)]}' { "log": [ { "commit": "c8da96e87d349e9035345293093ecc74792fb96a", "tree": "738b017e4fa8547feb2741969decd749ea6e98e1", "parents": [ "91e71c12c506e15028c252a5a097723f41c518dd" ], "author": { "name": "Ben Hutchings", "email": "ben@decadent.org.uk", "time": "Sun Sep 26 05:55:13 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 27 10:53:18 2010 +1000" }, "message": "TOMOYO: Don\u0027t abuse sys_getpid(), sys_getppid()\n\nSystem call entry functions sys_*() are never to be called from\ngeneral kernel code. The fact that they aren\u0027t declared in header\nfiles should have been a clue. These functions also don\u0027t exist on\nAlpha since it has sys_getxpid() instead.\n\nSigned-off-by: Ben Hutchings \u003cben@decadent.org.uk\u003e\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3d96406c7da1ed5811ea52a3b0905f4f0e295376", "tree": "051e3a0ab6b0c9d9ac12b88fd244ff09766f8f50", "parents": [ "9d1ac65a9698513d00e5608d93fca0c53f536c14" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Sep 10 09:59:51 2010 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Sep 10 07:30:00 2010 -0700" }, "message": "KEYS: Fix bug in keyctl_session_to_parent() if parent has no session keyring\n\nFix a bug in keyctl_session_to_parent() whereby it tries to check the ownership\nof the parent process\u0027s session keyring whether or not the parent has a session\nkeyring [CVE-2010-2960].\n\nThis results in the following oops:\n\n BUG: unable to handle kernel NULL pointer dereference at 00000000000000a0\n IP: [\u003cffffffff811ae4dd\u003e] keyctl_session_to_parent+0x251/0x443\n ...\n Call Trace:\n [\u003cffffffff811ae2f3\u003e] ? keyctl_session_to_parent+0x67/0x443\n [\u003cffffffff8109d286\u003e] ? __do_fault+0x24b/0x3d0\n [\u003cffffffff811af98c\u003e] sys_keyctl+0xb4/0xb8\n [\u003cffffffff81001eab\u003e] system_call_fastpath+0x16/0x1b\n\nif the parent process has no session keyring.\n\nIf the system is using pam_keyinit then it mostly protected against this as all\nprocesses derived from a login will have inherited the session keyring created\nby pam_keyinit during the log in procedure.\n\nTo test this, pam_keyinit calls need to be commented out in /etc/pam.d/.\n\nReported-by: Tavis Ormandy \u003ctaviso@cmpxchg8b.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Tavis Ormandy \u003ctaviso@cmpxchg8b.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9d1ac65a9698513d00e5608d93fca0c53f536c14", "tree": "859809638bdf52f56b6b3890bedefcc1bae89b32", "parents": [ "ff3cb3fec3c5bbb5110e652bbdd410bc99a47e9f" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Sep 10 09:59:46 2010 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Sep 10 07:30:00 2010 -0700" }, "message": "KEYS: Fix RCU no-lock warning in keyctl_session_to_parent()\n\nThere\u0027s an protected access to the parent process\u0027s credentials in the middle\nof keyctl_session_to_parent(). This results in the following RCU warning:\n\n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n [ INFO: suspicious rcu_dereference_check() usage. ]\n ---------------------------------------------------\n security/keys/keyctl.c:1291 invoked rcu_dereference_check() without protection!\n\n other info that might help us debug this:\n\n rcu_scheduler_active \u003d 1, debug_locks \u003d 0\n 1 lock held by keyctl-session-/2137:\n #0: (tasklist_lock){.+.+..}, at: [\u003cffffffff811ae2ec\u003e] keyctl_session_to_parent+0x60/0x236\n\n stack backtrace:\n Pid: 2137, comm: keyctl-session- Not tainted 2.6.36-rc2-cachefs+ #1\n Call Trace:\n [\u003cffffffff8105606a\u003e] lockdep_rcu_dereference+0xaa/0xb3\n [\u003cffffffff811ae379\u003e] keyctl_session_to_parent+0xed/0x236\n [\u003cffffffff811af77e\u003e] sys_keyctl+0xb4/0xb6\n [\u003cffffffff81001eab\u003e] system_call_fastpath+0x16/0x1b\n\nThe code should take the RCU read lock to make sure the parents credentials\ndon\u0027t go away, even though it\u0027s holding a spinlock and has IRQ disabled.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e950598d43dce8d97e7d5270808393425d1e5cbd", "tree": "916c8a6c5dc63cd3486aa7200964269ea31b4d42", "parents": [ "999b4f0aa2314b76857775334cb94bafa053db64" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Aug 31 09:38:51 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 08 09:51:41 2010 +1000" }, "message": "ima: always maintain counters\n\ncommit 8262bb85da allocated the inode integrity struct (iint) before any\ninodes were created. Only after IMA was initialized in late_initcall were\nthe counters updated. This patch updates the counters, whether or not IMA\nhas been initialized, to resolve \u0027imbalance\u0027 messages.\n\nThis patch fixes the bug as reported in bugzilla: 15673. When the i915\nis builtin, the ring_buffer is initialized before IMA, causing the\nimbalance message on suspend.\n\nReported-by: Thomas Meyer \u003cthomas@m3y3r.de\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nTested-by: Thomas Meyer \u003cthomas@m3y3r.de\u003e\nTested-by: David Safford\u003csafford@watson.ibm.com\u003e\nCc: Stable Kernel \u003cstable@kernel.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "999b4f0aa2314b76857775334cb94bafa053db64", "tree": "0b2b9e6d54415d0d6f6ff59526c68108c09d1fd7", "parents": [ "04ccd53f09741c4bc54ab36db000bc1383e4812e" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri Aug 27 18:33:29 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 08 09:19:34 2010 +1000" }, "message": "AppArmor: Fix locking from removal of profile namespace\n\nThe locking for profile namespace removal is wrong, when removing a\nprofile namespace, it needs to be removed from its parent\u0027s list.\nLock the parent of namespace list instead of the namespace being removed.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "04ccd53f09741c4bc54ab36db000bc1383e4812e", "tree": "d8c6e27094cb3b042e852f01c09a3d21979150d2", "parents": [ "3a2dc8382a3e85a51ed9c6f57ea80665ea7a0c95" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri Aug 27 18:33:28 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 08 09:19:31 2010 +1000" }, "message": "AppArmor: Fix splitting an fqname into separate namespace and profile names\n\nAs per Dan Carpenter \u003cerror27@gmail.com\u003e\n If we have a ns name without a following profile then in the original\n code it did \"*ns_name \u003d \u0026name[1];\". \"name\" is NULL so \"*ns_name\" is\n 0x1. That isn\u0027t useful and could cause an oops when this function is\n called from aa_remove_profiles().\n\nBeyond this the assignment of the namespace name was wrong in the case\nwhere the profile name was provided as it was being set to \u0026name[1]\nafter name \u003d skip_spaces(split + 1);\n\nMove the ns_name assignment before updating name for the split and\nalso add skip_spaces, making the interface more robust.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3a2dc8382a3e85a51ed9c6f57ea80665ea7a0c95", "tree": "05b289dc97bf08459911d0b5500896ed80af25c7", "parents": [ "e819ff519b2d74373eca4a9a2b417ebf4c1e1b29" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Sep 06 10:10:20 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 08 09:19:29 2010 +1000" }, "message": "AppArmor: Fix security_task_setrlimit logic for 2.6.36 changes\n\n2.6.36 introduced the abilitiy to specify the task that is having its\nrlimits set. Update mediation to ensure that confined tasks can only\nset their own group_leader as expected by current policy.\n\nAdd TODO note about extending policy to support setting other tasks\nrlimits.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e819ff519b2d74373eca4a9a2b417ebf4c1e1b29", "tree": "fe05eafda3b89816d9929f69e24433bf7879ad70", "parents": [ "98e52c373cdc1239a9ec6a2763f519cc1d99dcbc" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri Aug 27 18:33:26 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 08 09:19:24 2010 +1000" }, "message": "AppArmor: Drop hack to remove appended \" (deleted)\" string\n\nThe 2.6.36 kernel has refactored __d_path() so that it no longer appends\n\" (deleted)\" to unlinked paths. So drop the hack that was used to detect\nand remove the appended string.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "145c3ae46b37993b0debb0b3da6256daea4a6ec5", "tree": "0dbff382ce36b23b3d2dbff87d3eaab73a07a2a4", "parents": [ "81ca03a0e2ea0207b2df80e0edcf4c775c07a505", "99b7db7b8ffd6bb755eb0a175596421a0b581cb2" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 18 09:35:08 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 18 09:35:08 2010 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:\n fs: brlock vfsmount_lock\n fs: scale files_lock\n lglock: introduce special lglock and brlock spin locks\n tty: fix fu_list abuse\n fs: cleanup files_lock locking\n fs: remove extra lookup in __lookup_hash\n fs: fs_struct rwlock to spinlock\n apparmor: use task path helpers\n fs: dentry allocation consolidation\n fs: fix do_lookup false negative\n mbcache: Limit the maximum number of cache entries\n hostfs -\u003efollow_link() braino\n hostfs: dumb (and usually harmless) tpyo - strncpy instead of strlcpy\n remove SWRITE* I/O types\n kill BH_Ordered flag\n vfs: update ctime when changing the file\u0027s permission by setfacl\n cramfs: only unlock new inodes\n fix reiserfs_evict_inode end_writeback second call\n" }, { "commit": "d996b62a8df1d935b01319bf8defb95b5709f7b8", "tree": "d81f8240da776336845a2063555d7bb4dce684bd", "parents": [ "ee2ffa0dfdd2db19705f2ba1c6a4c0bfe8122dd8" ], "author": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Wed Aug 18 04:37:36 2010 +1000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Aug 18 08:35:47 2010 -0400" }, "message": "tty: fix fu_list abuse\n\ntty: fix fu_list abuse\n\ntty code abuses fu_list, which causes a bug in remount,ro handling.