)]}' { "log": [ { "commit": "b782e0a68d17894d9a618ffea55b33639faa6bb4", "tree": "307bc615153075a6e92be5d839a58ff48d6525f3", "parents": [ "d09ca73979460b96d5d4684d588b188be9a1f57d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 23 11:44:03 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:07 2010 +1000" }, "message": "SELinux: special dontaudit for access checks\n\nCurrently there are a number of applications (nautilus being the main one) which\ncalls access() on files in order to determine how they should be displayed. It\nis normal and expected that nautilus will want to see if files are executable\nor if they are really read/write-able. access() should return the real\npermission. SELinux policy checks are done in access() and can result in lots\nof AVC denials as policy denies RWX on files which DAC allows. Currently\nSELinux must dontaudit actual attempts to read/write/execute a file in\norder to silence these messages (and not flood the logs.) But dontaudit rules\nlike that can hide real attacks. This patch addes a new common file\npermission audit_access. This permission is special in that it is meaningless\nand should never show up in an allow rule. Instead the only place this\npermission has meaning is in a dontaudit rule like so:\n\ndontaudit nautilus_t sbin_t:file audit_access\n\nWith such a rule if nautilus just checks access() we will still get denied and\nthus userspace will still get the correct answer but we will not log the denial.\nIf nautilus attempted to actually perform one of the forbidden actions\n(rather than just querying access(2) about it) we would still log a denial.\nThis type of dontaudit rule should be used sparingly, as it could be a\nmethod for an attacker to probe the system permissions without detection.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "babcd37821fba57048b30151969d28303f2a8b6b", "tree": "f3a22f93df9d0ccb95bc653c9b56476adab05876", "parents": [ "9fe6206f400646a2322096b56c59891d530e8d51" ], "author": { "name": "Paul E. McKenney", "email": "paulmck@linux.vnet.ibm.com", "time": "Tue May 18 12:11:25 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:35 2010 +1000" }, "message": "selinux: remove all rcu head initializations\n\nRemove all rcu head inits. We don\u0027t care about the RCU head state before passing\nit to call_rcu() anyway. Only leave the \"on_stack\" variants so debugobjects can\nkeep track of objects on stack.\n\nSigned-off-by: Mathieu Desnoyers \u003cmathieu.desnoyers@efficios.com\u003e\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cb84aa9b42b506299e5aea1ba4da26c03ab12877", "tree": "af646c3d148f5c04f7362c8bddc59b8518cafd9e", "parents": [ "b03df87d119f50715891dcc09e487f6ae5c029f1" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 27 17:20:38 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 28 08:51:12 2010 +1000" }, "message": "LSM Audit: rename LSM_AUDIT_NO_AUDIT to LSM_AUDIT_DATA_NONE\n\nMost of the LSM common audit work uses LSM_AUDIT_DATA_* for the naming.\nThis was not so for LSM_AUDIT_NO_AUDIT which means the generic initializer\ncannot be used. This patch just renames the flag so the generic\ninitializer can be used.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "318ae2edc3b29216abd8a2510f3f80b764f06858", "tree": "ce595adde342f57f379d277b25e4dd206988a052", "parents": [ "25cf84cf377c0aae5dbcf937ea89bc7893db5176", "3e58974027b04e84f68b964ef368a6cd758e2f84" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Mar 08 16:55:37 2010 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Mar 08 16:55:37 2010 +0100" }, "message": "Merge branch \u0027for-next\u0027 into for-linus\n\nConflicts:\n\tDocumentation/filesystems/proc.txt\n\tarch/arm/mach-u300/include/mach/debug-macro.S\n\tdrivers/net/qlge/qlge_ethtool.c\n\tdrivers/net/qlge/qlge_main.c\n\tdrivers/net/typhoon.c\n" }, { "commit": "6382dc334064bb0b41a95df0e3c438de35f2ffb7", "tree": "e58a375af2352638eb5930bfd79c9a893b35e484", "parents": [ "fb637f3cd31783db2b654842ea32ffec15c4bd62" ], "author": { "name": "Justin P. Mattock", "email": "justinmattock@gmail.com", "time": "Thu Jan 14 23:03:18 2010 -0800" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Fri Feb 05 12:22:35 2010 +0100" }, "message": "fix comment typos in avc.c\n\nSigned-off-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "b6cac5a30b325e14cda425670bb3568d3cad0aa8", "tree": "276a3a2a985c862ac9439cb2f8facabb7d1f1944", "parents": [ "8e2d39a1665e680c095545993aac2fcac6916eb9" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Tue Feb 02 11:31:51 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Feb 03 08:49:10 2010 +1100" }, "message": "selinux: Only audit permissions specified in policy\n\nOnly audit the permissions specified by the policy rules.\n\nBefore:\ntype\u003dAVC msg\u003daudit(01/28/2010 14:30:46.690:3250) : avc: denied { read\nappend } for pid\u003d14092 comm\u003dfoo name\u003dtest_file dev\u003ddm-1 ino\u003d132932\nscontext\u003dunconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023\ntcontext\u003dunconfined_u:object_r:rpm_tmp_t:s0 tclass\u003dfile\n\nAfter:\ntype\u003dAVC msg\u003daudit(01/28/2010 14:52:37.448:26) : avc: denied\n{ append } for pid\u003d1917 comm\u003dfoo name\u003dtest_file dev\u003ddm-1 ino\u003d132932\nscontext\u003dunconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023\ntcontext\u003dunconfined_u:object_r:rpm_tmp_t:s0 tclass\u003dfile\n\nReference:\nhttps://bugzilla.redhat.com/show_bug.cgi?id\u003d558499\n\nReported-by: Tom London \u003cselinux@gmail.com\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "19439d05b88dafc4e55d9ffce84ccc27cf8b2bcc", "tree": "e529e1bbba49f30684c3b88a67df1d62ba3e11b1", "parents": [ "8d9525048c74786205b99f3fcd05a839721edfb7" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jan 14 17:28:10 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 18 09:54:26 2010 +1100" }, "message": "selinux: change the handling of unknown classes\n\nIf allow_unknown\u003d\u003ddeny, SELinux treats an undefined kernel security\nclass as an error condition rather than as a typical permission denial\nand thus does not allow permissions on undefined classes even when in\npermissive mode. Change the SELinux logic so that this case is handled\nas a typical permission denial, subject to the usual permissive mode and\npermissive domain handling.\n\nAlso drop the \u0027requested\u0027 argument from security_compute_av() and\nhelpers as it is a legacy of the original security server interface and\nis unused.\n\nChanges:\n- Handle permissive domains consistently by moving up the test for a\npermissive domain.\n- Make security_compute_av_user() consistent with security_compute_av();\nthe only difference now is that security_compute_av() performs mapping\nbetween the kernel-private class and permission indices and the policy\nvalues. In the userspace case, this mapping is handled by libselinux.\n- Moved avd_init inside the policy lock.\n\nBased in part on a patch by Paul Moore \u003cpaul.moore@hp.com\u003e.\n\nReported-by: Andrew Worsley \u003camworsley@gmail.com\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0bce95279909aa4cc401a2e3140b4295ca22e72a", "tree": "5b98e4ebe7ef30fa1edf627c79501c531b346a8b", "parents": [ "c4a5af54c8ef277a59189fc9358e190f3c1b8206" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 23 16:47:23 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 24 14:30:49 2009 +1100" }, "message": "SELinux: print denials for buggy kernel with unknown perms\n\nHistorically we\u0027ve seen cases where permissions are requested for classes\nwhere they do not exist. In particular we have seen CIFS forget to set\ni_mode to indicate it is a directory so when we later check something like\nremove_name we have problems since it wasn\u0027t defined in tclass file. This\nused to result in a avc which included the permission 0x2000 or something.