)]}' { "log": [ { "commit": "25985edcedea6396277003854657b5f3cb31a628", "tree": "f026e810210a2ee7290caeb737c23cb6472b7c38", "parents": [ "6aba74f2791287ec407e0f92487a725a25908067" ], "author": { "name": "Lucas De Marchi", "email": "lucas.demarchi@profusion.mobi", "time": "Wed Mar 30 22:57:33 2011 -0300" }, "committer": { "name": "Lucas De Marchi", "email": "lucas.demarchi@profusion.mobi", "time": "Thu Mar 31 11:26:23 2011 -0300" }, "message": "Fix common misspellings\n\nFixes generated by \u0027codespell\u0027 and manually reviewed.\n\nSigned-off-by: Lucas De Marchi \u003clucas.demarchi@profusion.mobi\u003e\n" }, { "commit": "85cd6da53a8073d3f4503f56e4ea6cddccbb1c7f", "tree": "9c71a1426c09767e7470fea2c244c9ebd3ec4d8c", "parents": [ "036a98263a30930a329e7bb184d5e77f27358e40" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Mar 25 10:13:43 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 29 10:26:30 2011 +1100" }, "message": "selinux: Fix regression for Xorg\n\nCommit 6f5317e730505d5cbc851c435a2dfe3d5a21d343 introduced a bug in the\nhandling of userspace object classes that is causing breakage for Xorg\nwhen XSELinux is enabled. Fix the bug by changing map_class() to return\nSECCLASS_NULL when the class cannot be mapped to a kernel object class.\n\nReported-by: \"Justin P. Mattock\" \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2e1496707560ecf98e9b0604622c0990f94861d3", "tree": "d1473b70fad31a903fedc87221680678a6c6c5f6", "parents": [ "e795b71799ff0b27365020c9ddaa25d0d83f99c8" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Wed Mar 23 16:43:26 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:47:13 2011 -0700" }, "message": "userns: rename is_owner_or_cap to inode_owner_or_capable\n\nAnd give it a kernel-doc comment.\n\n[akpm@linux-foundation.org: btrfs changed in linux-next]\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8409cca7056113bee3236cb6a8e4d8d4d1eef102", "tree": "d9f1ced0d47070fcdf8b399021f33770c150b1ec", "parents": [ "39fd33933b0209e4b6254743f2cede07c5ad4c52" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Wed Mar 23 16:43:20 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:47:05 2011 -0700" }, "message": "userns: allow ptrace from non-init user namespaces\n\nptrace is allowed to tasks in the same user namespace according to the\nusual rules (i.e. the same rules as for two tasks in the init user\nnamespace). ptrace is also allowed to a user namespace to which the\ncurrent task the has CAP_SYS_PTRACE capability.\n\nChangelog:\n\tDec 31: Address feedback by Eric:\n\t\t. Correct ptrace uid check\n\t\t. Rename may_ptrace_ns to ptrace_capable\n\t\t. Also fix the cap_ptrace checks.\n\tJan 1: Use const cred struct\n\tJan 11: use task_ns_capable() in place of ptrace_capable().\n\tFeb 23: same_or_ancestore_user_ns() was not an appropriate\n\t\tcheck to constrain cap_issubset. Rather, cap_issubset()\n\t\tonly is meaningful when both capsets are in the same\n\t\tuser_ns.\n\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3486740a4f32a6a466f5ac931654d154790ba648", "tree": "ac5d968a66057fa84933b8f89fd3e916270dffed", "parents": [ "59607db367c57f515183cb203642291bb14d9c40" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Wed Mar 23 16:43:17 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:47:02 2011 -0700" }, "message": "userns: security: make capabilities relative to the user namespace\n\n- Introduce ns_capable to test for a capability in a non-default\n user namespace.\n- Teach cap_capable to handle capabilities in a non-default\n user namespace.\n\nThe motivation is to get to the unprivileged creation of new\nnamespaces. It looks like this gets us 90% of the way there, with\nonly potential uid confusion issues left.\n\nI still need to handle getting all caps after creation but otherwise I\nthink I have a good starter patch that achieves all of your goals.\n\nChangelog:\n\t11/05/2010: [serge] add apparmor\n\t12/14/2010: [serge] fix capabilities to created user namespaces\n\tWithout this, if user serge creates a user_ns, he won\u0027t have\n\tcapabilities to the user_ns he created. THis is because we\n\twere first checking whether his effective caps had the caps\n\the needed and returning -EPERM if not, and THEN checking whether\n\the was the creator. Reverse those checks.\n\t12/16/2010: [serge] security_real_capable needs ns argument in !security case\n\t01/11/2011: [serge] add task_ns_capable helper\n\t01/11/2011: [serge] add nsown_capable() helper per Bastian Blank suggestion\n\t02/16/2011: [serge] fix a logic bug: the root user is always creator of\n\t\t init_user_ns, but should not always have capabilities to\n\t\t it! Fix the check in cap_capable().\n\t02/21/2011: Add the required user_ns parameter to security_capable,\n\t\t fixing a compile failure.\n\t02/23/2011: Convert some macros to functions as per akpm comments. Some\n\t\t couldn\u0027t be converted because we can\u0027t easily forward-declare\n\t\t them (they are inline if !SECURITY, extern if SECURITY). Add\n\t\t a current_user_ns function so we can use it in capability.h\n\t\t without #including cred.h. Move all forward declarations\n\t\t together to the top of the #ifdef __KERNEL__ section, and use\n\t\t kernel-doc format.\n\t02/23/2011: Per dhowells, clean up comment in cap_capable().\n\t02/23/2011: Per akpm, remove unreachable \u0027return -EPERM\u0027 in cap_capable.\n\n(Original written and signed off by Eric; latest, modified version\nacked by him)\n\n[akpm@linux-foundation.org: fix build]\n[akpm@linux-foundation.org: export current_user_ns() for ecryptfs]\n[serge.hallyn@canonical.com: remove unneeded extra argument in selinux\u0027s task_has_capability]\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7a6362800cb7d1d618a697a650c7aaed3eb39320", "tree": "087f9bc6c13ef1fad4b392c5cf9325cd28fa8523", "parents": [ "6445ced8670f37cfc2c5e24a9de9b413dbfc788d", "ceda86a108671294052cbf51660097b6534672f5" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 16 16:29:25 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 16 16:29:25 2011 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1480 commits)\n bonding: enable netpoll without checking link status\n xfrm: Refcount destination entry on xfrm_lookup\n net: introduce rx_handler results and logic around that\n bonding: get rid of IFF_SLAVE_INACTIVE netdev-\u003epriv_flag\n bonding: wrap slave state work\n net: get rid of multiple bond-related netdevice-\u003epriv_flags\n bonding: register slave pointer for rx_handler\n be2net: Bump up the version number\n be2net: Copyright notice change. Update to Emulex instead of ServerEngines\n e1000e: fix kconfig for crc32 dependency\n netfilter ebtables: fix xt_AUDIT to work with ebtables\n xen network backend driver\n bonding: Improve syslog message at device creation time\n bonding: Call netif_carrier_off after register_netdevice\n bonding: Incorrect TX queue offset\n net_sched: fix ip_tos2prio\n xfrm: fix __xfrm_route_forward()\n be2net: Fix UDP packet detected status in RX compl\n Phonet: fix aligned-mode pipe socket buffer header reserve\n netxen: support for GbE port settings\n ...\n\nFix up conflicts in drivers/staging/brcm80211/brcmsmac/wl_mac80211.c\nwith the staging updates.\n" }, { "commit": "0f6e0e8448a16d8d22119ce91d8dd24b44865b51", "tree": "7c295c02db035fc6a0b867465911a2bc9dc6b1ef", "parents": [ "0d2ecee2bdb2a19d04bc5cefac0f86e790f1aad4", "a002951c97ff8da49938c982a4c236bf2fafdc9f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 16 09:15:43 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 16 09:15:43 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (33 commits)\n AppArmor: kill unused macros in lsm.c\n AppArmor: cleanup generated files correctly\n KEYS: Add an iovec version of KEYCTL_INSTANTIATE\n KEYS: Add a new keyctl op to reject a key with a specified error code\n KEYS: Add a key type op to permit the key description to be vetted\n KEYS: Add an RCU payload dereference macro\n AppArmor: Cleanup make file to remove cruft and make it easier to read\n SELinux: implement the new sb_remount LSM hook\n LSM: Pass -o remount options to the LSM\n SELinux: Compute SID for the newly created socket\n SELinux: Socket retains creator role and MLS attribute\n SELinux: Auto-generate security_is_socket_class\n TOMOYO: Fix memory leak upon file open.\n Revert \"selinux: simplify ioctl checking\"\n selinux: drop unused packet flow permissions\n selinux: Fix packet forwarding checks on postrouting\n selinux: Fix wrong checks for selinux_policycap_netpeer\n selinux: Fix check for xfrm selinux context algorithm\n ima: remove unnecessary call to ima_must_measure\n IMA: remove IMA imbalance checking\n ...\n" }, { "commit": "420c1c572d4ceaa2f37b6311b7017ac6cf049fe2", "tree": "df04e6b4b756b7a46d9887462d54a3ad0e1f91d5", "parents": [ "9620639b7ea3843983f4ced8b4c81eb4d8974838", "6e6823d17b157f185be09f4c70181299f9273f0b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Mar 15 18:53:35 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Mar 15 18:53:35 2011 -0700" }, "message": "Merge branch \u0027timers-core-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip\n\n* \u0027timers-core-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (62 commits)\n posix-clocks: Check write permissions in posix syscalls\n hrtimer: Remove empty hrtimer_init_hres_timer()\n hrtimer: Update hrtimer-\u003estate documentation\n hrtimer: Update base[CLOCK_BOOTTIME].offset correctly\n timers: Export CLOCK_BOOTTIME via the posix timers interface\n timers: Add CLOCK_BOOTTIME hrtimer base\n time: Extend get_xtime_and_monotonic_offset() to also return sleep\n time: Introduce get_monotonic_boottime and ktime_get_boottime\n hrtimers: extend hrtimer base code to handle more then 2 clockids\n ntp: Remove redundant and incorrect parameter check\n mn10300: Switch do_timer() to xtimer_update()\n posix clocks: Introduce dynamic clocks\n posix-timers: Cleanup namespace\n posix-timers: Add support for fd based clocks\n x86: Add clock_adjtime for x86\n posix-timers: Introduce a syscall for clock tuning.\n time: Splitout compat timex accessors\n ntp: Add ADJ_SETOFFSET mode bit\n time: Introduce timekeeping_inject_offset\n posix-timer: Update comment\n ...\n\nFix up new system-call-related conflicts in\n\tarch/x86/ia32/ia32entry.S\n\tarch/x86/include/asm/unistd_32.h\n\tarch/x86/include/asm/unistd_64.h\n\tarch/x86/kernel/syscall_table_32.S\n(name_to_handle_at()/open_by_handle_at() vs clock_adjtime()), and some\ndue to movement of get_jiffies_64() in:\n\tkernel/time.c\n" }, { "commit": "1d28f42c1bd4bb2363d88df74d0128b4da135b4a", "tree": "cb2e652fe79a2bc307e871bc2d3fa51cc8051e45", "parents": [ "ca116922afa8cc5ad46b00c0a637b1cde5ca478a" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Mar 12 00:29:39 2011 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Mar 12 15:08:44 2011 -0800" }, "message": "net: Put flowi_* prefix on AF independent members of struct flowi\n\nI intend to turn struct flowi into a union of AF specific flowi\nstructs. There will be a common structure that each variant includes\nfirst, much like struct sock_common.\n\nThis is the first step to move in that direction.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c151694b2c48d956ac8c8c59c6927f89cc29ef70", "tree": "6d24bfde33c2c5899ea33aef4b81d06d7ac36a2f", "parents": [ "fe3fa43039d47ee4e22caf460b79b62a14937f79", "1936113c820bc3bfac49c266ccf972f7f8552aae" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 09 14:12:07 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 09 14:12:07 2011 +1100" }, "message": "Merge branch \u0027security-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev into next\n" }, { "commit": "1936113c820bc3bfac49c266ccf972f7f8552aae", "tree": "6adabc28f9cb3c21160c9e7f227cff3c50a24e89", "parents": [ "0f8250265623e57971cbb57fc8d92e58dd883a19" ], "author": { "name": "Shan Wei", "email": "shanwei@cn.fujitsu.com", "time": "Fri Jan 21 10:13:13 2011 +0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Tue Mar 08 17:04:07 2011 -0800" }, "message": "AppArmor: kill unused macros in lsm.c\n\nRemove unused macros.\n\nSigned-off-by: Shan Wei \u003cshanwei@cn.fujitsu.