\n\nIf a tty device node is opened on a filesystem, then the last link to the inode\nremoved, the filesystem will be allowed to be remounted readonly. This is\nbecause fs_may_remount_ro does not find the 0 link tty inode on the file sb\nlist (because the tty code incorrectly removed it to use for its own purpose).\nThis can result in a filesystem with errors after it is marked \"clean\".\n\nTaking idea from Christoph\u0027s initial patch, allocate a tty private struct\nat file-\u003eprivate_data and put our required list fields in there, linking\nfile and tty. This makes tty nodes behave the same way as other device nodes\nand avoid meddling with the vfs, and avoids this bug.\n\nThe error handling is not trivial in the tty code, so for this bugfix, I take\nthe simple approach of using __GFP_NOFAIL and don\u0027t worry about memory errors.\nThis is not a problem because our allocator doesn\u0027t fail small allocs as a rule\nanyway. So proper error handling is left as an exercise for tty hackers.\n\n[ Arguably filesystem\u0027s device inode would ideally be divorced from the\ndriver\u0027s pseudo inode when it is opened, but in practice it\u0027s not clear whether\nthat will ever be worth implementing. ]\n\nCc: linux-kernel@vger.kernel.org\nCc: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nSigned-off-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ee2ffa0dfdd2db19705f2ba1c6a4c0bfe8122dd8", "tree": "e48400d1a33f8d2e68589ccfd61637aa64462f08", "parents": [ "b04f784e5d19ed58892833dae845738972cea260" ], "author": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Wed Aug 18 04:37:35 2010 +1000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Aug 18 08:35:47 2010 -0400" }, "message": "fs: cleanup files_lock locking\n\nfs: cleanup files_lock locking\n\nLock tty_files with a new spinlock, tty_files_lock; provide helpers to\nmanipulate the per-sb files list; unexport the files_lock spinlock.\n\nCc: linux-kernel@vger.kernel.org\nCc: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nAcked-by: Andi Kleen \u003cak@linux.intel.com\u003e\nAcked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nSigned-off-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "44672e4fbd40e2dda8bbce7d0f71d24dbfc7e00e", "tree": "7d6251adb6eac69a0d0ba97e64dbf2c41c67928e", "parents": [ "baa0389073eb7beb9d36f6d13df97e16c1bfa626" ], "author": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Wed Aug 18 04:37:32 2010 +1000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Aug 18 08:35:46 2010 -0400" }, "message": "apparmor: use task path helpers\n\napparmor: use task path helpers\n\nSigned-off-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3b89f56783a4ef796190ef1192c25e72e0b986b6", "tree": "9d34f03092a38fd79f14003c88489323f32d9334", "parents": [ "392abeea52db4dc870c0ea41912df8ca60b27d44", "7cb4dc9fc95f89587f57f287b47e091d7806255e" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 17 18:37:03 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 17 18:37:03 2010 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:\n AppArmor: fix task_setrlimit prototype\n" }, { "commit": "d7627467b7a8dd6944885290a03a07ceb28c10eb", "tree": "a18c83468418e878cfb2d44e4310d81b8db84ad7", "parents": [ "da5cabf80e2433131bf0ed8993abc0f7ea618c73" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Aug 17 23:52:56 2010 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 17 18:07:43 2010 -0700" }, "message": "Make do_execve() take a const filename pointer\n\nMake do_execve() take a const filename pointer so that kernel_execve() compiles\ncorrectly on ARM:\n\narch/arm/kernel/sys_arm.c:88: warning: passing argument 1 of \u0027do_execve\u0027 discards qualifiers from pointer target type\n\nThis also requires the argv and envp arguments to be consted twice, once for\nthe pointer array and once for the strings the array points to. This is\nbecause do_execve() passes a pointer to the filename (now const) to\ncopy_strings_kernel(). A simpler alternative would be to cast the filename\npointer in do_execve() when it\u0027s passed to copy_strings_kernel().\n\ndo_execve() may not change any of the strings it is passed as part of the argv\nor envp lists as they are some of them in .rodata, so marking these strings as\nconst should be fine.\n\nFurther kernel_execve() and sys_execve() need to be changed to match.\n\nThis has been test built on x86_64, frv, arm and mips.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nTested-by: Ralf Baechle \u003cralf@linux-mips.org\u003e\nAcked-by: Russell King \u003crmk+kernel@arm.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7cb4dc9fc95f89587f57f287b47e091d7806255e", "tree": "41f68ee728c0ab1b894e425933a166e990e1eb41", "parents": [ "da5cabf80e2433131bf0ed8993abc0f7ea618c73" ], "author": { "name": "Jiri Slaby", "email": "jslaby@suse.cz", "time": "Wed Aug 11 11:28:02 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 17 08:06:09 2010 +1000" }, "message": "AppArmor: fix task_setrlimit prototype\n\nAfter rlimits tree was merged we get the following errors:\nsecurity/apparmor/lsm.c:663:2: warning: initialization from incompatible pointer type\n\nIt is because AppArmor was merged in the meantime, but uses the old\nprototype. So fix it by adding struct task_struct as a first parameter\nof apparmor_task_setrlimit.\n\nNOTE that this is ONLY a compilation warning fix (and crashes caused\nby that). It needs proper handling in AppArmor depending on who is the\n\u0027task\u0027.\n\nSigned-off-by: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "26df0766a73a859bb93dc58e747c5028557a23fd", "tree": "4776de567425a7fb66ca9a87228309f9c84de633", "parents": [ "580287628cdd99366b10c9050c4479b387283be8", "a6de51b2787012ba3ab62c7d50df1b749b83d5f0" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Aug 12 10:01:59 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Aug 12 10:01:59 2010 -0700" }, "message": "Merge branch \u0027params\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus\n\n* \u0027params\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus: (22 commits)\n param: don\u0027t deref arg in __same_type() checks\n param: update drivers/acpi/debug.c to new scheme\n param: use module_param in drivers/message/fusion/mptbase.c\n ide: use module_param_named rather than module_param_call\n param: update drivers/char/ipmi/ipmi_watchdog.c to new scheme\n param: lock if_sdio\u0027s lbs_helper_name and lbs_fw_name against sysfs changes.\n param: lock myri10ge_fw_name against sysfs changes.\n param: simple locking for sysfs-writable charp parameters\n param: remove unnecessary writable charp\n param: add kerneldoc to moduleparam.h\n param: locking for kernel parameters\n param: make param sections const.\n param: use free hook for charp (fix leak of charp parameters)\n param: add a free hook to kernel_param_ops.\n param: silence .init.text references from param ops\n Add param ops struct for hvc_iucv driver.\n nfs: update for module_param_named API change\n AppArmor: update for module_param_named API change\n param: use ops in struct kernel_param, rather than get and set fns directly\n param: move the EXPORT_SYMBOL to after the definitions.\n ...\n" }, { "commit": "12fdff3fc2483f906ae6404a6e8dcf2550310b6f", "tree": "a79fb1365fce7c7529655a8802d6d6bf8509b374", "parents": [ "1490cf5f0cb07dd49cdab4bceb769d7f711d7ca6" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Aug 12 16:54:57 2010 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Aug 12 09:51:35 2010 -0700" }, "message": "Add a dummy printk function for the maintenance of unused printks\n\nAdd a dummy printk function for the maintenance of unused printks through gcc\nformat checking, and also so that side-effect checking is maintained too.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "101d6c826fa03266f8538ea4f6a459190e6863e8", "tree": "56254b27ac0352339777dcb9e654a4456ac3e244", "parents": [ "9bbb9e5a33109b2832e2e63dcc7a132924ab374b" ], "author": { "name": "Stephen Rothwell", "email": "sfr@canb.auug.org.au", "time": "Mon Aug 02 12:00:43 2010 +1000" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Wed Aug 11 23:04:14 2010 +0930" }, "message": "AppArmor: update for module_param_named API change\n\nFixes these build errors:\nsecurity/apparmor/lsm.c:701: error: \u0027param_ops_aabool\u0027 undeclared here (not in a function)\nsecurity/apparmor/lsm.c:721: error: \u0027param_ops_aalockpolicy\u0027 undeclared here (not in a function)\nsecurity/apparmor/lsm.c:729: error: \u0027param_ops_aauint\u0027 undeclared here (not in a function)\n\nSigned-off-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "b34d8915c413acb51d837a45fb8747b61f65c020", "tree": "ced5fac166324634653d84b1afe2b958b3904f4d", "parents": [ "e8a89cebdbaab14caaa26debdb4ffd493b8831af", "f33ebbe9da2c3c24664a0ad4f8fd83f293547e63" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 10 12:07:51 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 10 12:07:51 2010 -0700" }, "message": "Merge branch \u0027writable_limits\u0027 of git://decibel.fi.muni.cz/~xslaby/linux\n\n* \u0027writable_limits\u0027 of git://decibel.fi.muni.cz/~xslaby/linux:\n unistd: add __NR_prlimit64 syscall numbers\n rlimits: implement prlimit64 syscall\n rlimits: switch more rlimit syscalls to do_prlimit\n rlimits: redo do_setrlimit to more generic do_prlimit\n rlimits: add rlimit64 structure\n rlimits: do security check under task_lock\n rlimits: allow setrlimit to non-current tasks\n rlimits: split sys_setrlimit\n rlimits: selinux, do rlimits changes under task_lock\n rlimits: make sure -\u003erlim_max never grows in sys_setrlimit\n rlimits: add task_struct to update_rlimit_cpu\n rlimits: security, add task_struct to setrlimit\n\nFix up various system call number conflicts. We not only added fanotify\nsystem calls in the meantime, but asm-generic/unistd.h added a wait4\nalong with a range of reserved per-architecture system calls.