c65", "parents": [ "07ff7a0b187f3951788f64ae1f30e8109bc8e9eb", "8c9ed899b44c19e81859fbb0e9d659fe2f8630fc" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 08 17:56:47 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 08 17:56:47 2009 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "07ff7a0b187f3951788f64ae1f30e8109bc8e9eb", "tree": "995e13b947c55572cdac70a02e6cf169a6cc4f99", "parents": [ "e5e520a715dcea6b72f6b9417b203a4b1e813a8b" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue May 05 13:13:10 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed May 06 10:35:59 2009 +1000" }, "message": "integrity: remove __setup auditing msgs\n\nRemove integrity audit messages from __setup()\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e5e520a715dcea6b72f6b9417b203a4b1e813a8b", "tree": "5edb34e4273ec733d5705b1ebca2b296088a88b1", "parents": [ "53fc0e2259f261602a2750dcc82b8d7bf04d3c35" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue May 05 13:13:00 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed May 06 10:35:56 2009 +1000" }, "message": "integrity: use audit_log_string\n\nBased on a request from Eric Paris to simplify parsing, replace\naudit_log_format statements containing \"%s\" with audit_log_string().\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "53fc0e2259f261602a2750dcc82b8d7bf04d3c35", "tree": "09eaec1b928d433cc50485331bc75f1f2529d0e9", "parents": [ "78a3d9d5654a7fd99cf8b2ab06b9497b9c7aad64" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue May 05 13:12:48 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed May 06 10:35:53 2009 +1000" }, "message": "integrity: lsm audit rule matching fix\n\nAn audit subsystem change replaced AUDIT_EQUAL with Audit_equal.\nUpdate calls to security_filter_rule_init()/match() to reflect\nthe change.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "65c90bca0dba56f60dc4ce2a529140c3cc440f22", "tree": "fd8f5e6338f04ba47fe91de1303b92a22da78daf", "parents": [ "091438dd5668396328a3419abcbc6591159eb8d1" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon May 04 15:43:18 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 05 08:31:03 2009 +1000" }, "message": "selinux: Fix send_sigiotask hook\n\nThe CRED patch incorrectly converted the SELinux send_sigiotask hook to\nuse the current task SID rather than the target task SID in its\npermission check, yielding the wrong permission check. This fixes the\nhook function. Detected by the ltp selinux testsuite and confirmed to\ncorrect the test failure.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ecd6de3c88e8cbcad175b2eab48ba05c2014f7b6", "tree": "ab9257bbe3f3bc9379cf0d252110f9abffba7751", "parents": [ "3bcac0263f0b45e67a64034ebcb69eb9abb742f4" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Wed Apr 29 16:02:24 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 30 09:08:48 2009 +1000" }, "message": "selinux: selinux_bprm_committed_creds() should wake up -\u003ereal_parent, not -\u003eparent.\n\nWe shouldn\u0027t worry about the tracer if current is ptraced, exec() must not\nsucceed if the tracer has no rights to trace this task after cred changing.\nBut we should notify -\u003ereal_parent which is, well, real parent.\n\nAlso, we don\u0027t need _irq to take tasklist, and we don\u0027t need parent\u0027s\n-\u003esiglock to wake_up_interruptible(real_parent-\u003esignal-\u003ewait_chldexit).\nSince we hold tasklist, real_parent-\u003esignal must be stable. Otherwise\nspin_lock(siglock) is not safe too and can\u0027t help anyway.\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3bcac0263f0b45e67a64034ebcb69eb9abb742f4", "tree": "33f4db08edaa12e1c20df348e2fa28c7c2198ebe", "parents": [ "88c48db9788862d0290831d081bc3c64e13b592f" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Apr 29 13:45:05 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 30 09:07:13 2009 +1000" }, "message": "SELinux: Don\u0027t flush inherited SIGKILL during execve()\n\nDon\u0027t flush inherited SIGKILL during execve() in SELinux\u0027s post cred commit\nhook. This isn\u0027t really a security problem: if the SIGKILL came before the\ncredentials were changed, then we were right to receive it at the time, and\nshould honour it; if it came after the creds were changed, then we definitely\nshould honour it; and in any case, all that will happen is that the process\nwill be scrapped before it ever returns to userspace.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "88c48db9788862d0290831d081bc3c64e13b592f", "tree": "5d0e0aedd2c5c0ea8db4007cac66f930ddbe73d7", "parents": [ "19e4529ee7345079eeacc8e40cf69a304a64dc23" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 29 14:00:25 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 30 08:45:56 2009 +1000" }, "message": "SELinux: drop secondary_ops-\u003esysctl\n\nWe are still calling secondary_ops-\u003esysctl even though the capabilities\nmodule does not define a sysctl operation.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "defc433ba3bc587826bb467ce0e63452deafa65d", "tree": "fb11744178f227598b1b26e1c6f24041261c3b98", "parents": [ "aefe6475720bd5eb8aacbc881488f3aa65618562" ], "author": { "name": "Etienne Basset", "email": "etienne.basset@numericable.fr", "time": "Thu Apr 16 23:58:42 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 18 12:58:25 2009 +1000" }, "message": "Smack: check for SMACK xattr validity in smack_inode_setxattr\n\nthe following patch moves checks for SMACK xattr validity\nfrom smack_inode_post_setxattr (which cannot return an error to the user)\nto smack_inode_setxattr (which can return an error).\n\nSigned-off-by: Etienne Basset \u003cetienne.basset@numericable.fr\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "05725f7eb4b8acb147c5fc7b91397b1f6bcab00d", "tree": "1f22c6bec3429f7ec9ebb8acd25672249e39b380", "parents": [ "72c6a9870f901045f2464c3dc6ee8914bfdc07aa" ], "author": { "name": "Jiri Pirko", "email": "jpirko@redhat.com", "time": "Tue Apr 14 20:17:16 2009 +0200" }, "committer": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Wed Apr 15 12:05:25 2009 +0200" }, "message": "rculist: use list_entry_rcu in places where it\u0027s appropriate\n\nUse previously introduced list_entry_rcu instead of an open-coded\nlist_entry + rcu_dereference combination.