)]}' { "log": [ { "commit": "c49c41a4134679cecb77362e7f6b59acb6320aa7", "tree": "45e690c036ca5846a48c8be67945d1d841b2d96d", "parents": [ "892d208bcf79e4e1058707786a7b6d486697cd78", "f423e5ba76e7e4a6fcb4836b4f072d1fdebba8b5" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security:\n capabilities: remove __cap_full_set definition\n security: remove the security_netlink_recv hook as it is equivalent to capable()\n ptrace: do not audit capability check when outputing /proc/pid/stat\n capabilities: remove task_ns_* functions\n capabitlies: ns_capable can use the cap helpers rather than lsm call\n capabilities: style only - move capable below ns_capable\n capabilites: introduce new has_ns_capabilities_noaudit\n capabilities: call has_ns_capability from has_capability\n capabilities: remove all _real_ interfaces\n capabilities: introduce security_capable_noaudit\n capabilities: reverse arguments to security_capable\n capabilities: remove the task from capable LSM hook entirely\n selinux: sparse fix: fix several warnings in the security server cod\n selinux: sparse fix: fix warnings in netlink code\n selinux: sparse fix: eliminate warnings for selinuxfs\n selinux: sparse fix: declare selinux_disable() in security.h\n selinux: sparse fix: move selinux_complete_init\n selinux: sparse fix: make selinux_secmark_refcount static\n SELinux: Fix RCU deref check warning in sel_netport_insert()\n\nManually fix up a semantic mis-merge wrt security_netlink_recv():\n\n - the interface was removed in commit fd7784615248 (\"security: remove\n the security_netlink_recv hook as it is equivalent to capable()\")\n\n - a new user of it appeared in commit a38f7907b926 (\"crypto: Add\n userspace configuration API\")\n\ncausing no automatic merge conflict, but Eric Paris pointed out the\nissue.\n" }, { "commit": "90ab5ee94171b3e28de6bb42ee30b527014e0be7", "tree": "fcf89889f6e881f2b231d3d20287c08174ce4b54", "parents": [ "476bc0015bf09dad39d36a8b19f76f0c181d1ec9" ], "author": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Jan 13 09:32:20 2012 +1030" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Jan 13 09:32:20 2012 +1030" }, "message": "module_param: make bool parameters really bool (drivers \u0026 misc)\n\nmodule_param(bool) used to counter-intuitively take an int. In\nfddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy\ntrick.\n\nIt\u0027s time to remove the int/unsigned int option. For this version\nit\u0027ll simply give a warning, but it\u0027ll break next kernel version.\n\nAcked-by: Mauro Carvalho Chehab \u003cmchehab@redhat.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "e7691a1ce341c80ed9504244a36b31c025217391", "tree": "e9941bb350f64a726130e299c411821da6f41a53", "parents": [ "5cd9599bba428762025db6027764f1c59d0b1e1b", "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 10 21:51:23 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 10 21:51:23 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security: (32 commits)\n ima: fix invalid memory reference\n ima: free duplicate measurement memory\n security: update security_file_mmap() docs\n selinux: Casting (void *) value returned by kmalloc is useless\n apparmor: fix module parameter handling\n Security: tomoyo: add .gitignore file\n tomoyo: add missing rcu_dereference()\n apparmor: add missing rcu_dereference()\n evm: prevent racing during tfm allocation\n evm: key must be set once during initialization\n mpi/mpi-mpow: NULL dereference on allocation failure\n digsig: build dependency fix\n KEYS: Give key types their own lockdep class for key-\u003esem\n TPM: fix transmit_cmd error logic\n TPM: NSC and TIS drivers X86 dependency fix\n TPM: Export wait_for_stat for other vendor specific drivers\n TPM: Use vendor specific function for status probe\n tpm_tis: add delay after aborting command\n tpm_tis: Check return code from getting timeouts/durations\n tpm: Introduce function to poll for result of self test\n ...\n\nFix up trivial conflict in lib/Makefile due to addition of CONFIG_MPI\nand SIGSIG next to CONFIG_DQL addition.\n" }, { "commit": "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8", "tree": "a118eaef15d4ba22247f45ee01537ecc906cd161", "parents": [ "805a6af8dba5dfdd35ec35dc52ec0122400b2610", "7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n\nConflicts:\n\tsecurity/integrity/evm/evm_crypto.c\n\nResolved upstream fix vs. next conflict manually.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cdcf116d44e78c7216ba9f8be9af1cdfca7af728", "tree": "2417cfd3e06ac5e2468585e8f00d580242cb5571", "parents": [ "d8c9584ea2a92879f471fd3a2be3af6c534fb035" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Dec 08 10:51:53 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:16:53 2012 -0500" }, "message": "switch security_path_chmod() to struct path *\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "6a9de49115d5ff9871d953af1a5c8249e1585731", "tree": "eee3700ccc2ce26c566bfe99129e646fac9f983e", "parents": [ "2653812e14f4e16688ec8247d7fd290bdbbc4747" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:14 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:53 2012 -0500" }, "message": "capabilities: remove the task from capable LSM hook entirely\n\nThe capabilities framework is based around credentials, not necessarily the\ncurrent task. Yet we still passed the current task down into LSMs from the\nsecurity_capable() LSM hook as if it was a meaningful portion of the security\ndecision. This patch removes the \u0027generic\u0027 passing of current and instead\nforces individual LSMs to use current explicitly if they think it is\nappropriate. In our case those LSMs are SELinux and AppArmor.\n\nI believe the AppArmor use of current is incorrect, but that is wholely\nunrelated to this patch. This patch does not change what AppArmor does, it\njust makes it clear in the AppArmor code that it is doing it.\n\nThe SELinux code still uses current in it\u0027s audit message, which may also be\nwrong and needs further investigation. Again this is NOT a change, it may\nhave always been wrong, this patch just makes it clear what is happening.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "04fc66e789a896e684bfdca30208e57eb832dd96", "tree": "37c26bff07e48c8c25d147850b7906d0d1c79a81", "parents": [ "4572befe248fd0d94aedc98775e3f0ddc8a26651" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Nov 21 14:58:38 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:19 2012 -0500" }, "message": "switch -\u003epath_mknod() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4572befe248fd0d94aedc98775e3f0ddc8a26651", "tree": "2f4c4dabaebadb2790c8266a0434c7030c5f7cc0", "parents": [ "d179333f37d33533f4c77118f757b9e7835ccb7c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Nov 21 14:56:21 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:18 2012 -0500" }, "message": "switch -\u003epath_mkdir() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "52ef0c042bf06f6aef382fade175075627beebc1", "tree": "a1256aebfd835da4cb29a80f391112fea82bf38e", "parents": [ "910f4ecef3f67714ebff69d0bc34313e48afaed2" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 04:30:04 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:13 2012 -0500" }, "message": "switch securityfs_create_file() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "910f4ecef3f67714ebff69d0bc34313e48afaed2", "tree": "348fe3b5d8789a4c019a700da5501a4756f988de", "parents": [ "49f0a0767211d3076974e59a26f36b567cbe8621" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 04:25:58 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:13 2012 -0500" }, "message": "switch security_path_chmod() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e407699ef56ed948739dd57a5578ba8cb5bd81b2", "tree": "830069801b88d2b7957c6bb0baf012e9637ec4fd", "parents": [ "c5dc332eb93881fc8234d652f6e91a2825b06503" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Nov 24 20:14:54 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:52:38 2012 -0500" }, "message": "btrfs, nfs, apparmor: don\u0027t pull mnt_namespace.h for no reason...\n\nit\u0027s not needed anymore; we used to, back when we had to do\nmount_subtree() by hand, complete with put_mnt_ns() in it.\nNo more... Apparmor didn\u0027t need it since the __d_path() fix.