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "0f8250265623e57971cbb57fc8d92e58dd883a19", "tree": "8acddd1019f2558ed5fd6b84431736b890197c47", "parents": [ "4fdef2183e6598cc977a9bb9321ef99a44125da3" ], "author": { "name": "Michal Hocko", "email": "mhocko@suse.cz", "time": "Fri Jan 07 15:03:02 2011 +0100" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Tue Mar 08 17:03:53 2011 -0800" }, "message": "AppArmor: cleanup generated files correctly\n\nclean-files should be defined as a variable not a target.\n\nSigned-off-by: Michal Hocko \u003cmhocko@suse.cz\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "fe3fa43039d47ee4e22caf460b79b62a14937f79", "tree": "9eab8d00f1227b9fe0959f32a62d892ed35803ba", "parents": [ "ee009e4a0d4555ed522a631bae9896399674f064", "026eb167ae77244458fa4b4b9fc171209c079ba7" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:38:10 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:38:10 2011 +1100" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into next\n" }, { "commit": "ee009e4a0d4555ed522a631bae9896399674f064", "tree": "ee309fb4a98d9e7792cec99935c2d33652b3f440", "parents": [ "fdd1b94581782a2ddf9124414e5b7a5f48ce2f9c" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 07 15:06:20 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:17:22 2011 +1100" }, "message": "KEYS: Add an iovec version of KEYCTL_INSTANTIATE\n\nAdd a keyctl op (KEYCTL_INSTANTIATE_IOV) that is like KEYCTL_INSTANTIATE, but\ntakes an iovec array and concatenates the data in-kernel into one buffer.\nSince the KEYCTL_INSTANTIATE copies the data anyway, this isn\u0027t too much of a\nproblem.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fdd1b94581782a2ddf9124414e5b7a5f48ce2f9c", "tree": "ce83bfd1f0b1a7d4b9521bdb3d6afef1bff1d4f2", "parents": [ "b9fffa3877a3ebbe0a5ad5a247358e2f7df15b24" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 07 15:06:09 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:17:18 2011 +1100" }, "message": "KEYS: Add a new keyctl op to reject a key with a specified error code\n\nAdd a new keyctl op to reject a key with a specified error code. This works\nmuch the same as negating a key, and so keyctl_negate_key() is made a special\ncase of keyctl_reject_key(). The difference is that keyctl_negate_key()\nselects ENOKEY as the error to be reported.\n\nTypically the key would be rejected with EKEYEXPIRED, EKEYREVOKED or\nEKEYREJECTED, but this is not mandatory.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b9fffa3877a3ebbe0a5ad5a247358e2f7df15b24", "tree": "0f58a92c2616b3663f88935290d32a4c90d57025", "parents": [ "633e804e89464d3875e59de1959a53f9041d3094" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 07 15:05:59 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:17:15 2011 +1100" }, "message": "KEYS: Add a key type op to permit the key description to be vetted\n\nAdd a key type operation to permit the key type to vet the description of a new\nkey that key_alloc() is about to allocate. The operation may reject the\ndescription if it wishes with an error of its choosing. If it does this, the\nkey will not be allocated.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReviewed-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "633e804e89464d3875e59de1959a53f9041d3094", "tree": "0a2464267c5f7a4e8166771fdc88e181a5b6219a", "parents": [ "1cc26bada9f6807814806db2f0d78792eecdac71" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 07 15:05:51 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:17:11 2011 +1100" }, "message": "KEYS: Add an RCU payload dereference macro\n\nAdd an RCU payload dereference macro as this seems to be a common piece of code\namongst key types that use RCU referenced payloads.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1cc26bada9f6807814806db2f0d78792eecdac71", "tree": "5509b5139db04af6c13db0a580c84116a4a54039", "parents": [ "eae61f3c829439f8f9121b5cd48a14be04df451f", "214d93b02c4fe93638ad268613c9702a81ed9192" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 10:55:06 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 10:55:06 2011 +1100" }, "message": "Merge branch \u0027master\u0027; commit \u0027v2.6.38-rc7\u0027 into next\n" }, { "commit": "4fdef2183e6598cc977a9bb9321ef99a44125da3", "tree": "380a0f9424d068dc267936fc188ec6abb85df909", "parents": [ "eae61f3c829439f8f9121b5cd48a14be04df451f" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Sat Mar 05 02:18:02 2011 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Sat Mar 05 02:46:26 2011 -0800" }, "message": "AppArmor: Cleanup make file to remove cruft and make it easier to read\n\nCleanups based on comments from Sam Ravnborg,\n\n* remove references to the currently unused af_names.h\n* add rlim_names.h to clean-files:\n* rework cmd_make-XXX to make them more readable by adding comments,\n reworking the expressions to put logical components on individual lines,\n and keep lines \u003c 80 characters.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Sam Ravnborg \u003csam@ravnborg.org\u003e\n" }, { "commit": "01a16b21d6adf992aa863186c3c4e561a57c1714", "tree": "a3b1c81e5a5e6a0e9069e4d3a15576741ed34776", "parents": [ "63f97425166a1a16279c1a5720e9dfcb2c12ad1b" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Thu Mar 03 13:32:07 2011 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Mar 03 13:32:07 2011 -0800" }, "message": "netlink: kill eff_cap from struct netlink_skb_parms\n\nNetlink message processing in the kernel is synchronous these days,\ncapabilities can be checked directly in security_netlink_recv() from\nthe current process.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n[chrisw: update to include pohmelfs and uvesafb]\nSigned-off-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "026eb167ae77244458fa4b4b9fc171209c079ba7", "tree": "1e66fcfeb0b43a6fb764e1d07f8f0200d0c99094", "parents": [ "ff36fe2c845cab2102e4826c1ffa0a6ebf487c65" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 16:09:14 2011 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 16:12:28 2011 -0500" }, "message": "SELinux: implement the new sb_remount LSM hook\n\nFor SELinux we do not allow security information to change during a remount\noperation. Thus this hook simply strips the security module options from\nthe data and verifies that those are the same options as exist on the\ncurrent superblock.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ff36fe2c845cab2102e4826c1ffa0a6ebf487c65", "tree": "d61f4c65bc51e6455f0cb5a3d03fab41d0f83169", "parents": [ "2ad18bdf3b8f84c85c7da7e4de365f7c5701fb3f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 16:09:14 2011 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 16:12:27 2011 -0500" }, "message": "LSM: Pass -o remount options to the LSM\n\nThe VFS mount code passes the mount options to the LSM. The LSM will remove\noptions it understands from the data and the VFS will then pass the remaining\noptions onto the underlying filesystem. This is how options like the\nSELinux context\u003d work. The problem comes in that -o remount never calls\ninto LSM code. So if you include an LSM specific option it will get passed\nto the filesystem and will cause the remount to fail. An example of where\nthis is a problem is the \u0027seclabel\u0027 option. The SELinux LSM hook will\nprint this word in /proc/mounts if the filesystem is being labeled using\nxattrs. If you pass this word on mount it will be silently stripped and\nignored. But if you pass this word on remount the LSM never gets called\nand it will be passed to the FS. The FS doesn\u0027t know what seclabel means\nand thus should fail the mount. For example an ext3 fs mounted over loop\n\n# mount -o loop /tmp/fs /mnt/tmp\n# cat /proc/mounts | grep /mnt/tmp\n/dev/loop0 /mnt/tmp ext3 rw,seclabel,relatime,errors\u003dcontinue,barrier\u003d0,data\u003dordered 0 0\n# mount -o remount /mnt/tmp\nmount: /mnt/tmp not mounted already, or bad option\n# dmesg\nEXT3-fs (loop0): error: unrecognized mount option \"seclabel\" or missing value\n\nThis patch passes the remount mount options to an new LSM hook.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2ad18bdf3b8f84c85c7da7e4de365f7c5701fb3f", "tree": "7b45743dee9e9de69714da3801aa3f987a3db365", "parents": [ "6f5317e730505d5cbc851c435a2dfe3d5a21d343" ], "author": { "name": "Harry Ciao", "email": "qingtao.cao@windriver.com", "time": "Wed Mar 02 13:32:34 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 15:19:44 2011 -0500" }, "message": "SELinux: Compute SID for the newly created socket\n\nThe security context for the newly created socket shares the same\nuser, role and MLS attribute as its creator but may have a different\ntype, which could be specified by a type_transition rule in the relevant\npolicy package.\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\n[fix call to security_transition_sid to include qstr, Eric Paris]\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "6f5317e730505d5cbc851c435a2dfe3d5a21d343", "tree": "02088cf519a00db5c6fbdb2cc8776402413eb662", "parents": [ "4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad" ], "author": { "name": "Harry Ciao", "email": "qingtao.cao@windriver.com", "time": "Wed Mar 02 13:32:33 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 15:19:43 2011 -0500" }, "message": "SELinux: Socket retains creator role and MLS attribute\n\nThe socket SID would be computed on creation and no longer inherit\nits creator\u0027s SID by default. Socket may have a different type but\nneeds to retain the creator\u0027s role and MLS attribute in order not\nto break labeled networking and network access control.\n\nThe kernel value for a class would be used to determine if the class\nif one of socket classes. If security_compute_sid is called from\nuserspace the policy value for a class would be mapped to the relevant\nkernel value first.\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad", "tree": "9ed72f305050b876d846b44ccf13f63fcbab1ff4", "parents": [ "0b24dcb7f2f7a0ce9b762eef0362c21c88f47b32" ], "author": { "name": "Harry Ciao", "email": "qingtao.cao@windriver.com", "time": "Wed Mar 02 13:46:08 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 15:19:43 2011 -0500" }, "message": "SELinux: Auto-generate security_is_socket_class\n\nThe security_is_socket_class() is auto-generated by genheaders based\non classmap.h to reduce maintenance effort when a new class is defined\nin SELinux kernel. The name for any socket class should be suffixed by\n\"socket\" and doesn\u0027t contain more than one substr of \"socket\".\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "c53fa1ed92cd671a1dfb1e7569e9ab672612ddc6", "tree": "9bb539a7731af94cac0112b8f13771e4a33e0450", "parents": [ "06dc94b1ed05f91e246315afeb1c652d6d0dc9ab" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Thu Mar 03 10:55:40 2011 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Mar 03 10:55:40 2011 -0800" }, "message": "netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms\n\nNetlink message processing in the kernel is synchronous these days, the\nsession information can be collected when needed.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "eae61f3c829439f8f9121b5cd48a14be04df451f", "tree": "607f79bb57996e059c1da17a0411d5763c4748ca", "parents": [ "1adace9bb04a5f4a4dea9e642089102661bb0ceb" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Mar 02 16:54:24 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 03 10:13:26 2011 +1100" }, "message": "TOMOYO: Fix memory leak upon file open.\n\nIn tomoyo_check_open_permission() since 2.6.36, TOMOYO was by error\nrecalculating already calculated pathname when checking allow_rewrite\npermission. As a result, memory will leak whenever a file is opened for writing\nwithout O_APPEND flag. Also, performance will degrade because TOMOYO is\ncalculating pathname regardless of profile configuration.\nThis patch fixes the leak and performance degrade.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0b24dcb7f2f7a0ce9b762eef0362c21c88f47b32", "tree": "9c7dc83e169cd4a2e5fd248e4b940f82131627b6", "parents": [ "47ac19ea429aee561f66e9cd05b908e8ffbc498a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Feb 25 15:39:20 2011 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Feb 25 15:40:00 2011 -0500" }, "message": "Revert \"selinux: simplify ioctl checking\"\n\nThis reverts commit 242631c49d4cf39642741d6627750151b058233b.