\nCurrently the kernel will deny the operations (good thing) but will not\nprint ANY information (bad thing). First the auditdeny field is no\nextended to include unknown permissions. After that is fixed the logic in\navc_dump_query to output this information isn\u0027t right since it will remove\nthe permission from the av and print the phrase \"\u003cNULL\u003e\". This takes us\nback to the behavior before the classmap rewrite.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c", "tree": "1a5475b4370655a22670fd6eb35e54d8b131b362", "parents": [ "23acb98de5a4109a60b5fe3f0439389218b039d7" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Sep 30 13:37:50 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 07 21:56:42 2009 +1100" }, "message": "selinux: dynamic class/perm discovery\n\nModify SELinux to dynamically discover class and permission values\nupon policy load, based on the dynamic object class/perm discovery\nlogic from libselinux. A mapping is created between kernel-private\nclass and permission indices used outside the security server and the\npolicy values used within the security server.\n\nThe mappings are only applied upon kernel-internal computations;\nsimilar mappings for the private indices of userspace object managers\nis handled on a per-object manager basis by the userspace AVC. The\ninterfaces for compute_av and transition_sid are split for kernel\nvs. userspace; the userspace functions are distinguished by a _user\nsuffix.\n\nThe kernel-private class indices are no longer tied to the policy\nvalues and thus do not need to skip indices for userspace classes;\nthus the kernel class index values are compressed. The flask.h\ndefinitions were regenerated by deleting the userspace classes from\nrefpolicy\u0027s definitions and then regenerating the headers. Going\nforward, we can just maintain the flask.h, av_permissions.h, and\nclassmap.h definitions separately from policy as they are no longer\ntied to the policy values. The next patch introduces a utility to\nautomate generation of flask.h and av_permissions.h from the\nclassmap.h definitions.\n\nThe older kernel class and permission string tables are removed and\nreplaced by a single security class mapping table that is walked at\npolicy load to generate the mapping. The old kernel class validation\nlogic is completely replaced by the mapping logic.\n\nThe handle unknown logic is reworked. reject_unknown\u003d1 is handled\nwhen the mappings are computed at policy load time, similar to the old\nhandling by the class validation logic. allow_unknown\u003d1 is handled\nwhen computing and mapping decisions - if the permission was not able\nto be mapped (i.e. undefined, mapped to zero), then it is\nautomatically added to the allowed vector. If the class was not able\nto be mapped (i.e. undefined, mapped to zero), then all permissions\nare allowed for it if allow_unknown\u003d1.\n\navc_audit leverages the new security class mapping table to lookup the\nclass and permission names from the kernel-private indices.\n\nThe mdp program is updated to use the new table when generating the\nclass definitions and allow rules for a minimal boot policy for the\nkernel. It should be noted that this policy will not include any\nuserspace classes, nor will its policy index values for the kernel\nclasses correspond with the ones in refpolicy (they will instead match\nthe kernel-private indices).\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5224ee086321fec78970e2f2805892d2b34e8957", "tree": "3b7eef40c92b07ed75d8585c51333b8e87a33a2b", "parents": [ "606531c316d30e9639473a6da09ee917125ab467" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Sun Sep 20 21:21:10 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 23 11:16:20 2009 -0700" }, "message": "SELinux: do not destroy the avc_cache_nodep\n\nThe security_ops reset done when SELinux is disabled at run time is done\nafter the avc cache is freed and after the kmem_cache for the avc is also\nfreed. This means that between the time the selinux disable code destroys\nthe avc_node_cachep another process could make a security request and could\ntry to allocate from the cache. We are just going to leave the cachep around,\nlike we always have.\n\nSELinux: Disabled at runtime.\nBUG: unable to handle kernel NULL pointer dereference at (null)\nIP: [\u003cffffffff81122537\u003e] kmem_cache_alloc+0x9a/0x185\nPGD 0\nOops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC\nlast sysfs file:\nCPU 1\nModules linked in:\nPid: 12, comm: khelper Not tainted 2.6.31-tip-05525-g0eeacc6-dirty #14819\nSystem Product Name\nRIP: 0010:[\u003cffffffff81122537\u003e] [\u003cffffffff81122537\u003e]\nkmem_cache_alloc+0x9a/0x185\nRSP: 0018:ffff88003f9258b0 EFLAGS: 00010086\nRAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000078c0129e\nRDX: 0000000000000000 RSI: ffffffff8130b626 RDI: ffffffff81122528\nRBP: ffff88003f925900 R08: 0000000078c0129e R09: 0000000000000001\nR10: 0000000000000000 R11: 0000000078c0129e R12: 0000000000000246\nR13: 0000000000008020 R14: ffff88003f8586d8 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff880002b00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b\nCR2: 0000000000000000 CR3: 0000000001001000 CR4: 00000000000006e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: ffffffff827bd420 DR6: 00000000ffff0ff0 DR7: 0000000000000400\nProcess khelper (pid: 12, threadinfo ffff88003f924000, task\nffff88003f928000)\nStack:\n 0000000000000246 0000802000000246 ffffffff8130b626 0000000000000001\n\u003c0\u003e 0000000078c0129e 0000000000000000 ffff88003f925a70 0000000000000002\n\u003c0\u003e 0000000000000001 0000000000000001 ffff88003f925960 ffffffff8130b626\nCall Trace:\n [\u003cffffffff8130b626\u003e] ? avc_alloc_node+0x36/0x273\n [\u003cffffffff8130b626\u003e] avc_alloc_node+0x36/0x273\n [\u003cffffffff8130b545\u003e] ? avc_latest_notif_update+0x7d/0x9e\n [\u003cffffffff8130b8b4\u003e] avc_insert+0x51/0x18d\n [\u003cffffffff8130bcce\u003e] avc_has_perm_noaudit+0x9d/0x128\n [\u003cffffffff8130bf20\u003e] avc_has_perm+0x45/0x88\n [\u003cffffffff8130f99d\u003e] current_has_perm+0x52/0x6d\n [\u003cffffffff8130fbb2\u003e] selinux_task_create+0x2f/0x45\n [\u003cffffffff81303bf7\u003e] security_task_create+0x29/0x3f\n [\u003cffffffff8105c6ba\u003e] copy_process+0x82/0xdf0\n [\u003cffffffff81091578\u003e] ? register_lock_class+0x2f/0x36c\n [\u003cffffffff81091a13\u003e] ? mark_lock+0x2e/0x1e1\n [\u003cffffffff8105d596\u003e] do_fork+0x16e/0x382\n [\u003cffffffff81091578\u003e] ? register_lock_class+0x2f/0x36c\n [\u003cffffffff810d9166\u003e] ? probe_workqueue_execution+0x57/0xf9\n [\u003cffffffff81091a13\u003e] ? mark_lock+0x2e/0x1e1\n [\u003cffffffff810d9166\u003e] ? probe_workqueue_execution+0x57/0xf9\n [\u003cffffffff8100cdb2\u003e] kernel_thread+0x82/0xe0\n [\u003cffffffff81078b1f\u003e] ? ____call_usermodehelper+0x0/0x139\n [\u003cffffffff8100ce10\u003e] ? child_rip+0x0/0x20\n [\u003cffffffff81078aea\u003e] ? __call_usermodehelper+0x65/0x9a\n [\u003cffffffff8107a5c7\u003e] run_workqueue+0x171/0x27e\n [\u003cffffffff8107a573\u003e] ? run_workqueue+0x11d/0x27e\n [\u003cffffffff81078a85\u003e] ? __call_usermodehelper+0x0/0x9a\n [\u003cffffffff8107a7bc\u003e] worker_thread+0xe8/0x10f\n [\u003cffffffff810808e2\u003e] ? autoremove_wake_function+0x0/0x63\n [\u003cffffffff8107a6d4\u003e] ? worker_thread+0x0/0x10f\n [\u003cffffffff8108042e\u003e] kthread+0x91/0x99\n [\u003cffffffff8100ce1a\u003e] child_rip+0xa/0x20\n [\u003cffffffff8100c754\u003e] ? restore_args+0x0/0x30\n [\u003cffffffff8108039d\u003e] ? kthread+0x0/0x99\n [\u003cffffffff8100ce10\u003e] ? child_rip+0x0/0x20\nCode: 0f 85 99 00 00 00 9c 58 66 66 90 66 90 49 89 c4 fa 66 66 90 66 66 90\ne8 83 34 fb ff e8 d7 e9 26 00 48 98 49 8b 94 c6 10 01 00 00 \u003c48\u003e 8b 1a 44\n8b 7a 18 48 85 db 74 0f 8b 42 14 48 8b 04 c3 ff 42\nRIP [\u003cffffffff81122537\u003e] kmem_cache_alloc+0x9a/0x185\n RSP \u003cffff88003f9258b0\u003e\nCR2: 0000000000000000\n---[ end trace 42f41a982344e606 ]---\n\nReported-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4e6d0bffd3d72a32b620525c9007d2482c731775", "tree": "f4a3ff34e800be74469bec99834780b4a0294dec", "parents": [ "008574b11171a1ee9583a00188e27ff9e0432061" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Sat Sep 12 22:54:23 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 14 12:34:11 2009 +1000" }, "message": "SELinux: flush the avc before disabling SELinux\n\nBefore SELinux is disabled at boot it can create AVC entries. This patch\nwill flush those entries before disabling SELinux.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "008574b11171a1ee9583a00188e27ff9e0432061", "tree": "bada4ddf3c79a6a274a80839acd75eb132c78b29", "parents": [ "ed868a56988464cd31de0302426a5e94d3127f10" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Sat Sep 12 22:54:17 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 14 12:34:09 2009 +1000" }, "message": "SELinux: seperate avc_cache flushing\n\nMove the avc_cache flushing into it\u0027s own function so it can be reused when\ndisabling SELinux.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2bf49690325b62480a42f7afed5e9f164173c570", "tree": "bc8525f6a45ea3ffaed9449084df7644bcd4e3c2", "parents": [ "f322abf83feddc3c37c3a91794e0c5aece4af18e" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Tue Jul 14 12:14:09 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 17 08:37:18 2009 +1000" }, "message": "SELinux: Convert avc_audit to use lsm_audit.h\n\nConvert avc_audit in security/selinux/avc.c to use lsm_audit.h,\nfor better maintainability.\n\n - changed selinux to use common_audit_data instead of\n avc_audit_data\n - eliminated code in avc.c and used code from lsm_audit.h instead.\n\nHad to add a LSM_AUDIT_NO_AUDIT to lsm_audit.h so that avc_audit\ncan call common_lsm_audit and do the pre and post callbacks without\ndoing the actual dump. This makes it so that the patched version\nbehaves the same way as the unpatched version.\n\nAlso added a denied field to the selinux_audit_data private space,\nonce again to make it so that the patched version behaves like the\nunpatched.\n\nI\u0027ve tested and confirmed that AVCs look the same before and after\nthis patch.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "be940d6279c30a2d7c4e8d1d5435f957f594d66d", "tree": "965805d563cb756879fd3595230c3ca205da76d1", "parents": [ "b3a633c8527ef155b1a4e22e8f5abc58f7af54c9" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 13 10:39:36 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 13 10:39:36 2009 +1000" }, "message": "Revert \"SELinux: Convert avc_audit to use lsm_audit.h\"\n\nThis reverts commit 8113a8d80f4c6a3dc3724b39b470f3fee9c426b6.\n\nThe patch causes a stack overflow on my system during boot.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8113a8d80f4c6a3dc3724b39b470f3fee9c426b6", "tree": "27eb775108daaff8390ad564010a9f2fbd5187a2", "parents": [ "65c3f0a2d0f72d210c879e4974c2d222b7951321" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Fri Jul 10 10:31:04 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 13 07:54:48 2009 +1000" }, "message": "SELinux: Convert avc_audit to use lsm_audit.h\n\nConvert avc_audit in security/selinux/avc.c to use lsm_audit.h,\nfor better maintainability and for less code duplication.\n\n - changed selinux to use common_audit_data instead of\n avc_audit_data\n - eliminated code in avc.c and used code from lsm_audit.h instead.\n\nI have tested to make sure that the avcs look the same before and\nafter this patch.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "89c86576ecde504da1eeb4f4882b2189ac2f9c4a", "tree": "94674a48becd9cfde298e9fe6b58db8da28fe238", "parents": [ "a893a84e8799270fbec5c3708d001650aab47138" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Wed Jun 24 17:58:05 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 25 08:29:16 2009 +1000" }, "message": "selinux: clean up avc node cache when disabling selinux\n\nAdded a call to free the avc_node_cache when inside selinux_disable because\nit should not waste resources allocated during avc_init if SELinux is disabled\nand the cache will never be used.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d905163c5b23f6d8511971e06081a1b525e8a0bd", "tree": "f76918c1be802ec068d37763466f5518efdb690e", "parents": [ "44c2d9bdd7022ca7d240d5adc009296fc1c6ce08", "0732f87761dbe417cb6e084b712d07e879e876ef" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 19 08:20:55 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 19 08:20:55 2009 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "44c2d9bdd7022ca7d240d5adc009296fc1c6ce08", "tree": "33115ee8d7e167d2a26558c2af8e0edfdca099d5", "parents": [ "caabbdc07df4249f2ed516b2c3e2d6b0973bcbb3" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Thu Jun 18 17:26:13 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 19 00:12:28 2009 +1000" }, "message": "Add audit messages on type boundary violations\n\nThe attached patch adds support to generate audit messages on two cases.\n\nThe first one is a case when a multi-thread process tries to switch its\nperforming security context using setcon(3), but new security context is\nnot bounded by the old one.\n\n type\u003dSELINUX_ERR msg\u003daudit(1245311998.599:17): \\\n op\u003dsecurity_bounded_transition result\u003ddenied \\\n oldcontext\u003dsystem_u:system_r:httpd_t:s0 \\\n newcontext\u003dsystem_u:system_r:guest_webapp_t:s0\n\nThe other one is a case when security_compute_av() masked any permissions\ndue to the type boundary violation.\n\n type\u003dSELINUX_ERR msg\u003daudit(1245312836.035:32):\t\\\n op\u003dsecurity_compute_av reason\u003dbounds \\\n scontext\u003dsystem_u:object_r:user_webapp_t:s0 \\\n tcontext\u003dsystem_u:object_r:shadow_t:s0:c0 \\\n tclass\u003dfile perms\u003dgetattr,open\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8a6f83afd0c5355db6d11394a798e94950306239", "tree": "f7cb84de87f67eeba0dd68681907696f8a5774d1", "parents": [ "c31f403de62415c738ddc9e673cf8e722c82f861" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Wed Apr 01 10:07:57 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 02 09:23:45 2009 +1100" }, "message": "Permissive domain in userspace object manager\n\nThis patch enables applications to handle permissive domain correctly.\n\nSince the v2.6.26 kernel, SELinux has supported an idea of permissive\ndomain which allows certain processes to work as if permissive mode,\neven if the global setting is enforcing mode.