\n" }, { "commit": "8c8946f509a494769a8c602b5ed189df01917d39", "tree": "dfd96bd6ca5ea6803c6d77f65ba37e04f78b2d3b", "parents": [ "5f248c9c251c60af3403902b26e08de43964ea0b", "1968f5eed54ce47bde488fd9a450912e4a2d7138" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 10 11:39:13 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 10 11:39:13 2010 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.infradead.org/users/eparis/notify\n\n* \u0027for-linus\u0027 of git://git.infradead.org/users/eparis/notify: (132 commits)\n fanotify: use both marks when possible\n fsnotify: pass both the vfsmount mark and inode mark\n fsnotify: walk the inode and vfsmount lists simultaneously\n fsnotify: rework ignored mark flushing\n fsnotify: remove global fsnotify groups lists\n fsnotify: remove group-\u003emask\n fsnotify: remove the global masks\n fsnotify: cleanup should_send_event\n fanotify: use the mark in handler functions\n audit: use the mark in handler functions\n dnotify: use the mark in handler functions\n inotify: use the mark in handler functions\n fsnotify: send fsnotify_mark to groups in event handling functions\n fsnotify: Exchange list heads instead of moving elements\n fsnotify: srcu to protect read side of inode and vfsmount locks\n fsnotify: use an explicit flag to indicate fsnotify_destroy_mark has been called\n fsnotify: use _rcu functions for mark list traversal\n fsnotify: place marks on object in order of group memory address\n vfs/fsnotify: fsnotify_close can delay the final work in fput\n fsnotify: store struct file not struct path\n ...\n\nFix up trivial delete/modify conflict in fs/notify/inotify/inotify.c.\n" }, { "commit": "cd816a0d84377c4e87f55cbe934a23417f9f5743", "tree": "8834341f81dc570f9f255af57ac28041c317226a", "parents": [ "0d9f9e122c74583de15a86d1c660c08dc298f2c8", "a7a387cc596278af1516c534b50cc0bee171129d" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 07 14:28:20 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 07 14:28:20 2010 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:\n SELINUX: Fix build error.\n" }, { "commit": "a7a387cc596278af1516c534b50cc0bee171129d", "tree": "6b020262150ab47e2aaeb7ccdd57534460df2665", "parents": [ "06c22dadc6d3f9b65e55407a87faaf6a4a014112" ], "author": { "name": "Ralf Baechle", "email": "ralf@linux-mips.org", "time": "Fri Aug 06 20:37:56 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Aug 06 18:11:39 2010 -0400" }, "message": "SELINUX: Fix build error.\n\nFix build error caused by a stale security/selinux/av_permissions.h in the $(src)\ndirectory which will override a more recent version in $(obj) that is it\nappears to strike only when building with a separate object directory.\n\nSigned-off-by: Ralf Baechle \u003cralf@linux-mips.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1e456a124353a753e9d1fadfbf5cd459c2f197ae", "tree": "4977d4fa275faafc0ba99a635d4c853a1f0df2a1", "parents": [ "fc1caf6eafb30ea185720e29f7f5eccca61ecd60" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Aug 06 16:08:27 2010 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Aug 06 09:17:02 2010 -0700" }, "message": "KEYS: request_key() should return -ENOKEY if the constructed key is negative\n\nrequest_key() should return -ENOKEY if the key it constructs has been\nnegatively instantiated.\n\nWithout this, request_key() can return an unusable key to its caller,\nand if the caller then does key_validate() that won\u0027t catch the problem.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "06c22dadc6d3f9b65e55407a87faaf6a4a014112", "tree": "e310b20a17014b491d86818fd58878839a48dffc", "parents": [ "3cfc2c42c1cbc8e238bb9c0612c0df4565e3a8b4" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Mon Aug 02 10:52:18 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 05 07:36:51 2010 -0400" }, "message": "apparmor: depends on NET\n\nSECURITY_APPARMOR should depend on NET since AUDIT needs\n(depends on) NET.\n\nFixes 70-80 errors that occur when CONFIG_NET is not enabled,\nbut APPARMOR selects AUDIT without qualification. E.g.:\n\naudit.c:(.text+0x33361): undefined reference to `netlink_unicast\u0027\n(.text+0x333df): undefined reference to `netlink_unicast\u0027\naudit.c:(.text+0x3341d): undefined reference to `skb_queue_tail\u0027\naudit.c:(.text+0x33424): undefined reference to `kfree_skb\u0027\naudit.c:(.text+0x334cb): undefined reference to `kfree_skb\u0027\naudit.c:(.text+0x33597): undefined reference to `skb_put\u0027\naudit.c:(.text+0x3369b): undefined reference to `__alloc_skb\u0027\naudit.c:(.text+0x336d7): undefined reference to `kfree_skb\u0027\n(.text+0x3374c): undefined reference to `__alloc_skb\u0027\nauditfilter.c:(.text+0x35305): undefined reference to `skb_queue_tail\u0027\nlsm_audit.c:(.text+0x2873): undefined reference to `init_net\u0027\nlsm_audit.c:(.text+0x2878): undefined reference to `dev_get_by_index\u0027\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3cfc2c42c1cbc8e238bb9c0612c0df4565e3a8b4", "tree": "5adc1ff2eaf64d450bf28bb6b2ce890db2567288", "parents": [ "5cf65713f87775c548e3eb48dbafa32e12f28000", "0ea6e61122196509af82cc4f36cbdaacbefb8227" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 04 15:31:02 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 04 15:31:02 2010 -0700" }, "message": "Merge branch \u0027for-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\n* \u0027for-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (48 commits)\n Documentation: update broken web addresses.\n fix comment typo \"choosed\" -\u003e \"chosen\"\n hostap:hostap_hw.c Fix typo in comment\n Fix spelling contorller -\u003e controller in comments\n Kconfig.debug: FAIL_IO_TIMEOUT: typo Faul -\u003e Fault\n fs/Kconfig: Fix typo Userpace -\u003e Userspace\n Removing dead MACH_U300_BS26\n drivers/infiniband: Remove unnecessary casts of private_data\n fs/ocfs2: Remove unnecessary casts of private_data\n libfc: use ARRAY_SIZE\n scsi: bfa: use ARRAY_SIZE\n drm: i915: use ARRAY_SIZE\n drm: drm_edid: use ARRAY_SIZE\n synclink: use ARRAY_SIZE\n block: cciss: use ARRAY_SIZE\n comment typo fixes: charater \u003d\u003e character\n fix comment typos concerning \"challenge\"\n arm: plat-spear: fix typo in kerneldoc\n reiserfs: typo comment fix\n update email address\n ...\n" }, { "commit": "d790d4d583aeaed9fc6f8a9f4d9f8ce6b1c15c7f", "tree": "854ab394486288d40fa8179cbfaf66e8bdc44b0f", "parents": [ "73b2c7165b76b20eb1290e7efebc33cfd21db1ca", "3a09b1be53d23df780a0cd0e4087a05e2ca4a00c" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Aug 04 15:14:38 2010 +0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Aug 04 15:14:38 2010 +0200" }, "message": "Merge branch \u0027master\u0027 into for-next\n" }, { "commit": "77c80e6b2fd049848bfd1bdab67899ad3ac407a7", "tree": "672ccbe5316698e0ef4dae46ba0029fb234989bf", "parents": [ "6371dcd36f649d9d07823f31400618155a20dde1" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:49:00 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:49:00 2010 +1000" }, "message": "AppArmor: fix build warnings for non-const use of get_task_cred\n\nFix build warnings for non-const use of get_task_cred.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6371dcd36f649d9d07823f31400618155a20dde1", "tree": "a08c4ed2ec77225abbfcc099e78ae8d643429787", "parents": [ "016d825fe02cd20fd8803ca37a1e6d428fe878f6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jul 29 23:02:34 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:39 2010 +1000" }, "message": "selinux: convert the policy type_attr_map to flex_array\n\nCurrent selinux policy can have over 3000 types. The type_attr_map in\npolicy is an array sized by the number of types times sizeof(struct ebitmap)\n(12 on x86_64). Basic math tells us the array is going to be of length\n3000 x 12 \u003d 36,000 bytes. The largest \u0027safe\u0027 allocation on a long running\nsystem is 16k. Most of the time a 32k allocation will work. But on long\nrunning systems a 64k allocation (what we need) can fail quite regularly.\nIn order to deal with this I am converting the type_attr_map to use\nflex_arrays. Let the library code deal with breaking this into PAGE_SIZE\npieces.\n\n-v2\nrework some of the if(!obj) BUG() to be BUG_ON(!obj)\ndrop flex_array_put() calls and just use a _get() object directly\n\n-v3\nmake apply to James\u0027 tree (drop the policydb_write changes)\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "016d825fe02cd20fd8803ca37a1e6d428fe878f6", "tree": "b36bafad46e09a1a62f3521536a703c58540f675", "parents": [ "484ca79c653121d3c79fffb86e1deea724f2e20b" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri Jul 30 13:46:33 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:39 2010 +1000" }, "message": "AppArmor: Enable configuring and building of the AppArmor security module\n\nKconfig and Makefiles to enable configuration and building of AppArmor.