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b8aa09fd880eb4c2881b9f3c8a8d09c0404cd4eb", "tree": "7a748b15df00f1338a0fba89455f202a58f53dbf", "parents": [ "735e93c70434614bffac4a914ca1da72e37d43c0" ], "author": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Thu Dec 15 13:41:32 2011 +1030" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Dec 16 12:45:24 2011 +1100" }, "message": "apparmor: fix module parameter handling\n\nThe \u0027aabool\u0027 wrappers actually pass off to the \u0027bool\u0027 parse functions,\nso you should use the same check function. Similarly for aauint and\nuint.\n\n(Note that \u0027bool\u0027 module parameters also allow \u0027int\u0027, which is why you\ngot away with this, but that\u0027s changing very soon.)\n\nCc: linux-security-module@vger.kernel.org\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2053c4727c5a891bf182397e425b6cb87b2ae613", "tree": "531090ac23e90b4aa64416a62c4625ffffec181f", "parents": [ "143b01d33221e4937d3930e6bb2b63d70b7c7a65" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Thu Dec 08 16:25:48 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Dec 09 12:08:41 2011 +1100" }, "message": "apparmor: add missing rcu_dereference()\n\nAdds a missed rcu_dereference() around real_parent.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "02125a826459a6ad142f8d91c5b6357562f96615", "tree": "8c9d9860aef93917d9b8cc6d471fe68b58ce7a9d", "parents": [ "5611cc4572e889b62a7b4c72a413536bf6a9c416" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Dec 05 08:43:34 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 06 23:57:18 2011 -0500" }, "message": "fix apparmor dereferencing potentially freed dentry, sanitize __d_path() API\n\n__d_path() API is asking for trouble and in case of apparmor d_namespace_path()\ngetting just that. The root cause is that when __d_path() misses the root\nit had been told to look for, it stores the location of the most remote ancestor\nin *root. Without grabbing references. Sure, at the moment of call it had\nbeen pinned down by what we have in *path. And if we raced with umount -l, we\ncould have very well stopped at vfsmount/dentry that got freed as soon as\nprepend_path() dropped vfsmount_lock.\n\nIt is safe to compare these pointers with pre-existing (and known to be still\nalive) vfsmount and dentry, as long as all we are asking is \"is it the same\naddress?\". Dereferencing is not safe and apparmor ended up stepping into\nthat. d_namespace_path() really wants to examine the place where we stopped,\neven if it\u0027s not connected to our namespace. As the result, it looked\nat -\u003ed_sb-\u003es_magic of a dentry that might\u0027ve been already freed by that point.\nAll other callers had been careful enough to avoid that, but it\u0027s really\na bad interface - it invites that kind of trouble.\n\nThe fix is fairly straightforward, even though it\u0027s bigger than I\u0027d like:\n\t* prepend_path() root argument becomes const.\n\t* __d_path() is never called with NULL/NULL root. It was a kludge\nto start with. Instead, we have an explicit function - d_absolute_root().\nSame as __d_path(), except that it doesn\u0027t get root passed and stops where\nit stops. apparmor and tomoyo are using it.\n\t* __d_path() returns NULL on path outside of root. The main\ncaller is show_mountinfo() and that\u0027s precisely what we pass root for - to\nskip those outside chroot jail. Those who don\u0027t want that can (and do)\nuse d_path().\n\t* __d_path() root argument becomes const. Everyone agrees, I hope.\n\t* apparmor does *NOT* try to use __d_path() or any of its variants\nwhen it sees that path-\u003emnt is an internal vfsmount. In that case it\u0027s\ndefinitely not mounted anywhere and dentry_path() is exactly what we want\nthere. Handling of sysctl()-triggered weirdness is moved to that place.\n\t* if apparmor is asked to do pathname relative to chroot jail\nand __d_path() tells it we it\u0027s not in that jail, the sucker just calls\nd_absolute_path() instead. That\u0027s the other remaining caller of __d_path(),\nBTW.\n * seq_path_root() does _NOT_ return -ENAMETOOLONG (it\u0027s stupid anyway -\nthe normal seq_file logics will take care of growing the buffer and redoing\nthe call of -\u003eshow() just fine). However, if it gets path not reachable\nfrom root, it returns SEQ_SKIP. The only caller adjusted (i.e. stopped\nignoring the return value as it used to do).\n\nReviewed-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nACKed-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: stable@vger.kernel.org\n" }, { "commit": "cc7db09952faefc86187c67c4adf5cbdb6fe2c1b", "tree": "1a3f81bb166b480fc505fe9af3a9b92cf613df04", "parents": [ "7ee95850bab6468f8213f36a84e872418d2faa00" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 29 11:45:44 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:29 2011 -0700" }, "message": "apparmor: sparse fix: include procattr.h in procattr.c\n\nFix sparse warnings:\nsecurity/apparmor/procattr.c:35:5: warning: symbol \u0027aa_getprocattr\u0027 was not declared. Should it be static?\nsecurity/apparmor/procattr.c:113:5: warning: symbol \u0027aa_setprocattr_changehat\u0027 was not declared. Should it be static?\nsecurity/apparmor/procattr.c:158:5: warning: symbol \u0027aa_setprocattr_changeprofile\u0027 was not declared. Should it be static?\nsecurity/apparmor/procattr.c:166:5: warning: symbol \u0027aa_setprocattr_permipc\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "7ee95850bab6468f8213f36a84e872418d2faa00", "tree": "d8502d9362912b1da4afa68156a9ad29c7787323", "parents": [ "32c3df631bc018109136a8f4f941ad591e76a0aa" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 29 11:43:02 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:28 2011 -0700" }, "message": "apparmor: sparse fix: rename shadowed variables in policy_unpack.c\n\nFix the following warnings:\n\nsecurity/apparmor/policy_unpack.c:384:35: warning: symbol \u0027size\u0027 shadows an earlier one\nsecurity/apparmor/policy_unpack.c:370:24: originally declared here\nsecurity/apparmor/policy_unpack.c:443:29: warning: symbol \u0027tmp\u0027 shadows an earlier one\nsecurity/apparmor/policy_unpack.c:434:21: originally declared here\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "32c3df631bc018109136a8f4f941ad591e76a0aa", "tree": "60768d4a7ba8278f01873f36b1787b35fcf188f1", "parents": [ "33f8bf588070e84bb29c3a726758dbb5791fc95e" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 29 11:15:25 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:28 2011 -0700" }, "message": "apparmor: sparse fix: add apparmor.h to lib.c\n\nFix the following sparse warnings:\nsecurity/apparmor/lib.c:37:6: warning: symbol \u0027aa_split_fqname\u0027 was not declared. Should it be static?\nsecurity/apparmor/lib.c:63:6: warning: symbol \u0027aa_info_message\u0027 was not declared. Should it be static?\nsecurity/apparmor/lib.c:83:6: warning: symbol \u0027kvmalloc\u0027 was not declared. Should it be static?\nsecurity/apparmor/lib.c:123:6: warning: symbol \u0027kvfree\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "33f8bf588070e84bb29c3a726758dbb5791fc95e", "tree": "569f68e7c8928a9845df47777017db6bf7534f34", "parents": [ "58982b74832917405a483a22beede729e3175376" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 29 10:40:54 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:27 2011 -0700" }, "message": "apparmor: sparse fix: include ipc.h\n\nInclude ipc.h to eliminate sparse warnings.\n\nsecurity/apparmor/ipc.c:61:5: warning: symbol \u0027aa_may_ptrace\u0027 was not declared. Should it be static?\nsecurity/apparmor/ipc.c:83:5: warning: symbol \u0027aa_ptrace\u0027 was not declared. Should it be static\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "3417d8d5d4d584bd73e2f6265f7a06b51e4a70a1", "tree": "21a68483935288933c61e6d9271dc695ec967371", "parents": [ "4892722e06694fda1928bac4aa5af5505bd26a4c" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 11:05:21 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:25 2011 -0700" }, "message": "apparmor: sparse fix: make aa_create_aafs static\n\nSparse fix: make aa_create_aafs static.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "95b6886526bb510b8370b625a49bc0ab3b8ff10f", "tree": "2862606224820d200be12d2092dcd26df1654b80", "parents": [ "22712200e175e0df5c7f9edfe6c6bf5c94c23b83", "29412f0f6a19e34336368f13eab848091c343952" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jul 27 19:26:38 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jul 27 19:26:38 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (54 commits)\n tpm_nsc: Fix bug when loading multiple TPM drivers\n tpm: Move tpm_tis_reenable_interrupts out of CONFIG_PNP block\n tpm: Fix compilation warning when CONFIG_PNP is not defined\n TOMOYO: Update kernel-doc.