\n\nSigned-off-by: Jiri Pirko \u003cjpirko@redhat.com\u003e\nReviewed-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: dipankar@in.ibm.com\nLKML-Reference: \u003c20090414181715.GA3634@psychotron.englab.brq.redhat.com\u003e\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\n" }, { "commit": "39826a1e17c1957bd7b5cd7815b83940e5e3a230", "tree": "c1452c0293b7f2f4bce2c36d3b5aea8e4020ff3e", "parents": [ "17a7b7b39056a82c5012539311850f202e6c3cd4" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Apr 08 22:31:28 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 14 09:15:02 2009 +1000" }, "message": "tomoyo: version bump to 2.2.0.\n\nSigned-off-by: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Toshiharu Harada \u003charadats@nttdata.co.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ecfcc53fef3c357574bb6143dce6631e6d56295c", "tree": "d7bee04b64c5ad2ba0ed273bff2c8c7c98b3eee5", "parents": [ "6e837fb152410e571a81aaadbd9884f0bc46a55e" ], "author": { "name": "Etienne Basset", "email": "etienne.basset@numericable.fr", "time": "Wed Apr 08 20:40:06 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 14 09:00:23 2009 +1000" }, "message": "smack: implement logging V3\n\nthe following patch, add logging of Smack security decisions.\nThis is of course very useful to understand what your current smack policy does.\nAs suggested by Casey, it also now forbids labels with \u0027, \" or \\\n\nIt introduces a \u0027/smack/logging\u0027 switch :\n0: no logging\n1: log denied (default)\n2: log accepted\n3: log denied\u0026accepted\n\nSigned-off-by: Etienne Basset \u003cetienne.basset@numericable.fr\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6e837fb152410e571a81aaadbd9884f0bc46a55e", "tree": "7169c53fa17d729e1f3021102c12653dad3d3dcb", "parents": [ "7ba5779533819fc061b4afafcb4a609d55f37057" ], "author": { "name": "Etienne Basset", "email": "etienne.basset@numericable.fr", "time": "Wed Apr 08 20:39:40 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 14 09:00:19 2009 +1000" }, "message": "smack: implement logging V3\n\nThis patch creates auditing functions usable by LSM to audit security\nevents. It provides standard dumping of FS, NET, task etc ... events\n(code borrowed from SELinux)\nand provides 2 callbacks to define LSM specific auditing, which should be\nflexible enough to convert SELinux too.\n\nSigned-off-by: Etienne Basset \u003cetienne.basset@numericable.fr\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\ncked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "34574dd10b6d0697b86703388d6d6af9cbf4bb48", "tree": "89eb52c0777687d4704d3ab3a370c50c1fe9479c", "parents": [ "11ff5f6affe9b75f115a900a5584db339d46002b" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Apr 09 17:14:05 2009 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Apr 09 10:41:19 2009 -0700" }, "message": "keys: Handle there being no fallback destination keyring for request_key()\n\nWhen request_key() is called, without there being any standard process\nkeyrings on which to fall back if a destination keyring is not specified, an\noops is liable to occur when construct_alloc_key() calls down_write() on\ndest_keyring\u0027s semaphore.\n\nDue to function inlining this may be seen as an oops in down_write() as called\nfrom request_key_and_link().\n\nThis situation crops up during boot, where request_key() is called from within\nthe kernel (such as in CIFS mounts) where nobody is actually logged in, and so\nPAM has not had a chance to create a session keyring and user keyrings to act\nas the fallback.\n\nTo fix this, make construct_alloc_key() not attempt to cache a key if there is\nno fallback key if no destination keyring is given specifically.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nTested-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5bf37ec3e0f5eb79f23e024a7fbc8f3557c087f0", "tree": "555033e32330726df31fa68244656e11eae39490", "parents": [ "577c9c456f0e1371cbade38eaf91ae8e8a308555" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Wed Apr 08 16:55:58 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 09 09:12:03 2009 +1000" }, "message": "cap_prctl: don\u0027t set error to 0 at \u0027no_change\u0027\n\nOne-liner: capsh --print is broken without this patch.\n\nIn certain cases, cap_prctl returns error \u003e 0 for success. However,\nthe \u0027no_change\u0027 label was always setting error to 0. As a result,\nfor example, \u0027prctl(CAP_BSET_READ, N)\u0027 would always return 0.\nIt should return 1 if a process has N in its bounding set (as\nby default it does).\n\nI\u0027m keeping the no_change label even though it\u0027s now functionally\nthe same as \u0027error\u0027.\n\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a0558fc3491c0494feb8472cf6c0119e43fd9484", "tree": "e26a2baaa63c07761686f97cde9aa4aaa527f82f", "parents": [ "d508afb437daee7cf07da085b635c44a4ebf9b38" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Apr 06 20:49:14 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 07 16:08:56 2009 +1000" }, "message": "tomoyo: remove \"undelete domain\" command.\n\nSince TOMOYO\u0027s policy management tools does not use the \"undelete domain\"\ncommand, we decided to remove that command.\n\nSigned-off-by: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Toshiharu Harada \u003charadats@nttdata.co.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7ba5779533819fc061b4afafcb4a609d55f37057", "tree": "aef85844963c54661d33ed82dad8ff9afac7ea9d", "parents": [ "b5f22a59c0356655a501190959db9f7f5dd07e3f" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Apr 06 20:49:14 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 07 08:17:43 2009 +1000" }, "message": "tomoyo: remove \"undelete domain\" command.\n\nSince TOMOYO\u0027s policy management tools does not use the \"undelete domain\"\ncommand, we decided to remove that command.