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "484ca79c653121d3c79fffb86e1deea724f2e20b", "tree": "457aa73e37c9b5e5b4306430f40d1985b59ca226", "parents": [ "4d6ec10bb4461fdc9a9ab94ef32934e13564e873" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jul 29 14:29:55 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:38 2010 +1000" }, "message": "TOMOYO: Use pathname specified by policy rather than execve()\n\nCommit c9e69318 \"TOMOYO: Allow wildcard for execute permission.\" changed execute\npermission and domainname to accept wildcards. But tomoyo_find_next_domain()\nwas using pathname passed to execve() rather than pathname specified by the\nexecute permission. As a result, processes were not able to transit to domains\nwhich contain wildcards in their domainnames.\n\nThis patch passes pathname specified by the execute permission back to\ntomoyo_find_next_domain() so that processes can transit to domains which\ncontain wildcards in their domainnames.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4d6ec10bb4461fdc9a9ab94ef32934e13564e873", "tree": "b252da668c7485b864dd012b33f58d7c108d99a1", "parents": [ "c88d4c7b049e87998ac0a9f455aa545cc895ef92" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jul 30 09:02:04 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:37 2010 +1000" }, "message": "AppArmor: update path_truncate method to latest version\n\nRemove extraneous path_truncate arguments from the AppArmor hook,\nas they\u0027ve been removed from the LSM API.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c88d4c7b049e87998ac0a9f455aa545cc895ef92", "tree": "1859582b4afec1116b6831ea89ae27c35209991a", "parents": [ "736ec752d95e91e77cc0e8c97c057ab076ac2f51" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:00 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:37 2010 +1000" }, "message": "AppArmor: core policy routines\n\nThe basic routines and defines for AppArmor policy. AppArmor policy\nis defined by a few basic components.\n profiles - the basic unit of confinement contain all the information\n to enforce policy on a task\n\n Profiles tend to be named after an executable that they\n will attach to but this is not required.\n namespaces - a container for a set of profiles that will be used\n during attachment and transitions between profiles.\n sids - which provide a unique id for each profile\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "736ec752d95e91e77cc0e8c97c057ab076ac2f51", "tree": "128d330ecff67c5d83862062825b7975c92fee96", "parents": [ "0ed3b28ab8bf460a3a026f3f1782bf4c53840184" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:02 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:36 2010 +1000" }, "message": "AppArmor: policy routines for loading and unpacking policy\n\nAppArmor policy is loaded in a platform independent flattened binary\nstream. Verify and unpack the data converting it to the internal\nformat needed for enforcement.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0ed3b28ab8bf460a3a026f3f1782bf4c53840184", "tree": "9da3a2c6d9f55d3166726fe7c51671a6029c1269", "parents": [ "b5e95b48685e3481139a5634d14d630d12c7d5ce" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:05 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:35 2010 +1000" }, "message": "AppArmor: mediation of non file objects\n\nipc:\nAppArmor ipc is currently limited to mediation done by file mediation\nand basic ptrace tests. Improved mediation is a wip.\n\nrlimits:\nAppArmor provides basic abilities to set and control rlimits at\na per profile level. Only resources specified in a profile are controled\nor set. AppArmor rules set the hard limit to a value \u003c\u003d to the current\nhard limit (ie. they can not currently raise hard limits), and if\nnecessary will lower the soft limit to the new hard limit value.\n\nAppArmor does not track resource limits to reset them when a profile\nis left so that children processes inherit the limits set by the\nparent even if they are not confined by the same profile.\n\nCapabilities: AppArmor provides a per profile mask of capabilities,\nthat will further restrict.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b5e95b48685e3481139a5634d14d630d12c7d5ce", "tree": "1468141db6ff1a291bde0b6a960c2af7e520b52b", "parents": [ "f9ad1af53d5232a89a1ff1827102843999975dfa" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:07 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:35 2010 +1000" }, "message": "AppArmor: LSM interface, and security module initialization\n\nAppArmor hooks to interface with the LSM, module parameters and module\ninitialization.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f9ad1af53d5232a89a1ff1827102843999975dfa", "tree": "2d7f4c35208b74995651fa6eb47031a37f928503", "parents": [ "c1c124e91e7c6d5a600c98f6fb5b443c403a14f4" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:08 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:34 2010 +1000" }, "message": "AppArmor: Enable configuring and building of the AppArmor security module\n\nKconfig and Makefiles to enable configuration and building of AppArmor.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "898127c34ec03291c86f4ff3856d79e9e18952bc", "tree": "c8845bd204b1c4b120f1be1cceea4ff96f749e53", "parents": [ "6380bd8ddf613b29f478396308b591867d401de4" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:06 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:14 2010 +1000" }, "message": "AppArmor: functions for domain transitions\n\nAppArmor routines for controling domain transitions, which can occur at\nexec or through self directed change_profile/change_hat calls.\n\nUnconfined tasks are checked at exec against the profiles in the confining\nprofile namespace to determine if a profile should be attached to the task.\n\nConfined tasks execs are controlled by the profile which provides rules\ndetermining which execs are allowed and if so which profiles should be\ntransitioned to.\n\nSelf directed domain transitions allow a task to request transition\nto a given profile. If the transition is allowed then the profile will\nbe applied, either immeditately or at exec time depending on the request.\nImmeditate self directed transitions have several security limitations\nbut have uses in setting up stub transition profiles and other limited\ncases.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6380bd8ddf613b29f478396308b591867d401de4", "tree": "6d8fc9356a652f8452ccf49e7f79cc700cc2768d", "parents": [ "63e2b423771ab0bc7ad4d407f3f6517c6d05cdc0" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:04 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:14 2010 +1000" }, "message": "AppArmor: file enforcement routines\n\nAppArmor does files enforcement via pathname matching. Matching is done\nat file open using a dfa match engine. Permission is against the final\nfile object not parent directories, ie. the traversal of directories\nas part of the file match is implicitly allowed. In the case of nonexistant\nfiles (creation) permissions are checked against the target file not the\ndirectory. eg. In case of creating the file /dir/new, permissions are\nchecked against the match /dir/new not against /dir/.\n\nThe permissions for matches are currently stored in the dfa accept table,\nbut this will change to allow for dfa reuse and also to allow for sharing\nof wider accept states.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "63e2b423771ab0bc7ad4d407f3f6517c6d05cdc0", "tree": "e50efc9593c7558d3700ec55869f9ddbac283a1d", "parents": [ "e06f75a6a2b43bd3a7a197bd21466f9da130e4af" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:03 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:13 2010 +1000" }, "message": "AppArmor: userspace interfaces\n\nThe /proc/\u003cpid\u003e/attr/* interface is used for process introspection and\ncommands. While the apparmorfs interface is used for global introspection\nand loading and removing policy.\n\nThe interface currently only contains the files necessary for loading\npolicy, and will be extended in the future to include sysfs style\nsingle per file introspection inteface.\n\nThe old AppArmor 2.4 interface files have been removed into a compatibility\npatch, that distros can use to maintain backwards compatibility.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e06f75a6a2b43bd3a7a197bd21466f9da130e4af", "tree": "bf5aabceae66c62e317a0403b05ffb320aef54d2", "parents": [ "c75afcd153f6147d3b094f45a1d87e5df7f4f053" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:01 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:13 2010 +1000" }, "message": "AppArmor: dfa match engine\n\nA basic dfa matching engine based off the dfa engine in the Dragon\nBook. It uses simple row comb compression with a check field.\n\nThis allows AppArmor to do pattern matching in linear time, and also\navoids stack issues that an nfa based engine may have. The dfa\nengine uses a byte based comparison, with all values being valid.\nAny potential character encoding are handled user side when the dfa\ntables are created. By convention AppArmor uses \\0 to separate two\ndependent path matches since \\0 is not a valid path character\n(this is done in the link permission check).\n\nThe dfa tables are generated in user space and are verified at load\ntime to be internally consistent.\n\nThere are several future improvements planned for the dfa engine:\n* The dfa engine may be converted to a hybrid nfa-dfa engine, with\n a fixed size limited stack. This would allow for size time\n tradeoffs, by inserting limited nfa states to help control\n state explosion that can occur with dfas.\n* The dfa engine may pickup the ability to do limited dynamic\n variable matching, instead of fixing all variables at policy\n load time.