\n tpm: Fix a typo\n tpm_tis: Probing function for Intel iTPM bug\n tpm_tis: Fix the probing for interrupts\n tpm_tis: Delay ACPI S3 suspend while the TPM is busy\n tpm_tis: Re-enable interrupts upon (S3) resume\n tpm: Fix display of data in pubek sysfs entry\n tpm_tis: Add timeouts sysfs entry\n tpm: Adjust interface timeouts if they are too small\n tpm: Use interface timeouts returned from the TPM\n tpm_tis: Introduce durations sysfs entry\n tpm: Adjust the durations if they are too small\n tpm: Use durations returned from TPM\n TOMOYO: Enable conditional ACL.\n TOMOYO: Allow using argv[]/envp[] of execve() as conditions.\n TOMOYO: Allow using executable\u0027s realpath and symlink\u0027s target as conditions.\n TOMOYO: Allow using owner/group etc. of file objects as conditions.\n ...\n\nFix up trivial conflict in security/tomoyo/realpath.c\n" }, { "commit": "8209f53d79444747782a28520187abaf689761f2", "tree": "726270ea29e037f026d77a99787b9d844531ac42", "parents": [ "22a3b9771117d566def0150ea787fcc95f16e724", "eac1b5e57d7abc836e78fd3fbcf77dbeed01edc9" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 22 15:06:50 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 22 15:06:50 2011 -0700" }, "message": "Merge branch \u0027ptrace\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/oleg/misc\n\n* \u0027ptrace\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/oleg/misc: (39 commits)\n ptrace: do_wait(traced_leader_killed_by_mt_exec) can block forever\n ptrace: fix ptrace_signal() \u0026\u0026 STOP_DEQUEUED interaction\n connector: add an event for monitoring process tracers\n ptrace: dont send SIGSTOP on auto-attach if PT_SEIZED\n ptrace: mv send-SIGSTOP from do_fork() to ptrace_init_task()\n ptrace_init_task: initialize child-\u003ejobctl explicitly\n has_stopped_jobs: s/task_is_stopped/SIGNAL_STOP_STOPPED/\n ptrace: make former thread ID available via PTRACE_GETEVENTMSG after PTRACE_EVENT_EXEC stop\n ptrace: wait_consider_task: s/same_thread_group/ptrace_reparented/\n ptrace: kill real_parent_is_ptracer() in in favor of ptrace_reparented()\n ptrace: ptrace_reparented() should check same_thread_group()\n redefine thread_group_leader() as exit_signal \u003e\u003d 0\n do not change dead_task-\u003eexit_signal\n kill task_detached()\n reparent_leader: check EXIT_DEAD instead of task_detached()\n make do_notify_parent() __must_check, update the callers\n __ptrace_detach: avoid task_detached(), check do_notify_parent()\n kill tracehook_notify_death()\n make do_notify_parent() return bool\n ptrace: s/tracehook_tracer_task()/ptrace_parent()/\n ...\n" }, { "commit": "25e75dff519bcce2cb35023105e7df51d7b9e691", "tree": "14cb61f6510af1440782fc5f3a81e37aad0c4be5", "parents": [ "04fdc099f9c80c7775dbac388fc97e156d4d47e7" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Sat Jun 25 16:57:07 2011 +0100" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Jun 29 02:04:44 2011 +0100" }, "message": "AppArmor: Fix masking of capabilities in complain mode\n\nAppArmor is masking the capabilities returned by capget against the\ncapabilities mask in the profile. This is wrong, in complain mode the\nprofile has effectively all capabilities, as the profile restrictions are\nnot being enforced, merely tested against to determine if an access is\nknown by the profile.\n\nThis can result in the wrong behavior of security conscience applications\nlike sshd which examine their capability set, and change their behavior\naccordingly. In this case because of the masked capability set being\nreturned sshd fails due to DAC checks, even when the profile is in complain\nmode.\n\nKernels affected: 2.6.36 - 3.0.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "04fdc099f9c80c7775dbac388fc97e156d4d47e7", "tree": "886a4176abfe4a4c4e3ee7b62da520914bf666e0", "parents": [ "b0af8dfdd67699e25083478c63eedef2e72ebd85" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Tue Jun 28 15:06:38 2011 +0100" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Jun 29 02:02:03 2011 +0100" }, "message": "AppArmor: Fix reference to rcu protected pointer outside of rcu_read_lock\n\nThe pointer returned from tracehook_tracer_task() is only valid inside\nthe rcu_read_lock. However the tracer pointer obtained is being passed\nto aa_may_ptrace outside of the rcu_read_lock critical section.\n\nMover the aa_may_ptrace test into the rcu_read_lock critical section, to\nfix this.\n\nKernels affected: 2.6.36 - 3.0\n\nReported-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: stable@kernel.org\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "06d984737bac0545fe20bb5447ee488b95adb531", "tree": "b8d89d21a53c28a025dd42598bc3406e25db5ba8", "parents": [ "4b9d33e6d83cc05a8005a8f9a8b9677fa0f53626" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Fri Jun 17 16:50:40 2011 +0200" }, "committer": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Wed Jun 22 19:26:29 2011 +0200" }, "message": "ptrace: s/tracehook_tracer_task()/ptrace_parent()/\n\ntracehook.h is on the way out. Rename tracehook_tracer_task() to\nptrace_parent() and move it from tracehook.h to ptrace.h.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: John Johansen \u003cjohn.johansen@canonical.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\n" }, { "commit": "b7f080cfe223b3b7424872639d153695615a9255", "tree": "605390854789a6ba53e6813ffc69a948a0466530", "parents": [ "4003b65871c101eb5ce8f37a325feac54aa5c681" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Thu Jun 16 11:01:34 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Jun 21 19:17:20 2011 -0700" }, "message": "net: remove mm.h inclusion from netdevice.h\n\nRemove linux/mm.h inclusion from netdevice.h -- it\u0027s unused (I\u0027ve checked manually).\n\nTo prevent mm.h inclusion via other channels also extract \"enum dma_data_direction\"\ndefinition into separate header. This tiny piece is what gluing netdevice.h with mm.h\nvia \"netdevice.h \u003d\u003e dmaengine.h \u003d\u003e dma-mapping.h \u003d\u003e scatterlist.h \u003d\u003e mm.h\".\nRemoval of mm.h from scatterlist.h was tried and was found not feasible\non most archs, so the link was cutoff earlier.\n\nHope people are OK with tiny include file.\n\nNote, that mm_types.h is still dragged in, but it is a separate story.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1780f2d3839a0d3eb85ee014a708f9e2c8f8ba0e", "tree": "b114d618a6802623eeeceb5a07857f0a72da3112", "parents": [ "06e86849cf4019945a106913adb9ff0abcc01770" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Jun 08 15:07:47 2011 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 09 11:46:53 2011 +1000" }, "message": "AppArmor: Fix sleep in invalid context from task_setrlimit\n\nAffected kernels 2.6.36 - 3.0\n\nAppArmor may do a GFP_KERNEL memory allocation with task_lock(tsk-\u003egroup_leader);\nheld when called from security_task_setrlimit. This will only occur when the\ntask\u0027s current policy has been replaced, and the task\u0027s creds have not been\nupdated before entering the LSM security_task_setrlimit() hook.\n\nBUG: sleeping function called from invalid context at mm/slub.c:847\n in_atomic(): 1, irqs_disabled(): 0, pid: 1583, name: cupsd\n 2 locks held by cupsd/1583:\n #0: (tasklist_lock){.+.+.+}, at: [\u003cffffffff8104dafa\u003e] do_prlimit+0x61/0x189\n #1: (\u0026(\u0026p-\u003ealloc_lock)-\u003erlock){+.+.+.