\n\nConflicts:\n\n\tsecurity/selinux/hooks.c\n\nSELinux used to recognize certain individual ioctls and check\npermissions based on the knowledge of the individual ioctl. In commit\n242631c49d4cf396 the SELinux code stopped trying to understand\nindividual ioctls and to instead looked at the ioctl access bits to\ndetermine in we should check read or write for that operation. This\nsame suggestion was made to SMACK (and I believe copied into TOMOYO).\nBut this suggestion is total rubbish. The ioctl access bits are\nactually the access requirements for the structure being passed into the\nioctl, and are completely unrelated to the operation of the ioctl or the\nobject the ioctl is being performed upon.\n\nTake FS_IOC_FIEMAP as an example. FS_IOC_FIEMAP is defined as:\n\nFS_IOC_FIEMAP _IOWR(\u0027f\u0027, 11, struct fiemap)\n\nSo it has access bits R and W. What this really means is that the\nkernel is going to both read and write to the struct fiemap. It has\nnothing at all to do with the operations that this ioctl might perform\non the file itself!\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "47ac19ea429aee561f66e9cd05b908e8ffbc498a", "tree": "22a95f4b75ab4dd71949f8f337463638ff6711e3", "parents": [ "4a7ab3dcad0b66a486c468ccf0d6197c5dbe3326" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Feb 25 15:39:20 2011 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Feb 25 15:40:00 2011 -0500" }, "message": "selinux: drop unused packet flow permissions\n\nThese permissions are not used and can be dropped in the kernel\ndefinitions.\n\nSuggested-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "4a7ab3dcad0b66a486c468ccf0d6197c5dbe3326", "tree": "b88badda1de339ed01149caf05601400d2e2a9dd", "parents": [ "b9679a76187694138099e09d7f5091b73086e6d7" ], "author": { "name": "Steffen Klassert", "email": "steffen.klassert@secunet.com", "time": "Wed Feb 23 12:56:23 2011 +0100" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Feb 25 15:00:51 2011 -0500" }, "message": "selinux: Fix packet forwarding checks on postrouting\n\nThe IPSKB_FORWARDED and IP6SKB_FORWARDED flags are used only in the\nmulticast forwarding case to indicate that a packet looped back after\nforward. So these flags are not a good indicator for packet forwarding.\nA better indicator is the incoming interface. If we have no socket context,\nbut an incoming interface and we see the packet in the ip postroute hook,\nthe packet is going to be forwarded.\n\nWith this patch we use the incoming interface as an indicator on packet\nforwarding.\n\nSigned-off-by: Steffen Klassert \u003csteffen.klassert@secunet.com\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b9679a76187694138099e09d7f5091b73086e6d7", "tree": "224bfa579013b55ed6c459879ba0aab6d28e8ae2", "parents": [ "8f82a6880d8d03961181d973388e1df2772a8b24" ], "author": { "name": "Steffen Klassert", "email": "steffen.klassert@secunet.com", "time": "Wed Feb 23 12:55:21 2011 +0100" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Feb 25 15:00:47 2011 -0500" }, "message": "selinux: Fix wrong checks for selinux_policycap_netpeer\n\nselinux_sock_rcv_skb_compat and selinux_ip_postroute_compat are just\ncalled if selinux_policycap_netpeer is not set. However in these\nfunctions we check if selinux_policycap_netpeer is set. This leads\nto some dead code and to the fact that selinux_xfrm_postroute_last\nis never executed. This patch removes the dead code and the checks\nfor selinux_policycap_netpeer in the compatibility functions.\n\nSigned-off-by: Steffen Klassert \u003csteffen.klassert@secunet.com\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "8f82a6880d8d03961181d973388e1df2772a8b24", "tree": "b2eb1374f143610dbf06a686fcfee6b77bff110b", "parents": [ "4916ca401e3051dad326ddd69765bd0e3f32fb9b" ], "author": { "name": "Steffen Klassert", "email": "steffen.klassert@secunet.com", "time": "Wed Feb 23 12:54:33 2011 +0100" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Feb 25 15:00:44 2011 -0500" }, "message": "selinux: Fix check for xfrm selinux context algorithm\n\nselinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of\ninterpretation against the selinux context algorithm. This patch\nfixes this by checking ctx_alg against the selinux context algorithm.\n\nSigned-off-by: Steffen Klassert \u003csteffen.klassert@secunet.com\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "1adace9bb04a5f4a4dea9e642089102661bb0ceb", "tree": "2396099935c50d838899a01da1438b8a441619de", "parents": [ "854fdd55bfdd56cfc61bd30f2062a9268fcebba6" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Feb 22 10:19:43 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 23 16:38:52 2011 -0500" }, "message": "ima: remove unnecessary call to ima_must_measure\n\nThe original ima_must_measure() function based its results on cached\niint information, which required an iint be allocated for all files.\nCurrently, an iint is allocated only for files in policy. As a result,\nfor those files in policy, ima_must_measure() is now called twice: once\nto determine if the inode is in the measurement policy and, the second\ntime, to determine if it needs to be measured/re-measured.\n\nThe second call to ima_must_measure() unnecessarily checks to see if\nthe file is in policy. As we already know the file is in policy, this\npatch removes the second unnecessary call to ima_must_measure(), removes\nthe vestige iint parameter, and just checks the iint directly to determine\nif the inode has been measured or needs to be measured/re-measured.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "e33f770426674a565a188042caf3f974f8b3722d", "tree": "6ee309a1cbccec1cef9972fc6c8f8d9b280978f5", "parents": [ "e1ad2ab2cf0cabcd81861e2c61870fc27bb27ded" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 22 18:13:15 2011 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 22 18:13:15 2011 -0800" }, "message": "xfrm: Mark flowi arg to security_xfrm_state_pol_flow_match() const.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6037b715d6fab139742c3df8851db4c823081561", "tree": "aba9e9427debd4fa5b904daefa8e71a6320f4b93", "parents": [ "deabb19ba4bd8c06ae69bc262e3594b515e3a459" ], "author": { "name": "Chris Wright", "email": "chrisw@sous-sol.org", "time": "Wed Feb 09 22:11:51 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 11 17:41:58 2011 +1100" }, "message": "security: add cred argument to security_capable()\n\nExpand security_capable() to include cred, so that it can be usable in a\nwider range of call sites.\n\nSigned-off-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "854fdd55bfdd56cfc61bd30f2062a9268fcebba6", "tree": "139af793bf7395002e6e68978b603d47f28f7dc2", "parents": [ "890275b5eb79e9933d12290473eab9ac38da0051" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 02 10:14:22 2010 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Feb 10 07:51:44 2011 -0500" }, "message": "IMA: remove IMA imbalance checking\n\nNow that i_readcount is maintained by the VFS layer, remove the\nimbalance checking in IMA. Cleans up the IMA code nicely.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "890275b5eb79e9933d12290473eab9ac38da0051", "tree": "8fa529a6fdfa7647ed4e14287658b71df8636ddd", "parents": [ "a5c96ebf1d71df0c5fb77ab58c9aeb307cf02372" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 02 10:13:07 2010 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Feb 10 07:51:44 2011 -0500" }, "message": "IMA: maintain i_readcount in the VFS layer\n\nima_counts_get() updated the readcount and invalidated the PCR,\nas necessary. Only update the i_readcount in the VFS layer.\nMove the PCR invalidation checks to ima_file_check(), where it\nbelongs.\n\nMaintaining the i_readcount in the VFS layer, will allow other\nsubsystems to use i_readcount.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "a68a27b6f2354273bacc39c3dd06456edb202230", "tree": "d73396dab134842ecd1e86d665718e75012e7e78", "parents": [ "75a25637bf8a1b8fbed2368c0a3ec15c66a534f1" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 02 10:10:56 2010 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Feb 10 07:51:43 2011 -0500" }, "message": "IMA: convert i_readcount to atomic\n\nConvert the inode\u0027s i_readcount from an unsigned int to atomic.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "75a25637bf8a1b8fbed2368c0a3ec15c66a534f1", "tree": "038d52827d9a285fed1bb384f06d7adabf4ef674", "parents": [ "db904aa8147440b750a35d58befed38155a1abb9" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed Feb 09 19:58:42 2011 -0800" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed Feb 09 19:58:42 2011 -0800" }, "message": "Smack: correct final mmap check comparison\n\nThe mmap policy enforcement checks the access of the\nSMACK64MMAP subject against the current subject incorrectly.\nThe check as written works correctly only if the access\nrules involved have the same access. This is the common\ncase, so initial testing did not find a problem.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "db904aa8147440b750a35d58befed38155a1abb9", "tree": "faaeea888a0ff5ca9c1e935bda15914a551458a2", "parents": [ "0e0a070d3a47d279de66e08244769556deae2eee" ], "author": { "name": "Shan Wei", "email": "shanwei@cn.fujitsu.com", "time": "Wed Feb 09 19:58:11 2011 -0800" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed Feb 09 19:58:11 2011 -0800" }, "message": "security:smack: kill unused SMACK_LIST_MAX, MAY_ANY and MAY_ANYWRITE\n\nKill unused macros of SMACK_LIST_MAX, MAY_ANY and MAY_ANYWRITE.\nv2: As Casey Schaufler\u0027s advice, also remove MAY_ANY.\n\nSigned-off-by: Shan Wei \u003cshanwei@cn.fujitsu.com\u003e\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "0e0a070d3a47d279de66e08244769556deae2eee", "tree": "8d9c07464833076a40c1d95dd2f8f33716509290", "parents": [ "821404434f3324bf23f545050ff64055a149766e" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Feb 08 16:36:24 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Feb 09 18:50:23 2011 +1100" }, "message": "Smack: correct behavior in the mmap hook\n\nThe mmap policy enforcement was not properly handling the\n interaction between the global and local rule lists.\n Instead of going through one and then the other, which\n missed the important case where a rule specified that\n there should be no access, combine the access limitations\n where there is a rule in each list.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2edeaa34a6e3f2c43b667f6c4f7b27944b811695", "tree": "37dd9156645491a86844ba9198fe05e4e6fe44c5", "parents": [ "257a65d79581880032e0bf0c452f4041b693664c" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Feb 07 13:36:10 2011 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Feb 07 14:04:00 2011 -0800" }, "message": "CRED: Fix BUG() upon security_cred_alloc_blank() failure\n\nIn cred_alloc_blank() since 2.6.32, abort_creds(new) is called with\nnew-\u003esecurity \u003d\u003d NULL and new-\u003emagic \u003d\u003d 0 when security_cred_alloc_blank()\nreturns an error. As a result, BUG() will be triggered if SELinux is enabled\nor CONFIG_DEBUG_CREDENTIALS\u003dy.\n\nIf CONFIG_DEBUG_CREDENTIALS\u003dy, BUG() is called from __invalid_creds() because\ncred-\u003emagic \u003d\u003d 0. Failing that, BUG() is called from selinux_cred_free()\nbecause selinux_cred_free() is not expecting cred-\u003esecurity \u003d\u003d NULL. This does\nnot affect smack_cred_free(), tomoyo_cred_free() or apparmor_cred_free().\n\nFix these bugs by\n\n(1) Set new-\u003emagic before calling security_cred_alloc_blank().\n\n(2) Handle null cred-\u003esecurity in creds_are_invalid() and selinux_cred_free().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1e6d767924c74929c0cfe839ae8f37bcee9e544e", "tree": "4ace06971e2b3519e556bea2f7e3e999e860eedd", "parents": [ "7cf37e87dd2cfa17a64f28ea7f31eed4525f79e4" ], "author": { "name": "Richard Cochran", "email": "richard.cochran@omicron.at", "time": "Tue Feb 01 13:50:58 2011 +0000" }, "committer": { "name": "Thomas Gleixner", "email": "tglx@linutronix.de", "time": "Wed Feb 02 15:28:11 2011 +0100" }, "message": "time: Correct the *settime* parameters\n\nBoth settimeofday() and clock_settime() promise with a \u0027const\u0027\nattribute not to alter the arguments passed in. This patch adds the\nmissing \u0027const\u0027 attribute into the various kernel functions\nimplementing these calls.