\n\nSigned-off-by: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Toshiharu Harada \u003charadats@nttdata.co.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "800a964787faef3509d194fa33268628c3d1daa9", "tree": "37a722ed9d269d60bc26f6d8f0862d87e45a2424", "parents": [ "385e1ca5f21c4680ad6a46a3aa2ea8af99e99c92" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Apr 03 16:42:40 2009 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Apr 03 16:42:40 2009 +0100" }, "message": "CacheFiles: Export things for CacheFiles\n\nExport a number of functions for CacheFiles\u0027s use.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Steve Dickson \u003csteved@redhat.com\u003e\nAcked-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\nAcked-by: Rik van Riel \u003criel@redhat.com\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nTested-by: Daire Byrne \u003cDaire.Byrne@framestore.com\u003e\n" }, { "commit": "8fe74cf053de7ad2124a894996f84fa890a81093", "tree": "77dcd8fbf33ce53a3821942233962fb28c6f2848", "parents": [ "c2eb2fa6d2b6fe122d3479ec5b28d978418b2698", "ced117c73edc917e96dea7cca98c91383f0792f7" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Apr 02 21:09:10 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Apr 02 21:09:10 2009 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:\n Remove two unneeded exports and make two symbols static in fs/mpage.c\n Cleanup after commit 585d3bc06f4ca57f975a5a1f698f65a45ea66225\n Trim includes of fdtable.h\n Don\u0027t crap into descriptor table in binfmt_som\n Trim includes in binfmt_elf\n Don\u0027t mess with descriptor table in load_elf_binary()\n Get rid of indirect include of fs_struct.h\n New helper - current_umask()\n check_unsafe_exec() doesn\u0027t care about signal handlers sharing\n New locking/refcounting for fs_struct\n Take fs_struct handling to new file (fs/fs_struct.c)\n Get rid of bumping fs_struct refcount in pivot_root(2)\n Kill unsharing fs_struct in __set_personality()\n" }, { "commit": "b4046f00ee7c1e5615261b496cf7309683275b29", "tree": "8ef312b95b03f362f7780a37620167c54bf55e8f", "parents": [ "d969fbe69e07fcceb0558b35d4c75eb046041c5e" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Thu Apr 02 16:57:32 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Apr 02 19:04:55 2009 -0700" }, "message": "devcgroup: avoid using cgroup_lock\n\nThere is nothing special that has to be protected by cgroup_lock,\nso introduce devcgroup_mtuex for it\u0027s own use.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b5f22a59c0356655a501190959db9f7f5dd07e3f", "tree": "3c20437a6a3b7b7e980078bfbcd0d53cdeda7528", "parents": [ "3d43321b7015387cfebbe26436d0e9d299162ea1" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Thu Apr 02 18:47:14 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 03 11:49:31 2009 +1100" }, "message": "don\u0027t raise all privs on setuid-root file with fE set (v2)\n\nDistributions face a backward compatibility problem with starting to use\nfile capabilities. For instance, removing setuid root from ping and\ndoing setcap cap_net_raw\u003dpe means that booting with an older kernel\nor one compiled without file capabilities means ping won\u0027t work for\nnon-root users.\n\nIn order to replace the setuid root bit on a capability-unaware\nprogram, one has to set the effective, or legacy, file capability,\nwhich makes the capability effective immediately. This patch\nuses the legacy bit as a queue to not automatically add full\nprivilege to a setuid-root program.\n\nSo, with this patch, an ordinary setuid-root program will run with\nprivilege. But if /bin/ping has both setuid-root and cap_net_raw in\nfP and fE, then ping (when run by non-root user) will not run\nwith only cap_net_raw.\n\nChangelog:\n\tApr 2 2009: Print a message once when such a binary is loaded,\n\t\tas per James Morris\u0027 suggestion.\n\tApr 2 2009: Fix the condition to only catch uid!\u003d0 \u0026\u0026 euid\u003d\u003d0.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8a6f83afd0c5355db6d11394a798e94950306239", "tree": "f7cb84de87f67eeba0dd68681907696f8a5774d1", "parents": [ "c31f403de62415c738ddc9e673cf8e722c82f861" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Wed Apr 01 10:07:57 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 02 09:23:45 2009 +1100" }, "message": "Permissive domain in userspace object manager\n\nThis patch enables applications to handle permissive domain correctly.\n\nSince the v2.6.26 kernel, SELinux has supported an idea of permissive\ndomain which allows certain processes to work as if permissive mode,\neven if the global setting is enforcing mode.\nHowever, we don\u0027t have an application program interface to inform\nwhat domains are permissive one, and what domains are not.\nIt means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL\nand so on) cannot handle permissive domain correctly.\n\nThis patch add the sixth field (flags) on the reply of the /selinux/access\ninterface which is used to make an access control decision from userspace.\nIf the first bit of the flags field is positive, it means the required\naccess control decision is on permissive domain, so application should\nallow any required actions, as the kernel doing.\n\nThis patch also has a side benefit. The av_decision.flags is set at\ncontext_struct_compute_av(). It enables to check required permissions\nwithout read_lock(\u0026policy_rwlock).