)]}' { "log": [ { "commit": "089be43e403a78cd6889cde2fba164fefe9dfd89", "tree": "de401b27c91c528dbf64c712e6b64d185ded0c54", "parents": [ "50515af207d410c9f228380e529c56f43c3de0bd" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jul 15 18:32:49 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jul 15 18:32:49 2008 +1000" }, "message": "Revert \"SELinux: allow fstype unknown to policy to use xattrs if present\"\n\nThis reverts commit 811f3799279e567aa354c649ce22688d949ac7a9.\n\nFrom Eric Paris:\n\n\"Please drop this patch for now. It deadlocks on ntfs-3g. I need to\nrework it to handle fuse filesystems better. (casey was right)\"\n" }, { "commit": "6f0f0fd496333777d53daff21a4e3b28c4d03a6d", "tree": "202de67376fce2547b44ae5b016d6424c3c7409c", "parents": [ "93cbace7a058bce7f99319ef6ceff4b78cf45051" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jul 10 17:02:07 2008 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:04:06 2008 +1000" }, "message": "security: remove register_security hook\n\nThe register security hook is no longer required, as the capability\nmodule is always registered. LSMs wishing to stack capability as\na secondary module should do so explicitly.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n" }, { "commit": "93cbace7a058bce7f99319ef6ceff4b78cf45051", "tree": "01a9f6c054dc2cca186a563a84345c4635ab304e", "parents": [ "5915eb53861c5776cfec33ca4fcc1fd20d66dd27" ], "author": { "name": "Miklos Szeredi", "email": "miklos@szeredi.hu", "time": "Thu Jul 10 11:10:09 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:03:41 2008 +1000" }, "message": "security: remove dummy module fix\n\nFix small oversight in \"security: remove dummy module\":\nCONFIG_SECURITY_FILE_CAPABILITIES doesn\u0027t depend on CONFIG_SECURITY\n\nSigned-off-by: Miklos Szeredi \u003cmszeredi@suse.cz\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5915eb53861c5776cfec33ca4fcc1fd20d66dd27", "tree": "d4895b96dfdc227a3abe2f13c093b6f53ac3aef8", "parents": [ "b478a9f9889c81e88077d1495daadee64c0af541" ], "author": { "name": "Miklos Szeredi", "email": "mszeredi@suse.cz", "time": "Thu Jul 03 20:56:05 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:03:04 2008 +1000" }, "message": "security: remove dummy module\n\nRemove the dummy module and make the \"capability\" module the default.\n\nCompile and boot tested.\n\nSigned-off-by: Miklos Szeredi \u003cmszeredi@suse.cz\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b478a9f9889c81e88077d1495daadee64c0af541", "tree": "d1a843fab53dd4b28b45172ba0b90417c4eefc48", "parents": [ "2069f457848f846cb31149c9aa29b330a6b66d1b" ], "author": { "name": "Miklos Szeredi", "email": "mszeredi@suse.cz", "time": "Thu Jul 03 20:56:04 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:02:05 2008 +1000" }, "message": "security: remove unused sb_get_mnt_opts hook\n\nThe sb_get_mnt_opts() hook is unused, and is superseded by the\nsb_show_options() hook.\n\nSigned-off-by: Miklos Szeredi \u003cmszeredi@suse.cz\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2069f457848f846cb31149c9aa29b330a6b66d1b", "tree": "199e7bb15e7d7b5cf008cd6fdb6cefc0d6af7f13", "parents": [ "811f3799279e567aa354c649ce22688d949ac7a9" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 04 09:47:13 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:02:05 2008 +1000" }, "message": "LSM/SELinux: show LSM mount options in /proc/mounts\n\nThis patch causes SELinux mount options to show up in /proc/mounts. As\nwith other code in the area seq_put errors are ignored. Other LSM\u0027s\nwill not have their mount options displayed until they fill in their own\nsecurity_sb_show_options() function.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Miklos Szeredi \u003cmszeredi@suse.cz\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "811f3799279e567aa354c649ce22688d949ac7a9", "tree": "2a4d8c30821de84d5adcf37a09562ebba92f9f23", "parents": [ "65fc7668006b537f7ae8451990c0ed9ec882544e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jun 18 09:50:04 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:02:04 2008 +1000" }, "message": "SELinux: allow fstype unknown to policy to use xattrs if present\n\nCurrently if a FS is mounted for which SELinux policy does not define an\nfs_use_* that FS will either be genfs labeled or not labeled at all.\nThis decision is based on the existence of a genfscon rule in policy and\nis irrespective of the capabilities of the filesystem itself. This\npatch allows the kernel to check if the filesystem supports security\nxattrs and if so will use those if there is no fs_use_* rule in policy.\nAn fstype with a no fs_use_* rule but with a genfs rule will use xattrs\nif available and will follow the genfs rule.\n\nThis can be particularly interesting for things like ecryptfs which\nactually overlays a real underlying FS. If we define excryptfs in\npolicy to use xattrs we will likely get this wrong at times, so with\nthis path we just don\u0027t need to define it!\n\nOverlay ecryptfs on top of NFS with no xattr support:\nSELinux: initialized (dev ecryptfs, type ecryptfs), uses genfs_contexts\nOverlay ecryptfs on top of ext4 with xattr support:\nSELinux: initialized (dev ecryptfs, type ecryptfs), uses xattr\n\nIt is also useful as the kernel adds new FS we don\u0027t need to add them in\npolicy if they support xattrs and that is how we want to handle them.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "65fc7668006b537f7ae8451990c0ed9ec882544e", "tree": "9f0f2b9c98aaa330534e225c5644e997cf01c1a9", "parents": [ "2baf06df85b27c1d64867883a0692519594f1ef2" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 12 01:00:10 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:02:03 2008 +1000" }, "message": "security: fix return of void-valued expressions\n\nFix several warnings generated by sparse of the form\n\"returning void-valued expression\".