\n\nSigned-off-by: Richard Cochran \u003crichard.cochran@omicron.at\u003e\nAcked-by: John Stultz \u003cjohnstul@us.ibm.com\u003e\nLKML-Reference: \u003c20110201134417.545698637@linutronix.de\u003e\nSigned-off-by: Thomas Gleixner \u003ctglx@linutronix.de\u003e\n" }, { "commit": "4916ca401e3051dad326ddd69765bd0e3f32fb9b", "tree": "593778babcd691a498a909a5eaf462f29d241cf6", "parents": [ "8e6c96935fcc1ed3dbebc96fddfef3f2f2395afc" ], "author": { "name": "Lucian Adrian Grijincu", "email": "lucian.grijincu@gmail.com", "time": "Tue Feb 01 18:44:56 2011 +0200" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 01 11:54:02 2011 -0500" }, "message": "security: remove unused security_sysctl hook\n\nThe only user for this hook was selinux. sysctl routes every call\nthrough /proc/sys/. Selinux and other security modules use the file\nsystem checks for sysctl too, so no need for this hook any more.\n\nSigned-off-by: Lucian Adrian Grijincu \u003clucian.grijincu@gmail.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "8e6c96935fcc1ed3dbebc96fddfef3f2f2395afc", "tree": "c26297c8ca479972010cadf2058aacd63ce1744f", "parents": [ "652bb9b0d6ce007f37c098947b2cc0c45efa3f66" ], "author": { "name": "Lucian Adrian Grijincu", "email": "lucian.grijincu@gmail.com", "time": "Tue Feb 01 18:42:22 2011 +0200" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 01 11:53:54 2011 -0500" }, "message": "security/selinux: fix /proc/sys/ labeling\n\nThis fixes an old (2007) selinux regression: filesystem labeling for\n/proc/sys returned\n -r--r--r-- unknown /proc/sys/fs/file-nr\ninstead of\n -r--r--r-- system_u:object_r:sysctl_fs_t:s0 /proc/sys/fs/file-nr\n\nEvents that lead to breaking of /proc/sys/ selinux labeling:\n\n1) sysctl was reimplemented to route all calls through /proc/sys/\n\n commit 77b14db502cb85a031fe8fde6c85d52f3e0acb63\n [PATCH] sysctl: reimplement the sysctl proc support\n\n2) proc_dir_entry was removed from ctl_table:\n\n commit 3fbfa98112fc3962c416452a0baf2214381030e6\n [PATCH] sysctl: remove the proc_dir_entry member for the sysctl tables\n\n3) selinux still walked the proc_dir_entry tree to apply\n labeling. Because ctl_tables don\u0027t have a proc_dir_entry, we did\n not label /proc/sys/ inodes any more. To achieve this the /proc/sys/\n inodes were marked private and private inodes were ignored by\n selinux.\n\n commit bbaca6c2e7ef0f663bc31be4dad7cf530f6c4962\n [PATCH] selinux: enhance selinux to always ignore private inodes\n\n commit 86a71dbd3e81e8870d0f0e56b87875f57e58222b\n [PATCH] sysctl: hide the sysctl proc inodes from selinux\n\nAccess control checks have been done by means of a special sysctl hook\nthat was called for read/write accesses to any /proc/sys/ entry.\n\nWe don\u0027t have to do this because, instead of walking the\nproc_dir_entry tree we can walk the dentry tree (as done in this\npatch). With this patch:\n* we don\u0027t mark /proc/sys/ inodes as private\n* we don\u0027t need the sysclt security hook\n* we walk the dentry tree to find the path to the inode.\n\nWe have to strip the PID in /proc/PID/ entries that have a\nproc_dir_entry because selinux does not know how to label paths like\n\u0027/1/net/rpc/nfsd.fh\u0027 (and defaults to \u0027proc_t\u0027 labeling). Selinux does\nknow of \u0027/net/rpc/nfsd.fh\u0027 (and applies the \u0027sysctl_rpc_t\u0027 label).\n\nPID stripping from the path was done implicitly in the previous code\nbecause the proc_dir_entry tree had the root in \u0027/net\u0027 in the example\nfrom above. The dentry tree has the root in \u0027/1\u0027.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: Lucian Adrian Grijincu \u003clucian.grijincu@gmail.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "652bb9b0d6ce007f37c098947b2cc0c45efa3f66", "tree": "7bf76f04a1fcaa401761a9a734b94682e2ac8b8c", "parents": [ "2a7dba391e5628ad665ce84ef9a6648da541ebab" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 01 11:05:40 2011 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 01 11:12:30 2011 -0500" }, "message": "SELinux: Use dentry name in new object labeling\n\nCurrently SELinux has rules which label new objects according to 3 criteria.\nThe label of the process creating the object, the label of the parent\ndirectory, and the type of object (reg, dir, char, block, etc.) This patch\nadds a 4th criteria, the dentry name, thus we can distinguish between\ncreating a file in an etc_t directory called shadow and one called motd.\n\nThere is no file globbing, regex parsing, or anything mystical. Either the\npolicy exactly (strcmp) matches the dentry name of the object or it doesn\u0027t.\nThis patch has no changes from today if policy does not implement the new\nrules.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2a7dba391e5628ad665ce84ef9a6648da541ebab", "tree": "ba0722bd74d2c883dbda7ff721850bab411cac04", "parents": [ "821404434f3324bf23f545050ff64055a149766e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 01 11:05:39 2011 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 01 11:12:29 2011 -0500" }, "message": "fs/vfs/security: pass last path component to LSM on inode creation\n\nSELinux would like to implement a new labeling behavior of newly created\ninodes. We currently label new inodes based on the parent and the creating\nprocess. This new behavior would also take into account the name of the\nnew object when deciding the new label. This is not the (supposed) full path,\njust the last component of the path.\n\nThis is very useful because creating /etc/shadow is different than creating\n/etc/passwd but the kernel hooks are unable to differentiate these\noperations. We currently require that userspace realize it is doing some\ndifficult operation like that and than userspace jumps through SELinux hoops\nto get things set up correctly. This patch does not implement new\nbehavior, that is obviously contained in a seperate SELinux patch, but it\ndoes pass the needed name down to the correct LSM hook. If no such name\nexists it is fine to pass NULL.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "ceb73c12047b8d543570b23353e7848eb7c540a1", "tree": "a637dc88d418be1b705a66bea375af955bd14e22", "parents": [ "f5c66d70ac2a9016a7ad481bd37e39afd7dd7369" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Jan 25 16:34:28 2011 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jan 26 08:58:20 2011 +1000" }, "message": "KEYS: Fix __key_link_end() quota fixup on error\n\nFix __key_link_end()\u0027s attempt to fix up the quota if an error occurs.\n\nThere are two erroneous cases: Firstly, we always decrease the quota if\nthe preallocated replacement keyring needs cleaning up, irrespective of\nwhether or not we should (we may have replaced a pointer rather than\nadding another pointer).\n\nSecondly, we never clean up the quota if we added a pointer without the\nkeyring storage being extended (we allocate multiple pointers at a time,\neven if we\u0027re not going to use them all immediately).\n\nWe handle this by setting the bottom bit of the preallocation pointer in\n__key_link_begin() to indicate that the quota needs fixing up, which is\nthen passed to __key_link() (which clears the whole thing) and\n__key_link_end().\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3ac285ff23cd6e1bc402b6db836521bce006eb89", "tree": "449a7788ba52f3ac0cb7a5ae6a467934163745c2", "parents": [ "e5cce6c13c25d9ac56955a3ae2fd562719848172" ], "author": { "name": "Davidlohr Bueso", "email": "dave@gnu.org", "time": "Fri Jan 21 12:28:04 2011 -0300" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 24 11:35:47 2011 +1100" }, "message": "selinux: return -ENOMEM when memory allocation fails\n\nReturn -ENOMEM when memory allocation fails in cond_init_bool_indexes,\ncorrectly propagating error code to caller.\n\nSigned-off-by: Davidlohr Bueso \u003cdave@gnu.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5403110943a2dcf1f96416d7a412a8b46895facd", "tree": "48e3501e71511200c911315b8bdffde4788d357d", "parents": [ "7f3c68bee977ab872827e44de017216736fe21d7" ], "author": { "name": "Jesper Juhl", "email": "jj@chaosbits.net", "time": "Sun Jan 23 22:40:42 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 24 10:59:58 2011 +1100" }, "message": "trusted keys: Fix a memory leak in trusted_update().\n\nOne failure path in security/keys/trusted.c::trusted_update() does\nnot free \u0027new_p\u0027 while the others do. This patch makes sure we also free\nit in the remaining path (if datablob_parse() returns different from\nOpt_update).\n\nSigned-off-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "821404434f3324bf23f545050ff64055a149766e", "tree": "619847c1b4c101da7eddee2cc920af329829847f", "parents": [ "ced3b93018a9633447ddeb12a96f25e08154cbe7" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Dec 24 14:48:35 2010 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 24 10:49:45 2011 +1100" }, "message": "CacheFiles: Add calls to path-based security hooks\n\nAdd calls to path-based security hooks into CacheFiles as, unlike inode-based\nsecurity, these aren\u0027t implicit in the vfs_mkdir() and similar calls.\n\nReported-by: Tetsuo Handa \u003cpenguin-kernel@i-love.sakura.ne.jp\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ced3b93018a9633447ddeb12a96f25e08154cbe7", "tree": "3d227ef6d2630c35127f8f25c123b1c4a0a4ad1f", "parents": [ "7898e1f8e9eb1bee88c92d636e0ab93f2cbe31c6" ], "author": { "name": "Shan Wei", "email": "shanwei@cn.fujitsu.com", "time": "Wed Jan 19 17:21:44 2011 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 24 10:36:11 2011 +1100" }, "message": "security:selinux: kill unused MAX_AVTAB_HASH_MASK and ebitmap_startbit\n\nKill unused MAX_AVTAB_HASH_MASK and ebitmap_startbit.\n\nSigned-off-by: Shan Wei \u003cshanwei@cn.fujitsu.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b9703449347603289cac0bd04e574ac2e777275d", "tree": "287d7d8cccfad36f238d826f87e474afb8db424d", "parents": [ "4b174b6d281f5c87234fc65bafc02877f565c5cf" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 18 09:07:12 2011 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 24 10:27:57 2011 +1100" }, "message": "encrypted-keys: rename encrypted_defined files to encrypted\n\nRename encrypted_defined.c and encrypted_defined.h files to encrypted.c and\nencrypted.h, respectively. Based on request from David Howells.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4b174b6d281f5c87234fc65bafc02877f565c5cf", "tree": "5c1f0519d2f4d642ac9ecec9a180019fe980958e", "parents": [ "1bae4ce27c9c90344f23c65ea6966c50ffeae2f5" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 18 09:07:11 2011 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 24 10:14:22 2011 +1100" }, "message": "trusted-keys: rename trusted_defined files to trusted\n\nRename trusted_defined.c and trusted_defined.h files to trusted.c and\ntrusted.h, respectively. Based on request from David Howells.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "973c9f4f49ca96a53bcf6384c4c59ccd26c33906", "tree": "e3535a43c1e5cb5f0c06c040f58bc25c9b869fd1", "parents": [ "a8b17ed019bd40d3bfa20439d9c36a99f9be9180" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Jan 20 16:38:33 2011 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 21 14:59:30 2011 -0800" }, "message": "KEYS: Fix up comments in key management code\n\nFix up comments in the key management code. No functional changes.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a8b17ed019bd40d3bfa20439d9c36a99f9be9180", "tree": "beb3b08575aa01c7ebb24939b678d533b1f59adf", "parents": [ "9093ba53b7f26dbb5210de1157769e59e34bbe23" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Jan 20 16:38:27 2011 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 21 14:59:29 2011 -0800" }, "message": "KEYS: Do some style cleanup in the key management code.\n\nDo a bit of a style clean up in the key management code. No functional\nchanges.\n\nDone using:\n\n perl -p -i -e \u0027s!^/[*]*/\\n!!\u0027 security/keys/*.c\n perl -p -i -e \u0027s!} /[*] end [a-z0-9_]*[(][)] [*]/\\n!}\\n!