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c75afcd153f6147d3b094f45a1d87e5df7f4f053", "tree": "4d072c7b76a1e198427716f66a46712e508d4597", "parents": [ "67012e8209df95a8290d135753ff5145431a666e" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:47:59 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:12 2010 +1000" }, "message": "AppArmor: contexts used in attaching policy to system objects\n\nAppArmor contexts attach profiles and state to tasks, files, etc. when\na direct profile reference is not sufficient.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "67012e8209df95a8290d135753ff5145431a666e", "tree": "fc95b2c33d2e2d206500d7ec7e78dd855d4b3d2c", "parents": [ "cdff264264254e0fabc8107a33f3bb75a95e981f" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:47:58 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:11 2010 +1000" }, "message": "AppArmor: basic auditing infrastructure.\n\nUpdate lsm_audit for AppArmor specific data, and add the core routines for\nAppArmor uses for auditing.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cdff264264254e0fabc8107a33f3bb75a95e981f", "tree": "a20956e2a7a38e195071ded57fca02e1d1b1314c", "parents": [ "e6f6a4cc955d626ed26562d98de5766bf1f73526" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:47:57 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:11 2010 +1000" }, "message": "AppArmor: misc. base functions and defines\n\nMiscellaneous functions and defines needed by AppArmor, including\nthe base path resolution routines.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e6f6a4cc955d626ed26562d98de5766bf1f73526", "tree": "308ef4b42db0e3ebc0078550c7b9cca59f117cd6", "parents": [ "7e3d199a4009a4094a955282daf5ecd43f2c8152" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jul 27 17:17:06 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:10 2010 +1000" }, "message": "TOMOYO: Update version to 2.3.0\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7e3d199a4009a4094a955282daf5ecd43f2c8152", "tree": "ea65ba1835bc1465ab07d94e0f8c7e9a2e060b5f", "parents": [ "b424485abe2b16580a178b469917a7b6ee0c152a" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jul 27 10:08:29 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:09 2010 +1000" }, "message": "TOMOYO: Fix quota check.\n\nCommit d74725b9 \"TOMOYO: Use callback for updating entries.\" broke\ntomoyo_domain_quota_is_ok() by counting deleted entries. It needs to\ncount non-deleted entries.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b424485abe2b16580a178b469917a7b6ee0c152a", "tree": "d90d4662dd1ad229976354e4caa1a7632fb2a6d3", "parents": [ "49b7b8de46d293113a0a0bb026ff7bd833c73367" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 23 11:44:15 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:09 2010 +1000" }, "message": "SELinux: Move execmod to the common perms\n\nexecmod \"could\" show up on non regular files and non chr files. The current\nimplementation would actually make these checks against non-existant bits\nsince the code assumes the execmod permission is same for all file types.\nTo make this line up for chr files we had to define execute_no_trans and\nentrypoint permissions. These permissions are unreachable and only existed\nto to make FILE__EXECMOD and CHR_FILE__EXECMOD the same. This patch drops\nthose needless perms as well.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "49b7b8de46d293113a0a0bb026ff7bd833c73367", "tree": "ff29778c49a8ac1511249cc268ddbb2c6ddb86a9", "parents": [ "b782e0a68d17894d9a618ffea55b33639faa6bb4" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 23 11:44:09 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:08 2010 +1000" }, "message": "selinux: place open in the common file perms\n\nkernel can dynamically remap perms. Drop the open lookup table and put open\nin the common file perms.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b782e0a68d17894d9a618ffea55b33639faa6bb4", "tree": "307bc615153075a6e92be5d839a58ff48d6525f3", "parents": [ "d09ca73979460b96d5d4684d588b188be9a1f57d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 23 11:44:03 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:07 2010 +1000" }, "message": "SELinux: special dontaudit for access checks\n\nCurrently there are a number of applications (nautilus being the main one) which\ncalls access() on files in order to determine how they should be displayed. It\nis normal and expected that nautilus will want to see if files are executable\nor if they are really read/write-able. access() should return the real\npermission. SELinux policy checks are done in access() and can result in lots\nof AVC denials as policy denies RWX on files which DAC allows. Currently\nSELinux must dontaudit actual attempts to read/write/execute a file in\norder to silence these messages (and not flood the logs.) But dontaudit rules\nlike that can hide real attacks. This patch addes a new common file\npermission audit_access. This permission is special in that it is meaningless\nand should never show up in an allow rule. Instead the only place this\npermission has meaning is in a dontaudit rule like so:\n\ndontaudit nautilus_t sbin_t:file audit_access\n\nWith such a rule if nautilus just checks access() we will still get denied and\nthus userspace will still get the correct answer but we will not log the denial.\nIf nautilus attempted to actually perform one of the forbidden actions\n(rather than just querying access(2) about it) we would still log a denial.\nThis type of dontaudit rule should be used sparingly, as it could be a\nmethod for an attacker to probe the system permissions without detection.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d09ca73979460b96d5d4684d588b188be9a1f57d", "tree": "217543affc5c1c76181ffca00c23cfa69f1dd4f6", "parents": [ "9cfcac810e8993fa7a5bfd24b1a21f1dbbb03a7b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 23 11:43:57 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:07 2010 +1000" }, "message": "security: make LSMs explicitly mask off permissions\n\nSELinux needs to pass the MAY_ACCESS flag so it can handle auditting\ncorrectly. Presently the masking of MAY_* flags is done in the VFS. In\norder to allow LSMs to decide what flags they care about and what flags\nthey don\u0027t just pass them all and the each LSM mask off what they don\u0027t\nneed. This patch should contain no functional changes to either the VFS or\nany LSM.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "692a8a231b212dfc68f612956d63f34abf098e0f", "tree": "4af3c03535ebc49e38c3c0c8f67061adbdf44c72", "parents": [ "d1b43547e56b163bc5c622243c47d8a13626175b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jul 21 12:51:03 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:06 2010 +1000" }, "message": "SELinux: break ocontext reading into a separate function\n\nMove the reading of ocontext type data out of policydb_read() in a separate\nfunction ocontext_read()\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d1b43547e56b163bc5c622243c47d8a13626175b", "tree": "29b2ddd50b3a0c6fe4dcf5f78c55c8698cd11679", "parents": [ "9a7982793c3aee6ce86d8e7e15306215257329f2" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jul 21 12:50:57 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:05 2010 +1000" }, "message": "SELinux: move genfs read to a separate function\n\nmove genfs read functionality out of policydb_read() and into a new\nfunction called genfs_read()\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9a7982793c3aee6ce86d8e7e15306215257329f2", "tree": "4d85f6f7a57260cefd938dca7593aabf9c02a59c", "parents": [ "338437f6a09861cdf76e1396ed5fa6dee9c7cabe" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:57:39 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:04 2010 +1000" }, "message": "selinux: fix error codes in symtab_init()\n\nhashtab_create() only returns NULL on allocation failures to -ENOMEM is\nappropriate here.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "338437f6a09861cdf76e1396ed5fa6dee9c7cabe", "tree": "e693392adf370b81af129b326bba45bf43f03862", "parents": [ "38184c522249dc377366d4edc41dc500c2c3bb9e" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:56:01 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:04 2010 +1000" }, "message": "selinux: fix error codes in cond_read_bool()\n\nThe original code always returned -1 (-EPERM) on error. The new code\nreturns either -ENOMEM, or -EINVAL or it propagates the error codes from\nlower level functions next_entry() or hashtab_insert().\n\nnext_entry() returns -EINVAL.\nhashtab_insert() returns -EINVAL, -EEXIST, or -ENOMEM.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "38184c522249dc377366d4edc41dc500c2c3bb9e", "tree": "10c87bf5fdaea233a7842a79f04459792e1b5ba1", "parents": [ "fc5c126e4733e6fb3080d3d822ca63226e74fc84" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:55:01 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:03 2010 +1000" }, "message": "selinux: fix error codes in cond_policydb_init()\n\nIt\u0027s better to propagate the error code from avtab_init() instead of\nreturning -1 (-EPERM). It turns out that avtab_init() never fails so\nthis patch doesn\u0027t change how the code runs but it\u0027s still a clean up.