\nHowever, we don\u0027t have an application program interface to inform\nwhat domains are permissive one, and what domains are not.\nIt means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL\nand so on) cannot handle permissive domain correctly.\n\nThis patch add the sixth field (flags) on the reply of the /selinux/access\ninterface which is used to make an access control decision from userspace.\nIf the first bit of the flags field is positive, it means the required\naccess control decision is on permissive domain, so application should\nallow any required actions, as the kernel doing.\n\nThis patch also has a side benefit. The av_decision.flags is set at\ncontext_struct_compute_av(). It enables to check required permissions\nwithout read_lock(\u0026policy_rwlock).\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n--\n security/selinux/avc.c | 2 +-\n security/selinux/include/security.h | 4 +++-\n security/selinux/selinuxfs.c | 4 ++--\n security/selinux/ss/services.c | 30 +++++-------------------------\n 4 files changed, 11 insertions(+), 29 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "26036651c562609d1f52d181f9d2cccbf89929b1", "tree": "db68ab98d574d6763f562ac87cc7810385496f22", "parents": [ "edf3d1aecd0d608acbd561b0c527e1d41abcb657" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:51:04 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:23:48 2009 +1100" }, "message": "SELinux: convert the avc cache hash list to an hlist\n\nWe do not need O(1) access to the tail of the avc cache lists and so we are\nwasting lots of space using struct list_head instead of struct hlist_head.\nThis patch converts the avc cache to use hlists in which there is a single\npointer from the head which saves us about 4k of global memory.\n\nResulted in about a 1.5% decrease in time spent in avc_has_perm_noaudit based\non oprofile sampling of tbench. Although likely within the noise....\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "edf3d1aecd0d608acbd561b0c527e1d41abcb657", "tree": "49d88ec27a59f602784b47e2f951934d245f7de8", "parents": [ "f1c6381a6e337adcecf84be2a838bd9e610e2365" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:50:59 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:23:45 2009 +1100" }, "message": "SELinux: code readability with avc_cache\n\nThe code making use of struct avc_cache was not easy to read thanks to liberal\nuse of \u0026avc_cache.{slots_lock,slots}[hvalue] throughout. This patch simply\ncreates local pointers and uses those instead of the long global names.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f1c6381a6e337adcecf84be2a838bd9e610e2365", "tree": "a6e0857db27a38b0976fb422836f9443241b4b61", "parents": [ "21193dcd1f3570ddfd8a04f4465e484c1f94252f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:50:54 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:23:08 2009 +1100" }, "message": "SELinux: remove unused av.decided field\n\nIt appears there was an intention to have the security server only decide\ncertain permissions and leave other for later as some sort of a portential\nperformance win. We are currently always deciding all 32 bits of\npermissions and this is a useless couple of branches and wasted space.\nThis patch completely drops the av.decided concept.\n\nThis in a 17% reduction in the time spent in avc_has_perm_noaudit\nbased on oprofile sampling of a tbench benchmark.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "21193dcd1f3570ddfd8a04f4465e484c1f94252f", "tree": "b6cab3861103261a3ab27ff3ea3485cb53af5a92", "parents": [ "906d27d9d28fd50fb40026e56842d8f6806a7a04" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:50:49 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:23:04 2009 +1100" }, "message": "SELinux: more careful use of avd in avc_has_perm_noaudit\n\nwe are often needlessly jumping through hoops when it comes to avd\nentries in avc_has_perm_noaudit and we have extra initialization and memcpy\nwhich are just wasting performance. Try to clean the function up a bit.\n\nThis patch resulted in a 13% drop in time spent in avc_has_perm_noaudit in my\noprofile sampling of a tbench benchmark.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "906d27d9d28fd50fb40026e56842d8f6806a7a04", "tree": "4f73e1396a09349a307f38b1de19767f558bedb1", "parents": [ "a5dda683328f99c781f92c66cc52ffc0639bef58" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:50:43 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:22:37 2009 +1100" }, "message": "SELinux: remove the unused ae.used\n\nCurrently SELinux code has an atomic which was intended to track how many\ntimes an avc entry was used and to evict entries when they haven\u0027t been\nused recently. Instead we never let this atomic get above 1 and evict when\nit is first checked for eviction since it hits zero. This is a total waste\nof time so I\u0027m completely dropping ae.used.\n\nThis change resulted in about a 3% faster avc_has_perm_noaudit when running\noprofile against a tbench benchmark.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a5dda683328f99c781f92c66cc52ffc0639bef58", "tree": "2432f51e505fd9242f7081d5bf4e21ff322b73d6", "parents": [ "4cb912f1d1447077160ace9ce3b3a10696dd74e5" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:50:11 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:22:34 2009 +1100" }, "message": "SELinux: check seqno when updating an avc_node\n\nThe avc update node callbacks do not check the seqno of the caller with the\nseqno of the node found. It is possible that a policy change could happen\n(although almost impossibly unlikely) in which a permissive or\npermissive_domain decision is not valid for the entry found. Simply pass\nand check that the seqno of the caller and the seqno of the node found\nmatch.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "76f7ba35d4b5219fcc4cb072134c020ec77d030d", "tree": "971ec5f913a688d98e9be2a04b0c675adcc4166b", "parents": [ "14eaddc967b16017d4a1a24d2be6c28ecbe06ed8" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jan 02 17:40:06 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 05 19:19:55 2009 +1100" }, "message": "SELinux: shrink sizeof av_inhert selinux_class_perm and context\n\nI started playing with pahole today and decided to put it against the\nselinux structures. Found we could save a little bit of space on x86_64\n(and no harm on i686) just reorganizing some structs.\n\nObject size changes:\nav_inherit: 24 -\u003e 16\nselinux_class_perm: 48 -\u003e 40\ncontext: 80 -\u003e 72\n\nAdmittedly there aren\u0027t many of av_inherit or selinux_class_perm\u0027s in\nthe kernel (33 and 1 respectively) But the change to the size of struct\ncontext reverberate out a bit. I can get some hard number if they are\nneeded, but I don\u0027t see why they would be. We do change which cacheline\ncontext-\u003elen and context-\u003estr would be on, but I don\u0027t see that as a\nproblem since we are clearly going to have to load both if the context\nis to be of any value. I\u0027ve run with the patch and don\u0027t seem to be\nhaving any problems.