\u0027 security/keys/*.c\n sed -i -s -e \": next\" -e N -e \u0027s/^\\n[}]$/}/\u0027 -e t -e P -e \u0027s/^.*\\n//\u0027 -e \"b next\" security/keys/*.c\n\nTo remove /*****/ lines, remove comments on the closing brace of a\nfunction to name the function and remove blank lines before the closing\nbrace of a function.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "154a96bfcd53b8e5020718c64769e542c44788b9", "tree": "2fc7a4c8992fb4222a6fb47f22907a94da48eebd", "parents": [ "0e7491f685cbc962f2ef977f7b5f8ed0b3100e88" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Jan 17 09:27:27 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 19 09:53:59 2011 +1100" }, "message": "trusted-keys: avoid scattring va_end()\n\nWe can avoid scattering va_end() within the\n\n va_start();\n for (;;) {\n\n }\n va_end();\n\nloop, assuming that crypto_shash_init()/crypto_shash_update() return 0 on\nsuccess and negative value otherwise.\n\nMake TSS_authhmac()/TSS_checkhmac1()/TSS_checkhmac2() similar to TSS_rawhmac()\nby removing \"va_end()/goto\" from the loop.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nReviewed-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0e7491f685cbc962f2ef977f7b5f8ed0b3100e88", "tree": "44d27bf6f64b974eb8d177316c3fd77f66324b13", "parents": [ "35576eab390df313095306e2a8216134910e7014" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Jan 17 09:25:34 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 19 09:53:56 2011 +1100" }, "message": "trusted-keys: check for NULL before using it\n\nTSS_rawhmac() checks for data !\u003d NULL before using it.\nWe should do the same thing for TSS_authhmac().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nReviewed-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "35576eab390df313095306e2a8216134910e7014", "tree": "c35b52f6797ce69091c3e3bc596783f45e19496a", "parents": [ "40c1001792de63e0f90e977eb05393fd71f78692" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Jan 17 09:22:47 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 19 09:53:53 2011 +1100" }, "message": "trusted-keys: another free memory bugfix\n\nTSS_rawhmac() forgot to call va_end()/kfree() when data \u003d\u003d NULL and\nforgot to call va_end() when crypto_shash_update() \u003c 0.\nFix these bugs by escaping from the loop using \"break\"\n(rather than \"return\"/\"goto\") in order to make sure that\nva_end()/kfree() are always called.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nReviewed-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7898e1f8e9eb1bee88c92d636e0ab93f2cbe31c6", "tree": "d4aaa367bb42d0ff9d1e4ba227f248b5b9cd7687", "parents": [ "aeda4ac3efc29e4d55989abd0a73530453aa69ba" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Jan 17 08:05:27 2011 -0800" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Jan 17 08:05:27 2011 -0800" }, "message": "Subject: [PATCH] Smack: mmap controls for library containment\n\n In the embedded world there are often situations\n where libraries are updated from a variety of sources,\n for a variety of reasons, and with any number of\n security characteristics. These differences\n might include privilege required for a given library\n provided interface to function properly, as occurs\n from time to time in graphics libraries. There are\n also cases where it is important to limit use of\n libraries based on the provider of the library and\n the security aware application may make choices\n based on that criteria.\n\n These issues are addressed by providing an additional\n Smack label that may optionally be assigned to an object,\n the SMACK64MMAP attribute. An mmap operation is allowed\n if there is no such attribute.\n\n If there is a SMACK64MMAP attribute the mmap is permitted\n only if a subject with that label has all of the access\n permitted a subject with the current task label.\n\n Security aware applications may from time to time\n wish to reduce their \"privilege\" to avoid accidental use\n of privilege. One case where this arises is the\n environment in which multiple sources provide libraries\n to perform the same functions. An application may know\n that it should eschew services made available from a\n particular vendor, or of a particular version.\n\n In support of this a secondary list of Smack rules has\n been added that is local to the task. This list is\n consulted only in the case where the global list has\n approved access. It can only further restrict access.\n Unlike the global last, if no entry is found on the\n local list access is granted. An application can add\n entries to its own list by writing to /smack/load-self.\n\n The changes appear large as they involve refactoring\n the list handling to accomodate there being more\n than one rule list.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "40c1001792de63e0f90e977eb05393fd71f78692", "tree": "7172e92ccefd8f4b8ee42401901ddab5bec687b5", "parents": [ "581548db3b3c0f6e25b500329eb02e3c72e7acbe" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 20 12:37:18 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jan 14 10:27:46 2011 +1100" }, "message": "trusted-keys: free memory bugfix\n\nAdd missing kfree(td) in tpm_seal() before the return, freeing\ntd on error paths as well.\n\nReported-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Safford \u003csafford@watson.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Serge Hallyn \u003cserge@hallyn.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "008d23e4852d78bb2618f2035f8b2110b6a6b968", "tree": "81c88f744f6f3fc84132527c1ddc0b4da410c5e2", "parents": [ "8f685fbda43deccd130d192c9fcef1444649eaca", "bfc672dcf323877228682aff79dff8ecd9f30ff8" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jan 13 10:05:56 2011 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jan 13 10:05:56 2011 -0800" }, "message": "Merge branch \u0027for-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\n* \u0027for-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (43 commits)\n Documentation/trace/events.txt: Remove obsolete sched_signal_send.\n writeback: fix global_dirty_limits comment runtime -\u003e real-time\n ppc: fix comment typo singal -\u003e signal\n drivers: fix comment typo diable -\u003e disable.\n m68k: fix comment typo diable -\u003e disable.\n wireless: comment typo fix diable -\u003e disable.\n media: comment typo fix diable -\u003e disable.\n remove doc for obsolete dynamic-printk kernel-parameter\n remove extraneous \u0027is\u0027 from Documentation/iostats.txt\n Fix spelling milisec -\u003e ms in snd_ps3 module parameter description\n Fix spelling mistakes in comments\n Revert conflicting V4L changes\n i7core_edac: fix typos in comments\n mm/rmap.c: fix comment\n sound, ca0106: Fix assignment to \u0027channel\u0027.\n hrtimer: fix a typo in comment\n init/Kconfig: fix typo\n anon_inodes: fix wrong function name in comment\n fix comment typos concerning \"consistent\"\n poll: fix a typo in comment\n ...\n\nFix up trivial conflicts in:\n - drivers/net/wireless/iwlwifi/iwl-core.c (moved to iwl-legacy.c)\n - fs/ext4/ext4.h\n\nAlso fix missed \u0027diabled\u0027 typo in drivers/net/bnx2x/bnx2x.h while at it.\n" }, { "commit": "e0e736fc0d33861335e2a132e4f688f7fd380c61", "tree": "d9febe9ca1ef1e24efc5e6e1e34e412316d246bd", "parents": [ "a08948812b30653eb2c536ae613b635a989feb6f", "aeda4ac3efc29e4d55989abd0a73530453aa69ba" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 10 11:18:59 2011 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 10 11:18:59 2011 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (30 commits)\n MAINTAINERS: Add tomoyo-dev-en ML.\n SELinux: define permissions for DCB netlink messages\n encrypted-keys: style and other cleanup\n encrypted-keys: verify datablob size before converting to binary\n trusted-keys: kzalloc and other cleanup\n trusted-keys: additional TSS return code and other error handling\n syslog: check cap_syslog when dmesg_restrict\n Smack: Transmute labels on specified directories\n selinux: cache sidtab_context_to_sid results\n SELinux: do not compute transition labels on mountpoint labeled filesystems\n This patch adds a new security attribute to Smack called SMACK64EXEC. It defines label that is used while task is running.\n SELinux: merge policydb_index_classes and policydb_index_others\n selinux: convert part of the sym_val_to_name array to use flex_array\n selinux: convert type_val_to_struct to flex_array\n flex_array: fix flex_array_put_ptr macro to be valid C\n SELinux: do not set automatic i_ino in selinuxfs\n selinux: rework security_netlbl_secattr_to_sid\n SELinux: standardize return code handling in selinuxfs.c\n SELinux: standardize return code handling in selinuxfs.c\n SELinux: standardize return code handling in policydb.c\n ...\n" }, { "commit": "57cc7215b70856dc6bae8e55b00ecd7b1d7429b1", "tree": "f6dedefd41e6745a9b801166b99af7d830e41ef2", "parents": [ "37721e1b0cf98cb65895f234d8c500d270546529" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Mon Jan 10 08:18:25 2011 +0200" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 10 08:51:44 2011 -0800" }, "message": "headers: kobject.h redux\n\nRemove kobject.h from files which don\u0027t need it, notably,\nsched.h and fs.h.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "37721e1b0cf98cb65895f234d8c500d270546529", "tree": "6fb3ec6910513b18e100b17432864fa8c46d55e4", "parents": [ "9f99a2f0e44663517b99b69a3e4a499d0ba877df" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Mon Jan 10 08:17:10 2011 +0200" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 10 08:51:44 2011 -0800" }, "message": "headers: path.h redux\n\nRemove path.h from sched.h and other files.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "aeda4ac3efc29e4d55989abd0a73530453aa69ba", "tree": "35b3d2cca8bfb49cf08bf1c6b55b586c1e5971e7", "parents": [ "d2e7ad19229f982fc1eb731827d82ceac90abfb3", "350e4f31e0eaf56dfc3b328d24a11bdf42a41fb8" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 10 10:40:42 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 10 10:40:42 2011 +1100" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into next\n" }, { "commit": "d2e7ad19229f982fc1eb731827d82ceac90abfb3", "tree": "98a3741b4d4b27a48b3c7ea9babe331e539416a8", "parents": [ "d03a5d888fb688c832d470b749acc5ed38e0bc1d", "0c21e3aaf6ae85bee804a325aa29c325209180fd" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 10 09:46:24 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 10 09:46:24 2011 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n\nConflicts:\n\tsecurity/smack/smack_lsm.c\n\nVerified and added fix by Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nOk\u0027d by Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b4a45f5fe8078bfc10837dbd5b98735058bc4698", "tree": "df6f13a27610a3ec7eb4a661448cd779a8f84c79", "parents": [ "01539ba2a706ab7d35fc0667dff919ade7f87d63", "b3e19d924b6eaf2ca7d22cba99a517c5171007b6" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 07 08:56:33 2011 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 07 08:56:33 2011 -0800" }, "message": "Merge branch \u0027vfs-scale-working\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/npiggin/linux-npiggin\n\n* \u0027vfs-scale-working\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/npiggin/linux-npiggin: (57 commits)\n fs: scale mntget/mntput\n fs: rename vfsmount counter helpers\n fs: implement faster dentry memcmp\n fs: prefetch inode data in dcache lookup\n fs: improve scalability of pseudo filesystems\n fs: dcache per-inode inode alias locking\n fs: dcache per-bucket dcache hash locking\n bit_spinlock: add required includes\n kernel: add bl_list\n xfs: provide simple rcu-walk ACL implementation\n btrfs: provide simple rcu-walk ACL implementation\n ext2,3,4: provide simple rcu-walk ACL implementation\n fs: provide simple rcu-walk generic_check_acl implementation\n fs: provide rcu-walk aware permission i_ops\n fs: rcu-walk aware d_revalidate method\n fs: cache optimise dentry and inode for rcu-walk\n fs: dcache reduce branches in lookup path\n fs: dcache remove d_mounted\n fs: fs_struct use seqlock\n fs: rcu-walk for path lookup\n ...