\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\n" }, { "commit": "2baf06df85b27c1d64867883a0692519594f1ef2", "tree": "b4f8f2ba2c4175983fea740a607d7cc3cfef26ec", "parents": [ "e399f98224a03d2e85fb45eacba367c47173f6f9" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 12 01:42:35 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:02:02 2008 +1000" }, "message": "SELinux: use do_each_thread as a proper do/while block\n\nUse do_each_thread as a proper do/while block. Sparse complained.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "e399f98224a03d2e85fb45eacba367c47173f6f9", "tree": "b21f310e9317c2726acc5d27763c95a128528b4d", "parents": [ "6cbe27061a69ab89d25dbe42d1a4f33a8425fe88" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 12 01:39:58 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:02:01 2008 +1000" }, "message": "SELinux: remove unused and shadowed addrlen variable\n\nRemove unused and shadowed addrlen variable. Picked up by sparse.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "6cbe27061a69ab89d25dbe42d1a4f33a8425fe88", "tree": "883e50c699dcd495ca9fc985e71622394ce21001", "parents": [ "22df4adb049a5cbb340dd935f5bbfa1ab3947562" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jun 09 16:51:37 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:02:00 2008 +1000" }, "message": "SELinux: more user friendly unknown handling printk\n\nI\u0027ve gotten complaints and reports about people not understanding the\nmeaning of the current unknown class/perm handling the kernel emits on\nevery policy load. Hopefully this will make make it clear to everyone\nthe meaning of the message and won\u0027t waste a printk the user won\u0027t care\nabout anyway on systems where the kernel and the policy agree on\neverything.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "22df4adb049a5cbb340dd935f5bbfa1ab3947562", "tree": "28dead43dd9eb81768e143ced4e9cd45c6a0246f", "parents": [ "89abd0acf0335f3f760a3c0698d43bb1eaa83e44" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Jun 09 16:03:56 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:59 2008 +1000" }, "message": "selinux: change handling of invalid classes (Was: Re: 2.6.26-rc5-mm1 selinux whine)\n\nOn Mon, 2008-06-09 at 01:24 -0700, Andrew Morton wrote:\n\u003e Getting a few of these with FC5:\n\u003e\n\u003e SELinux: context_struct_compute_av: unrecognized class 69\n\u003e SELinux: context_struct_compute_av: unrecognized class 69\n\u003e\n\u003e one came out when I logged in.\n\u003e\n\u003e No other symptoms, yet.\n\nChange handling of invalid classes by SELinux, reporting class values\nunknown to the kernel as errors (w/ ratelimit applied) and handling\nclass values unknown to policy as normal denials.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "89abd0acf0335f3f760a3c0698d43bb1eaa83e44", "tree": "c71f08fd6b9fa3969352f96d88daa1409474e2d6", "parents": [ "cea78dc4ca044e9666e8f5d797ec50ab85253e49" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jun 09 15:58:04 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:58 2008 +1000" }, "message": "SELinux: drop load_mutex in security_load_policy\n\nWe used to protect against races of policy load in security_load_policy\nby using the load_mutex. Since then we have added a new mutex,\nsel_mutex, in sel_write_load() which is always held across all calls to\nsecurity_load_policy we are covered and can safely just drop this one.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cea78dc4ca044e9666e8f5d797ec50ab85253e49", "tree": "3aa8608428774602db2550cd684bef26a9812b5d", "parents": [ "bdd581c1439339f1d3e8446b83e0f1beaef294e9" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jun 09 15:43:12 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:58 2008 +1000" }, "message": "SELinux: fix off by 1 reference of class_to_string in context_struct_compute_av\n\nThe class_to_string array is referenced by tclass. My code mistakenly\nwas using tclass - 1. If the proceeding class is a userspace class\nrather than kernel class this may cause a denial/EINVAL even if unknown\nhandling is set to allow. The bug shouldn\u0027t be allowing excess\nprivileges since those are given based on the contents of another array\nwhich should be correctly referenced.\n\nAt this point in time its pretty unlikely this is going to cause\nproblems. The most recently added kernel classes which could be\naffected are association, dccp_socket, and peer. Its pretty unlikely\nany policy with handle_unknown\u003dallow doesn\u0027t have association and\ndccp_socket undefined (they\u0027ve been around longer than unknown handling)\nand peer is conditionalized on a policy cap which should only be defined\nif that class exists in policy.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bdd581c1439339f1d3e8446b83e0f1beaef294e9", "tree": "aa6daa5462dfe041692900d1e853a94bc791818b", "parents": [ "972ccac2b237967ed7e56a50eb181b5a0a484b79" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 06 18:50:12 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:57 2008 +1000" }, "message": "SELinux: open code sidtab lock\n\nOpen code sidtab lock to make Andrew Morton happy.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "972ccac2b237967ed7e56a50eb181b5a0a484b79", "tree": "44916f101e36cbb9c5c75eca91bd5a76250ea0c2", "parents": [ "0804d1133c02cbdfba0055de774f2c21a8b777dc" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 06 18:43:26 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:56 2008 +1000" }, "message": "SELinux: open code load_mutex\n\nOpen code load_mutex as suggested by Andrew Morton.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0804d1133c02cbdfba0055de774f2c21a8b777dc", "tree": "d9bbb58ed872f55887d2269abd9aec252894289d", "parents": [ "59dbd1ba9847837aa7095f3e4a29599dae412ac4" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 06 18:40:29 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:55 2008 +1000" }, "message": "SELinux: open code policy_rwlock\n\nOpen code policy_rwlock, as suggested by Andrew Morton.