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fc5c126e4733e6fb3080d3d822ca63226e74fc84", "tree": "3320c22b66107c984ac0cf07c365420df42a4977", "parents": [ "9d623b17a740d5a85c12108cdc71c64fb15484fc" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:53:46 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:02 2010 +1000" }, "message": "selinux: fix error codes in cond_read_node()\n\nOriginally cond_read_node() returned -1 (-EPERM) on errors which was\nincorrect. Now it either propagates the error codes from lower level\nfunctions next_entry() or cond_read_av_list() or it returns -ENOMEM or\n-EINVAL.\n\nnext_entry() returns -EINVAL.\ncond_read_av_list() returns -EINVAL or -ENOMEM.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9d623b17a740d5a85c12108cdc71c64fb15484fc", "tree": "15434839a75f9c46c53a201520c6c859fad3c74b", "parents": [ "5241c1074f6e2f2276d45d857eb5d19fbdc2e4b2" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:52:19 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:02 2010 +1000" }, "message": "selinux: fix error codes in cond_read_av_list()\n\nAfter this patch cond_read_av_list() no longer returns -1 for any\nerrors. It just propagates error code back from lower levels. Those can\neither be -EINVAL or -ENOMEM.\n\nI also modified cond_insertf() since cond_read_av_list() passes that as a\nfunction pointer to avtab_read_item(). It isn\u0027t used anywhere else.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5241c1074f6e2f2276d45d857eb5d19fbdc2e4b2", "tree": "cf41e959668f5a9ec7a5d75059df864133569c91", "parents": [ "9e0bd4cba4460bff64fb07cfb07849cdfd4d325a" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:51:40 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:01 2010 +1000" }, "message": "selinux: propagate error codes in cond_read_list()\n\nThese are passed back when the security module gets loaded.\n\nThe original code always returned -1 (-EPERM) on error but after this\npatch it can return -EINVAL, or -ENOMEM or propagate the error code from\ncond_read_node(). cond_read_node() still returns -1 all the time, but I\nfix that in a later patch.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9e0bd4cba4460bff64fb07cfb07849cdfd4d325a", "tree": "feebec6167012e461d286c02ae45348ad0b2d3a1", "parents": [ "dce3a3d2ee038d230323fe06b061dbaace6b8f94" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:50:35 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:01 2010 +1000" }, "message": "selinux: cleanup return codes in avtab_read_item()\n\nThe avtab_read_item() function tends to return -1 as a default error\ncode which is wrong (-1 means -EPERM). I modified it to return\nappropriate error codes which is -EINVAL or the error code from\nnext_entry() or insertf().\n\nnext_entry() returns -EINVAL.\ninsertf() is a function pointer to either avtab_insert() or\ncond_insertf().\navtab_insert() returns -EINVAL, -ENOMEM, and -EEXIST.\ncond_insertf() currently returns -1, but I will fix it in a later patch.\n\nThere is code in avtab_read() which translates the -1 returns from\navtab_read_item() to -EINVAL. The translation is no longer needed, so I\nremoved it.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dce3a3d2ee038d230323fe06b061dbaace6b8f94", "tree": "0c3f258fe162379db0fbbb2de783d8dbd8b15c92", "parents": [ "b8bc83ab4dcbc9938b95a90bbb50d89d1904d5ab" ], "author": { "name": "Chihau Chau", "email": "chihau@gmail.com", "time": "Fri Jul 16 12:11:54 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:00 2010 +1000" }, "message": "Security: capability: code style issue\n\nThis fix a little code style issue deleting a space between a function\nname and a open parenthesis.\n\nSigned-off-by: Chihau Chau \u003cchihau@gmail.com\u003e\nAcked-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b8bc83ab4dcbc9938b95a90bbb50d89d1904d5ab", "tree": "7ccdfa1ad932b8556052aa0de65d017816a4470e", "parents": [ "57a62c2317d60b21b7761c319a733a894482a6af" ], "author": { "name": "Tvrtko Ursulin", "email": "tvrtko.ursulin@sophos.com", "time": "Thu Jul 15 13:25:06 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:59 2010 +1000" }, "message": "securityfs: Drop dentry reference count when mknod fails\n\nlookup_one_len increments dentry reference count which is not decremented\nwhen the create operation fails. This can cause a kernel BUG at\nfs/dcache.c:676 at unmount time. Also error code returned when new_inode()\nfails was replaced with more appropriate -ENOMEM.\n\nSigned-off-by: Tvrtko Ursulin \u003ctvrtko.ursulin@sophos.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge@hallyn.com\u003e\nAcked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "57a62c2317d60b21b7761c319a733a894482a6af", "tree": "03329d5df0a390640fbe5a41be064e5914673b02", "parents": [ "cdcd90f9e450d4edb5fab0490119f9540874e882" ], "author": { "name": "Arnd Bergmann", "email": "arnd@arndb.de", "time": "Wed Jul 07 23:40:10 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:59 2010 +1000" }, "message": "selinux: use generic_file_llseek\n\nThe default for llseek will change to no_llseek,\nso selinuxfs needs to add explicit .llseek\nassignments. Since we\u0027re dealing with regular\nfiles from a VFS perspective, use generic_file_llseek.\n\nSigned-off-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cdcd90f9e450d4edb5fab0490119f9540874e882", "tree": "5b1a5b5d00d19d6fa9ba13261ff22ffb0b8aa154", "parents": [ "7e2deb7ce8f662bce877dbfd3b0053e9559c25a3" ], "author": { "name": "Arnd Bergmann", "email": "arnd@arndb.de", "time": "Wed Jul 07 23:40:15 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:58 2010 +1000" }, "message": "ima: use generic_file_llseek for securityfs\n\nThe default for llseek will change to no_llseek,\nso securityfs users need to add explicit .llseek\nassignments. Since we\u0027re dealing with regular\nfiles from a VFS perspective, use generic_file_llseek.\n\nSigned-off-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nCc: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7e2deb7ce8f662bce877dbfd3b0053e9559c25a3", "tree": "525c2a048a361bda568ff19bf422430999b64984", "parents": [ "af4f136056c984b0aa67feed7d3170b958370b2f" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jul 08 21:57:41 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:57 2010 +1000" }, "message": "TOMOYO: Explicitly set file_operations-\u003ellseek pointer.\n\nTOMOYO does not deal offset pointer. Thus seek operation makes\nno sense. Changing default seek operation from default_llseek()\nto no_llseek() might break some applications. Thus, explicitly\nset noop_llseek().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "af4f136056c984b0aa67feed7d3170b958370b2f", "tree": "30b62cd9174044cbdfdddc1fe5e0f21e7ddde85c", "parents": [ "5ad18a0d59ba9e65b3c8b2b489fd23bc6b3daf94" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jul 01 15:07:43 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:57 2010 +1000" }, "message": "security: move LSM xattrnames to xattr.h\n\nMake the security extended attributes names global. Updated to move\nthe remaining Smack xattrs.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5ad18a0d59ba9e65b3c8b2b489fd23bc6b3daf94", "tree": "9de21bbe321012bd8e51d9d8ed09b81785cfcbec", "parents": [ "94fd8405ea62bd2d4a40f3013e8e6935b6643235" ], "author": { "name": "Justin P. Mattock", "email": "justinmattock@gmail.com", "time": "Wed Jun 30 10:39:11 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:56 2010 +1000" }, "message": "KEYS: Reinstate lost passing of process keyring ID in call_sbin_request_key()\n\nIn commit bb952bb98a7e479262c7eb25d5592545a3af147d there was the accidental\ndeletion of a statement from call_sbin_request_key() to render the process\nkeyring ID to a text string so that it can be passed to /sbin/request-key.\n\nWith gcc 4.6.0 this causes the following warning:\n\n CC security/keys/request_key.o\nsecurity/keys/request_key.c: In function \u0027call_sbin_request_key\u0027:\nsecurity/keys/request_key.c:102:15: warning: variable \u0027prkey\u0027 set but not used\n\nThis patch reinstates that statement.\n\nWithout this statement, /sbin/request-key will get some random rubbish from the\nstack as that parameter.\n\nSigned-off-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "94fd8405ea62bd2d4a40f3013e8e6935b6643235", "tree": "14bff044866db418ec7f84944fc80998df851a99", "parents": [ "0849e3ba53c3ef603dffa9758a73e07ed186a937" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Jun 28 14:05:04 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:56 2010 +1000" }, "message": "KEYS: Use the variable \u0027key\u0027 in keyctl_describe_key()\n\nkeyctl_describe_key() turns the key reference it gets into a usable key pointer\nand assigns that to a variable called \u0027key\u0027, which it then ignores in favour of\nrecomputing the key pointer each time it needs it. Make it use the precomputed\npointer instead.\n\nWithout this patch, gcc 4.6 reports that the variable key is set but not used:\n\n\tbuilding with gcc 4.6 I\u0027m getting a warning message:\n\t CC security/keys/keyctl.o\n\tsecurity/keys/keyctl.c: In function \u0027keyctl_describe_key\u0027:\n\tsecurity/keys/keyctl.c:472:14: warning: variable \u0027key\u0027 set but not used\n\nReported-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0849e3ba53c3ef603dffa9758a73e07ed186a937", "tree": "5aaaa02db9be90287bfcc6e00e48d0b50c18d6cd", "parents": [ "e2bf69077acefee5247bb661faac2552d29ba7ba" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Jun 25 12:22:09 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:55 2010 +1000" }, "message": "TOMOYO: Add missing poll() hook.\n\nCommit 1dae08c \"TOMOYO: Add interactive enforcing mode.\" forgot to register\npoll() hook. As a result, /usr/sbin/tomoyo-queryd was doing busy loop.