\n" }, { "commit": "31e6b01f4183ff419a6d1f86177cbf4662347cec", "tree": "e215ec9af88352c55e024f784f3d9f8eb13fab85", "parents": [ "3c22cd5709e8143444a6d08682a87f4c57902df3" ], "author": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Fri Jan 07 17:49:52 2011 +1100" }, "committer": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Fri Jan 07 17:50:27 2011 +1100" }, "message": "fs: rcu-walk for path lookup\n\nPerform common cases of path lookups without any stores or locking in the\nancestor dentry elements. This is called rcu-walk, as opposed to the current\nalgorithm which is a refcount based walk, or ref-walk.\n\nThis results in far fewer atomic operations on every path element,\nsignificantly improving path lookup performance. It also avoids cacheline\nbouncing on common dentries, significantly improving scalability.\n\nThe overall design is like this:\n* LOOKUP_RCU is set in nd-\u003eflags, which distinguishes rcu-walk from ref-walk.\n* Take the RCU lock for the entire path walk, starting with the acquiring\n of the starting path (eg. root/cwd/fd-path). So now dentry refcounts are\n not required for dentry persistence.\n* synchronize_rcu is called when unregistering a filesystem, so we can\n access d_ops and i_ops during rcu-walk.\n* Similarly take the vfsmount lock for the entire path walk. So now mnt\n refcounts are not required for persistence. Also we are free to perform mount\n lookups, and to assume dentry mount points and mount roots are stable up and\n down the path.\n* Have a per-dentry seqlock to protect the dentry name, parent, and inode,\n so we can load this tuple atomically, and also check whether any of its\n members have changed.\n* Dentry lookups (based on parent, candidate string tuple) recheck the parent\n sequence after the child is found in case anything changed in the parent\n during the path walk.\n* inode is also RCU protected so we can load d_inode and use the inode for\n limited things.\n* i_mode, i_uid, i_gid can be tested for exec permissions during path walk.\n* i_op can be loaded.\n\nWhen we reach the destination dentry, we lock it, recheck lookup sequence,\nand increment its refcount and mountpoint refcount. RCU and vfsmount locks\nare dropped. This is termed \"dropping rcu-walk\". If the dentry refcount does\nnot match, we can not drop rcu-walk gracefully at the current point in the\nlokup, so instead return -ECHILD (for want of a better errno). This signals the\npath walking code to re-do the entire lookup with a ref-walk.\n\nAside from the final dentry, there are other situations that may be encounted\nwhere we cannot continue rcu-walk. In that case, we drop rcu-walk (ie. take\na reference on the last good dentry) and continue with a ref-walk. Again, if\nwe can drop rcu-walk gracefully, we return -ECHILD and do the whole lookup\nusing ref-walk. But it is very important that we can continue with ref-walk\nfor most cases, particularly to avoid the overhead of double lookups, and to\ngain the scalability advantages on common path elements (like cwd and root).\n\nThe cases where rcu-walk cannot continue are:\n* NULL dentry (ie. any uncached path element)\n* parent with d_inode-\u003ei_op-\u003epermission or ACLs\n* dentries with d_revalidate\n* Following links\n\nIn future patches, permission checks and d_revalidate become rcu-walk aware. It\nmay be possible eventually to make following links rcu-walk aware.\n\nUncached path elements will always require dropping to ref-walk mode, at the\nvery least because i_mutex needs to be grabbed, and objects allocated.\n\nSigned-off-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\n" }, { "commit": "dc0474be3e27463d4d4a2793f82366eed906f223", "tree": "41f75e638442cb343bacdcfbabb17ffc3bd5b4ce", "parents": [ "357f8e658bba8a085c4a5d4331e30894be8096b8" ], "author": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Fri Jan 07 17:49:43 2011 +1100" }, "committer": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Fri Jan 07 17:50:24 2011 +1100" }, "message": "fs: dcache rationalise dget variants\n\ndget_locked was a shortcut to avoid the lazy lru manipulation when we already\nheld dcache_lock (lru manipulation was relatively cheap at that point).\nHowever, how that the lru lock is an innermost one, we never hold it at any\ncaller, so the lock cost can now be avoided. We already have well working lazy\ndcache LRU, so it should be fine to defer LRU manipulations to scan time.\n\nSigned-off-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\n" }, { "commit": "b5c84bf6f6fa3a7dfdcb556023a62953574b60ee", "tree": "7a2c299a180713e21d5cb653cb933121adf53c31", "parents": [ "949854d02455080d20cd3e1db28a3a18daf7599d" ], "author": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Fri Jan 07 17:49:38 2011 +1100" }, "committer": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Fri Jan 07 17:50:23 2011 +1100" }, "message": "fs: dcache remove dcache_lock\n\ndcache_lock no longer protects anything. remove it.\n\nSigned-off-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\n" }, { "commit": "2fd6b7f50797f2e993eea59e0a0b8c6399c811dc", "tree": "ce33b94b34844c09103836cf4cfa4364b742f217", "parents": [ "da5029563a0a026c64821b09e8e7b4fd81d3fe1b" ], "author": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Fri Jan 07 17:49:34 2011 +1100" }, "committer": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Fri Jan 07 17:50:21 2011 +1100" }, "message": "fs: dcache scale subdirs\n\nProtect d_subdirs and d_child with d_lock, except in filesystems that aren\u0027t\nusing dcache_lock for these anyway (eg. using i_mutex).\n\nNote: if we change the locking rule in future so that -\u003ed_child protection is\nprovided only with -\u003ed_parent-\u003ed_lock, it may allow us to reduce some locking.\nBut it would be an exception to an otherwise regular locking scheme, so we\u0027d\nhave to see some good results. Probably not worthwhile.\n\nSigned-off-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\n" }, { "commit": "da5029563a0a026c64821b09e8e7b4fd81d3fe1b", "tree": "5d5618e0cb382390073377b1be7d0aa76879ac54", "parents": [ "b7ab39f631f505edc2bbdb86620d5493f995c9da" ], "author": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Fri Jan 07 17:49:33 2011 +1100" }, "committer": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Fri Jan 07 17:50:21 2011 +1100" }, "message": "fs: dcache scale d_unhashed\n\nProtect d_unhashed(dentry) condition with d_lock. This means keeping\nDCACHE_UNHASHED bit in synch with hash manipulations.\n\nSigned-off-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\n" }, { "commit": "abb359450f20c32ae03039d8736f12b1d561caf5", "tree": "6e8723885feb66a138f19f0ff31615dc13a8d859", "parents": [ "cb600d2f83c854ec3d6660063e4466431999489b", "4e3dbdb1392a83bd21a6ff8f6bc785495058d37c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jan 06 12:30:19 2011 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jan 06 12:30:19 2011 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1436 commits)\n cassini: Use local-mac-address prom property for Cassini MAC address\n net: remove the duplicate #ifdef __KERNEL__\n net: bridge: check the length of skb after nf_bridge_maybe_copy_header()\n netconsole: clarify stopping message\n netconsole: don\u0027t announce stopping if nothing happened\n cnic: Fix the type field in SPQ messages\n netfilter: fix export secctx error handling\n netfilter: fix the race when initializing nf_ct_expect_hash_rnd\n ipv4: IP defragmentation must be ECN aware\n net: r6040: Return proper error for r6040_init_one\n dcb: use after free in dcb_flushapp()\n dcb: unlock on error in dcbnl_ieee_get()\n net: ixp4xx_eth: Return proper error for eth_init_one\n include/linux/if_ether.h: Add #define ETH_P_LINK_CTL for HPNA and wlan local tunnel\n net: add POLLPRI to sock_def_readable()\n af_unix: Avoid socket-\u003esk NULL OOPS in stream connect security hooks.\n net_sched: pfifo_head_drop problem\n mac80211: remove stray extern\n mac80211: implement off-channel TX using hw r-o-c offload\n mac80211: implement hardware offload for remain-on-channel\n ...\n" }, { "commit": "3610cda53f247e176bcbb7a7cca64bc53b12acdb", "tree": "d780bc1e405116e75a194b2f4693a6f9bbe9f58f", "parents": [ "44b8288308ac9da27eab7d7bdbf1375a568805c3" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Jan 05 15:38:53 2011 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Jan 05 15:38:53 2011 -0800" }, "message": "af_unix: Avoid socket-\u003esk NULL OOPS in stream connect security hooks.\n\nunix_release() can asynchornously set socket-\u003esk to NULL, and\nit does so without holding the unix_state_lock() on \"other\"\nduring stream connects.\n\nHowever, the reverse mapping, sk-\u003esk_socket, is only transitioned\nto NULL under the unix_state_lock().\n\nTherefore make the security hooks follow the reverse mapping instead\nof the forward mapping.\n\nReported-by: Jeremy Fitzhardinge \u003cjeremy@goop.org\u003e\nReported-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "867c20265459d30a01b021a9c1e81fb4c5832aa9", "tree": "7873555d6a0e100fb1faa90da6e6366a430c3403", "parents": [ "03ed6a3aa600c48593c3984812fda2d5945ddb46" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jan 03 14:59:10 2011 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 03 16:36:33 2011 -0800" }, "message": "ima: fix add LSM rule bug\n\nIf security_filter_rule_init() doesn\u0027t return a rule, then not everything\nis as fine as the return code implies.\n\nThis bug only occurs when the LSM (eg. SELinux) is disabled at runtime.\n\nAdding an empty LSM rule causes ima_match_rules() to always succeed,\nignoring any remaining rules.\n\n default IMA TCB policy:\n # PROC_SUPER_MAGIC\n dont_measure fsmagic\u003d0x9fa0\n # SYSFS_MAGIC\n dont_measure fsmagic\u003d0x62656572\n # DEBUGFS_MAGIC\n dont_measure fsmagic\u003d0x64626720\n # TMPFS_MAGIC\n dont_measure fsmagic\u003d0x01021994\n # SECURITYFS_MAGIC\n dont_measure fsmagic\u003d0x73636673\n\n \u003c LSM specific rule \u003e\n dont_measure obj_type\u003dvar_log_t\n\n measure func\u003dBPRM_CHECK\n measure func\u003dFILE_MMAP mask\u003dMAY_EXEC\n measure func\u003dFILE_CHECK mask\u003dMAY_READ uid\u003d0\n\nThus without the patch, with the boot parameters \u0027tcb selinux\u003d0\u0027, adding\nthe above \u0027dont_measure obj_type\u003dvar_log_t\u0027 rule to the default IMA TCB\nmeasurement policy, would result in nothing being measured. The patch\nprevents the default TCB policy from being replaced.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: David Safford \u003csafford@watson.ibm.com\u003e\nCc: \u003cstable@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "17f7f4d9fcce8f1b75b5f735569309dee7665968", "tree": "14d7e49ca0053a0fcab3c33b5023bf3f90c5c08a", "parents": [ "041110a439e21cd40709ead4ffbfa8034619ad77", "d7c1255a3a21e98bdc64df8ccf005a174d7e6289" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Dec 26 22:37:05 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Dec 26 22:37:05 2010 -0800" }, "message": "Merge branch \u0027master\u0027 of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6\n\nConflicts:\n\tnet/ipv4/fib_frontend.c\n" }, { "commit": "3fc5e98d8cf85e0d77fc597b49e9268dff67400e", "tree": "acd7c7a2579f945ff856bd570988f48f652f93c1", "parents": [ "44658a11f312fb9217674cb90b1a11cbe17fd18d" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Dec 22 16:24:13 2010 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Dec 23 15:31:48 2010 -0800" }, "message": "KEYS: Don\u0027t call up_write() if __key_link_begin() returns an error\n\nIn construct_alloc_key(), up_write() is called in the error path if\n__key_link_begin() fails, but this is incorrect as __key_link_begin() only\nreturns with the nominated keyring locked if it returns successfully.\n\nWithout this patch, you might see the following in dmesg:\n\n\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\t[ BUG: bad unlock balance detected! ]\n\t-------------------------------------\n\tmount.cifs/5769 is trying to release lock (\u0026key-\u003esem) at:\n\t[\u003cffffffff81201159\u003e] request_key_and_link+0x263/0x3fc\n\tbut there are no more locks to release!\n\n\tother info that might help us debug this:\n\t3 locks held by mount.cifs/5769:\n\t #0: (\u0026type-\u003es_umount_key#41/1){+.+.+.}, at: [\u003cffffffff81131321\u003e] sget+0x278/0x3e7\n\t #1: (\u0026ret_buf-\u003esession_mutex){+.