\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n--\n security/selinux/avc.c | 2 +-\n security/selinux/include/security.h | 4 +++-\n security/selinux/selinuxfs.c | 4 ++--\n security/selinux/ss/services.c | 30 +++++-------------------------\n 4 files changed, 11 insertions(+), 29 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5ad4e53bd5406ee214ddc5a41f03f779b8b2d526", "tree": "b3dab5140284b3edf02bf2b13f74bfddb25aa62a", "parents": [ "ce3b0f8d5c2203301fc87f3aaaed73e5819e2a48" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Mar 29 19:50:06 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 31 23:00:27 2009 -0400" }, "message": "Get rid of indirect include of fs_struct.h\n\nDon\u0027t pull it in sched.h; very few files actually need it and those\ncan include directly. sched.h itself only needs forward declaration\nof struct fs_struct;\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4303154e86597885bc3cbc178a48ccbc8213875f", "tree": "11989bcc2ec5d9cd5a1b7952f169ec5cbd8abb8e", "parents": [ "07feee8f812f7327a46186f7604df312c8c81962" ], "author": { "name": "Etienne Basset", "email": "etienne.basset@numericable.fr", "time": "Fri Mar 27 17:11:01 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Mar 28 15:01:37 2009 +1100" }, "message": "smack: Add a new \u0027-CIPSO\u0027 option to the network address label configuration\n\nThis patch adds a new special option \u0027-CIPSO\u0027 to the Smack subsystem. When used\nin the netlabel list, it means \"use CIPSO networking\". A use case is when your\nlocal network speaks CIPSO and you want also to connect to the unlabeled\nInternet. This patch also add some documentation describing that. The patch\nalso corrects an oops when setting a \u0027\u0027 SMACK64 xattr to a file.\n\nSigned-off-by: Etienne Basset \u003cetienne.basset@numericable.fr\u003e\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "07feee8f812f7327a46186f7604df312c8c81962", "tree": "73eac643b60532aa82d7680a7de193ba2b62eddd", "parents": [ "8651d5c0b1f874c5b8307ae2b858bc40f9f02482" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Mar 27 17:10:54 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Mar 28 15:01:37 2009 +1100" }, "message": "netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections\n\nThis patch cleans up a lot of the Smack network access control code. The\nlargest changes are to fix the labeling of incoming TCP connections in a\nmanner similar to the recent SELinux changes which use the\nsecurity_inet_conn_request() hook to label the request_sock and let the label\nmove to the child socket via the normal network stack mechanisms. In addition\nto the incoming TCP connection fixes this patch also removes the smk_labled\nfield from the socket_smack struct as the minor optimization advantage was\noutweighed by the difficulty in maintaining it\u0027s proper state.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8651d5c0b1f874c5b8307ae2b858bc40f9f02482", "tree": "c09bee8fdc4c659d155b47911dc87ce4c09b6676", "parents": [ "58bfbb51ff2b0fdc6c732ff3d72f50aa632b67a2" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Mar 27 17:10:48 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Mar 28 15:01:37 2009 +1100" }, "message": "lsm: Remove the socket_post_accept() hook\n\nThe socket_post_accept() hook is not currently used by any in-tree modules\nand its existence continues to cause problems by confusing people about\nwhat can be safely accomplished using this hook. If a legitimate need for\nthis hook arises in the future it can always be reintroduced.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "58bfbb51ff2b0fdc6c732ff3d72f50aa632b67a2", "tree": "41132587adbb6816b56b9d28105826b8ef0fd7b9", "parents": [ "389fb800ac8be2832efedd19978a2b8ced37eb61" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Mar 27 17:10:41 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Mar 28 15:01:37 2009 +1100" }, "message": "selinux: Remove the \"compat_net\" compatibility code\n\nThe SELinux \"compat_net\" is marked as deprecated, the time has come to\nfinally remove it from the kernel. Further code simplifications are\nlikely in the future, but this patch was intended to be a simple,\nstraight-up removal of the compat_net code.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "389fb800ac8be2832efedd19978a2b8ced37eb61", "tree": "fa0bc16050dfb491aa05f76b54fa4c167de96376", "parents": [ "284904aa79466a4736f4c775fdbe5c7407fa136c" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Mar 27 17:10:34 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Mar 28 15:01:36 2009 +1100" }, "message": "netlabel: Label incoming TCP connections correctly in SELinux\n\nThe current NetLabel/SELinux behavior for incoming TCP connections works but\nonly through a series of happy coincidences that rely on the limited nature of\nstandard CIPSO (only able to convey MLS attributes) and the write equality\nimposed by the SELinux MLS constraints. The problem is that network sockets\ncreated as the result of an incoming TCP connection were not on-the-wire\nlabeled based on the security attributes of the parent socket but rather based\non the wire label of the remote peer. The issue had to do with how IP options\nwere managed as part of the network stack and where the LSM hooks were in\nrelation to the code which set the IP options on these newly created child\nsockets. While NetLabel/SELinux did correctly set the socket\u0027s on-the-wire\nlabel it was promptly cleared by the network stack and reset based on the IP\noptions of the remote peer.\n\nThis patch, in conjunction with a prior patch that adjusted the LSM hook\nlocations, works to set the correct on-the-wire label format for new incoming\nconnections through the security_inet_conn_request() hook. Besides the\ncorrect behavior there are many advantages to this change, the most significant\nis that all of the NetLabel socket labeling code in SELinux now lives in hooks\nwhich can return error codes to the core stack which allows us to finally get\nride of the selinux_netlbl_inode_permission() logic which greatly simplfies\nthe NetLabel/SELinux glue code. In the process of developing this patch I\nalso ran into a small handful of AF_INET6 cleanliness issues that have been\nfixed which should make the code safer and easier to extend in the future.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a106cbfd1f3703402fc2d95d97e7a054102250f0", "tree": "f386efb92e2c68bbd15900b6f14a56c444c28556", "parents": [ "1987f17d2266e882862528841429b5bf67bc8fe5" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Fri Mar 27 13:12:16 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Mar 27 19:03:44 2009 +1100" }, "message": "TOMOYO: Fix a typo.\n\nFix a typo.