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "59dbd1ba9847837aa7095f3e4a29599dae412ac4", "tree": "7027450aa23e7f25a67e5cd9a7686e013956ac61", "parents": [ "242631c49d4cf39642741d6627750151b058233b" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jun 05 09:48:51 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:54 2008 +1000" }, "message": "selinux: fix endianness bug in network node address handling\n\nFix an endianness bug in the handling of network node addresses by\nSELinux. This yields no change on little endian hardware but fixes\nthe incorrect handling on big endian hardware. The network node\naddresses are stored in network order in memory by checkpolicy, not in\ncpu/host order, and thus should not have cpu_to_le32/le32_to_cpu\nconversions applied upon policy write/read unlike other data in the\npolicy.\n\nBug reported by John Weeks of Sun, who noticed that binary policy\nfiles built from the same policy source on x86 and sparc differed and\ntracked it down to the ipv4 address handling in checkpolicy.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "242631c49d4cf39642741d6627750151b058233b", "tree": "26756c2b256cf5b14ca279a634d5bcc5e67b2b41", "parents": [ "abc69bb633931bf54c6db798bcdc6fd1e0284742" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jun 05 09:21:28 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:53 2008 +1000" }, "message": "selinux: simplify ioctl checking\n\nSimplify and improve the robustness of the SELinux ioctl checking by\nusing the \"access mode\" bits of the ioctl command to determine the\npermission check rather than dealing with individual command values.\nThis removes any knowledge of specific ioctl commands from SELinux\nand follows the same guidance we gave to Smack earlier.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "abc69bb633931bf54c6db798bcdc6fd1e0284742", "tree": "711aaf6c5e1d8bdd57138e8baf3a369ed832602d", "parents": [ "006ebb40d3d65338bd74abb03b945f8d60e362bd" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed May 21 14:16:12 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:52 2008 +1000" }, "message": "SELinux: enable processes with mac_admin to get the raw inode contexts\n\nEnable processes with CAP_MAC_ADMIN + mac_admin permission in policy\nto get undefined contexts on inodes. This extends the support for\ndeferred mapping of security contexts in order to permit restorecon\nand similar programs to see the raw file contexts unknown to the\nsystem policy in order to check them.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "006ebb40d3d65338bd74abb03b945f8d60e362bd", "tree": "c548c678b54b307e1fb9acf94676fb7bfd849501", "parents": [ "feb2a5b82d87fbdc01c00b7e9413e4b5f4c1f0c1" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon May 19 08:32:49 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:47 2008 +1000" }, "message": "Security: split proc ptrace checking into read vs. attach\n\nEnable security modules to distinguish reading of process state via\nproc from full ptrace access by renaming ptrace_may_attach to\nptrace_may_access and adding a mode argument indicating whether only\nread access or full attach access is requested. This allows security\nmodules to permit access to reading process state without granting\nfull ptrace access. The base DAC/capability checking remains unchanged.\n\nRead access to /proc/pid/mem continues to apply a full ptrace attach\ncheck since check_mem_permission() already requires the current task\nto already be ptracing the target. The other ptrace checks within\nproc for elements like environ, maps, and fds are changed to pass the\nread mode instead of attach.\n\nIn the SELinux case, we model such reading of process state as a\nreading of a proc file labeled with the target process\u0027 label. This\nenables SELinux policy to permit such reading of process state without\npermitting control or manipulation of the target process, as there are\na number of cases where programs probe for such information via proc\nbut do not need to be able to control the target (e.g. procps,\nlsof, PolicyKit, ConsoleKit). At present we have to choose between\nallowing full ptrace in policy (more permissive than required/desired)\nor breaking functionality (or in some cases just silencing the denials\nvia dontaudit rules but this can hide genuine attacks).\n\nThis version of the patch incorporates comments from Casey Schaufler\n(change/replace existing ptrace_may_attach interface, pass access\nmode), and Chris Wright (provide greater consistency in the checking).\n\nNote that like their predecessors __ptrace_may_attach and\nptrace_may_attach, the __ptrace_may_access and ptrace_may_access\ninterfaces use different return value conventions from each other (0\nor -errno vs. 1 or 0). I retained this difference to avoid any\nchanges to the caller logic but made the difference clearer by\nchanging the latter interface to return a bool rather than an int and\nby adding a comment about it to ptrace.h for any future callers.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "feb2a5b82d87fbdc01c00b7e9413e4b5f4c1f0c1", "tree": "ba72273578711b9e21386570f70bc619b6af3ae4", "parents": [ "fdeb05184b8b2500e120647778d63fddba76dc59" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 20 09:42:33 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:38 2008 +1000" }, "message": "SELinux: remove inherit field from inode_security_struct\n\nRemove inherit field from inode_security_struct, per Stephen Smalley:\n\"Let\u0027s just drop inherit altogether - dead field.