+.+.}, at: [\u003cffffffffa0258e59\u003e] cifs_get_smb_ses+0x35a/0x443 [cifs]\n\t #2: (root_key_user.cons_lock){+.+.+.}, at: [\u003cffffffff81201000\u003e] request_key_and_link+0x10a/0x3fc\n\n\tstack backtrace:\n\tPid: 5769, comm: mount.cifs Not tainted 2.6.37-rc6+ #1\n\tCall Trace:\n\t [\u003cffffffff81201159\u003e] ? request_key_and_link+0x263/0x3fc\n\t [\u003cffffffff81081601\u003e] print_unlock_inbalance_bug+0xca/0xd5\n\t [\u003cffffffff81083248\u003e] lock_release_non_nested+0xc1/0x263\n\t [\u003cffffffff81201159\u003e] ? request_key_and_link+0x263/0x3fc\n\t [\u003cffffffff81201159\u003e] ? request_key_and_link+0x263/0x3fc\n\t [\u003cffffffff81083567\u003e] lock_release+0x17d/0x1a4\n\t [\u003cffffffff81073f45\u003e] up_write+0x23/0x3b\n\t [\u003cffffffff81201159\u003e] request_key_and_link+0x263/0x3fc\n\t [\u003cffffffffa026fe9e\u003e] ? cifs_get_spnego_key+0x61/0x21f [cifs]\n\t [\u003cffffffff812013c5\u003e] request_key+0x41/0x74\n\t [\u003cffffffffa027003d\u003e] cifs_get_spnego_key+0x200/0x21f [cifs]\n\t [\u003cffffffffa026e296\u003e] CIFS_SessSetup+0x55d/0x1273 [cifs]\n\t [\u003cffffffffa02589e1\u003e] cifs_setup_session+0x90/0x1ae [cifs]\n\t [\u003cffffffffa0258e7e\u003e] cifs_get_smb_ses+0x37f/0x443 [cifs]\n\t [\u003cffffffffa025a9e3\u003e] cifs_mount+0x1aa1/0x23f3 [cifs]\n\t [\u003cffffffff8111fd94\u003e] ? alloc_debug_processing+0xdb/0x120\n\t [\u003cffffffffa027002c\u003e] ? cifs_get_spnego_key+0x1ef/0x21f [cifs]\n\t [\u003cffffffffa024cc71\u003e] cifs_do_mount+0x165/0x2b3 [cifs]\n\t [\u003cffffffff81130e72\u003e] vfs_kern_mount+0xaf/0x1dc\n\t [\u003cffffffff81131007\u003e] do_kern_mount+0x4d/0xef\n\t [\u003cffffffff811483b9\u003e] do_mount+0x6f4/0x733\n\t [\u003cffffffff8114861f\u003e] sys_mount+0x88/0xc2\n\t [\u003cffffffff8100ac42\u003e] system_call_fastpath+0x16/0x1b\n\nReported-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReviewed-and-Tested-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4b7bd364700d9ac8372eff48832062b936d0793b", "tree": "0dbf78c95456a0b02d07fcd473281f04a87e266d", "parents": [ "c0d8768af260e2cbb4bf659ae6094a262c86b085", "90a8a73c06cc32b609a880d48449d7083327e11a" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Dec 22 18:57:02 2010 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Dec 22 18:57:02 2010 +0100" }, "message": "Merge branch \u0027master\u0027 into for-next\n\nConflicts:\n\tMAINTAINERS\n\tarch/arm/mach-omap2/pm24xx.c\n\tdrivers/scsi/bfa/bfa_fcpim.c\n\nNeeded to update to apply fixes for which the old branch was too\noutdated.\n" }, { "commit": "350e4f31e0eaf56dfc3b328d24a11bdf42a41fb8", "tree": "8b825e93e80367fc55f43641037301abfcca0b17", "parents": [ "73ff5fc0a86b28b77e02a6963b388d1dbfa0a263" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Dec 16 11:46:51 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Dec 16 12:50:17 2010 -0500" }, "message": "SELinux: define permissions for DCB netlink messages\n\nCommit 2f90b865 added two new netlink message types to the netlink route\nsocket. SELinux has hooks to define if netlink messages are allowed to\nbe sent or received, but it did not know about these two new message\ntypes. By default we allow such actions so noone likely noticed. This\npatch adds the proper definitions and thus proper permissions\nenforcement.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "3b1826cebe1d534ec05417a29b9a9f82651a5cb5", "tree": "38fc352e647df90c86a0b03722eff8f66b7eb607", "parents": [ "1f35065a9e2573427ce3fd6c4a40b355c2ddfb92" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 13 16:53:13 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 15 12:14:34 2010 +0530" }, "message": "encrypted-keys: style and other cleanup\n\nCleanup based on David Howells suggestions:\n- use static const char arrays instead of #define\n- rename init_sdesc to alloc_sdesc\n- convert \u0027unsigned int\u0027 definitions to \u0027size_t\u0027\n- revert remaining \u0027const unsigned int\u0027 definitions to \u0027unsigned int\u0027\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1f35065a9e2573427ce3fd6c4a40b355c2ddfb92", "tree": "9ee6990e21b34dda09efc625a8bca4fa6c4e5d67", "parents": [ "1bdbb4024c309e470711b434a24fb356fc92edea" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 13 16:53:12 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 15 12:14:32 2010 +0530" }, "message": "encrypted-keys: verify datablob size before converting to binary\n\nVerify the hex ascii datablob length is correct before converting the IV,\nencrypted data, and HMAC to binary.\n\nReported-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1bdbb4024c309e470711b434a24fb356fc92edea", "tree": "129f4136a53e0133fcdff81065f2e15fb4aac374", "parents": [ "bc5e0af0b36b6cc9de301074426c279fc9b72675" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 13 16:53:11 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 15 12:14:27 2010 +0530" }, "message": "trusted-keys: kzalloc and other cleanup\n\nCleanup based on David Howells suggestions:\n- replace kzalloc, where possible, with kmalloc\n- revert \u0027const unsigned int\u0027 definitions to \u0027unsigned int\u0027\n\nSigned-off-by: David Safford \u003csafford@watson.ibm.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bc5e0af0b36b6cc9de301074426c279fc9b72675", "tree": "116b20ec3e81f4a956ecf0fde2dfba11d43117dc", "parents": [ "38ef4c2e437d11b5922723504b62824e96761459" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 13 16:53:10 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 15 12:14:25 2010 +0530" }, "message": "trusted-keys: additional TSS return code and other error handling\n\nPreviously not all TSS return codes were tested, as they were all eventually\ncaught by the TPM. Now all returns are tested and handled immediately.\n\nThis patch also fixes memory leaks in error and non-error paths.\n\nSigned-off-by: David Safford \u003csafford@watson.ibm.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge@hallyn.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5c6d1125f8dbd1bfef39e38fbc2837003be78a59", "tree": "368d34e800bc5478442679323270d776b79501e8", "parents": [ "fe27d4b012273640e033be80f143bdc54daa8e16" ], "author": { "name": "Jarkko Sakkinen", "email": "ext-jarkko.2.sakkinen@nokia.com", "time": "Tue Dec 07 13:34:01 2010 +0200" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Dec 07 14:04:02 2010 -0800" }, "message": "Smack: Transmute labels on specified directories\n\nIn a situation where Smack access rules allow processes\nwith multiple labels to write to a directory it is easy\nto get into a situation where the directory gets cluttered\nwith files that the owner can\u0027t deal with because while\nthey could be written to the directory a process at the\nlabel of the directory can\u0027t write them. This is generally\nthe desired behavior, but when it isn\u0027t it is a real\nissue.\n\nThis patch introduces a new attribute SMACK64TRANSMUTE that\ninstructs Smack to create the file with the label of the directory\nunder certain circumstances.\n\nA new access mode, \"t\" for transmute, is made available to\nSmack access rules, which are expanded from \"rwxa\" to \"rwxat\".\nIf a file is created in a directory marked as transmutable\nand if access was granted to perform the operation by a rule\nthat included the transmute mode, then the file gets the\nSmack label of the directory instead of the Smack label of the\ncreating process.\n\nNote that this is equivalent to creating an empty file at the\nlabel of the directory and then having the other process write\nto it. The transmute scheme requires that both the access rule\nallows transmutation and that the directory be explicitly marked.\n\nSigned-off-by: Jarkko Sakkinen \u003cext-jarkko.2.sakkinen@nokia.com\u003e\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "73ff5fc0a86b28b77e02a6963b388d1dbfa0a263", "tree": "7b84f738078e6b96f6b35805c8b6c4fa699968ed", "parents": [ "415103f9932d45f7927f4b17e3a9a13834cdb9a1" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Dec 07 16:17:28 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Dec 07 16:44:01 2010 -0500" }, "message": "selinux: cache sidtab_context_to_sid results\n\nsidtab_context_to_sid takes up a large share of time when creating large\nnumbers of new inodes (~30-40% in oprofile runs). This patch implements a\ncache of 3 entries which is checked before we do a full context_to_sid lookup.\nOn one system this showed over a x3 improvement in the number of inodes that\ncould be created per second and around a 20% improvement on another system.\n\nAny time we look up the same context string sucessivly (imagine ls -lZ) we\nshould hit this cache hot. A cache miss should have a relatively minor affect\non performance next to doing the full table search.\n\nAll operations on the cache are done COMPLETELY lockless. We know that all\nstruct sidtab_node objects created will never be deleted until a new policy is\nloaded thus we never have to worry about a pointer being dereferenced. Since\nwe also know that pointer assignment is atomic we know that the cache will\nalways have valid pointers. Given this information we implement a FIFO cache\nin an array of 3 pointers. Every result (whether a cache hit or table lookup)\nwill be places in the 0 spot of the cache and the rest of the entries moved\ndown one spot. The 3rd entry will be lost.\n\nRaces are possible and are even likely to happen. Lets assume that 4 tasks\nare hitting sidtab_context_to_sid. The first task checks against the first\nentry in the cache and it is a miss. Now lets assume a second task updates\nthe cache with a new entry. This will push the first entry back to the second\nspot. Now the first task might check against the second entry (which it\nalready checked) and will miss again. Now say some third task updates the\ncache and push the second entry to the third spot. The first task my check\nthe third entry (for the third time!) and again have a miss. At which point\nit will just do a full table lookup. No big deal!\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "415103f9932d45f7927f4b17e3a9a13834cdb9a1", "tree": "271746ba59ca5b19185574538b5af3e30178c04f", "parents": [ "1d9bc6dc5b6b9cc9299739f0245ce4841f066b92" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Dec 02 16:13:40 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Dec 02 16:14:51 2010 -0500" }, "message": "SELinux: do not compute transition labels on mountpoint labeled filesystems\n\nselinux_inode_init_security computes transitions sids even for filesystems\nthat use mount point labeling. It shouldn\u0027t do that. It should just use\nthe mount point label always and no matter what.\n\nThis causes 2 problems. 1) it makes file creation slower than it needs to be\nsince we calculate the transition sid and 2) it allows files to be created\nwith a different label than the mount point!\n\n# id -Z\nstaff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023\n# sesearch --type --class file --source sysadm_t --target tmp_t\nFound 1 semantic te rules:\n type_transition sysadm_t tmp_t : file user_tmp_t;\n\n# mount -o loop,context\u003d\"system_u:object_r:tmp_t:s0\" /tmp/fs /mnt/tmp\n\n# ls -lZ /mnt/tmp\ndrwx------. root root system_u:object_r:tmp_t:s0 lost+found\n# touch /mnt/tmp/file1\n# ls -lZ /mnt/tmp\n-rw-r--r--. root root staff_u:object_r:user_tmp_t:s0 file1\ndrwx------. root root system_u:object_r:tmp_t:s0 lost+found\n\nWhoops, we have a mount point labeled filesystem tmp_t with a user_tmp_t\nlabeled file!\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Reviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "676dac4b1bee0469d6932f698aeb77e8489f5861", "tree": "196b4cb35cf8dfdff0698dc4368cfd00acc7391a", "parents": [ "93ae86e759299718c611bc543b9b1633bf32905a" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Dec 02 06:43:39 2010 -0800" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Dec 02 06:43:39 2010 -0800" }, "message": "This patch adds a new security attribute to Smack called\nSMACK64EXEC. It defines label that is used while task is\nrunning.\n\nException: in smack_task_wait() child task is checked\nfor write access to parent task using label inherited\nfrom the task that forked it.\n\nFixed issues from previous submit:\n- SMACK64EXEC was not read when SMACK64 was not set.