\n\nReported-by: Pavel Machek \u003cpavel@ucw.cz\u003e\nSigned-off-by: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Toshiharu Harada \u003charadats@nttdata.co.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7198e2eeb44b3fe7cc97f997824002da47a9c644", "tree": "4989ad0f9727ac4b861189217760517aa8beea43", "parents": [ "703a3cd72817e99201cef84a8a7aecc60b2b3581" ], "author": { "name": "Etienne Basset", "email": "etienne.basset@numericable.fr", "time": "Tue Mar 24 20:53:24 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 26 09:17:04 2009 +1100" }, "message": "smack: convert smack to standard linux lists\n\nthe following patch (on top of 2.6.29) converts Smack lists to standard linux lists\nPlease review and consider for inclusion in 2.6.30-rc\n\nregards,\nEtienne\n\nSigned-off-by: Etienne Basset \u003cetienne.basset@numericable.fr\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "703a3cd72817e99201cef84a8a7aecc60b2b3581", "tree": "3e943755178ff410694722bb031f523136fbc432", "parents": [ "df7f54c012b92ec93d56b68547351dcdf8a163d3", "8e0ee43bc2c3e19db56a4adaa9a9b04ce885cd84" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 24 10:52:46 2009 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 24 10:52:46 2009 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "df7f54c012b92ec93d56b68547351dcdf8a163d3", "tree": "07039542feca94d4d467c430521319950819a4e1", "parents": [ "dd34b5d75a0405814a3de83f02a44ac297e81629" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Mar 09 14:35:58 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 10 08:40:02 2009 +1100" }, "message": "SELinux: inode_doinit_with_dentry drop no dentry printk\n\nDrop the printk message when an inode is found without an associated\ndentry. This should only happen when userspace can\u0027t be accessing those\ninodes and those labels will get set correctly on the next d_instantiate.\nThus there is no reason to send this message.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dd34b5d75a0405814a3de83f02a44ac297e81629", "tree": "f24939a7b7f6b33c44939ee4022d7e95b3f670b6", "parents": [ "6a25b27d602aac24f3c642722377ba5d778417ec" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 05 13:43:35 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Mar 06 08:50:21 2009 +1100" }, "message": "SELinux: new permission between tty audit and audit socket\n\nNew selinux permission to separate the ability to turn on tty auditing from\nthe ability to set audit rules.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6a25b27d602aac24f3c642722377ba5d778417ec", "tree": "ba334617326c65ccd98e7f4733c75fa0ac2ae5ca", "parents": [ "113a0e4590881ce579ca992a80ddc562b3372ede" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 05 13:40:35 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Mar 06 08:50:18 2009 +1100" }, "message": "SELinux: open perm for sock files\n\nWhen I did open permissions I didn\u0027t think any sockets would have an open.\nTurns out AF_UNIX sockets can have an open when they are bound to the\nfilesystem namespace. This patch adds a new SOCK_FILE__OPEN permission.\nIt\u0027s safe to add this as the open perms are already predicated on\ncapabilities and capabilities means we have unknown perm handling so\nsystems should be as backwards compatible as the policy wants them to\nbe.\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id\u003d475224\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "211a40c0870457b29100cffea0180fa5083caf96", "tree": "fae71ac7a443a45391ee6049f2300a5c25fe2272", "parents": [ "559595a985e106d2fa9f0c79b7f5805453fed593" ], "author": { "name": "etienne", "email": "etienne.basset@numericable.fr", "time": "Wed Mar 04 07:33:51 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 05 08:36:34 2009 +1100" }, "message": "smack: fixes for unlabeled host support\n\nThe following patch (against 2.6.29rc5) fixes a few issues in the\nsmack/netlabel \"unlabeled host support\" functionnality that was added in\n2.6.29rc. It should go in before -final.\n\n1) smack_host_label disregard a \"0.0.0.0/0 @\" rule (or other label),\npreventing \u0027tagged\u0027 tasks to access Internet (many systems drop packets with\nIP options)\n\n2) netmasks were not handled correctly, they were stored in a way _not\nequivalent_ to conversion to be32 (it was equivalent for /0, /8, /16, /24,\n/32 masks but not other masks)\n\n3) smack_netlbladdr prefixes (IP/mask) were not consistent (mask\u0026IP was not\ndone), so there could have been different list entries for the same IP\nprefix; if those entries had different labels, well ...\n\n4) they were not sorted\n\n1) 2) 3) are bugs, 4) is a more cosmetic issue.\nThe patch :\n\n-creates a new helper smk_netlbladdr_insert to insert a smk_netlbladdr,\n-sorted by netmask length\n\n-use the new sorted nature of smack_netlbladdrs list to simplify\n smack_host_label : the first match _will_ be the more specific\n\n-corrects endianness issues in smk_write_netlbladdr \u0026 netlbladdr_seq_show\n\nSigned-off-by: \u003cetienne.basset@numericable.fr\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "113a0e4590881ce579ca992a80ddc562b3372ede", "tree": "29dd1cd1c5f594efb51cdf9530a90ba2f3f2854e", "parents": [ "454804ab0302b354e35d992d08e53fe03313baaf" ], "author": { "name": "etienne", "email": "etienne.basset@numericable.fr", "time": "Wed Mar 04 07:33:51 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 05 08:30:01 2009 +1100" }, "message": "smack: fixes for unlabeled host support\n\nThe following patch (against 2.6.29rc5) fixes a few issues in the\nsmack/netlabel \"unlabeled host support\" functionnality that was added in\n2.6.29rc. It should go in before -final.\n\n1) smack_host_label disregard a \"0.0.0.0/0 @\" rule (or other label),\npreventing \u0027tagged\u0027 tasks to access Internet (many systems drop packets with\nIP options)\n\n2) netmasks were not handled correctly, they were stored in a way _not\nequivalent_ to conversion to be32 (it was equivalent for /0, /8, /16, /24,\n/32 masks but not other masks)\n\n3) smack_netlbladdr prefixes (IP/mask) were not consistent (mask\u0026IP was not\ndone), so there could have been different list entries for the same IP\nprefix; if those entries had different labels, well ...