}, at: [\u003cffffffff8104db2d\u003e]\ndo_prlimit+0x94/0x189\n Pid: 1583, comm: cupsd Not tainted 3.0.0-rc2-git1 #7\n Call Trace:\n [\u003cffffffff8102ebf2\u003e] __might_sleep+0x10d/0x112\n [\u003cffffffff810e6f46\u003e] slab_pre_alloc_hook.isra.49+0x2d/0x33\n [\u003cffffffff810e7bc4\u003e] kmem_cache_alloc+0x22/0x132\n [\u003cffffffff8105b6e6\u003e] prepare_creds+0x35/0xe4\n [\u003cffffffff811c0675\u003e] aa_replace_current_profile+0x35/0xb2\n [\u003cffffffff811c4d2d\u003e] aa_current_profile+0x45/0x4c\n [\u003cffffffff811c4d4d\u003e] apparmor_task_setrlimit+0x19/0x3a\n [\u003cffffffff811beaa5\u003e] security_task_setrlimit+0x11/0x13\n [\u003cffffffff8104db6b\u003e] do_prlimit+0xd2/0x189\n [\u003cffffffff8104dea9\u003e] sys_setrlimit+0x3b/0x48\n [\u003cffffffff814062bb\u003e] system_call_fastpath+0x16/0x1b\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nReported-by: Miles Lane \u003cmiles.lane@gmail.com\u003e\nCc: stable@kernel.org\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a5b2c5b2ad5853591a6cac6134cd0f599a720865", "tree": "e49bdfe8a1bdcc1a15219d1d940a1776bb79446a", "parents": [ "e12ca23d41bd157354a5d1aadff30211a410c53a" ], "author": { "name": "Kees Cook", "email": "kees.cook@canonical.com", "time": "Tue May 31 11:31:41 2011 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 01 13:07:03 2011 +1000" }, "message": "AppArmor: fix oops in apparmor_setprocattr\n\nWhen invalid parameters are passed to apparmor_setprocattr a NULL deref\noops occurs when it tries to record an audit message. This is because\nit is passing NULL for the profile parameter for aa_audit. But aa_audit\nnow requires that the profile passed is not NULL.\n\nFix this by passing the current profile on the task that is trying to\nsetprocattr.\n\nSigned-off-by: Kees Cook \u003ckees@ubuntu.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nCc: stable@kernel.org\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d410fa4ef99112386de5f218dd7df7b4fca910b4", "tree": "e29fbc3f6d27b20d73d8feb4ed73f6767f2e18fe", "parents": [ "61c4f2c81c61f73549928dfd9f3e8f26aa36a8cf" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Thu May 19 15:59:38 2011 -0700" }, "committer": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Thu May 19 15:59:38 2011 -0700" }, "message": "Create Documentation/security/,\nmove LSM-, credentials-, and keys-related files from Documentation/\n to Documentation/security/,\nadd Documentation/security/00-INDEX, and\nupdate all occurrences of Documentation/\u003cmoved_file\u003e\n to Documentation/security/\u003cmoved_file\u003e.\n" }, { "commit": "25985edcedea6396277003854657b5f3cb31a628", "tree": "f026e810210a2ee7290caeb737c23cb6472b7c38", "parents": [ "6aba74f2791287ec407e0f92487a725a25908067" ], "author": { "name": "Lucas De Marchi", "email": "lucas.demarchi@profusion.mobi", "time": "Wed Mar 30 22:57:33 2011 -0300" }, "committer": { "name": "Lucas De Marchi", "email": "lucas.demarchi@profusion.mobi", "time": "Thu Mar 31 11:26:23 2011 -0300" }, "message": "Fix common misspellings\n\nFixes generated by \u0027codespell\u0027 and manually reviewed.\n\nSigned-off-by: Lucas De Marchi \u003clucas.demarchi@profusion.mobi\u003e\n" }, { "commit": "3486740a4f32a6a466f5ac931654d154790ba648", "tree": "ac5d968a66057fa84933b8f89fd3e916270dffed", "parents": [ "59607db367c57f515183cb203642291bb14d9c40" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Wed Mar 23 16:43:17 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:47:02 2011 -0700" }, "message": "userns: security: make capabilities relative to the user namespace\n\n- Introduce ns_capable to test for a capability in a non-default\n user namespace.\n- Teach cap_capable to handle capabilities in a non-default\n user namespace.\n\nThe motivation is to get to the unprivileged creation of new\nnamespaces. It looks like this gets us 90% of the way there, with\nonly potential uid confusion issues left.\n\nI still need to handle getting all caps after creation but otherwise I\nthink I have a good starter patch that achieves all of your goals.\n\nChangelog:\n\t11/05/2010: [serge] add apparmor\n\t12/14/2010: [serge] fix capabilities to created user namespaces\n\tWithout this, if user serge creates a user_ns, he won\u0027t have\n\tcapabilities to the user_ns he created. THis is because we\n\twere first checking whether his effective caps had the caps\n\the needed and returning -EPERM if not, and THEN checking whether\n\the was the creator. Reverse those checks.\n\t12/16/2010: [serge] security_real_capable needs ns argument in !security case\n\t01/11/2011: [serge] add task_ns_capable helper\n\t01/11/2011: [serge] add nsown_capable() helper per Bastian Blank suggestion\n\t02/16/2011: [serge] fix a logic bug: the root user is always creator of\n\t\t init_user_ns, but should not always have capabilities to\n\t\t it! Fix the check in cap_capable().\n\t02/21/2011: Add the required user_ns parameter to security_capable,\n\t\t fixing a compile failure.\n\t02/23/2011: Convert some macros to functions as per akpm comments. Some\n\t\t couldn\u0027t be converted because we can\u0027t easily forward-declare\n\t\t them (they are inline if !SECURITY, extern if SECURITY). Add\n\t\t a current_user_ns function so we can use it in capability.h\n\t\t without #including cred.h. Move all forward declarations\n\t\t together to the top of the #ifdef __KERNEL__ section, and use\n\t\t kernel-doc format.\n\t02/23/2011: Per dhowells, clean up comment in cap_capable().\n\t02/23/2011: Per akpm, remove unreachable \u0027return -EPERM\u0027 in cap_capable.\n\n(Original written and signed off by Eric; latest, modified version\nacked by him)\n\n[akpm@linux-foundation.org: fix build]\n[akpm@linux-foundation.org: export current_user_ns() for ecryptfs]\n[serge.hallyn@canonical.com: remove unneeded extra argument in selinux\u0027s task_has_capability]\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c151694b2c48d956ac8c8c59c6927f89cc29ef70", "tree": "6d24bfde33c2c5899ea33aef4b81d06d7ac36a2f", "parents": [ "fe3fa43039d47ee4e22caf460b79b62a14937f79", "1936113c820bc3bfac49c266ccf972f7f8552aae" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 09 14:12:07 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 09 14:12:07 2011 +1100" }, "message": "Merge branch \u0027security-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev into next\n" }, { "commit": "1936113c820bc3bfac49c266ccf972f7f8552aae", "tree": "6adabc28f9cb3c21160c9e7f227cff3c50a24e89", "parents": [ "0f8250265623e57971cbb57fc8d92e58dd883a19" ], "author": { "name": "Shan Wei", "email": "shanwei@cn.fujitsu.com", "time": "Fri Jan 21 10:13:13 2011 +0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Tue Mar 08 17:04:07 2011 -0800" }, "message": "AppArmor: kill unused macros in lsm.c\n\nRemove unused macros.\n\nSigned-off-by: Shan Wei \u003cshanwei@cn.fujitsu.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "0f8250265623e57971cbb57fc8d92e58dd883a19", "tree": "8acddd1019f2558ed5fd6b84431736b890197c47", "parents": [ "4fdef2183e6598cc977a9bb9321ef99a44125da3" ], "author": { "name": "Michal Hocko", "email": "mhocko@suse.cz", "time": "Fri Jan 07 15:03:02 2011 +0100" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Tue Mar 08 17:03:53 2011 -0800" }, "message": "AppArmor: cleanup generated files correctly\n\nclean-files should be defined as a variable not a target.\n\nSigned-off-by: Michal Hocko \u003cmhocko@suse.cz\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "4fdef2183e6598cc977a9bb9321ef99a44125da3", "tree": "380a0f9424d068dc267936fc188ec6abb85df909", "parents": [ "eae61f3c829439f8f9121b5cd48a14be04df451f" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Sat Mar 05 02:18:02 2011 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Sat Mar 05 02:46:26 2011 -0800" }, "message": "AppArmor: Cleanup make file to remove cruft and make it easier to read\n\nCleanups based on comments from Sam Ravnborg,\n\n* remove references to the currently unused af_names.h\n* add rlim_names.h to clean-files:\n* rework cmd_make-XXX to make them more readable by adding comments,\n reworking the expressions to put logical components on individual lines,\n and keep lines \u003c 80 characters.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Sam Ravnborg \u003csam@ravnborg.org\u003e\n" }, { "commit": "008d23e4852d78bb2618f2035f8b2110b6a6b968", "tree": "81c88f744f6f3fc84132527c1ddc0b4da410c5e2", "parents": [ "8f685fbda43deccd130d192c9fcef1444649eaca", "bfc672dcf323877228682aff79dff8ecd9f30ff8" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jan 13 10:05:56 2011 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jan 13 10:05:56 2011 -0800" }, "message": "Merge branch \u0027for-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\n* \u0027for-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (43 commits)\n Documentation/trace/events.txt: Remove obsolete sched_signal_send.\n writeback: fix global_dirty_limits comment runtime -\u003e real-time\n ppc: fix comment typo singal -\u003e signal\n drivers: fix comment typo diable -\u003e disable.\n m68k: fix comment typo diable -\u003e disable.\n wireless: comment typo fix diable -\u003e disable.\n media: comment typo fix diable -\u003e disable.