\"\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fdeb05184b8b2500e120647778d63fddba76dc59", "tree": "19e745966786f4af3d589018d6dc738aeb5f1321", "parents": [ "f5269710789f666a65cf1132c4f1d14fbc8d3c29" ], "author": { "name": "Richard Kennedy", "email": "richard@rsk.demon.co.uk", "time": "Sun May 18 12:32:57 2008 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:37 2008 +1000" }, "message": "SELinux: reorder inode_security_struct to increase objs/slab on 64bit\n\nreorder inode_security_struct to remove padding on 64 bit builds\n\nsize reduced from 72 to 64 bytes increasing objects per slab to 64.\n\nSigned-off-by: Richard Kennedy \u003crichard@rsk.demon.co.uk\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f5269710789f666a65cf1132c4f1d14fbc8d3c29", "tree": "8c61f74cb04505e3f16483baf1d7113e750968d7", "parents": [ "9a59daa03df72526d234b91dd3e32ded5aebd3ef" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed May 14 11:27:45 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:36 2008 +1000" }, "message": "SELinux: keep the code clean formating and syntax\n\nFormatting and syntax changes\n\nwhitespace, tabs to spaces, trailing space\nput open { on same line as struct def\nremove unneeded {} after if statements\nchange printk(\"Lu\") to printk(\"llu\")\nconvert asm/uaccess.h to linux/uaacess.h includes\nremove unnecessary asm/bug.h includes\nconvert all users of simple_strtol to strict_strtol\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9a59daa03df72526d234b91dd3e32ded5aebd3ef", "tree": "9ba6797d509a5657be7f47f55e630f06a489174d", "parents": [ "12b29f34558b9b45a2c6eabd4f3c6be939a3980f" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed May 14 10:33:55 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:35 2008 +1000" }, "message": "SELinux: fix sleeping allocation in security_context_to_sid\n\nFix a sleeping function called from invalid context bug by moving allocation\nto the callers prior to taking the policy rdlock.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "12b29f34558b9b45a2c6eabd4f3c6be939a3980f", "tree": "9b7921724226cd81901070026572bf05014dc41c", "parents": [ "bce7f793daec3e65ec5c5705d2457b81fe7b5725" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed May 07 13:03:20 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:01:34 2008 +1000" }, "message": "selinux: support deferred mapping of contexts\n\nIntroduce SELinux support for deferred mapping of security contexts in\nthe SID table upon policy reload, and use this support for inode\nsecurity contexts when the context is not yet valid under the current\npolicy. Only processes with CAP_MAC_ADMIN + mac_admin permission in\npolicy can set undefined security contexts on inodes. Inodes with\nsuch undefined contexts are treated as having the unlabeled context\nuntil the context becomes valid upon a policy reload that defines the\ncontext. Context invalidation upon policy reload also uses this\nsupport to save the context information in the SID table and later\nrecover it upon a subsequent policy reload that defines the context\nagain.\n\nThis support is to enable package managers and similar programs to set\ndown file contexts unknown to the system policy at the time the file\nis created in order to better support placing loadable policy modules\nin packages and to support build systems that need to create images of\ndifferent distro releases with different policies w/o requiring all of\nthe contexts to be defined or legal in the build host policy.\n\nWith this patch applied, the following sequence is possible, although\nin practice it is recommended that this permission only be allowed to\nspecific program domains such as the package manager.\n\n# rmdir baz\n# rm bar\n# touch bar\n# chcon -t foo_exec_t bar # foo_exec_t is not yet defined\nchcon: failed to change context of `bar\u0027 to `system_u:object_r:foo_exec_t\u0027: Invalid argument\n# mkdir -Z system_u:object_r:foo_exec_t baz\nmkdir: failed to set default file creation context to `system_u:object_r:foo_exec_t\u0027: Invalid argument\n# cat setundefined.te\npolicy_module(setundefined, 1.0)\nrequire {\n\ttype unconfined_t;\n\ttype unlabeled_t;\n}\nfiles_type(unlabeled_t)\nallow unconfined_t self:capability2 mac_admin;\n# make -f /usr/share/selinux/devel/Makefile setundefined.pp\n# semodule -i setundefined.pp\n# chcon -t foo_exec_t bar # foo_exec_t is not yet defined\n# mkdir -Z system_u:object_r:foo_exec_t baz\n# ls -Zd bar baz\n-rw-r--r-- root root system_u:object_r:unlabeled_t bar\ndrwxr-xr-x root root system_u:object_r:unlabeled_t baz\n# cat foo.te\npolicy_module(foo, 1.0)\ntype foo_exec_t;\nfiles_type(foo_exec_t)\n# make -f /usr/share/selinux/devel/Makefile foo.pp\n# semodule -i foo.pp # defines foo_exec_t\n# ls -Zd bar baz\n-rw-r--r-- root root user_u:object_r:foo_exec_t bar\ndrwxr-xr-x root root system_u:object_r:foo_exec_t baz\n# semodule -r foo\n# ls -Zd bar baz\n-rw-r--r-- root root system_u:object_r:unlabeled_t bar\ndrwxr-xr-x root root system_u:object_r:unlabeled_t baz\n# semodule -i foo.pp\n# ls -Zd bar baz\n-rw-r--r-- root root user_u:object_r:foo_exec_t bar\ndrwxr-xr-x root root system_u:object_r:foo_exec_t baz\n# semodule -r setundefined foo\n# chcon -t foo_exec_t bar # no longer defined and not allowed\nchcon: failed to change context of `bar\u0027 to `system_u:object_r:foo_exec_t\u0027: Invalid argument\n# rmdir baz\n# mkdir -Z system_u:object_r:foo_exec_t baz\nmkdir: failed to set default file creation context to `system_u:object_r:foo_exec_t\u0027: Invalid argument\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ec229e830060091b9be63c8f873c1b2407a82821", "tree": "505231f1cad4a3258d509dfc75e47ed445647ff6", "parents": [ "17d213f806dad629e9af36fc45f082b87ed7bceb" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Sun Jul 13 12:14:04 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jul 13 12:51:18 2008 -0700" }, "message": "devcgroup: fix permission check when adding entry to child cgroup\n\n # cat devices.list\n c 1:3 r\n # echo \u0027c 1:3 w\u0027 \u003e sub/devices.allow\n # cat sub/devices.list\n c 1:3 w\n\nAs illustrated, the parent group has no write permission to /dev/null, so\nit\u0027s child should not be allowed to add this write permission.