\n\n4) they were not sorted\n\n1) 2) 3) are bugs, 4) is a more cosmetic issue.\nThe patch :\n\n-creates a new helper smk_netlbladdr_insert to insert a smk_netlbladdr,\n-sorted by netmask length\n\n-use the new sorted nature of smack_netlbladdrs list to simplify\n smack_host_label : the first match _will_ be the more specific\n\n-corrects endianness issues in smk_write_netlbladdr \u0026 netlbladdr_seq_show\n\nSigned-off-by: \u003cetienne.basset@numericable.fr\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d7f59dc4642ce2fc7b79fcd4ec02ffce7f21eb02", "tree": "1557550ed6478a38cc04ad480a5977580d97b5cd", "parents": [ "778ef1e6cbb049c9bcbf405936ee6f2b6e451892" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Feb 27 15:00:03 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Mar 02 09:30:04 2009 +1100" }, "message": "selinux: Fix a panic in selinux_netlbl_inode_permission()\n\nRick McNeal from LSI identified a panic in selinux_netlbl_inode_permission()\ncaused by a certain sequence of SUNRPC operations. The problem appears to be\ndue to the lack of NULL pointer checking in the function; this patch adds the\npointer checks so the function will exit safely in the cases where the socket\nis not completely initialized.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "454804ab0302b354e35d992d08e53fe03313baaf", "tree": "e01a4928e19ac2e8318bc88d0b79970cccc60665", "parents": [ "2ea190d0a006ce5218baa6e798512652446a605a" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Thu Feb 26 18:28:04 2009 -0600" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 27 12:35:15 2009 +1100" }, "message": "keys: make procfiles per-user-namespace\n\nRestrict the /proc/keys and /proc/key-users output to keys\nbelonging to the same user namespace as the reading task.\n\nWe may want to make this more complicated - so that any\nkeys in a user-namespace which is belongs to the reading\ntask are also shown. But let\u0027s see if anyone wants that\nfirst.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2ea190d0a006ce5218baa6e798512652446a605a", "tree": "1d8612678355c77d8ea9f316ef6ce7d80ee6d613", "parents": [ "8ff3bc3138a400294ee9e126ac75fc9a9fae4e0b" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Thu Feb 26 18:27:55 2009 -0600" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 27 12:35:12 2009 +1100" }, "message": "keys: skip keys from another user namespace\n\nWhen listing keys, do not return keys belonging to the\nsame uid in another user namespace. Otherwise uid 500\nin another user namespace will return keyrings called\nuid.500 for another user namespace.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8ff3bc3138a400294ee9e126ac75fc9a9fae4e0b", "tree": "f1e2f21f17268cb9a88446da2f1ced9dbccd5138", "parents": [ "1d1e97562e5e2ac60fb7b25437ba619f95f67fab" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Thu Feb 26 18:27:47 2009 -0600" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 27 12:35:09 2009 +1100" }, "message": "keys: consider user namespace in key_permission\n\nIf a key is owned by another user namespace, then treat the\nkey as though it is owned by both another uid and gid.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1d1e97562e5e2ac60fb7b25437ba619f95f67fab", "tree": "68a9c52ecbff0782dd9b9438685afc3b40b6f707", "parents": [ "be38e0fd5f90a91d09e0a85ffb294b70a7be6259" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Thu Feb 26 18:27:38 2009 -0600" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 27 12:35:06 2009 +1100" }, "message": "keys: distinguish per-uid keys in different namespaces\n\nper-uid keys were looked by uid only. Use the user namespace\nto distinguish the same uid in different namespaces.\n\nThis does not address key_permission. So a task can for instance\ntry to join a keyring owned by the same uid in another namespace.\nThat will be handled by a separate patch.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "09c50b4a52c01a1f450b8eec819089e228655bfb", "tree": "d97bcaf9544e58a8a6bc6aeb40ca9793411d3e79", "parents": [ "586c25003707067f074043d80fb2071671c58db0" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Feb 20 16:33:02 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 23 10:05:55 2009 +1100" }, "message": "selinux: Fix the NetLabel glue code for setsockopt()\n\nAt some point we (okay, I) managed to break the ability for users to use the\nsetsockopt() syscall to set IPv4 options when NetLabel was not active on the\nsocket in question. The problem was noticed by someone trying to use the\n\"-R\" (record route) option of ping:\n\n # ping -R 10.0.0.1\n ping: record route: No message of desired type\n\nThe solution is relatively simple, we catch the unlabeled socket case and\nclear the error code, allowing the operation to succeed. Please note that we\nstill deny users the ability to override IPv4 options on socket\u0027s which have\nNetLabel labeling active; this is done to ensure the labeling remains intact.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "be38e0fd5f90a91d09e0a85ffb294b70a7be6259", "tree": "8e48b770e6c2012185fd68c0a1098991ad3c56cb", "parents": [ "1581e7ddbdd97443a134e1a0cc9d81256baf77a4" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Feb 20 14:28:29 2009 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 23 09:54:53 2009 +1100" }, "message": "integrity: ima iint radix_tree_lookup locking fix\n\nBased on Andrew Morton\u0027s comments:\n- add missing locks around radix_tree_lookup in ima_iint_insert()\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1581e7ddbdd97443a134e1a0cc9d81256baf77a4", "tree": "54134783d9b61dea08b434e0d6e447ac8f8924b2", "parents": [ "0da0a420bb542b13ebae142109a9d2045ade0cb1" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Feb 21 20:40:50 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 23 09:45:05 2009 +1100" }, "message": "TOMOYO: Do not call tomoyo_realpath_init unless registered.\n\ntomoyo_realpath_init() is unconditionally called by security_initcall().