\n remove doc for obsolete dynamic-printk kernel-parameter\n remove extraneous \u0027is\u0027 from Documentation/iostats.txt\n Fix spelling milisec -\u003e ms in snd_ps3 module parameter description\n Fix spelling mistakes in comments\n Revert conflicting V4L changes\n i7core_edac: fix typos in comments\n mm/rmap.c: fix comment\n sound, ca0106: Fix assignment to \u0027channel\u0027.\n hrtimer: fix a typo in comment\n init/Kconfig: fix typo\n anon_inodes: fix wrong function name in comment\n fix comment typos concerning \"consistent\"\n poll: fix a typo in comment\n ...\n\nFix up trivial conflicts in:\n - drivers/net/wireless/iwlwifi/iwl-core.c (moved to iwl-legacy.c)\n - fs/ext4/ext4.h\n\nAlso fix missed \u0027diabled\u0027 typo in drivers/net/bnx2x/bnx2x.h while at it.\n" }, { "commit": "57cc7215b70856dc6bae8e55b00ecd7b1d7429b1", "tree": "f6dedefd41e6745a9b801166b99af7d830e41ef2", "parents": [ "37721e1b0cf98cb65895f234d8c500d270546529" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Mon Jan 10 08:18:25 2011 +0200" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 10 08:51:44 2011 -0800" }, "message": "headers: kobject.h redux\n\nRemove kobject.h from files which don\u0027t need it, notably,\nsched.h and fs.h.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "37721e1b0cf98cb65895f234d8c500d270546529", "tree": "6fb3ec6910513b18e100b17432864fa8c46d55e4", "parents": [ "9f99a2f0e44663517b99b69a3e4a499d0ba877df" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Mon Jan 10 08:17:10 2011 +0200" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 10 08:51:44 2011 -0800" }, "message": "headers: path.h redux\n\nRemove path.h from sched.h and other files.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4b7bd364700d9ac8372eff48832062b936d0793b", "tree": "0dbf78c95456a0b02d07fcd473281f04a87e266d", "parents": [ "c0d8768af260e2cbb4bf659ae6094a262c86b085", "90a8a73c06cc32b609a880d48449d7083327e11a" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Dec 22 18:57:02 2010 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Dec 22 18:57:02 2010 +0100" }, "message": "Merge branch \u0027master\u0027 into for-next\n\nConflicts:\n\tMAINTAINERS\n\tarch/arm/mach-omap2/pm24xx.c\n\tdrivers/scsi/bfa/bfa_fcpim.c\n\nNeeded to update to apply fixes for which the old branch was too\noutdated.\n" }, { "commit": "a26d279ea87e9fef2cf8a44b371e48e6091975a6", "tree": "fe1a1a007c0fc1419e8f8e3e845ad18a377569bc", "parents": [ "246c3fb16b08193837a8009ff15ef6908534ba71" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Wed Nov 10 16:05:15 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Nov 11 07:36:22 2010 +1100" }, "message": "APPARMOR: Fix memory leak of apparmor_init()\n\nset_init_cxt() allocted sizeof(struct aa_task_cxt) bytes for cxt,\nif register_security() failed, it will cause memory leak.\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "246c3fb16b08193837a8009ff15ef6908534ba71", "tree": "47c8fb1d63c3f0cfd7c3e1507e6c1e16a6837264", "parents": [ "f6614b7bb405a9b35dd28baea989a749492c46b2" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Wed Nov 10 11:31:55 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Nov 11 07:36:18 2010 +1100" }, "message": "APPARMOR: Fix memory leak of alloc_namespace()\n\npolicy-\u003ename is a substring of policy-\u003ehname, if prefix is not NULL, it will\nallocted strlen(prefix) + strlen(name) + 3 bytes to policy-\u003ehname in policy_init().\nuse kzfree(ns-\u003ebase.name) will casue memory leak if alloc_namespace() failed.\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b595076a180a56d1bb170e6eceda6eb9d76f4cd3", "tree": "bc01ec7283808013e0b8ce7713fd6fc40f810429", "parents": [ "6aaccece1c483f189f76f1282b3984ff4c7ecb0a" ], "author": { "name": "Uwe Kleine-König", "email": "u.kleine-koenig@pengutronix.de", "time": "Mon Nov 01 15:38:34 2010 -0400" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Nov 01 15:38:34 2010 -0400" }, "message": "tree-wide: fix comment/printk typos\n\n\"gadget\", \"through\", \"command\", \"maintain\", \"maintain\", \"controller\", \"address\",\n\"between\", \"initiali[zs]e\", \"instead\", \"function\", \"select\", \"already\",\n\"equal\", \"access\", \"management\", \"hierarchy\", \"registration\", \"interest\",\n\"relative\", \"memory\", \"offset\", \"already\",\n\nSigned-off-by: Uwe Kleine-König \u003cu.kleine-koenig@pengutronix.de\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "be148247cfbe2422f5709e77d9c3e10b8a6394da", "tree": "f04605bb5ea21cefd455b6fd81c51d8bb02c1521", "parents": [ "85fe4025c616a7c0ed07bc2fc8c5371b07f3888c" ], "author": { "name": "Christoph Hellwig", "email": "hch@infradead.org", "time": "Sun Oct 10 05:36:21 2010 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Oct 25 21:26:12 2010 -0400" }, "message": "fs: take dcache_lock inside __d_path\n\nAll callers take dcache_lock just around the call to __d_path, so\ntake the lock into it in preparation of getting rid of dcache_lock.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "092e0e7e520a1fca03e13c9f2d157432a8657ff2", "tree": "451897252c4c08c4b5a8ef535da156f1e817e80b", "parents": [ "79f14b7c56d3b3ba58f8b43d1f70b9b71477a800", "776c163b1b93c8dfa5edba885bc2bfbc2d228a5f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Oct 22 10:52:56 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Oct 22 10:52:56 2010 -0700" }, "message": "Merge branch \u0027llseek\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl\n\n* \u0027llseek\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl:\n vfs: make no_llseek the default\n vfs: don\u0027t use BKL in default_llseek\n llseek: automatically add .llseek fop\n libfs: use generic_file_llseek for simple_attr\n mac80211: disallow seeks in minstrel debug code\n lirc: make chardev nonseekable\n viotape: use noop_llseek\n raw: use explicit llseek file operations\n ibmasmfs: use generic_file_llseek\n spufs: use llseek in all file operations\n arm/omap: use generic_file_llseek in iommu_debug\n lkdtm: use generic_file_llseek in debugfs\n net/wireless: use generic_file_llseek in debugfs\n drm: use noop_llseek\n" }, { "commit": "3ed02ada2a5e695e2fbb5e4a0008cfcb0f50feaa", "tree": "8b01e83cfa6b18fe8b83b342733931d5f98bc1b2", "parents": [ "9f1c1d426b0402b25cd0d7ca719ffc8e20e46d5f" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Sat Oct 09 00:47:53 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:46 2010 +1100" }, "message": "AppArmor: Ensure the size of the copy is \u003c the buffer allocated to hold it\n\nActually I think in this case the appropriate thing to do is to BUG as there\nis currently a case (remove) where the alloc_size needs to be larger than\nthe copy_size, and if copy_size is ever greater than alloc_size there is\na mistake in the caller code.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees.cook@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4b04a7cfc5ccb573ca3752429c81d37f8dd2f7c6", "tree": "d765918750208f7a99c714eddd398f4005051b6a", "parents": [ "065d78a0603cc6f8d288e96dbf761b96984b634f" ], "author": { "name": "Yong Zhang", "email": "yong.zhang@windriver.com", "time": "Sat Aug 28 10:25:09 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:35 2010 +1100" }, "message": ".gitignore: ignore apparmor/rlim_names.h\n\nSigned-off-by: Yong Zhang \u003cyong.zhang0@gmail.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6038f373a3dc1f1c26496e60b6c40b164716f07e", "tree": "a0d3bbd026eea41b9fc36b8c722cbaf56cd9f825", "parents": [ "1ec5584e3edf9c4bf2c88c846534d19cf986ba11" ], "author": { "name": "Arnd Bergmann", "email": "arnd@arndb.de", "time": "Sun Aug 15 18:52:59 2010 +0200" }, "committer": { "name": "Arnd Bergmann", "email": "arnd@arndb.de", "time": "Fri Oct 15 15:53:27 2010 +0200" }, "message": "llseek: automatically add .llseek fop\n\nAll file_operations should get a .llseek operation so we can make\nnonseekable_open the default for future file operations without a\n.llseek pointer.\n\nThe three cases that we can automatically detect are no_llseek, seq_lseek\nand default_llseek. For cases where we can we can automatically prove that\nthe file offset is always ignored, we use noop_llseek, which maintains\nthe current behavior of not returning an error from a seek.\n\nNew drivers should normally not use noop_llseek but instead use no_llseek\nand call nonseekable_open at open time. Existing drivers can be converted\nto do the same when the maintainer knows for certain that no user code\nrelies on calling seek on the device file.