\n\nAn example of what\u0027s going on using struct av_inherit would be:\n\nform: to:\nstruct av_inherit {\t\t\tstruct av_inherit {\n\tu16 tclass;\t\t\t\tconst char **common_pts;\n\tconst char **common_pts;\t\tu32 common_base;\n\tu32 common_base;\t\t\tu16 tclass;\n};\n\n(notice all I did was move u16 tclass to the end of the struct instead\nof the beginning)\n\nMemory layout before the change:\nstruct av_inherit {\n\tu16 tclass; /* 2 */\n\t/* 6 bytes hole */\n\tconst char** common_pts; /* 8 */\n\tu32 common_base; /* 4 */\n\t/* 4 byes padding */\n\n\t/* size: 24, cachelines: 1 */\n\t/* sum members: 14, holes: 1, sum holes: 6 */\n\t/* padding: 4 */\n};\n\nMemory layout after the change:\nstruct av_inherit {\n\tconst char ** common_pts; /* 8 */\n\tu32 common_base; /* 4 */\n\tu16 tclass; /* 2 */\n\t/* 2 bytes padding */\n\n\t/* size: 16, cachelines: 1 */\n\t/* sum members: 14, holes: 0, sum holes: 0 */\n\t/* padding: 2 */\n};\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3685f25de1b0447fff381c420de1e25bd57c9efb", "tree": "90a5d87c0ced1b27f654606d50a9ff13ded6f862", "parents": [ "be859405487324ed548f1ba11dc949b8230ab991" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Fri Oct 31 00:56:49 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Oct 31 00:56:49 2008 -0700" }, "message": "misc: replace NIPQUAD()\n\nUsing NIPQUAD() with NIPQUAD_FMT, %d.%d.%d.%d or %u.%u.%u.%u\ncan be replaced with %pI4\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5b095d98928fdb9e3b75be20a54b7a6cbf6ca9ad", "tree": "b6caa0cdbaac016447a790881ad4a6c5dfce6900", "parents": [ "4b7a4274ca63dadd9c4f17fc953f3a5d19855c4c" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Wed Oct 29 12:52:50 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Oct 29 12:52:50 2008 -0700" }, "message": "net: replace %p6 with %pI6\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1afa67f5e70b4733d5b237df61e6d639af6283bb", "tree": "34912ebf8e13c40e00bc5ab13c365a5556d684ca", "parents": [ "b071195deba14b37ce896c26f20349b46e5f9fd2" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Tue Oct 28 16:06:44 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Oct 28 16:06:44 2008 -0700" }, "message": "misc: replace NIP6_FMT with %p6 format specifier\n\nThe iscsi_ibft.c changes are almost certainly a bugfix as the\npointer \u0027ip\u0027 is a u8 *, so they never print the last 8 bytes\nof the IPv6 address, and the eight bytes they do print have\na zero byte with them in each 16-bit word.\n\nOther than that, this should cause no difference in functionality.\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "d9250dea3f89fe808a525f08888016b495240ed4", "tree": "c4b039ce0b29714e8f4c3bbc6d407adc361cc122", "parents": [ "da31894ed7b654e2e1741e7ac4ef6c15be0dd14b" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Thu Aug 28 16:35:57 2008 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Aug 29 00:33:33 2008 +1000" }, "message": "SELinux: add boundary support and thread context assignment\n\nThe purpose of this patch is to assign per-thread security context\nunder a constraint. It enables multi-threaded server application\nto kick a request handler with its fair security context, and\nhelps some of userspace object managers to handle user\u0027s request.\n\nWhen we assign a per-thread security context, it must not have wider\npermissions than the original one. Because a multi-threaded process\nshares a single local memory, an arbitary per-thread security context\nalso means another thread can easily refer violated information.\n\nThe constraint on a per-thread security context requires a new domain\nhas to be equal or weaker than its original one, when it tries to assign\na per-thread security context.\n\nBounds relationship between two types is a way to ensure a domain can\nnever have wider permission than its bounds. We can define it in two\nexplicit or implicit ways.\n\nThe first way is using new TYPEBOUNDS statement. It enables to define\na boundary of types explicitly. The other one expand the concept of\nexisting named based hierarchy. If we defines a type with \".\" separated\nname like \"httpd_t.php\", toolchain implicitly set its bounds on \"httpd_t\".\n\nThis feature requires a new policy version.\nThe 24th version (POLICYDB_VERSION_BOUNDARY) enables to ship them into\nkernel space, and the following patch enables to handle it.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b556f8ad58c6e9f8f485c8cef7546e3fc82c382a", "tree": "e7a1c5ce313b6dec9727d69b08b5005dc35709a3", "parents": [ "f09ac9db2aafe36fde9ebd63c8c5d776f6e7bd41" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:12:59 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:19:22 2008 -0400" }, "message": "Audit: standardize string audit interfaces\n\nThis patch standardized the string auditing interfaces. No userspace\nchanges will be visible and this is all just cleanup and consistancy\nwork. We have the following string audit interfaces to use:\n\nvoid audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len);\n\nvoid audit_log_n_string(struct audit_buffer *ab, const char *buf, size_t n);\nvoid audit_log_string(struct audit_buffer *ab, const char *buf);\n\nvoid audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string, size_t n);\nvoid audit_log_untrustedstring(struct audit_buffer *ab, const char *string);\n\nThis may be the first step to possibly fixing some of the issues that\npeople have with the string output from the kernel audit system. But we\nstill don\u0027t have an agreed upon solution to that problem.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "618442509128fe4514be94de70ce54075cd9a706", "tree": "9aea814978791abd8c4f9a5c60de879b2811c063", "parents": [ "0f5e64200f20fc8f5b759c4010082f577ab0af3f" ], "author": { "name": "Paul E. McKenney", "email": "paulmck@linux.vnet.ibm.com", "time": "Mon Apr 21 18:12:33 2008 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 22 15:37:23 2008 +1000" }, "message": "SELinux fixups needed for preemptable RCU from -rt\n\nThe attached patch needs to move from -rt to mainline given preemptable RCU.\nThis patch fixes SELinux code that implicitly assumes that disabling\npreemption prevents an RCU grace period from completing, an assumption that\nis valid for Classic RCU, but not necessarily for preemptable RCU. Explicit\nrcu_read_lock() calls are thus added.\n\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Steven Rostedt \u003csrostedt@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "95fff33b8e306a4331024bbd31c0999d5bf48fcf", "tree": "822da169332912a8149a7947388347118d7921bf", "parents": [ "1872981b51dac9d1f5bcae17803bf368f7fa19cd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 17 14:42:10 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:12:02 2008 +1000" }, "message": "SELinux: one little, two little, three little whitespaces, the avc.c saga.\n\navc.c was bad. It had whitespace and syntax issues which are against\nour coding style. I have had a little chat with it and the result of\nthat conversation looked like this patch.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "744ba35e455b0d5cf4f85208a8ca0edcc9976b95", "tree": "1b242324aeba16d07e1a3811df041969c10422a6", "parents": [ "11670889380b144adfa5a91dc184c8f6300c4b28" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 17 11:52:44 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:09:26 2008 +1000" }, "message": "SELinux: clean up printks\n\nMake sure all printk start with KERN_*\nMake sure all printk end with \\n\nMake sure all printk have the word \u0027selinux\u0027 in them\nChange \"function name\" to \"%s\", __func__ (found 2 wrong)\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "64dbf07474d011540ca479a2e87fe998f570d6e3", "tree": "364ae3f3a29f06246dd2097674586fe508c4445f", "parents": [ "0356357c5158c71d4cbf20196b2f784435dd916c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Mar 31 12:17:33 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:11 2008 +1000" }, "message": "selinux: introduce permissive types\n\nIntroduce the concept of a permissive type. A new ebitmap is introduced to\nthe policy database which indicates if a given type has the permissive bit\nset or not. This bit is tested for the scontext of any denial. The bit is\nmeaningless on types which only appear as the target of a decision and never\nthe source. A domain running with a permissive type will be allowed to\nperform any action similarly to when the system is globally set permissive.