)]}'
{
  "log": [
    {
      "commit": "06ec7be557a1259611d6093a00463c42650dc71a",
      "tree": "b83cdbc8405e0a174939d36e4fe40fb8adb51071",
      "parents": [
        "e51f6d343789a4f0a2a7587ad7ec7746969d5c1c"
      ],
      "author": {
        "name": "Michael LeMay",
        "email": "mdlemay@epoch.ncsc.mil",
        "time": "Mon Jun 26 00:24:56 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Mon Jun 26 09:58:18 2006 -0700"
      },
      "message": "[PATCH] keys: restrict contents of /proc/keys to Viewable keys\n\nRestrict /proc/keys such that only those keys to which the current task is\ngranted View permission are presented.\n\nThe documentation is also updated to reflect these changes.\n\nSigned-off-by: Michael LeMay \u003cmdlemay@epoch.ncsc.mil\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "df71837d5024e2524cd51c93621e558aa7dd9f3f",
      "tree": "58938f1d46f3c6713b63e5a785e82fdbb10121a1",
      "parents": [
        "88026842b0a760145aa71d69e74fbc9ec118ca44"
      ],
      "author": {
        "name": "Trent Jaeger",
        "email": "tjaeger@cse.psu.edu",
        "time": "Tue Dec 13 23:12:27 2005 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Tue Jan 03 13:10:24 2006 -0800"
      },
      "message": "[LSM-IPSec]: Security association restriction.\n\nThis patch series implements per packet access control via the\nextension of the Linux Security Modules (LSM) interface by hooks in\nthe XFRM and pfkey subsystems that leverage IPSec security\nassociations to label packets.  Extensions to the SELinux LSM are\nincluded that leverage the patch for this purpose.\n\nThis patch implements the changes necessary to the XFRM subsystem,\npfkey interface, ipv4/ipv6, and xfrm_user interface to restrict a\nsocket to use only authorized security associations (or no security\nassociation) to send/receive network packets.\n\nPatch purpose:\n\nThe patch is designed to enable access control per packets based on\nthe strongly authenticated IPSec security association.  Such access\ncontrols augment the existing ones based on network interface and IP\naddress.  The former are very coarse-grained, and the latter can be\nspoofed.  By using IPSec, the system can control access to remote\nhosts based on cryptographic keys generated using the IPSec mechanism.\nThis enables access control on a per-machine basis or per-application\nif the remote machine is running the same mechanism and trusted to\nenforce the access control policy.\n\nPatch design approach:\n\nThe overall approach is that policy (xfrm_policy) entries set by\nuser-level programs (e.g., setkey for ipsec-tools) are extended with a\nsecurity context that is used at policy selection time in the XFRM\nsubsystem to restrict the sockets that can send/receive packets via\nsecurity associations (xfrm_states) that are built from those\npolicies.\n\nA presentation available at\nwww.selinux-symposium.org/2005/presentations/session2/2-3-jaeger.pdf\nfrom the SELinux symposium describes the overall approach.\n\nPatch implementation details:\n\nOn output, the policy retrieved (via xfrm_policy_lookup or\nxfrm_sk_policy_lookup) must be authorized for the security context of\nthe socket and the same security context is required for resultant\nsecurity association (retrieved or negotiated via racoon in\nipsec-tools).  This is enforced in xfrm_state_find.\n\nOn input, the policy retrieved must also be authorized for the socket\n(at __xfrm_policy_check), and the security context of the policy must\nalso match the security association being used.\n\nThe patch has virtually no impact on packets that do not use IPSec.\nThe existing Netfilter (outgoing) and LSM rcv_skb hooks are used as\nbefore.\n\nAlso, if IPSec is used without security contexts, the impact is\nminimal.  The LSM must allow such policies to be selected for the\ncombination of socket and remote machine, but subsequent IPSec\nprocessing proceeds as in the original case.\n\nTesting:\n\nThe pfkey interface is tested using the ipsec-tools.  ipsec-tools have\nbeen modified (a separate ipsec-tools patch is available for version\n0.5) that supports assignment of xfrm_policy entries and security\nassociations with security contexts via setkey and the negotiation\nusing the security contexts via racoon.\n\nThe xfrm_user interface is tested via ad hoc programs that set\nsecurity contexts.  These programs are also available from me, and\ncontain programs for setting, getting, and deleting policy for testing\nthis interface.  Testing of sa functions was done by tracing kernel\nbehavior.\n\nSigned-off-by: Trent Jaeger \u003ctjaeger@cse.psu.edu\u003e\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "2c40579bdc2a94977fcff2521d5b53a97c33e77a",
      "tree": "04da3ba2070d46115e93ddbb148e035666862d84",
      "parents": [
        "5a73c308754e27829c94544e010f133019cbd432"
      ],
      "author": {
        "name": "Adrian Bunk",
        "email": "bunk@stusta.de",
        "time": "Mon Aug 22 18:20:50 2005 +0200"
      },
      "committer": {
        "name": "Chris Wright",
        "email": "chrisw@osdl.org",
        "time": "Mon Aug 22 14:10:22 2005 -0700"
      },
      "message": "[PATCH] SECURITY must depend on SYSFS\n\nCONFIG_SECURITY\u003dy and CONFIG_SYSFS\u003dn results in the following compile\nerror:\n\n\u003c--  snip  --\u003e\n\n...\n  LD      vmlinux\nsecurity/built-in.o: In function `securityfs_init\u0027:\ninode.c:(.init.text+0x1c2): undefined reference to `kernel_subsys\u0027\nmake: *** [vmlinux] Error 1\n\n\u003c--  snip  --\u003e\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Chris Wright \u003cchrisw@osdl.org\u003e\n"
    },
    {
      "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
      "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d",
      "parents": [],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@ppc970.osdl.org",
        "time": "Sat Apr 16 15:20:36 2005 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@ppc970.osdl.org",
        "time": "Sat Apr 16 15:20:36 2005 -0700"
      },
      "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n"
    }
  ]
}