\n\nThe generated code is often incorrectly indented and right now contains\ncomments that clarify for each added line why a specific variant was\nchosen. In the version that gets submitted upstream, the comments will\nbe gone and I will manually fix the indentation, because there does not\nseem to be a way to do that using coccinelle.\n\nSome amount of new code is currently sitting in linux-next that should get\nthe same modifications, which I will do at the end of the merge window.\n\nMany thanks to Julia Lawall for helping me learn to write a semantic\npatch that does all this.\n\n\u003d\u003d\u003d\u003d\u003d begin semantic patch \u003d\u003d\u003d\u003d\u003d\n// This adds an llseek\u003d method to all file operations,\n// as a preparation for making no_llseek the default.\n//\n// The rules are\n// - use no_llseek explicitly if we do nonseekable_open\n// - use seq_lseek for sequential files\n// - use default_llseek if we know we access f_pos\n// - use noop_llseek if we know we don\u0027t access f_pos,\n// but we still want to allow users to call lseek\n//\n@ open1 exists @\nidentifier nested_open;\n@@\nnested_open(...)\n{\n\u003c+...\nnonseekable_open(...)\n...+\u003e\n}\n\n@ open exists@\nidentifier open_f;\nidentifier i, f;\nidentifier open1.nested_open;\n@@\nint open_f(struct inode *i, struct file *f)\n{\n\u003c+...\n(\nnonseekable_open(...)\n|\nnested_open(...)\n)\n...+\u003e\n}\n\n@ read disable optional_qualifier exists @\nidentifier read_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\nexpression E;\nidentifier func;\n@@\nssize_t read_f(struct file *f, char *p, size_t s, loff_t *off)\n{\n\u003c+...\n(\n *off \u003d E\n|\n *off +\u003d E\n|\n func(..., off, ...)\n|\n E \u003d *off\n)\n...+\u003e\n}\n\n@ read_no_fpos disable optional_qualifier exists @\nidentifier read_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\n@@\nssize_t read_f(struct file *f, char *p, size_t s, loff_t *off)\n{\n... when !\u003d off\n}\n\n@ write @\nidentifier write_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\nexpression E;\nidentifier func;\n@@\nssize_t write_f(struct file *f, const char *p, size_t s, loff_t *off)\n{\n\u003c+...\n(\n *off \u003d E\n|\n *off +\u003d E\n|\n func(..., off, ...)\n|\n E \u003d *off\n)\n...+\u003e\n}\n\n@ write_no_fpos @\nidentifier write_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\n@@\nssize_t write_f(struct file *f, const char *p, size_t s, loff_t *off)\n{\n... when !\u003d off\n}\n\n@ fops0 @\nidentifier fops;\n@@\nstruct file_operations fops \u003d {\n ...\n};\n\n@ has_llseek depends on fops0 @\nidentifier fops0.fops;\nidentifier llseek_f;\n@@\nstruct file_operations fops \u003d {\n...\n .llseek \u003d llseek_f,\n...\n};\n\n@ has_read depends on fops0 @\nidentifier fops0.fops;\nidentifier read_f;\n@@\nstruct file_operations fops \u003d {\n...\n .read \u003d read_f,\n...\n};\n\n@ has_write depends on fops0 @\nidentifier fops0.fops;\nidentifier write_f;\n@@\nstruct file_operations fops \u003d {\n...\n .write \u003d write_f,\n...\n};\n\n@ has_open depends on fops0 @\nidentifier fops0.fops;\nidentifier open_f;\n@@\nstruct file_operations fops \u003d {\n...\n .open \u003d open_f,\n...\n};\n\n// use no_llseek if we call nonseekable_open\n////////////////////////////////////////////\n@ nonseekable1 depends on !has_llseek \u0026\u0026 has_open @\nidentifier fops0.fops;\nidentifier nso ~\u003d \"nonseekable_open\";\n@@\nstruct file_operations fops \u003d {\n... .open \u003d nso, ...\n+.llseek \u003d no_llseek, /* nonseekable */\n};\n\n@ nonseekable2 depends on !has_llseek @\nidentifier fops0.fops;\nidentifier open.open_f;\n@@\nstruct file_operations fops \u003d {\n... .open \u003d open_f, ...\n+.llseek \u003d no_llseek, /* open uses nonseekable */\n};\n\n// use seq_lseek for sequential files\n/////////////////////////////////////\n@ seq depends on !has_llseek @\nidentifier fops0.fops;\nidentifier sr ~\u003d \"seq_read\";\n@@\nstruct file_operations fops \u003d {\n... .read \u003d sr, ...\n+.llseek \u003d seq_lseek, /* we have seq_read */\n};\n\n// use default_llseek if there is a readdir\n///////////////////////////////////////////\n@ fops1 depends on !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier readdir_e;\n@@\n// any other fop is used that changes pos\nstruct file_operations fops \u003d {\n... .readdir \u003d readdir_e, ...\n+.llseek \u003d default_llseek, /* readdir is present */\n};\n\n// use default_llseek if at least one of read/write touches f_pos\n/////////////////////////////////////////////////////////////////\n@ fops2 depends on !fops1 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier read.read_f;\n@@\n// read fops use offset\nstruct file_operations fops \u003d {\n... .read \u003d read_f, ...\n+.llseek \u003d default_llseek, /* read accesses f_pos */\n};\n\n@ fops3 depends on !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier write.write_f;\n@@\n// write fops use offset\nstruct file_operations fops \u003d {\n... .write \u003d write_f, ...\n+\t.llseek \u003d default_llseek, /* write accesses f_pos */\n};\n\n// Use noop_llseek if neither read nor write accesses f_pos\n///////////////////////////////////////////////////////////\n\n@ fops4 depends on !fops1 \u0026\u0026 !fops2 \u0026\u0026 !fops3 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier read_no_fpos.read_f;\nidentifier write_no_fpos.write_f;\n@@\n// write fops use offset\nstruct file_operations fops \u003d {\n...\n .write \u003d write_f,\n .read \u003d read_f,\n...\n+.llseek \u003d noop_llseek, /* read and write both use no f_pos */\n};\n\n@ depends on has_write \u0026\u0026 !has_read \u0026\u0026 !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier write_no_fpos.write_f;\n@@\nstruct file_operations fops \u003d {\n... .write \u003d write_f, ...\n+.llseek \u003d noop_llseek, /* write uses no f_pos */\n};\n\n@ depends on has_read \u0026\u0026 !has_write \u0026\u0026 !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier read_no_fpos.read_f;\n@@\nstruct file_operations fops \u003d {\n... .read \u003d read_f, ...\n+.llseek \u003d noop_llseek, /* read uses no f_pos */\n};\n\n@ depends on !has_read \u0026\u0026 !has_write \u0026\u0026 !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\n@@\nstruct file_operations fops \u003d {\n...\n+.llseek \u003d noop_llseek, /* no read or write fn */\n};\n\u003d\u003d\u003d\u003d\u003d End semantic patch \u003d\u003d\u003d\u003d\u003d\n\nSigned-off-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nCc: Julia Lawall \u003cjulia@diku.dk\u003e\nCc: Christoph Hellwig \u003chch@infradead.org\u003e\n" }, { "commit": "999b4f0aa2314b76857775334cb94bafa053db64", "tree": "0b2b9e6d54415d0d6f6ff59526c68108c09d1fd7", "parents": [ "04ccd53f09741c4bc54ab36db000bc1383e4812e" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri Aug 27 18:33:29 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 08 09:19:34 2010 +1000" }, "message": "AppArmor: Fix locking from removal of profile namespace\n\nThe locking for profile namespace removal is wrong, when removing a\nprofile namespace, it needs to be removed from its parent\u0027s list.\nLock the parent of namespace list instead of the namespace being removed.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "04ccd53f09741c4bc54ab36db000bc1383e4812e", "tree": "d8c6e27094cb3b042e852f01c09a3d21979150d2", "parents": [ "3a2dc8382a3e85a51ed9c6f57ea80665ea7a0c95" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri Aug 27 18:33:28 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 08 09:19:31 2010 +1000" }, "message": "AppArmor: Fix splitting an fqname into separate namespace and profile names\n\nAs per Dan Carpenter \u003cerror27@gmail.com\u003e\n If we have a ns name without a following profile then in the original\n code it did \"*ns_name \u003d \u0026name[1];\". \"name\" is NULL so \"*ns_name\" is\n 0x1. That isn\u0027t useful and could cause an oops when this function is\n called from aa_remove_profiles().\n\nBeyond this the assignment of the namespace name was wrong in the case\nwhere the profile name was provided as it was being set to \u0026name[1]\nafter name \u003d skip_spaces(split + 1);\n\nMove the ns_name assignment before updating name for the split and\nalso add skip_spaces, making the interface more robust.