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e2bf69077acefee5247bb661faac2552d29ba7ba", "tree": "946adb588df8647f2476fb2f66996e6231521687", "parents": [ "8e5686874bcb882f69d5c04e6b38dc92b97facea" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Jun 25 11:16:00 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:54 2010 +1000" }, "message": "TOMOYO: Rename symbols.\n\nUse shorter name in order to make it easier to fit 80 columns limit.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8e5686874bcb882f69d5c04e6b38dc92b97facea", "tree": "522733e1e4a172d29252a98d340cea3942296684", "parents": [ "f23571e866309a2048030ef6a5f0725cf139d4c9" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Jun 25 09:30:09 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:54 2010 +1000" }, "message": "TOMOYO: Small cleanup.\n\nSplit tomoyo_write_profile() into several functions.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f23571e866309a2048030ef6a5f0725cf139d4c9", "tree": "0116bcef462f367307b2db927b249b7ce21039c2", "parents": [ "5db5a39b6462c8360c9178b28f4b07c320dfca1c" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 24 14:57:16 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:45 2010 +1000" }, "message": "TOMOYO: Copy directly to userspace buffer.\n\nWhen userspace program reads policy from /sys/kernel/security/tomoyo/\ninterface, TOMOYO uses line buffered mode. A line has at least one word.\n\nCommit 006dacc \"TOMOYO: Support longer pathname.\" changed a word\u0027s max length\nfrom 4000 bytes to max kmalloc()able bytes. By that commit, a line\u0027s max length\nchanged from 8192 bytes to more than max kmalloc()able bytes.\n\nMax number of words in a line remains finite. This patch changes the way of\nbuffering so that all words in a line are firstly directly copied to userspace\nbuffer as much as possible and are secondly queued for next read request.\nWords queued are guaranteed to be valid until /sys/kernel/security/tomoyo/\ninterface is close()d.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5db5a39b6462c8360c9178b28f4b07c320dfca1c", "tree": "0350d94c0e134820e035381bcff81515dbda9666", "parents": [ "063821c8160568b3390044390c8328e36c5696ad" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 24 12:24:19 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:45 2010 +1000" }, "message": "TOMOYO: Use common code for policy reading.\n\ntomoyo_print_..._acl() are similar. Merge them.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "063821c8160568b3390044390c8328e36c5696ad", "tree": "68a61753cdc6b0edaf0358eebdea8c20aaa713b1", "parents": [ "475e6fa3d340e75a454ea09191a29e52e2ee6e71" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 24 12:00:25 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:44 2010 +1000" }, "message": "TOMOYO: Allow reading only execute permission.\n\nPolicy editor needs to know allow_execute entries in order to build domain\ntransition tree. Reading all entries is slow. Thus, allow reading only\nallow_execute entries.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "475e6fa3d340e75a454ea09191a29e52e2ee6e71", "tree": "44e8222ec250f8573199fc3132eaeb2f8922f85e", "parents": [ "5448ec4f5062ef75ce74f8d7784d4cea9c46ad00" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 24 11:28:14 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:44 2010 +1000" }, "message": "TOMOYO: Change list iterator.\n\nChange list_for_each_cookie to\n\n(1) start from current position rather than next position\n(2) remove temporary cursor\n(3) check that srcu_read_lock() is held\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5448ec4f5062ef75ce74f8d7784d4cea9c46ad00", "tree": "c4c742b928c799e03328e345e1d4af738f315afb", "parents": [ "0617c7ff34dc9b1d641640c3953274bb2dbe21a6" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Jun 21 11:14:39 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:43 2010 +1000" }, "message": "TOMOYO: Use common code for domain transition control.\n\nUse common code for \"initialize_domain\"/\"no_initialize_domain\"/\"keep_domain\"/\n\"no_keep_domain\" keywords.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0617c7ff34dc9b1d641640c3953274bb2dbe21a6", "tree": "6be51af32ad65380aff9b7fa385f65ef15b3d53b", "parents": [ "7c2ea22e3c5463627ca98924cd65cb9e480dc29c" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Jun 21 09:58:53 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:42 2010 +1000" }, "message": "TOMOYO: Remove alias keyword.\n\nSome programs behave differently depending on argv[0] passed to execve().\nTOMOYO has \"alias\" keyword in order to allow administrators to define different\ndomains if requested pathname passed to execve() is a symlink. But \"alias\"\nkeyword is incomplete because this keyword assumes that requested pathname and\nargv[0] are identical. Thus, remove \"alias\" keyword (by this patch) and add\nsyntax for checking argv[0] (by future patches).\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7c2ea22e3c5463627ca98924cd65cb9e480dc29c", "tree": "3a105a08cf75c77689bdfe890c64f9ae433748b9", "parents": [ "31845e8c6d3f4f26702e567c667277f9fd1f73a3" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 17 16:55:58 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:42 2010 +1000" }, "message": "TOMOYO: Merge path_group and number_group.\n\nUse common code for \"path_group\" and \"number_group\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "31845e8c6d3f4f26702e567c667277f9fd1f73a3", "tree": "5c457513fcdae4e7e39b19d36e1698ae298ce8d4", "parents": [ "a230f9e7121cbcbfe23bd5a630abf6b53cece555" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 17 16:54:33 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:41 2010 +1000" }, "message": "TOMOYO: Aggregate reader functions.\n\nNow lists are accessible via array index. Aggregate reader functions using index.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a230f9e7121cbcbfe23bd5a630abf6b53cece555", "tree": "a81820f41d57ffd8704aaef4331f696030d7ba77", "parents": [ "a98aa4debe2728abb3353e35fc5d110dcc0d7f0d" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 17 16:53:24 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:40 2010 +1000" }, "message": "TOMOYO: Use array of \"struct list_head\".\n\nAssign list id and make the lists as array of \"struct list_head\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a98aa4debe2728abb3353e35fc5d110dcc0d7f0d", "tree": "0334194761e26961339dd126e997c23e4060ce72", "parents": [ "5fb49870e6d48d81d8ca0e1ef979073dc9a820f7" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 17 16:52:29 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:40 2010 +1000" }, "message": "TOMOYO: Merge tomoyo_path_group and tomoyo_number_group\n\n\"struct tomoyo_path_group\" and \"struct tomoyo_number_group\" are identical.\nRename tomoyo_path_group/tomoyo_number_group to tomoyo_group and\ntomoyo_path_group_member to tomoyo_path_group and\ntomoyo_number_group_member to tomoyo_unmber_group.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5fb49870e6d48d81d8ca0e1ef979073dc9a820f7", "tree": "136fdf4f4181907b89916f24a8e828c00ba3e6bd", "parents": [ "253bfae6e0ad97554799affa0266052968a45808" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:19 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:39 2010 +1000" }, "message": "selinux: Use current_security() when possible\n\nThere were a number of places using the following code pattern:\n\n struct cred *cred \u003d current_cred();\n struct task_security_struct *tsec \u003d cred-\u003esecurity;\n\n... which were simplified to the following:\n\n struct task_security_struct *tsec \u003d current_security();\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "253bfae6e0ad97554799affa0266052968a45808", "tree": "c3599a18f06664160a55a20b30428ba4faf6e2c0", "parents": [ "84914b7ed1c5e0f3199a5a6997022758a70fcaff" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:19 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:39 2010 +1000" }, "message": "selinux: Convert socket related access controls to use socket labels\n\nAt present, the socket related access controls use a mix of inode and\nsocket labels; while there should be no practical difference (they\n_should_ always be the same), it makes the code more confusing. This\npatch attempts to convert all of the socket related access control\npoints (with the exception of some of the inode/fd based controls) to\nuse the socket\u0027s own label. In the process, I also converted the\nsocket_has_perm() function to take a \u0027sock\u0027 argument instead of a\n\u0027socket\u0027 since that was adding a bit more overhead in some cases.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "84914b7ed1c5e0f3199a5a6997022758a70fcaff", "tree": "a0ac9631fba19280516ec26819c884e6b086b183", "parents": [ "d4f2d97841827cb876da8b607df05a3dab812416" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:18 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:38 2010 +1000" }, "message": "selinux: Shuffle the sk_security_struct alloc and free routines\n\nThe sk_alloc_security() and sk_free_security() functions were only being\ncalled by the selinux_sk_alloc_security() and selinux_sk_free_security()\nfunctions so we just move the guts of the alloc/free routines to the\ncallers and eliminate a layer of indirection.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d4f2d97841827cb876da8b607df05a3dab812416", "tree": "8d3128128f465e23dbfc5ee4ccc50d9bc489f7d7", "parents": [ "4d1e24514d80cb266231d0c1b6c02161970ad019" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:18 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:37 2010 +1000" }, "message": "selinux: Consolidate sockcreate_sid logic\n\nConsolidate the basic sockcreate_sid logic into a single helper function\nwhich allows us to do some cleanups in the related code.