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "eda4f69ca5a532b425db5a6c2c6bc50717b9b5fe", "tree": "09b74e5637218c64588e523d6d264fae0b9cb771", "parents": [ "f0115e6c8980ea9125a17858291c90ecd990bc1c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Mar 11 14:19:34 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:09 2008 +1000" }, "message": "SELinux: requesting no permissions in avc_has_perm_noaudit is a BUG()\n\nThis patch turns the case where we have a call into avc_has_perm with no\nrequested permissions into a BUG_ON. All callers to this should be in\nthe kernel and thus should be a function we need to fix if we ever hit\nthis. The /selinux/access permission checking it done directly in the\nsecurity server and not through the avc, so those requests which we\ncannot control from userspace should not be able to trigger this BUG_ON.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "44707fdf5938ad269ea5d6c5744d82f6a7328746", "tree": "7eb1704418eb41b859ad24bc48f6400135474d87", "parents": [ "a03a8a709a0c34b61b7aea1d54a0473a6b941fdb" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:38:33 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:17:08 2008 -0800" }, "message": "d_path: Use struct path in struct avc_audit_data\n\naudit_log_d_path() is a d_path() wrapper that is used by the audit code. To\nuse a struct path in audit_log_d_path() I need to embed it into struct\navc_audit_data.\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \"J. Bruce Fields\" \u003cbfields@fieldses.org\u003e\nCc: Neil Brown \u003cneilb@suse.de\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "da5645a28a15aed2e541a814ecf9f7ffcd4c4673", "tree": "8cedccebd0e12308de30573ad593d703943e3cbb", "parents": [ "e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:10 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:22 2008 +1100" }, "message": "SELinux: Only store the network interface\u0027s ifindex\n\nInstead of storing the packet\u0027s network interface name store the ifindex. This\nallows us to defer the need to lookup the net_device structure until the audit\nrecord is generated meaning that in the majority of cases we never need to\nbother with this at all.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "788e7dd4c22e6f41b3a118fd8c291f831f6fddbb", "tree": "cbe2d2a360aaf7dc243bef432e1c50507ae6db7b", "parents": [ "3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9" ], "author": { "name": "Yuichi Nakamura", "email": "ynakam@hitachisoft.jp", "time": "Fri Sep 14 09:27:07 2007 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 17 08:59:31 2007 +1000" }, "message": "SELinux: Improve read/write performance\n\nIt reduces the selinux overhead on read/write by only revalidating\npermissions in selinux_file_permission if the task or inode labels have\nchanged or the policy has changed since the open-time check. A new LSM\nhook, security_dentry_open, is added to capture the necessary state at open\ntime to allow this optimization.\n\n(see http://marc.info/?l\u003dselinux\u0026m\u003d118972995207740\u0026w\u003d2)\n\nSigned-off-by: Yuichi Nakamura\u003cynakam@hitachisoft.jp\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4259fa01a2d2aa3e589b34ba7624080232d9c1ff", "tree": "3aa83d784c4db22f3b62e4d963757497555c5e5c", "parents": [ "74f2345b6be1410f824cb7dd638d2c10a9709379" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jun 07 11:13:31 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 09:57:02 2007 -0400" }, "message": "[PATCH] get rid of AVC_PATH postponed treatment\n\n Selinux folks had been complaining about the lack of AVC_PATH\nrecords when audit is disabled. I must admit my stupidity - I assumed\nthat avc_audit() really couldn\u0027t use audit_log_d_path() because of\ndeadlocks (\u003d\u003d could be called with dcache_lock or vfsmount_lock held).\nShouldn\u0027t have made that assumption - it never gets called that way.\nIt _is_ called under spinlocks, but not those.\n\n Since audit_log_d_path() uses ab-\u003egfp_mask for allocations,\nkmalloc() in there is not a problem. IOW, the simple fix is sufficient:\nlet\u0027s rip AUDIT_AVC_PATH out and simply generate pathname as part of main\nrecord. It\u0027s trivial to do.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "20c2df83d25c6a95affe6157a4c9cac4cf5ffaac", "tree": "415c4453d2b17a50abe7a3e515177e1fa337bd67", "parents": [ "64fb98fc40738ae1a98bcea9ca3145b89fb71524" ], "author": { "name": "Paul Mundt", "email": "lethal@linux-sh.org", "time": "Fri Jul 20 10:11:58 2007 +0900" }, "committer": { "name": "Paul Mundt", "email": "lethal@linux-sh.org", "time": "Fri Jul 20 10:11:58 2007 +0900" }, "message": "mm: Remove slab destructors from kmem_cache_create().\n\nSlab destructors were no longer supported after Christoph\u0027s\nc59def9f222d44bb7e2f0a559f2906191a0862d7 change. They\u0027ve been\nBUGs for both slab and slub, and slob never supported them\neither.\n\nThis rips out support for the dtor pointer from kmem_cache_create()\ncompletely and fixes up every single callsite in the kernel (there were\nabout 224, not including the slab allocator definitions themselves,\nor the documentation references).\n\nSigned-off-by: Paul Mundt \u003clethal@linux-sh.org\u003e\n" }, { "commit": "13bddc2e9d591e31bf20020dc19ea6ca85de420e", "tree": "b813a0a060439c4cfb84c93dc14307179465829b", "parents": [ "2c3c05dbcbc7b9d71549fe0e2b249f10f5a66518" ], "author": { "name": "Tobias Oed", "email": "tobias.oed@octant-fr.com", "time": "Mon Jun 11 08:56:31 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:27 2007 -0400" }, "message": "SELinux: Use %lu for inode-\u003ei_no when printing avc\n\nInode numbers are unsigned long and so need to %lu as format string of printf.\n\nSigned-off-by: Tobias Oed \u003ctobias.oed@octant-fr.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2c3c05dbcbc7b9d71549fe0e2b249f10f5a66518", "tree": "bab75df9fafc435f3370a6d773d3284716347249", "parents": [ "9dc9978084ea2a96b9f42752753d9e38a9f9d7b2" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jun 07 15:34:10 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:25 2007 -0400" }, "message": "SELinux: allow preemption between transition permission checks\n\nIn security_get_user_sids, move the transition permission checks\noutside of the section holding the policy rdlock, and use the AVC to\nperform the checks, calling cond_resched after each one. These\nchanges should allow preemption between the individual checks and\nenable caching of the results. It may however increase the overall\ntime spent in the function in some cases, particularly in the cache\nmiss case.\n\nThe long term fix will be to take much of this logic to userspace by\nexporting additional state via selinuxfs, and ultimately deprecating\nand eliminating this interface from the kernel.