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3a2dc8382a3e85a51ed9c6f57ea80665ea7a0c95", "tree": "05b289dc97bf08459911d0b5500896ed80af25c7", "parents": [ "e819ff519b2d74373eca4a9a2b417ebf4c1e1b29" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Sep 06 10:10:20 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 08 09:19:29 2010 +1000" }, "message": "AppArmor: Fix security_task_setrlimit logic for 2.6.36 changes\n\n2.6.36 introduced the abilitiy to specify the task that is having its\nrlimits set. Update mediation to ensure that confined tasks can only\nset their own group_leader as expected by current policy.\n\nAdd TODO note about extending policy to support setting other tasks\nrlimits.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e819ff519b2d74373eca4a9a2b417ebf4c1e1b29", "tree": "fe05eafda3b89816d9929f69e24433bf7879ad70", "parents": [ "98e52c373cdc1239a9ec6a2763f519cc1d99dcbc" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri Aug 27 18:33:26 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 08 09:19:24 2010 +1000" }, "message": "AppArmor: Drop hack to remove appended \" (deleted)\" string\n\nThe 2.6.36 kernel has refactored __d_path() so that it no longer appends\n\" (deleted)\" to unlinked paths. So drop the hack that was used to detect\nand remove the appended string.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "145c3ae46b37993b0debb0b3da6256daea4a6ec5", "tree": "0dbff382ce36b23b3d2dbff87d3eaab73a07a2a4", "parents": [ "81ca03a0e2ea0207b2df80e0edcf4c775c07a505", "99b7db7b8ffd6bb755eb0a175596421a0b581cb2" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 18 09:35:08 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 18 09:35:08 2010 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:\n fs: brlock vfsmount_lock\n fs: scale files_lock\n lglock: introduce special lglock and brlock spin locks\n tty: fix fu_list abuse\n fs: cleanup files_lock locking\n fs: remove extra lookup in __lookup_hash\n fs: fs_struct rwlock to spinlock\n apparmor: use task path helpers\n fs: dentry allocation consolidation\n fs: fix do_lookup false negative\n mbcache: Limit the maximum number of cache entries\n hostfs -\u003efollow_link() braino\n hostfs: dumb (and usually harmless) tpyo - strncpy instead of strlcpy\n remove SWRITE* I/O types\n kill BH_Ordered flag\n vfs: update ctime when changing the file\u0027s permission by setfacl\n cramfs: only unlock new inodes\n fix reiserfs_evict_inode end_writeback second call\n" }, { "commit": "44672e4fbd40e2dda8bbce7d0f71d24dbfc7e00e", "tree": "7d6251adb6eac69a0d0ba97e64dbf2c41c67928e", "parents": [ "baa0389073eb7beb9d36f6d13df97e16c1bfa626" ], "author": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Wed Aug 18 04:37:32 2010 +1000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Aug 18 08:35:46 2010 -0400" }, "message": "apparmor: use task path helpers\n\napparmor: use task path helpers\n\nSigned-off-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7cb4dc9fc95f89587f57f287b47e091d7806255e", "tree": "41f68ee728c0ab1b894e425933a166e990e1eb41", "parents": [ "da5cabf80e2433131bf0ed8993abc0f7ea618c73" ], "author": { "name": "Jiri Slaby", "email": "jslaby@suse.cz", "time": "Wed Aug 11 11:28:02 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 17 08:06:09 2010 +1000" }, "message": "AppArmor: fix task_setrlimit prototype\n\nAfter rlimits tree was merged we get the following errors:\nsecurity/apparmor/lsm.c:663:2: warning: initialization from incompatible pointer type\n\nIt is because AppArmor was merged in the meantime, but uses the old\nprototype. So fix it by adding struct task_struct as a first parameter\nof apparmor_task_setrlimit.\n\nNOTE that this is ONLY a compilation warning fix (and crashes caused\nby that). It needs proper handling in AppArmor depending on who is the\n\u0027task\u0027.\n\nSigned-off-by: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "101d6c826fa03266f8538ea4f6a459190e6863e8", "tree": "56254b27ac0352339777dcb9e654a4456ac3e244", "parents": [ "9bbb9e5a33109b2832e2e63dcc7a132924ab374b" ], "author": { "name": "Stephen Rothwell", "email": "sfr@canb.auug.org.au", "time": "Mon Aug 02 12:00:43 2010 +1000" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Wed Aug 11 23:04:14 2010 +0930" }, "message": "AppArmor: update for module_param_named API change\n\nFixes these build errors:\nsecurity/apparmor/lsm.c:701: error: \u0027param_ops_aabool\u0027 undeclared here (not in a function)\nsecurity/apparmor/lsm.c:721: error: \u0027param_ops_aalockpolicy\u0027 undeclared here (not in a function)\nsecurity/apparmor/lsm.c:729: error: \u0027param_ops_aauint\u0027 undeclared here (not in a function)\n\nSigned-off-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "06c22dadc6d3f9b65e55407a87faaf6a4a014112", "tree": "e310b20a17014b491d86818fd58878839a48dffc", "parents": [ "3cfc2c42c1cbc8e238bb9c0612c0df4565e3a8b4" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Mon Aug 02 10:52:18 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 05 07:36:51 2010 -0400" }, "message": "apparmor: depends on NET\n\nSECURITY_APPARMOR should depend on NET since AUDIT needs\n(depends on) NET.\n\nFixes 70-80 errors that occur when CONFIG_NET is not enabled,\nbut APPARMOR selects AUDIT without qualification. E.g.:\n\naudit.c:(.text+0x33361): undefined reference to `netlink_unicast\u0027\n(.text+0x333df): undefined reference to `netlink_unicast\u0027\naudit.c:(.text+0x3341d): undefined reference to `skb_queue_tail\u0027\naudit.c:(.text+0x33424): undefined reference to `kfree_skb\u0027\naudit.c:(.text+0x334cb): undefined reference to `kfree_skb\u0027\naudit.c:(.text+0x33597): undefined reference to `skb_put\u0027\naudit.c:(.text+0x3369b): undefined reference to `__alloc_skb\u0027\naudit.c:(.text+0x336d7): undefined reference to `kfree_skb\u0027\n(.text+0x3374c): undefined reference to `__alloc_skb\u0027\nauditfilter.c:(.text+0x35305): undefined reference to `skb_queue_tail\u0027\nlsm_audit.c:(.text+0x2873): undefined reference to `init_net\u0027\nlsm_audit.c:(.text+0x2878): undefined reference to `dev_get_by_index\u0027\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "77c80e6b2fd049848bfd1bdab67899ad3ac407a7", "tree": "672ccbe5316698e0ef4dae46ba0029fb234989bf", "parents": [ "6371dcd36f649d9d07823f31400618155a20dde1" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:49:00 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:49:00 2010 +1000" }, "message": "AppArmor: fix build warnings for non-const use of get_task_cred\n\nFix build warnings for non-const use of get_task_cred.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "016d825fe02cd20fd8803ca37a1e6d428fe878f6", "tree": "b36bafad46e09a1a62f3521536a703c58540f675", "parents": [ "484ca79c653121d3c79fffb86e1deea724f2e20b" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri Jul 30 13:46:33 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:39 2010 +1000" }, "message": "AppArmor: Enable configuring and building of the AppArmor security module\n\nKconfig and Makefiles to enable configuration and building of AppArmor.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4d6ec10bb4461fdc9a9ab94ef32934e13564e873", "tree": "b252da668c7485b864dd012b33f58d7c108d99a1", "parents": [ "c88d4c7b049e87998ac0a9f455aa545cc895ef92" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jul 30 09:02:04 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:37 2010 +1000" }, "message": "AppArmor: update path_truncate method to latest version\n\nRemove extraneous path_truncate arguments from the AppArmor hook,\nas they\u0027ve been removed from the LSM API.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c88d4c7b049e87998ac0a9f455aa545cc895ef92", "tree": "1859582b4afec1116b6831ea89ae27c35209991a", "parents": [ "736ec752d95e91e77cc0e8c97c057ab076ac2f51" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:00 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:37 2010 +1000" }, "message": "AppArmor: core policy routines\n\nThe basic routines and defines for AppArmor policy. AppArmor policy\nis defined by a few basic components.\n profiles - the basic unit of confinement contain all the information\n to enforce policy on a task\n\n Profiles tend to be named after an executable that they\n will attach to but this is not required.\n namespaces - a container for a set of profiles that will be used\n during attachment and transitions between profiles.