)]}'
{
  "log": [
    {
      "commit": "72c2d5823fc7be799a12184974c3bdc57acea3c4",
      "tree": "5c17418efb57cd5b2cdc0d751f577b2c64012423",
      "parents": [
        "7058cb02ddab4bce70a46e519804fccb7ac0a060"
      ],
      "author": {
        "name": "Andrew Morgan",
        "email": "morgan@kernel.org",
        "time": "Thu Oct 18 03:05:59 2007 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@woody.linux-foundation.org",
        "time": "Thu Oct 18 14:37:24 2007 -0700"
      },
      "message": "V3 file capabilities: alter behavior of cap_setpcap\n\nThe non-filesystem capability meaning of CAP_SETPCAP is that a process, p1,\ncan change the capabilities of another process, p2.  This is not the\nmeaning that was intended for this capability at all, and this\nimplementation came about purely because, without filesystem capabilities,\nthere was no way to use capabilities without one process bestowing them on\nanother.\n\nSince we now have a filesystem support for capabilities we can fix the\nimplementation of CAP_SETPCAP.\n\nThe most significant thing about this change is that, with it in effect, no\nprocess can set the capabilities of another process.\n\nThe capabilities of a program are set via the capability convolution\nrules:\n\n   pI(post-exec) \u003d pI(pre-exec)\n   pP(post-exec) \u003d (X(aka cap_bset) \u0026 fP) | (pI(post-exec) \u0026 fI)\n   pE(post-exec) \u003d fE ? pP(post-exec) : 0\n\nat exec() time.  As such, the only influence the pre-exec() program can\nhave on the post-exec() program\u0027s capabilities are through the pI\ncapability set.\n\nThe correct implementation for CAP_SETPCAP (and that enabled by this patch)\nis that it can be used to add extra pI capabilities to the current process\n- to be picked up by subsequent exec()s when the above convolution rules\nare applied.\n\nHere is how it works:\n\nLet\u0027s say we have a process, p. It has capability sets, pE, pP and pI.\nGenerally, p, can change the value of its own pI to pI\u0027 where\n\n   (pI\u0027 \u0026 ~pI) \u0026 ~pP \u003d 0.\n\nThat is, the only new things in pI\u0027 that were not present in pI need to\nbe present in pP.\n\nThe role of CAP_SETPCAP is basically to permit changes to pI beyond\nthe above:\n\n   if (pE \u0026 CAP_SETPCAP) {\n      pI\u0027 \u003d anything; /* ie., even (pI\u0027 \u0026 ~pI) \u0026 ~pP !\u003d 0  */\n   }\n\nThis capability is useful for things like login, which (say, via\npam_cap) might want to raise certain inheritable capabilities for use\nby the children of the logged-in user\u0027s shell, but those capabilities\nare not useful to or needed by the login program itself.\n\nOne such use might be to limit who can run ping. You set the\ncapabilities of the \u0027ping\u0027 program to be \"\u003d cap_net_raw+i\", and then\nonly shells that have (pI \u0026 CAP_NET_RAW) will be able to run\nit. Without CAP_SETPCAP implemented as described above, login(pam_cap)\nwould have to also have (pP \u0026 CAP_NET_RAW) in order to raise this\ncapability and pass it on through the inheritable set.\n\nSigned-off-by: Andrew Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "8ada720d89d678eb5a09d3048a5e9a35c526800c",
      "tree": "58f2f7946638d0376acfbf39595fbf6e88f7e597",
      "parents": [
        "49ffcf8f99e8d33ec8afb450956804af518fd788"
      ],
      "author": {
        "name": "Eric W. Biederman",
        "email": "ebiederm@xmission.com",
        "time": "Thu Oct 18 03:05:57 2007 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@woody.linux-foundation.org",
        "time": "Thu Oct 18 14:37:23 2007 -0700"
      },
      "message": "sysctl: for irda update sysctl_checks list of binary paths\n\nIt turns out that the net/irda code didn\u0027t register any of it\u0027s binary paths\nin the global sysctl.h header file so I missed them completely when making an\nauthoritative list of binary sysctl paths in the kernel.  So add them to the\nlist of valid binary sysctl paths.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nAcked-by: Samuel Ortiz \u003csamuel@sortiz.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "49ffcf8f99e8d33ec8afb450956804af518fd788",
      "tree": "f55aac9ddebb4f798ba8ff8152c73a73a3dc93a2",
      "parents": [
        "fc6cd25b738c2369d7ed3a6ef2ca248b51fcd2d4"
      ],
      "author": {
        "name": "Eric W. Biederman",
        "email": "ebiederm@xmission.com",
        "time": "Thu Oct 18 03:05:57 2007 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@woody.linux-foundation.org",
        "time": "Thu Oct 18 14:37:23 2007 -0700"
      },
      "message": "sysctl: update sysctl_check_table\n\nWell it turns out after I dug into the problems a little more I was returning\na few false positives so this patch updates my logic to remove them.\n\n- Don\u0027t complain about 0 ctl_names in sysctl_check_binary_path\n  It is valid for someone to remove the sysctl binary interface\n  and still keep the same sysctl proc interface.\n\n- Count ctl_names and procnames as matching if they both don\u0027t\n  exist.\n\n- Only warn about missing min\u0026max when the generic functions care.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Alexey Dobriyan \u003cadobriyan@sw.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "fc6cd25b738c2369d7ed3a6ef2ca248b51fcd2d4",
      "tree": "bd3708eac72edf06097a8a2ed72c3a3fea0b0998",
      "parents": [
        "f429cd37a21b8efc825bdbb22db7f033564cbc98"
      ],
      "author": {
        "name": "Eric W. Biederman",
        "email": "ebiederm@xmission.com",
        "time": "Thu Oct 18 03:05:54 2007 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@woody.linux-foundation.org",
        "time": "Thu Oct 18 14:37:23 2007 -0700"
      },
      "message": "sysctl: Error on bad sysctl tables\n\nAfter going through the kernels sysctl tables several times it has become\nclear that code review and testing is just not effective in prevent\nproblematic sysctl tables from being used in the stable kernel.  I certainly\ncan\u0027t seem to fix the problems as fast as they are introduced.\n\nTherefore this patch adds sysctl_check_table which is called when a sysctl\ntable is registered and checks to see if we have a problematic sysctl table.\n\nThe biggest part of the code is the table of valid binary sysctl entries, but\nsince we have frozen our set of binary sysctls this table should not need to\nchange, and it makes it much easier to detect when someone unintentionally\nadds a new binary sysctl value.\n\nAs best as I can determine all of the several hundred errors spewed on boot up\nnow are legitimate.\n\n[bunk@kernel.org: kernel/sysctl_check.c must #include \u003clinux/string.h\u003e]\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Alexey Dobriyan \u003cadobriyan@sw.ru\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    }
  ]
}