\nBut nobody will use realpath related functions if TOMOYO is not registered.\n\nSo, let tomoyo_init() call tomoyo_realpath_init().\n\nThis patch saves 4KB of memory allocation if TOMOYO is not registered.\n\nSigned-off-by: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Toshiharu Harada \u003charadats@nttdata.co.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0da0a420bb542b13ebae142109a9d2045ade0cb1", "tree": "995a02bed11d55c9f8d963735b12f670ddca19cc", "parents": [ "251a2a958b0455d11b711aeeb57cabad66259461" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Feb 19 21:23:50 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 21 00:29:59 2009 +1100" }, "message": "integrity: ima scatterlist bug fix\n\nBased on Alexander Beregalov\u0027s post http://lkml.org/lkml/2009/2/19/198\n\n- replaced sg_set_buf() with sg_init_one()\n\n kernel BUG at include/linux/scatterlist.h:65!\n invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC\n last sysfs file:\n CPU 2\n Modules linked in:\n Pid: 1, comm: swapper Not tainted 2.6.29-rc5-next-20090219 #5 PowerEdge 1950\n RIP: 0010:[\u003cffffffff8045ec70\u003e] [\u003cffffffff8045ec70\u003e] ima_calc_hash+0xc0/0x160\n RSP: 0018:ffff88007f46bc40 EFLAGS: 00010286\n RAX: ffffe200032c45e8 RBX: 00000000fffffff4 RCX: 0000000087654321\n RDX: 0000000000000002 RSI: 0000000000000001 RDI: ffff88007cf71048\n RBP: ffff88007f46bcd0 R08: 0000000000000000 R09: 0000000000000163\n R10: ffff88007f4707a8 R11: 0000000000000000 R12: ffff88007cf71048\n R13: 0000000000001000 R14: 0000000000000000 R15: 0000000000009d98\n FS: 0000000000000000(0000) GS:ffff8800051ac000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b\n CR2: 0000000000000000 CR3: 0000000000201000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nTested-by: Alexander Beregalov \u003ca.beregalov@gmail.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "251a2a958b0455d11b711aeeb57cabad66259461", "tree": "6e89b9a3f79c4a46573682044188c7d4692f0cb5", "parents": [ "e5a3b95f581da62e2054ef79d3be2d383e9ed664" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Wed Feb 18 11:42:33 2009 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 19 15:51:10 2009 +1100" }, "message": "smack: fix lots of kernel-doc notation\n\nFix/add kernel-doc notation and fix typos in security/smack/.\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e5a3b95f581da62e2054ef79d3be2d383e9ed664", "tree": "6a55bf40033c92b2c82fa0643c2511dbe7124b32", "parents": [ "33043cbb9fd49a957089f5948fe814764d7abbd6" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Feb 14 11:46:56 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 16 09:01:48 2009 +1100" }, "message": "TOMOYO: Don\u0027t create securityfs entries unless registered.\n\nTOMOYO should not create /sys/kernel/security/tomoyo/ interface unless\nTOMOYO is registered.\n\nSigned-off-by: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Toshiharu Harada \u003charadats@nttdata.co.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "33043cbb9fd49a957089f5948fe814764d7abbd6", "tree": "66be66415be5a1108788291194cc5b2bc89fb6fe", "parents": [ "26036651c562609d1f52d181f9d2cccbf89929b1" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Fri Feb 13 16:00:58 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 12:33:30 2009 +1100" }, "message": "TOMOYO: Fix exception policy read failure.\n\nDue to wrong initialization, \"cat /sys/kernel/security/tomoyo/exception_policy\"\nreturned nothing.\n\nSigned-off-by: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Toshiharu Harada \u003charadats@nttdata.co.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "26036651c562609d1f52d181f9d2cccbf89929b1", "tree": "db68ab98d574d6763f562ac87cc7810385496f22", "parents": [ "edf3d1aecd0d608acbd561b0c527e1d41abcb657" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:51:04 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:23:48 2009 +1100" }, "message": "SELinux: convert the avc cache hash list to an hlist\n\nWe do not need O(1) access to the tail of the avc cache lists and so we are\nwasting lots of space using struct list_head instead of struct hlist_head.\nThis patch converts the avc cache to use hlists in which there is a single\npointer from the head which saves us about 4k of global memory.\n\nResulted in about a 1.5% decrease in time spent in avc_has_perm_noaudit based\non oprofile sampling of tbench. Although likely within the noise....\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "edf3d1aecd0d608acbd561b0c527e1d41abcb657", "tree": "49d88ec27a59f602784b47e2f951934d245f7de8", "parents": [ "f1c6381a6e337adcecf84be2a838bd9e610e2365" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:50:59 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:23:45 2009 +1100" }, "message": "SELinux: code readability with avc_cache\n\nThe code making use of struct avc_cache was not easy to read thanks to liberal\nuse of \u0026avc_cache.{slots_lock,slots}[hvalue] throughout. This patch simply\ncreates local pointers and uses those instead of the long global names.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f1c6381a6e337adcecf84be2a838bd9e610e2365", "tree": "a6e0857db27a38b0976fb422836f9443241b4b61", "parents": [ "21193dcd1f3570ddfd8a04f4465e484c1f94252f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:50:54 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:23:08 2009 +1100" }, "message": "SELinux: remove unused av.decided field\n\nIt appears there was an intention to have the security server only decide\ncertain permissions and leave other for later as some sort of a portential\nperformance win. We are currently always deciding all 32 bits of\npermissions and this is a useless couple of branches and wasted space.\nThis patch completely drops the av.decided concept.\n\nThis in a 17% reduction in the time spent in avc_has_perm_noaudit\nbased on oprofile sampling of a tbench benchmark.