\n sids - which provide a unique id for each profile\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "736ec752d95e91e77cc0e8c97c057ab076ac2f51", "tree": "128d330ecff67c5d83862062825b7975c92fee96", "parents": [ "0ed3b28ab8bf460a3a026f3f1782bf4c53840184" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:02 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:36 2010 +1000" }, "message": "AppArmor: policy routines for loading and unpacking policy\n\nAppArmor policy is loaded in a platform independent flattened binary\nstream. Verify and unpack the data converting it to the internal\nformat needed for enforcement.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0ed3b28ab8bf460a3a026f3f1782bf4c53840184", "tree": "9da3a2c6d9f55d3166726fe7c51671a6029c1269", "parents": [ "b5e95b48685e3481139a5634d14d630d12c7d5ce" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:05 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:35 2010 +1000" }, "message": "AppArmor: mediation of non file objects\n\nipc:\nAppArmor ipc is currently limited to mediation done by file mediation\nand basic ptrace tests. Improved mediation is a wip.\n\nrlimits:\nAppArmor provides basic abilities to set and control rlimits at\na per profile level. Only resources specified in a profile are controled\nor set. AppArmor rules set the hard limit to a value \u003c\u003d to the current\nhard limit (ie. they can not currently raise hard limits), and if\nnecessary will lower the soft limit to the new hard limit value.\n\nAppArmor does not track resource limits to reset them when a profile\nis left so that children processes inherit the limits set by the\nparent even if they are not confined by the same profile.\n\nCapabilities: AppArmor provides a per profile mask of capabilities,\nthat will further restrict.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b5e95b48685e3481139a5634d14d630d12c7d5ce", "tree": "1468141db6ff1a291bde0b6a960c2af7e520b52b", "parents": [ "f9ad1af53d5232a89a1ff1827102843999975dfa" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:07 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:35 2010 +1000" }, "message": "AppArmor: LSM interface, and security module initialization\n\nAppArmor hooks to interface with the LSM, module parameters and module\ninitialization.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "898127c34ec03291c86f4ff3856d79e9e18952bc", "tree": "c8845bd204b1c4b120f1be1cceea4ff96f749e53", "parents": [ "6380bd8ddf613b29f478396308b591867d401de4" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:06 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:14 2010 +1000" }, "message": "AppArmor: functions for domain transitions\n\nAppArmor routines for controling domain transitions, which can occur at\nexec or through self directed change_profile/change_hat calls.\n\nUnconfined tasks are checked at exec against the profiles in the confining\nprofile namespace to determine if a profile should be attached to the task.\n\nConfined tasks execs are controlled by the profile which provides rules\ndetermining which execs are allowed and if so which profiles should be\ntransitioned to.\n\nSelf directed domain transitions allow a task to request transition\nto a given profile. If the transition is allowed then the profile will\nbe applied, either immeditately or at exec time depending on the request.\nImmeditate self directed transitions have several security limitations\nbut have uses in setting up stub transition profiles and other limited\ncases.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6380bd8ddf613b29f478396308b591867d401de4", "tree": "6d8fc9356a652f8452ccf49e7f79cc700cc2768d", "parents": [ "63e2b423771ab0bc7ad4d407f3f6517c6d05cdc0" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:04 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:14 2010 +1000" }, "message": "AppArmor: file enforcement routines\n\nAppArmor does files enforcement via pathname matching. Matching is done\nat file open using a dfa match engine. Permission is against the final\nfile object not parent directories, ie. the traversal of directories\nas part of the file match is implicitly allowed. In the case of nonexistant\nfiles (creation) permissions are checked against the target file not the\ndirectory. eg. In case of creating the file /dir/new, permissions are\nchecked against the match /dir/new not against /dir/.\n\nThe permissions for matches are currently stored in the dfa accept table,\nbut this will change to allow for dfa reuse and also to allow for sharing\nof wider accept states.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "63e2b423771ab0bc7ad4d407f3f6517c6d05cdc0", "tree": "e50efc9593c7558d3700ec55869f9ddbac283a1d", "parents": [ "e06f75a6a2b43bd3a7a197bd21466f9da130e4af" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:03 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:13 2010 +1000" }, "message": "AppArmor: userspace interfaces\n\nThe /proc/\u003cpid\u003e/attr/* interface is used for process introspection and\ncommands. While the apparmorfs interface is used for global introspection\nand loading and removing policy.\n\nThe interface currently only contains the files necessary for loading\npolicy, and will be extended in the future to include sysfs style\nsingle per file introspection inteface.\n\nThe old AppArmor 2.4 interface files have been removed into a compatibility\npatch, that distros can use to maintain backwards compatibility.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e06f75a6a2b43bd3a7a197bd21466f9da130e4af", "tree": "bf5aabceae66c62e317a0403b05ffb320aef54d2", "parents": [ "c75afcd153f6147d3b094f45a1d87e5df7f4f053" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:01 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:13 2010 +1000" }, "message": "AppArmor: dfa match engine\n\nA basic dfa matching engine based off the dfa engine in the Dragon\nBook. It uses simple row comb compression with a check field.\n\nThis allows AppArmor to do pattern matching in linear time, and also\navoids stack issues that an nfa based engine may have. The dfa\nengine uses a byte based comparison, with all values being valid.\nAny potential character encoding are handled user side when the dfa\ntables are created. By convention AppArmor uses \\0 to separate two\ndependent path matches since \\0 is not a valid path character\n(this is done in the link permission check).\n\nThe dfa tables are generated in user space and are verified at load\ntime to be internally consistent.\n\nThere are several future improvements planned for the dfa engine:\n* The dfa engine may be converted to a hybrid nfa-dfa engine, with\n a fixed size limited stack. This would allow for size time\n tradeoffs, by inserting limited nfa states to help control\n state explosion that can occur with dfas.\n* The dfa engine may pickup the ability to do limited dynamic\n variable matching, instead of fixing all variables at policy\n load time.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c75afcd153f6147d3b094f45a1d87e5df7f4f053", "tree": "4d072c7b76a1e198427716f66a46712e508d4597", "parents": [ "67012e8209df95a8290d135753ff5145431a666e" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:47:59 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:12 2010 +1000" }, "message": "AppArmor: contexts used in attaching policy to system objects\n\nAppArmor contexts attach profiles and state to tasks, files, etc. when\na direct profile reference is not sufficient.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "67012e8209df95a8290d135753ff5145431a666e", "tree": "fc95b2c33d2e2d206500d7ec7e78dd855d4b3d2c", "parents": [ "cdff264264254e0fabc8107a33f3bb75a95e981f" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:47:58 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:11 2010 +1000" }, "message": "AppArmor: basic auditing infrastructure.\n\nUpdate lsm_audit for AppArmor specific data, and add the core routines for\nAppArmor uses for auditing.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cdff264264254e0fabc8107a33f3bb75a95e981f", "tree": "a20956e2a7a38e195071ded57fca02e1d1b1314c", "parents": [ "e6f6a4cc955d626ed26562d98de5766bf1f73526" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:47:57 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:11 2010 +1000" }, "message": "AppArmor: misc. base functions and defines\n\nMiscellaneous functions and defines needed by AppArmor, including\nthe base path resolution routines.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ] }