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "17d213f806dad629e9af36fc45f082b87ed7bceb", "tree": "bbb91f06c39cddd1a05b0bdb8470f472c39c81c6", "parents": [ "0302c01b4b793cfbc5c7bf8723f6d14bf9bd7cf4" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Sun Jul 13 12:14:02 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jul 13 12:51:18 2008 -0700" }, "message": "devcgroup: always show positive major/minor num\n\n # echo \"b $((0x7fffffff)):$((0x80000000)) rwm\" \u003e devices.allow\n # cat devices.list\n b 214748364:-21474836 rwm\n\nthough a major/minor number of 0x800000000 is meaningless, we\nshould not cast it to a negative value.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d823f6bfec2844493c05961133895de21fa0e02d", "tree": "853fac4a97ab842f9ee52adfbf72297e8b90688d", "parents": [ "26ff8c697a2c8f6974c2357d3f01cca91b20c964" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Fri Jul 04 10:00:07 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 04 10:40:10 2008 -0700" }, "message": "devcgroup: fix odd behaviour when writing \u0027a\u0027 to devices.allow\n\n # cat /devcg/devices.list\n a *:* rwm\n # echo a \u003e devices.allow\n # cat /devcg/devices.list\n a *:* rwm\n a 0:0 rwm\n\nThis is odd and maybe confusing. With this patch, writing \u0027a\u0027 to\ndevices.allow will add \u0027a *:* rwm\u0027 to the whitelist.\n\nAlso a few fixes and updates to the document.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1209726ce942047c9fefe7cd427dc36f8e9ded53", "tree": "298e78052d6bdd92c78b22c86604f8c8364bc8d9", "parents": [ "086f7316f0d400806d76323beefae996bb3849b1" ], "author": { "name": "Andrew G. Morgan", "email": "morgan@kernel.org", "time": "Fri Jul 04 09:59:59 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 04 10:40:08 2008 -0700" }, "message": "security: filesystem capabilities: fix CAP_SETPCAP handling\n\nThe filesystem capability support meaning for CAP_SETPCAP is less powerful\nthan the non-filesystem capability support. As such, when filesystem\ncapabilities are configured, we should not permit CAP_SETPCAP to \u0027enhance\u0027\nthe current process through strace manipulation of a child process.\n\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8cdbc2b9826b3543fecff2f6d6400fa77b21ffdd", "tree": "e42ddc9142988fffb2b4128e2d94b3913914dbe6", "parents": [ "57d3c64fd8130ebdacd85a36c9656ba5e221f3a3" ], "author": { "name": "Andrew G. Morgan", "email": "morgan@kernel.org", "time": "Thu Jun 12 15:21:33 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jun 12 18:05:40 2008 -0700" }, "message": "capabilities: add (back) dummy support for KEEPCAPS\n\nThe dummy module is used by folk that run security conscious code(!?). A\nfeature of such code (for example, dhclient) is that it tries to operate\nwith minimum privilege (dropping unneeded capabilities). While the dummy\nmodule doesn\u0027t restrict code execution based on capability state, the user\ncode expects the kernel to appear to support it. This patch adds back\nfaked support for the PR_SET_KEEPCAPS etc., calls - making the kernel\nbehave as before 2.6.26.\n\nFor details see: http://bugzilla.kernel.org/show_bug.cgi?id\u003d10748\n\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "dba6a4d32d8677c99e73798d3375417f8a6d46de", "tree": "1011eef6e948f2db35805c017324648e1eddb61a", "parents": [ "37340746a66e5e7feed5945f28cb75d90a8fd9f6" ], "author": { "name": "Daniel Walker", "email": "dwalker@mvista.com", "time": "Thu Jun 05 22:46:32 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jun 06 11:29:11 2008 -0700" }, "message": "keys: remove unused key_alloc_sem\n\nThis semaphore doesn\u0027t appear to be used, so remove it.\n\nSigned-off-by: Daniel Walker \u003cdwalker@mvista.com\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d1ee2971f5bd8a16bc5ecfe1b00e14b4fe407c4f", "tree": "733c51b66dda47216ca1526fdd85004206fd0ec8", "parents": [ "7db9cfd380205f6b50afdc3bc3619f876a5eaf0d" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Thu Jun 05 22:46:28 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jun 06 11:29:11 2008 -0700" }, "message": "devscgroup: make white list more compact in some cases\n\nConsider you added a \u0027c foo:bar r\u0027 permission to some cgroup and then (a\nbit later) \u0027c\u0027foo:bar w\u0027 for it. After this you\u0027ll see the\n\nc foo:bar r\nc foo:bar w\n\nlines in a devices.list file.\n\nAnother example - consider you added 10 \u0027c foo:bar r\u0027 permissions to some\ncgroup (e.g. by mistake). After this you\u0027ll see 10 c foo:bar r lines in\na list file.\n\nThis is weird. This situation also has one more annoying consequence.\nHaving many items in a white list makes permissions checking slower, sine\nit has to walk a longer list.\n\nThe proposal is to merge permissions for items, that correspond to the\nsame device.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cc9cb219aac24ffc711566c8f372c2b3a3bf840f", "tree": "efa678227596922a00b2a7744c33707041c78316", "parents": [ "b66862f7663332aa1ecb3ebda4086360ddb8befc" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Thu Jun 05 22:46:26 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jun 06 11:29:11 2008 -0700" }, "message": "devscgroup: relax task to dev_cgroup conversion\n\nTwo functions, that need to get a device_cgroup from a task (they are\ndevcgroup_inode_permission and devcgroup_inode_mknod) make it in a strange\nway:\n\nThey get a css_set from task, then a subsys_state from css_set, then a\ncgroup from the state and then a subsys_state again from the cgroup.