\n- inode security blob was not updated after setting\n SMACK64EXEC\n- inode security blob was not updated when removing\n SMACK64EXEC\n" }, { "commit": "1d9bc6dc5b6b9cc9299739f0245ce4841f066b92", "tree": "aa1fe241ebdd6fb74ae468c1cf301dff4315db49", "parents": [ "ac76c05becb6beedbb458d0827d3deaa6f479a72" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 29 15:47:09 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 30 17:28:58 2010 -0500" }, "message": "SELinux: merge policydb_index_classes and policydb_index_others\n\nWe duplicate functionality in policydb_index_classes() and\npolicydb_index_others(). This patch merges those functions just to make it\nclear there is nothing special happening here.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "ac76c05becb6beedbb458d0827d3deaa6f479a72", "tree": "255276b52f7b031671ae5948b39d7c92e50ba420", "parents": [ "23bdecb000c806cf4ec52764499a600f7200d7a9" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 29 15:47:09 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 30 17:28:58 2010 -0500" }, "message": "selinux: convert part of the sym_val_to_name array to use flex_array\n\nThe sym_val_to_name type array can be quite large as it grows linearly with\nthe number of types. With known policies having over 5k types these\nallocations are growing large enough that they are likely to fail. Convert\nthose to flex_array so no allocation is larger than PAGE_SIZE\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "23bdecb000c806cf4ec52764499a600f7200d7a9", "tree": "f13a523f6bec22c5e7ec58ea02a4988aefe7c8ac", "parents": [ "c41ab6a1b9028de33e74101cb0aae13098a56fdb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 29 15:47:09 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 30 17:28:57 2010 -0500" }, "message": "selinux: convert type_val_to_struct to flex_array\n\nIn rawhide type_val_to_struct will allocate 26848 bytes, an order 3\nallocations. While this hasn\u0027t been seen to fail it isn\u0027t outside the\nrealm of possibiliy on systems with severe memory fragmentation. Convert\nto flex_array so no allocation will ever be bigger than PAGE_SIZE.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "c9e86a9b95f198d7df49b25fcd808ee39cba218f", "tree": "0e62d348103f25a612d649c796cab225db2372c3", "parents": [ "7ae9f23cbd3ef9daff7f768da4bfd4c56b19300d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 29 15:46:39 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 30 17:28:57 2010 -0500" }, "message": "SELinux: do not set automatic i_ino in selinuxfs\n\nselinuxfs carefully uses i_ino to figure out what the inode refers to. The\nVFS used to generically set this value and we would reset it to something\nuseable. After 85fe4025c616 each filesystem sets this value to a default\nif needed. Since selinuxfs doesn\u0027t use the default value and it can only\nlead to problems (I\u0027d rather have 2 inodes with i_ino \u003d\u003d 0 than one\npointing to the wrong data) lets just stop setting a default.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7ae9f23cbd3ef9daff7f768da4bfd4c56b19300d", "tree": "8a92d6d1f05268c27f0e37d5684e947c6111d89e", "parents": [ "4b02b524487622ce1cf472123899520b583f47dc" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 23 11:40:09 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 30 17:28:57 2010 -0500" }, "message": "selinux: rework security_netlbl_secattr_to_sid\n\nsecurity_netlbl_secattr_to_sid is difficult to follow, especially the\nreturn codes. Try to make the function obvious.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "4b02b524487622ce1cf472123899520b583f47dc", "tree": "58802e2968852cb1eb0f8f6303fbfaf3d85ecc53", "parents": [ "b77a493b1dc8010245feeac001e5c7ed0988678f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 23 11:40:08 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 30 17:28:57 2010 -0500" }, "message": "SELinux: standardize return code handling in selinuxfs.c\n\nselinuxfs.c has lots of different standards on how to handle return paths on\nerror. For the most part transition to\n\n\trc\u003derrno\n\tif (failure)\n\t\tgoto out;\n[...]\nout:\n\tcleanup()\n\treturn rc;\n\nInstead of doing cleanup mid function, or having multiple returns or other\noptions. This doesn\u0027t do that for every function, but most of the complex\nfunctions which have cleanup routines on error.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b77a493b1dc8010245feeac001e5c7ed0988678f", "tree": "f0d2364ce8ed46ab569f3a41cbebb9a51bffb0f0", "parents": [ "9398c7f794078dc1768cc061b3da8cdd59f179a5" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 23 11:40:08 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 30 17:28:57 2010 -0500" }, "message": "SELinux: standardize return code handling in selinuxfs.c\n\nselinuxfs.c has lots of different standards on how to handle return paths on\nerror. For the most part transition to\n\n\trc\u003derrno\n\tif (failure)\n\t\tgoto out;\n[...]\nout:\n\tcleanup()\n\treturn rc;\n\nInstead of doing cleanup mid function, or having multiple returns or other\noptions. This doesn\u0027t do that for every function, but most of the complex\nfunctions which have cleanup routines on error.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "9398c7f794078dc1768cc061b3da8cdd59f179a5", "tree": "16e665d3bf7160e2da67b236b27a6bf87a73d5e2", "parents": [ "e8a7e48bb248a1196484d3f8afa53bded2b24e71" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 23 11:40:08 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 30 17:28:56 2010 -0500" }, "message": "SELinux: standardize return code handling in policydb.c\n\npolicydb.c has lots of different standards on how to handle return paths on\nerror. For the most part transition to\n\n\trc\u003derrno\n\tif (failure)\n\t\tgoto out;\n[...]\nout:\n\tcleanup()\n\treturn rc;\n\nInstead of doing cleanup mid function, or having multiple returns or other\noptions. This doesn\u0027t do that for every function, but most of the complex\nfunctions which have cleanup routines on error.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "93ae86e759299718c611bc543b9b1633bf32905a", "tree": "e8b054d9df2c2f9e935d656d5eb25c7c6231c940", "parents": [ "b4e0d5f0791bd6dd12a1c1edea0340969c7c1f90" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Nov 29 16:20:04 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 30 09:20:27 2010 +1100" }, "message": "keys: add missing include file for trusted and encrypted keys\n\nThis patch fixes the linux-next powerpc build errors as reported by\nStephen Rothwell.\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nTested-by: Rajiv Andrade \u003csrajiv@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b4e0d5f0791bd6dd12a1c1edea0340969c7c1f90", "tree": "1ed1def6d5dea2cdae6b6e52571677fa7650edd5", "parents": [ "7e70cb4978507cf31d76b90e4cfb4c28cad87f0c" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed Nov 24 17:12:10 2010 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 29 09:04:35 2010 +1100" }, "message": "Smack: UDS revision\n\nThis patch addresses a number of long standing issues\n with the way Smack treats UNIX domain sockets.\n\n All access control was being done based on the label of\n the file system object. This is inconsistant with the\n internet domain, in which access is done based on the\n IPIN and IPOUT attributes of the socket. As a result\n of the inode label policy it was not possible to use\n a UDS socket for label cognizant services, including\n dbus and the X11 server.\n\n Support for SCM_PEERSEC on UDS sockets is also provided.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7e70cb4978507cf31d76b90e4cfb4c28cad87f0c", "tree": "c5df493eef8d30dcb40d647b0528970eb4a391c6", "parents": [ "d00a1c72f7f4661212299e6cb132dfa58030bcdb" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 23 18:55:35 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 29 08:55:29 2010 +1100" }, "message": "keys: add new key-type encrypted\n\nDefine a new kernel key-type called \u0027encrypted\u0027. Encrypted keys are kernel\ngenerated random numbers, which are encrypted/decrypted with a \u0027trusted\u0027\nsymmetric key. Encrypted keys are created/encrypted/decrypted in the kernel.\nUserspace only ever sees/stores encrypted blobs.\n\nChangelog:\n- bug fix: replaced master-key rcu based locking with semaphore\n (reported by David Howells)\n- Removed memset of crypto_shash_digest() digest output\n- Replaced verification of \u0027key-type:key-desc\u0027 using strcspn(), with\n one based on string constants.\n- Moved documentation to Documentation/keys-trusted-encrypted.txt\n- Replace hash with shash (based on comments by David Howells)\n- Make lengths/counts size_t where possible (based on comments by David Howells)\n Could not convert most lengths, as crypto expects \u0027unsigned int\u0027\n (size_t: on 32 bit is defined as unsigned int, but on 64 bit is unsigned long)\n- Add \u0027const\u0027 where possible (based on comments by David Howells)\n- allocate derived_buf dynamically to support arbitrary length master key\n (fixed by Roberto Sassu)\n- wait until late_initcall for crypto libraries to be registered\n- cleanup security/Kconfig\n- Add missing \u0027update\u0027 keyword (reported/fixed by Roberto Sassu)\n- Free epayload on failure to create key (reported/fixed by Roberto Sassu)\n- Increase the data size limit (requested by Roberto Sassu)\n- Crypto return codes are always 0 on success and negative on failure,\n remove unnecessary tests.\n- Replaced kzalloc() with kmalloc()\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: David Safford \u003csafford@watson.ibm.com\u003e\nReviewed-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d00a1c72f7f4661212299e6cb132dfa58030bcdb", "tree": "2c873e461f42bbf3aea03b7b2e59cea8f941d841", "parents": [ "c749ba912e87ccebd674ae24b97462176c63732e" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 23 17:50:34 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 29 08:55:25 2010 +1100" }, "message": "keys: add new trusted key-type\n\nDefine a new kernel key-type called \u0027trusted\u0027. Trusted keys are random\nnumber symmetric keys, generated and RSA-sealed by the TPM. The TPM\nonly unseals the keys, if the boot PCRs and other criteria match.\nUserspace can only ever see encrypted blobs.\n\nBased on suggestions by Jason Gunthorpe, several new options have been\nadded to support additional usages.\n\nThe new options are:\nmigratable\u003d designates that the key may/may not ever be updated\n (resealed under a new key, new pcrinfo or new auth.)\n\npcrlock\u003dn extends the designated PCR \u0027n\u0027 with a random value,\n so that a key sealed to that PCR may not be unsealed\n again until after a reboot.\n\nkeyhandle\u003d specifies the sealing/unsealing key handle.\n\nkeyauth\u003d specifies the sealing/unsealing key auth.\n\nblobauth\u003d specifies the sealed data auth.\n\nImplementation of a kernel reserved locality for trusted keys will be\ninvestigated for a possible future extension.\n\nChangelog:\n- Updated and added examples to Documentation/keys-trusted-encrypted.txt\n- Moved generic TPM constants to include/linux/tpm_command.h\n (David Howell\u0027s suggestion.)\n- trusted_defined.c: replaced kzalloc with kmalloc, added pcrlock failure\n error handling, added const qualifiers where appropriate.\n- moved to late_initcall\n- updated from hash to shash (suggestion by David Howells)\n- reduced worst stack usage (tpm_seal) from 530 to 312 bytes\n- moved documentation to Documentation directory (suggestion by David Howells)\n- all the other code cleanups suggested by David Howells\n- Add pcrlock CAP_SYS_ADMIN dependency (based on comment by Jason Gunthorpe)\n- New options: migratable, pcrlock, keyhandle, keyauth, blobauth (based on\n discussions with Jason Gunthorpe)\n- Free payload on failure to create key(reported/fixed by Roberto Sassu)\n- Updated Kconfig and other descriptions (based on Serge Hallyn\u0027s suggestion)\n- Replaced kzalloc() with kmalloc() (reported by Serge Hallyn)\n\nSigned-off-by: David Safford \u003csafford@watson.ibm.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "ce6ada35bdf710d16582cc4869c26722547e6f11" }