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4d1e24514d80cb266231d0c1b6c02161970ad019", "tree": "2de35d44c52dc1afa28c8f1bf294180817834a9d", "parents": [ "e79acf0ef45e0b54aed47ebea7f25c540d3f527e" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 22 14:46:18 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:37 2010 +1000" }, "message": "selinux: Set the peer label correctly on connected UNIX domain sockets\n\nCorrect a problem where we weren\u0027t setting the peer label correctly on\nthe client end of a pair of connected UNIX sockets.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e79acf0ef45e0b54aed47ebea7f25c540d3f527e", "tree": "02a593a5cb616b4b95e8f60aac786e57517442cf", "parents": [ "8fbe71f0e0ac28a39e4a93694c34d670c2f31e88" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:31:50 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:36 2010 +1000" }, "message": "TOMOYO: Pass \"struct list_head\" rather than \"void *\".\n\nPass \"struct list_head\" to tomoyo_add_to_gc() and bring\nlist_del_rcu() to tomoyo_add_to_gc().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8fbe71f0e0ac28a39e4a93694c34d670c2f31e88", "tree": "95dc6db6aaaa31a8876bc99c1531bfc26d0e838c", "parents": [ "cb917cf517075a357ce43b74e8a5a57f2c69a734" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:29:59 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:35 2010 +1000" }, "message": "TOMOYO: Make read function to void.\n\nRead functions do not fail. Make them from int to void.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cb917cf517075a357ce43b74e8a5a57f2c69a734", "tree": "5d7a5abdf135b566d0e764a4c767c15b317e7998", "parents": [ "71c282362d0672235c5205a7db1f3ac3fcf32981" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:28:21 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:35 2010 +1000" }, "message": "TOMOYO: Merge functions.\n\nEmbed tomoyo_path_number_perm2() into tomoyo_path_number_perm().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "71c282362d0672235c5205a7db1f3ac3fcf32981", "tree": "b359947179fad844767fc5b54a0761b7353babc1", "parents": [ "d795ef9e751b72c94600c91e31bdaef55987a9f6" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:26:38 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:34 2010 +1000" }, "message": "TOMOYO: Remove wrapper function for reading keyword.\n\nKeyword strings are read-only. We can directly access them to reduce code size.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d795ef9e751b72c94600c91e31bdaef55987a9f6", "tree": "f845fcc73cfad0fc2e9bb27e6e1a6110d7461e28", "parents": [ "75093152a97ee0ec281895b4f6229ff3c481fd64" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:24:58 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:34 2010 +1000" }, "message": "TOMOYO: Loosen parameter check for mount operation.\n\nIf invalid combination of mount flags are given, it will be rejected later.\nThus, no need for TOMOYO to reject invalid combination of mount flags.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "75093152a97ee0ec281895b4f6229ff3c481fd64", "tree": "960bdf1d441f43c2dfa3c4d54c48af5fc524a1a8", "parents": [ "99a852596beb26cc449ca1a79834c107ef4080e1" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:23:55 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:33 2010 +1000" }, "message": "TOMOYO: Rename symbols.\n\nUse shorter name in order to make it easier to fix 80 columns limit.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "99a852596beb26cc449ca1a79834c107ef4080e1", "tree": "8d593b0af85f6cbbfe73b916f7449148ccf93133", "parents": [ "cf6e9a6468ec82a94cbc707b607452ec4454182c" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:22:51 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:32 2010 +1000" }, "message": "TOMOYO: Use callback for permission check.\n\nWe can use callback function since parameters are passed via\n\"const struct tomoyo_request_info\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cf6e9a6468ec82a94cbc707b607452ec4454182c", "tree": "6b289c8575f1915395d3c1348d473ab07fbe34a8", "parents": [ "05336dee9f5a23c042e5938b42f996dd35e31ee6" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:21:36 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:32 2010 +1000" }, "message": "TOMOYO: Pass parameters via structure.\n\nTo make it possible to use callback function, pass parameters via\n\"struct tomoyo_request_info\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "05336dee9f5a23c042e5938b42f996dd35e31ee6", "tree": "c5dd4abb5bf15e06b399aa1b1e5db56bd848c762", "parents": [ "9ee0c823c18119914283358b35a1c3ebb14c2f90" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 16 16:20:24 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:31 2010 +1000" }, "message": "TOMOYO: Use common code for open and mkdir etc.\n\ntomoyo_file_perm() and tomoyo_path_permission() are similar.\nWe can embed tomoyo_file_perm() into tomoyo_path_permission().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9ee0c823c18119914283358b35a1c3ebb14c2f90", "tree": "6e29e71f1c9c7ae65d92a15a3b3220ae1d173407", "parents": [ "d2f8b2348f3406652ee00ee7221441bd36fe0195" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jun 11 12:37:05 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:30 2010 +1000" }, "message": "SELinux: seperate range transition rules to a seperate function\n\nMove the range transition rule to a separate function, range_read(), rather\nthan doing it all in policydb_read()\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d2f8b2348f3406652ee00ee7221441bd36fe0195", "tree": "5860237612bfefe2ec2006830048842b2fc94ad1", "parents": [ "36f5e1ffbf2bb951105ae4e261bcc1de3eaf510c" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jun 15 10:10:37 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:30 2010 +1000" }, "message": "TOMOYO: Use common code for garbage collection.\n\nUse common code for elements using \"struct list_head\" + \"bool\" structure.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "36f5e1ffbf2bb951105ae4e261bcc1de3eaf510c", "tree": "80e01278296477b4d30288081267d35ff771d720", "parents": [ "82e0f001a4c1112dcff9cafa9812a33889ad9b8a" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jun 15 09:23:26 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:29 2010 +1000" }, "message": "TOMOYO: Use callback for updating entries.\n\nUse common code for elements using \"struct list_head\" + \"bool\" structure.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "82e0f001a4c1112dcff9cafa9812a33889ad9b8a", "tree": "55c7e99f8773129b602f837f0c79f8d542021195", "parents": [ "237ab459f12cb98eadd3fe7b85343e183a1076a4" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jun 15 09:22:42 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:28 2010 +1000" }, "message": "TOMOYO: Use common structure for list element.\n\nUse common \"struct list_head\" + \"bool\" structure.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "237ab459f12cb98eadd3fe7b85343e183a1076a4", "tree": "f2835e2945016beb4e29b6a2ed8f9d372dc1b412", "parents": [ "927942aabbbe506bf9bc70a16dc5460ecc64c148" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Jun 12 20:46:22 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:28 2010 +1000" }, "message": "TOMOYO: Use callback for updating entries.\n\nUse common \"struct list_head\" + \"bool\" + \"u8\" structure and\nuse common code for elements using that structure.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "927942aabbbe506bf9bc70a16dc5460ecc64c148", "tree": "2c53ccb405bd4afb03ff9f7acab892fafc7e9b0f", "parents": [ "9156235b3427d6f01c5c95022f72f381f07583f5" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Jun 11 17:31:10 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:27 2010 +1000" }, "message": "KEYS: Make /proc/keys check to see if a key is possessed before security check\n\nMake /proc/keys check to see if the calling process possesses each key before\nperforming the security check. The possession check can be skipped if the key\ndoesn\u0027t have the possessor-view permission bit set.\n\nThis causes the keys a process possesses to show up in /proc/keys, even if they\ndon\u0027t have matching user/group/other view permissions.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9156235b3427d6f01c5c95022f72f381f07583f5", "tree": "16df30be93847e73a3b188b98f9ef2e034d82a90", "parents": [ "57c2590fb7fd38bd52708ff2716a577d0c2b3c5a" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Jun 11 17:31:05 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:27 2010 +1000" }, "message": "KEYS: Authorise keyctl_set_timeout() on a key if we have its authorisation key\n\nAuthorise a process to perform keyctl_set_timeout() on an uninstantiated key if\nthat process has the authorisation key for it.\n\nThis allows the instantiator to set the timeout on a key it is instantiating -\nprovided it does it before instantiating the key.\n\nFor instance, the test upcall script provided with the keyutils package could\nbe modified to set the expiry to an hour hence before instantiating the key:\n\n\t[/usr/share/keyutils/request-key-debug.sh]\n\t if [ \"$3\" !\u003d \"neg\" ]\n\t then\n\t+ keyctl timeout $1 3600\n\t keyctl instantiate $1 \"Debug $3\" $4 || exit 1\n\t else\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "57c2590fb7fd38bd52708ff2716a577d0c2b3c5a" }