\nBesides, the devices_subsys_id is read from memory, whilst there\u0027s a\nenum-ed constant for it.\n\nOptimize this part a bit:\n1. Get the subsys_stats form the task and be done - no 2 extra\n dereferences,\n2. Use the device_subsys_id constant, not the value from memory\n (i.e. one less dereference).\n\nFound while preparing 2.6.26 OpenVZ port.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b66862f7663332aa1ecb3ebda4086360ddb8befc", "tree": "8ba5a907f4bafad460cef4d6c573b9f5aae957e5", "parents": [ "93b071139a956e51c98cdefd50a47981a4eb852e" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Thu Jun 05 22:46:24 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jun 06 11:29:11 2008 -0700" }, "message": "devcgroup: make a helper to convert cgroup_subsys_state to devs_cgroup\n\nThis is just picking the container_of out of cgroup_to_devcgroup into a\nseparate function.\n\nThis new css_to_devcgroup will be used in the 2nd patch.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e97dcb0eadbb821eccd549d4987b653cf61e2374", "tree": "0dc9cddcac54dcdc35f7e1ddf6e190947ec86320", "parents": [ "246dd412d31e4f5de1d43aa6422a325b785f36e4" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Jun 02 10:04:32 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jun 04 08:50:43 2008 -0700" }, "message": "Smack: fuse mount hang fix\n\nThe d_instantiate hook for Smack can hang on the root inode of a\nfilesystem if the file system code has not really done all the set-up.\nFuse is known to encounter this problem.\n\nThis change detects an attempt to instantiate a root inode and addresses\nit early in the processing, before any attempt is made to do something\nthat might hang.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nTested-by: Luiz Fernando N. Capitulino \u003clcapitulino@mandriva.com.br\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9f3acc3140444a900ab280de942291959f0f615d", "tree": "0d7f3f9698071ff90fb9a127a4c6e86e1c37c945", "parents": [ "a2dcb44c3c5a8151d2d9f6ac8ad0789efcdbe184" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Apr 24 07:44:08 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 01 13:08:16 2008 -0400" }, "message": "[PATCH] split linux/file.h\n\nInitial splitoff of the low-level stuff; taken to fdtable.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3b5e9e53c6f31b5a5a0f5c43707503c62bdefa46", "tree": "1244b7cf2755c06a8a793149ce4717e4a1311218", "parents": [ "9e3bd6c3fb2334be171e69b432039cd18bce4458" ], "author": { "name": "Oleg Nesterov", "email": "oleg@tv-sign.ru", "time": "Wed Apr 30 00:52:42 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Apr 30 08:29:34 2008 -0700" }, "message": "signals: cleanup security_task_kill() usage/implementation\n\nEvery implementation of -\u003etask_kill() does nothing when the signal comes from\nthe kernel. This is correct, but means that check_kill_permission() should\ncall security_task_kill() only for SI_FROMUSER() case, and we can remove the\nsame check from -\u003etask_kill() implementations.\n\n(sadly, check_kill_permission() is the last user of signal-\u003esession/__session\n but we can\u0027t s/task_session_nr/task_session/ here).\n\nNOTE: Eric W. Biederman pointed out cap_task_kill() should die, and I think\nhe is very right.\n\nSigned-off-by: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: David Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Harald Welte \u003claforge@gnumonks.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d20bdda6d45a4035e48ca7ae467a0d955c1ffc60", "tree": "634f8bcc6ad7382a79be1081575ee12e7006c375", "parents": [ "780db6c104de48104501f5943361f2371564b85d" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Wed Apr 30 08:34:10 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 30 08:34:10 2008 +1000" }, "message": "Smack: Integrate Smack with Audit\n\nSetup the new Audit hooks for Smack. SELinux Audit rule fields are recycled\nto avoid `auditd\u0027 userspace modifications. Currently only equality testing\nis supported on labels acting as a subject (AUDIT_SUBJ_USER) or as an object\n(AUDIT_OBJ_USER).\n\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "e52c1764f18a62776a0f2bc6752fb76b6e345827", "tree": "b60a62585dfe511d9216cdd4a207fd07df1b2f99", "parents": [ "7663c1e2792a9662b23dec6e19bfcd3d55360b8f" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Apr 29 20:52:51 2008 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 30 08:23:51 2008 +1000" }, "message": "Security: Make secctx_to_secid() take const secdata\n\nMake secctx_to_secid() take constant secdata.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9781db7b345b5dfe93787aaaf310c861db7c1ede", "tree": "d9796e29fd914ca04835636be95bbd5082a034fd", "parents": [ "97094dcf5cefc8ccfdf93839f54dac2c4d316165", "8b67dca9420474623709e00d72a066068a502b20" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 11:41:22 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 11:41:22 2008 -0700" }, "message": "Merge branch \u0027audit.b50\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current\n\n* \u0027audit.b50\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:\n [PATCH] new predicate - AUDIT_FILETYPE\n [patch 2/2] Use find_task_by_vpid in audit code\n [patch 1/2] audit: let userspace fully control TTY input auditing\n [PATCH 2/2] audit: fix sparse shadowed variable warnings\n [PATCH 1/2] audit: move extern declarations to audit.h\n Audit: MAINTAINERS update\n Audit: increase the maximum length of the key field\n Audit: standardize string audit interfaces\n Audit: stop deadlock from signals under load\n Audit: save audit_backlog_limit audit messages in case auditd comes back\n Audit: collect sessionid in netlink messages\n Audit: end printk with newline\n" }, { "commit": "fdb89bce6c9ccb17dae13ec43a25d2fdd405233f", "tree": "1b6c0e38bc194758e7d6ad2cbb509977900591b9", "parents": [ "0b77f5bfb45c13e1e5142374f9d6ca75292252a4" ], "author": { "name": "Robert P. J. Day", "email": "rpjday@crashcourse.ca", "time": "Tue Apr 29 01:01:32 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:17 2008 -0700" }, "message": "keys: explicitly include required slab.h header file.