\n\nTested-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a764ae4b0781fac75f9657bc737c37ae59888389", "tree": "eaff75fefa79a5db1713bf37d465ecc6dfbb2be4", "parents": [ "4f6a993f96a256e83b9be7612f958c7bc4ca9f00" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Mar 26 13:36:26 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:35:58 2007 -0400" }, "message": "selinux: remove userland security class and permission definitions\n\nRemove userland security class and permission definitions from the kernel\nas the kernel only needs to use and validate its own class and permission\ndefinitions and userland definitions may change.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c376222960ae91d5ffb9197ee36771aaed1d9f90", "tree": "7f431c42529fec77433d33490bd9f2a8c47ba091", "parents": [ "1b135431abf5ea92e61bf4e91d93726c7b96da5f" ], "author": { "name": "Robert P. J. Day", "email": "rpjday@mindspring.com", "time": "Sat Feb 10 01:45:03 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sun Feb 11 10:51:27 2007 -0800" }, "message": "[PATCH] Transform kmem_cache_alloc()+memset(0) -\u003e kmem_cache_zalloc().\n\nReplace appropriate pairs of \"kmem_cache_alloc()\" + \"memset(0)\" with the\ncorresponding \"kmem_cache_zalloc()\" call.\n\nSigned-off-by: Robert P. J. Day \u003crpjday@mindspring.com\u003e\nCc: \"Luck, Tony\" \u003ctony.luck@intel.com\u003e\nCc: Andi Kleen \u003cak@muc.de\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: James Bottomley \u003cJames.Bottomley@steeleye.com\u003e\nCc: Greg KH \u003cgreg@kroah.com\u003e\nAcked-by: Joel Becker \u003cJoel.Becker@oracle.com\u003e\nCc: Steven Whitehouse \u003cswhiteho@redhat.com\u003e\nCc: Jan Kara \u003cjack@ucw.cz\u003e\nCc: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e18b890bb0881bbab6f4f1a6cd20d9c60d66b003", "tree": "4828be07e1c24781c264b42c5a75bcd968223c3f", "parents": [ "441e143e95f5aa1e04026cb0aa71c801ba53982f" ], "author": { "name": "Christoph Lameter", "email": "clameter@sgi.com", "time": "Wed Dec 06 20:33:20 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:25 2006 -0800" }, "message": "[PATCH] slab: remove kmem_cache_t\n\nReplace all uses of kmem_cache_t with struct kmem_cache.\n\nThe patch was generated using the following script:\n\n\t#!/bin/sh\n\t#\n\t# Replace one string by another in all the kernel sources.\n\t#\n\n\tset -e\n\n\tfor file in `find * -name \"*.c\" -o -name \"*.h\"|xargs grep -l $1`; do\n\t\tquilt add $file\n\t\tsed -e \"1,\\$s/$1/$2/g\" $file \u003e/tmp/$$\n\t\tmv /tmp/$$ $file\n\t\tquilt refresh\n\tdone\n\nThe script was run like this\n\n\tsh replace kmem_cache_t \"struct kmem_cache\"\n\nSigned-off-by: Christoph Lameter \u003cclameter@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "54e6ecb23951b195d02433a741c7f7cb0b796c78", "tree": "c8885c49f37c8d383945b8af69d51597494ed62c", "parents": [ "f7267c0c0721fd02ad3dc37c3d6dd24ccd81d4d6" ], "author": { "name": "Christoph Lameter", "email": "clameter@sgi.com", "time": "Wed Dec 06 20:33:16 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:24 2006 -0800" }, "message": "[PATCH] slab: remove SLAB_ATOMIC\n\nSLAB_ATOMIC is an alias of GFP_ATOMIC\n\nSigned-off-by: Christoph Lameter \u003cclameter@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "87fcd70d983d30eca4b933fff2e97d9a31743d0a", "tree": "2c79943f7691f80123af0145a8909f14011b0761", "parents": [ "91f433cacc9d1ae95ae46ce26d7bcf3a724c72d0" ], "author": { "name": "Al Viro", "email": "viro@hera.kernel.org", "time": "Mon Dec 04 22:00:55 2006 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Mon Dec 04 19:32:44 2006 -0800" }, "message": "[PATCH] selinux endianness annotations\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "5c45899879e8caadb78f04c9c639f4c2025b9f00", "tree": "ee47228ccb816e523ac1051cfe41927059bc5ef9", "parents": [ "5a64d4438ed1e759ccd30d9e90842bf360f19298" ], "author": { "name": "Chad Sellers", "email": "csellers@tresys.com", "time": "Mon Nov 06 12:38:16 2006 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 28 12:04:36 2006 -0500" }, "message": "SELinux: export object class and permission definitions\n\nMoves the definition of the 3 structs containing object class and\npermission definitions from avc.c to avc_ss.h so that the security\nserver can access them for validation on policy load. This also adds\na new struct type, defined_classes_perms_t, suitable for allowing the\nsecurity server to access these data structures from the avc.\n\nSigned-off-by: Chad Sellers \u003ccsellers@tresys.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "376bd9cb357ec945ac893feaeb63af7370a6e70b", "tree": "7e2848792982dfe30e19a600a41fa5cb49ee6e6e", "parents": [ "97e94c453073a2aba4bb5e0825ddc5e923debf11" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@trustedcs.com", "time": "Fri Feb 24 15:44:05 2006 -0600" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:06:24 2006 -0400" }, "message": "[PATCH] support for context based audit filtering\n\nThe following patch provides selinux interfaces that will allow the audit\nsystem to perform filtering based on the process context (user, role, type,\nsensitivity, and clearance). These interfaces will allow the selinux\nmodule to perform efficient matches based on lower level selinux constructs,\nrather than relying on context retrievals and string comparisons within\nthe audit module. It also allows for dominance checks on the mls portion\nof the contexts that are impossible with only string comparisons.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "99f6d61bda82d09b2d94414d413d39f66a0b7da2", "tree": "7e204d1b3ffa642889905aa3a86c84d98e0c0af9", "parents": [ "46cd2f32baf181b74b16cceb123bab6fe1f61f85" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Tue Feb 07 12:58:51 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Feb 07 16:12:33 2006 -0800" }, "message": "[PATCH] selinux: require AUDIT\n\nMake SELinux depend on AUDIT as it requires the basic audit support to log\npermission denials at all. Note that AUDITSYSCALL remains optional for\nSELinux, although it can be useful in providing further information upon\ndenials.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "46b86a2da0fd14bd49765330df63a62279833acb", "tree": "069b4741a970db9b03772a870b4d63398b1f56e0", "parents": [ "23b0ca5bf52cef0ab0f0fe247cb91cbef836e7eb" ], "author": { "name": "Joe Perches", "email": "joe@perches.com", "time": "Fri Jan 13 14:29:07 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Jan 13 14:29:07 2006 -0800" }, "message": "[NET]: Use NIP6_FMT in kernel.h\n\nThere are errors and inconsistency in the display of NIP6 strings.\n\tie: net/ipv6/ip6_flowlabel.c\n\nThere are errors and inconsistency in the display of NIPQUAD strings too.\n\tie: net/netfilter/nf_conntrack_ftp.c\n\nThis patch:\n\tadds NIP6_FMT to kernel.h\n\tchanges all code to use NIP6_FMT\n\tfixes net/ipv6/ip6_flowlabel.c\n\tadds NIPQUAD_FMT to kernel.h\n\tfixes net/netfilter/nf_conntrack_ftp.c\n\tchanges a few uses of \"%u.%u.%u.%u\" to NIPQUAD_FMT for symmetry to NIP6_FMT\n\nSigned-off-by: Joe Perches \u003cjoe@perches.