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "21193dcd1f3570ddfd8a04f4465e484c1f94252f", "tree": "b6cab3861103261a3ab27ff3ea3485cb53af5a92", "parents": [ "906d27d9d28fd50fb40026e56842d8f6806a7a04" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:50:49 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:23:04 2009 +1100" }, "message": "SELinux: more careful use of avd in avc_has_perm_noaudit\n\nwe are often needlessly jumping through hoops when it comes to avd\nentries in avc_has_perm_noaudit and we have extra initialization and memcpy\nwhich are just wasting performance. Try to clean the function up a bit.\n\nThis patch resulted in a 13% drop in time spent in avc_has_perm_noaudit in my\noprofile sampling of a tbench benchmark.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "906d27d9d28fd50fb40026e56842d8f6806a7a04", "tree": "4f73e1396a09349a307f38b1de19767f558bedb1", "parents": [ "a5dda683328f99c781f92c66cc52ffc0639bef58" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:50:43 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:22:37 2009 +1100" }, "message": "SELinux: remove the unused ae.used\n\nCurrently SELinux code has an atomic which was intended to track how many\ntimes an avc entry was used and to evict entries when they haven\u0027t been\nused recently. Instead we never let this atomic get above 1 and evict when\nit is first checked for eviction since it hits zero. This is a total waste\nof time so I\u0027m completely dropping ae.used.\n\nThis change resulted in about a 3% faster avc_has_perm_noaudit when running\noprofile against a tbench benchmark.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a5dda683328f99c781f92c66cc52ffc0639bef58", "tree": "2432f51e505fd9242f7081d5bf4e21ff322b73d6", "parents": [ "4cb912f1d1447077160ace9ce3b3a10696dd74e5" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:50:11 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:22:34 2009 +1100" }, "message": "SELinux: check seqno when updating an avc_node\n\nThe avc update node callbacks do not check the seqno of the caller with the\nseqno of the node found. It is possible that a policy change could happen\n(although almost impossibly unlikely) in which a permissive or\npermissive_domain decision is not valid for the entry found. Simply pass\nand check that the seqno of the caller and the seqno of the node found\nmatch.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4cb912f1d1447077160ace9ce3b3a10696dd74e5", "tree": "916f112de07ca626b0f398a0fc85943f15306146", "parents": [ "4ba0a8ad63e12a03ae01c039482967cc496b9174" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:50:05 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:22:30 2009 +1100" }, "message": "SELinux: NULL terminate al contexts from disk\n\nWhen a context is pulled in from disk we don\u0027t know that it is null\nterminated. This patch forecebly null terminates contexts when we pull\nthem from disk.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4ba0a8ad63e12a03ae01c039482967cc496b9174", "tree": "340aa55aa98cc42c33cff4297f0813f14f46b121", "parents": [ "200ac532a4bc3134147ca06686c56a6420e66c46" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 15:01:10 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:22:27 2009 +1100" }, "message": "SELinux: better printk when file with invalid label found\n\nCurrently when an inode is read into the kernel with an invalid label\nstring (can often happen with removable media) we output a string like:\n\nSELinux: inode_doinit_with_dentry: context_to_sid([SOME INVALID LABEL])\nreturned -22 dor dev\u003d[blah] ino\u003d[blah]\n\nWhich is all but incomprehensible to all but a couple of us. Instead, on\nEINVAL only, I plan to output a much more user friendly string and I plan to\nratelimit the printk since many of these could be generated very rapidly.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "200ac532a4bc3134147ca06686c56a6420e66c46", "tree": "f9b1779458df389052c758ea23cf61695a021e67", "parents": [ "b53fab9d48e9bd9aeba0b500dec550becd981a91" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 15:01:04 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:22:24 2009 +1100" }, "message": "SELinux: call capabilities code directory\n\nFor cleanliness and efficiency remove all calls to secondary-\u003e and instead\ncall capabilities code directly. capabilities are the only module that\nselinux stacks with and so the code should not indicate that other stacking\nmight be possible.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b53fab9d48e9bd9aeba0b500dec550becd981a91", "tree": "19e17d0aa255624bf6455ac35a5089ac550abdb6", "parents": [ "35d50e60e8b12e4adc2fa317343a176d87294a72" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Thu Feb 12 09:54:14 2009 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 13 09:27:56 2009 +1100" }, "message": "ima: fix build error\n\nIMA_LSM_RULES requires AUDIT. This is automatic if SECURITY_SELINUX\u003dy\nbut not when SECURITY_SMACK\u003dy (and SECURITY_SELINUX\u003dn), so make the\ndependency explicit. This fixes the following build error:\n\nsecurity/integrity/ima/ima_policy.c:111:error: implicit declaration of function \u0027security_audit_rule_match\u0027\nsecurity/integrity/ima/ima_policy.c:230:error: implicit declaration of function \u0027security_audit_rule_init\u0027\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "35d50e60e8b12e4adc2fa317343a176d87294a72", "tree": "d4374d08677dafdf940fc8bdaaadc0aeefa06126", "parents": [ "42d5aaa2d826f54924e260b58a8e410e59d54163" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Thu Feb 12 15:53:38 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 12 20:21:10 2009 +1100" }, "message": "tomoyo: fix sparse warning\n\nFix sparse warning.\n\n$ make C\u003d2 SUBDIRS\u003dsecurity/tomoyo CF\u003d\"-D__cold__\u003d\"\n CHECK security/tomoyo/common.c\n CHECK security/tomoyo/realpath.c\n CHECK security/tomoyo/tomoyo.c\nsecurity/tomoyo/tomoyo.c:110:8: warning: symbol \u0027buf\u0027 shadows an earlier one\nsecurity/tomoyo/tomoyo.c:100:7: originally declared here\n\nSigned-off-by: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Toshiharu Harada \u003charadats@nttdata.co.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "42d5aaa2d826f54924e260b58a8e410e59d54163" }