\n\nSince these two source files invoke kmalloc(), they should explicitly\ninclude \u003clinux/slab.h\u003e.\n\nSigned-off-by: Robert P. J. Day \u003crpjday@crashcourse.ca\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0b77f5bfb45c13e1e5142374f9d6ca75292252a4", "tree": "cf62055536d267e9a4abe6518e5d9f683a1ceb75", "parents": [ "69664cf16af4f31cd54d77948a4baf9c7e0ca7b9" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Apr 29 01:01:32 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:17 2008 -0700" }, "message": "keys: make the keyring quotas controllable through /proc/sys\n\nMake the keyring quotas controllable through /proc/sys files:\n\n (*) /proc/sys/kernel/keys/root_maxkeys\n /proc/sys/kernel/keys/root_maxbytes\n\n Maximum number of keys that root may have and the maximum total number of\n bytes of data that root may have stored in those keys.\n\n (*) /proc/sys/kernel/keys/maxkeys\n /proc/sys/kernel/keys/maxbytes\n\n Maximum number of keys that each non-root user may have and the maximum\n total number of bytes of data that each of those users may have stored in\n their keys.\n\nAlso increase the quotas as a number of people have been complaining that it\u0027s\nnot big enough. I\u0027m not sure that it\u0027s big enough now either, but on the\nother hand, it can now be set in /etc/sysctl.conf.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: \u003ckwc@citi.umich.edu\u003e\nCc: \u003carunsr@cse.iitk.ac.in\u003e\nCc: \u003cdwalsh@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "69664cf16af4f31cd54d77948a4baf9c7e0ca7b9", "tree": "3ff4ecae21c140a2beed25cfa9e55b788f9814ac", "parents": [ "6b79ccb5144f9ffb4d4596c23e7570238dd12abc" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Apr 29 01:01:31 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:17 2008 -0700" }, "message": "keys: don\u0027t generate user and user session keyrings unless they\u0027re accessed\n\nDon\u0027t generate the per-UID user and user session keyrings unless they\u0027re\nexplicitly accessed. This solves a problem during a login process whereby\nset*uid() is called before the SELinux PAM module, resulting in the per-UID\nkeyrings having the wrong security labels.\n\nThis also cures the problem of multiple per-UID keyrings sometimes appearing\ndue to PAM modules (including pam_keyinit) setuiding and causing user_structs\nto come into and go out of existence whilst the session keyring pins the user\nkeyring. This is achieved by first searching for extant per-UID keyrings\nbefore inventing new ones.\n\nThe serial bound argument is also dropped from find_keyring_by_name() as it\u0027s\nnot currently made use of (setting it to 0 disables the feature).\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: \u003ckwc@citi.umich.edu\u003e\nCc: \u003carunsr@cse.iitk.ac.in\u003e\nCc: \u003cdwalsh@redhat.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "6b79ccb5144f9ffb4d4596c23e7570238dd12abc", "tree": "e674339e9f86c3607304496792b417b0ed66de6f", "parents": [ "da91d2ef9fe4fd84cc0a8a729201d38e40ac9f2e" ], "author": { "name": "Arun Raghavan", "email": "arunsr@cse.iitk.ac.in", "time": "Tue Apr 29 01:01:28 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:16 2008 -0700" }, "message": "keys: allow clients to set key perms in key_create_or_update()\n\nThe key_create_or_update() function provided by the keyring code has a default\nset of permissions that are always applied to the key when created. This\nmight not be desirable to all clients.\n\nHere\u0027s a patch that adds a \"perm\" parameter to the function to address this,\nwhich can be set to KEY_PERM_UNDEF to revert to the current behaviour.\n\nSigned-off-by: Arun Raghavan \u003carunsr@cse.iitk.ac.in\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Satyam Sharma \u003cssatyam@cse.iitk.ac.in\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "da91d2ef9fe4fd84cc0a8a729201d38e40ac9f2e", "tree": "091f2781c5256eac28665a1512038fe07227f9b0", "parents": [ "70a5bb72b55e82fbfbf1e22cae6975fac58a1e2d" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@sw.ru", "time": "Tue Apr 29 01:01:27 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:16 2008 -0700" }, "message": "keys: switch to proc_create()\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@sw.ru\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "70a5bb72b55e82fbfbf1e22cae6975fac58a1e2d", "tree": "8e6dcaf5630388d81b23845f293789f2d6a3596b", "parents": [ "4a38e122e2cc6294779021ff4ccc784a3997059e" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Apr 29 01:01:26 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:16 2008 -0700" }, "message": "keys: add keyctl function to get a security label\n\nAdd a keyctl() function to get the security label of a key.\n\nThe following is added to Documentation/keys.txt:\n\n (*) Get the LSM security context attached to a key.\n\n\tlong keyctl(KEYCTL_GET_SECURITY, key_serial_t key, char *buffer,\n\t\t size_t buflen)\n\n This function returns a string that represents the LSM security context\n attached to a key in the buffer provided.\n\n Unless there\u0027s an error, it always returns the amount of data it could\n produce, even if that\u0027s too big for the buffer, but it won\u0027t copy more\n than requested to userspace. If the buffer pointer is NULL then no copy\n will take place.\n\n A NUL character is included at the end of the string if the buffer is\n sufficiently big. This is included in the returned count. If no LSM is\n in force then an empty string will be returned.