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5d54e69c68c05b162a56f9914cae72afd7e6f40a", "tree": "c5933858c4861bc3e358559f64ef459a1f56ab75", "parents": [ "63f3d1df1ad276a30b75339dd682a6e1f9d0c181", "b6ddc518520887a62728b0414efbf802a9dfdd55" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 09:47:30 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 09:47:30 2005 -0700" }, "message": "Merge master.kernel.org:/pub/scm/linux/kernel/git/dwmw2/audit-2.6 \n" }, { "commit": "b5bf6c55edf94e9c7fc01724d5b271f78eaf1d3f", "tree": "0f2be4478fa5886f467fce8b4a8d56b5e8dbed46", "parents": [ "782ebb992ec20b5afdd5786ee8c2f1b58b631f24" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Sat Sep 03 15:55:17 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@evo.osdl.org", "time": "Mon Sep 05 00:05:51 2005 -0700" }, "message": "[PATCH] selinux: endian notations\n\nThis patch adds endian notations to the SELinux code.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9ad9ad385be27fcc7c16d290d972c6173e780a61", "tree": "bbca700c2d88ba421a6c9c348de367eaf4de0e2c", "parents": [ "177bbc733a1d9c935bc3d6efd776a6699b29b1ca" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 15:04:33 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 15:04:33 2005 +0100" }, "message": "AUDIT: Wait for backlog to clear when generating messages.\n\nAdd a gfp_mask to audit_log_start() and audit_log(), to reduce the\namount of GFP_ATOMIC allocation -- most of it doesn\u0027t need to be \nGFP_ATOMIC. Also if the mask includes __GFP_WAIT, then wait up to\n60 seconds for the auditd backlog to clear instead of immediately \nabandoning the message. \n\nThe timeout should probably be made configurable, but for now it\u0027ll \nsuffice that it only happens if auditd is actually running.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "37ca5389b863e5ffba6fb7c22331bf57dbf7764a", "tree": "4869477a27fbd8ad91b0ce42f0b2e4b6817e5105", "parents": [ "99e45eeac867d51ff3395dcf3d7aedf5ac2812c8" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Tue May 24 21:28:28 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Tue May 24 21:28:28 2005 +0100" }, "message": "AUDIT: Fix remaining cases of direct logging of untrusted strings by avc_audit\n\nPer Steve Grubb\u0027s observation that there are some remaining cases where\navc_audit() directly logs untrusted strings without escaping them, here\nis a patch that changes avc_audit() to use audit_log_untrustedstring()\nor audit_log_hex() as appropriate. Note that d_name.name is nul-\nterminated by d_alloc(), and that sun_path is nul-terminated by\nunix_mkname(), so it is not necessary for the AVC to create nul-\nterminated copies or to alter audit_log_untrustedstring to take a length\nargument. In the case of an abstract name, we use audit_log_hex() with\nan explicit length.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "7b5d781ce1f19fb7382d3d3fb7af48e429bed12d", "tree": "8ab8eef2e8c3629c46d29ffb9c618d87c5e1a02c", "parents": [ "326e9c8ba6a149f47e020719b23b24a14ba740d6" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat May 21 16:52:57 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat May 21 16:52:57 2005 +0100" }, "message": "Fix oops due to thinko in avc_audit()\n\nWhen I added the logging of pid\u003d and comm\u003d back to avc_audit() I \nscrewed it up. Put it back how it should be.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "011161051bbc25f7f8b7df059dbd934c534443f0", "tree": "f1ca3727e4130cacad86dfdae65e7533fcb67784", "parents": [ "fb19b4c6aa024837a0071f07baa07dbf49d07151" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sat May 21 00:15:52 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat May 21 00:15:52 2005 +0100" }, "message": "AUDIT: Avoid sleeping function in SElinux AVC audit.\n\nThis patch changes the SELinux AVC to defer logging of paths to the audit\nframework upon syscall exit, by saving a reference to the (dentry,vfsmount)\npair in an auxiliary audit item on the current audit context for processing\nby audit_log_exit.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "cd77b8212d5473b800ac865364981d334ff564ea", "tree": "334f44b05fc02039d67de5f9bfc26765e754b727", "parents": [ "b7d1125817c9a46cc46f57db89d9c195e7af22f8" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Thu May 19 11:18:24 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Thu May 19 11:18:24 2005 +0100" }, "message": "Restore logging of pid\u003d and comm\u003d in AVC audit messages\n\nWe turned this all off because the \u0027exe\u003d\u0027 was causing deadlocks on\ndcache_lock. There\u0027s no need to leave the pid and comm out though. \nThey\u0027ll all be logged correctly if full auditing is enabled, but we\nshould still print them in case auditing _isn\u0027t_ enabled.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "c04049939f88b29e235d2da217bce6e8ead44f32", "tree": "9bf3ab72b9939c529e7c96f8768bc8b7e1d768c9", "parents": [ "9ea74f0655412d0fbd12bf9adb6c14c8fe707a42" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Fri May 13 18:17:42 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Fri May 13 18:17:42 2005 +0100" }, "message": "AUDIT: Add message types to audit records\n\nThis patch adds more messages types to the audit subsystem so that audit \nanalysis is quicker, intuitive, and more useful.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\n---\nI forgot one type in the big patch. I need to add one for user space \noriginating SE Linux avc messages. This is used by dbus and nscd.\n\n-Steve\n---\nUpdated to 2.6.12-rc4-mm1.\n-dwmw2\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "c1b773d87eadc3972d697444127e89a7291769a2", "tree": "edfce2e842c3b6be70f3b90584507aab9fb3de8f", "parents": [ "197c69c6afd2deb7eec44040ff533d90d26c6161" ], "author": { "name": "Chris Wright", "email": "chrisw@osdl.org", "time": "Wed May 11 10:55:10 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed May 11 10:55:10 2005 +0100" }, "message": "Add audit_log_type\n\nAdd audit_log_type to allow callers to specify type and pid when logging.\nConvert audit_log to wrapper around audit_log_type. Could have\nconverted all audit_log callers directly, but common case is default\nof type AUDIT_KERNEL and pid 0. Update audit_log_start to take type\nand pid values when creating a new audit_buffer. Move sequences that\ndid audit_log_start, audit_log_format, audit_set_type, audit_log_end,\nto simply call audit_log_type directly. This obsoletes audit_set_type\nand audit_set_pid, so remove them.\n\nSigned-off-by: Chris Wright \u003cchrisw@osdl.org\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "219f0817038cabc722968e914490adf6b686499e", "tree": "13b64537abe906645ee22843e146e21958236219", "parents": [ "865108d13801d39ec038bdc82b5bec5e1eaffa9d" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Apr 18 10:47:35 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Mon Apr 18 10:47:35 2005 -0700" }, "message": "[PATCH] SELinux: fix deadlock on dcache lock\n\nThis fixes a deadlock on the dcache lock detected during testing at IBM\nby moving the logging of the current executable information from the\nSELinux avc_audit function to audit_log_exit (via an audit_log_task_info\nhelper) for processing upon syscall exit. \n\nFor consistency, the patch also removes the logging of other\ntask-related information from avc_audit, deferring handling to\naudit_log_exit instead. \n\nThis allows simplification of the avc_audit code, allows the exe\ninformation to be obtained more reliably, always includes the comm\ninformation (useful for scripts), and avoids including bogus task\ninformation for checks performed from irq or softirq. \n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d", "parents": [], "author": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n" } ] }