\n\n A process must have view permission on the key for this function to be\n successful.\n\n[akpm@linux-foundation.org: declare keyctl_get_security()]\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Kevin Coffman \u003ckwc@citi.umich.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4a38e122e2cc6294779021ff4ccc784a3997059e", "tree": "84b401b44e0550b04f831d98a91eacfd7cffb51d", "parents": [ "dceba9944181b1fd5993417b5c8fa0e3dda38f8d" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Apr 29 01:01:24 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:16 2008 -0700" }, "message": "keys: allow the callout data to be passed as a blob rather than a string\n\nAllow the callout data to be passed as a blob rather than a string for\ninternal kernel services that call any request_key_*() interface other than\nrequest_key(). request_key() itself still takes a NUL-terminated string.\n\nThe functions that change are:\n\n\trequest_key_with_auxdata()\n\trequest_key_async()\n\trequest_key_async_with_auxdata()\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Kevin Coffman \u003ckwc@citi.umich.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "dceba9944181b1fd5993417b5c8fa0e3dda38f8d", "tree": "697e247a7a99c81af7ba4d7ad5d9cdf9941b3741", "parents": [ "38bbca6b6f164e08a4a9cdfd719fff679af98375" ], "author": { "name": "Kevin Coffman", "email": "kwc@citi.umich.edu", "time": "Tue Apr 29 01:01:22 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:16 2008 -0700" }, "message": "keys: check starting keyring as part of search\n\nCheck the starting keyring as part of the search to (a) see if that is what\nwe\u0027re searching for, and (b) to check it is still valid for searching.\n\nThe scenario: User in process A does things that cause things to be created in\nits process session keyring. The user then does an su to another user and\nstarts a new process, B. The two processes now share the same process session\nkeyring.\n\nProcess B does an NFS access which results in an upcall to gssd. When gssd\nattempts to instantiate the context key (to be linked into the process session\nkeyring), it is denied access even though it has an authorization key.\n\nThe order of calls is:\n\n keyctl_instantiate_key()\n lookup_user_key()\t\t\t\t (the default: case)\n search_process_keyrings(current)\n\t search_process_keyrings(rka-\u003econtext) (recursive call)\n\t keyring_search_aux()\n\nkeyring_search_aux() verifies the keys and keyrings underneath the top-level\nkeyring it is given, but that top-level keyring is neither fully validated nor\nchecked to see if it is the thing being searched for.\n\nThis patch changes keyring_search_aux() to:\n1) do more validation on the top keyring it is given and\n2) check whether that top-level keyring is the thing being searched for\n\nSigned-off-by: Kevin Coffman \u003ckwc@citi.umich.edu\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Kevin Coffman \u003ckwc@citi.umich.edu\u003e\nCc: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nCc: \"J. Bruce Fields\" \u003cbfields@fieldses.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "38bbca6b6f164e08a4a9cdfd719fff679af98375", "tree": "c4d4839e57bbcbae1ecfa7867b810c6203b0d601", "parents": [ "4220b7fe89f8c0623e09168ab81dd0da2fdadd72" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Apr 29 01:01:19 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:16 2008 -0700" }, "message": "keys: increase the payload size when instantiating a key\n\nIncrease the size of a payload that can be used to instantiate a key in\nadd_key() and keyctl_instantiate_key(). This permits huge CIFS SPNEGO blobs\nto be passed around. The limit is raised to 1MB. If kmalloc() can\u0027t allocate\na buffer of sufficient size, vmalloc() will be tried instead.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Kevin Coffman \u003ckwc@citi.umich.edu\u003e\nCc: Steven French \u003csfrench@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "29486df325e1fe6e1764afcb19e3370804c2b002", "tree": "d69a96bb829940f3ae5171fde481edb20a9e468a", "parents": [ "28fd5dfc12bde391981dfdcf20755952b6e916af" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Tue Apr 29 01:00:14 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:10 2008 -0700" }, "message": "cgroups: introduce cft-\u003eread_seq()\n\nIntroduce a read_seq() helper in cftype, which uses seq_file to print out\nlists. Use it in the devices cgroup. Also split devices.allow into two\nfiles, so now devices.deny and devices.allow are the ones to use to manipulate\nthe whitelist, while devices.list outputs the cgroup\u0027s current whitelist.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "08ce5f16ee466ffc5bf243800deeecd77d9eaf50", "tree": "8fb921137a677d463f11727dab7e683db426b810", "parents": [ "d447ea2f30ec60370ddb99a668e5ac12995f043d" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Tue Apr 29 01:00:10 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:09 2008 -0700" }, "message": "cgroups: implement device whitelist\n\nImplement a cgroup to track and enforce open and mknod restrictions on device\nfiles. A device cgroup associates a device access whitelist with each cgroup.\n A whitelist entry has 4 fields. \u0027type\u0027 is a (all), c (char), or b (block).\n\u0027all\u0027 means it applies to all types and all major and minor numbers. Major\nand minor are either an integer or * for all. Access is a composition of r\n(read), w (write), and m (mknod).\n\nThe root device cgroup starts with rwm to \u0027all\u0027. A child devcg gets a copy of\nthe parent. Admins can then remove devices from the whitelist or add new\nentries. A child cgroup can never receive a device access which is denied its\nparent. However when a device access is removed from a parent it will not\nalso be removed from the child(ren).\n\nAn entry is added using devices.allow, and removed using\ndevices.deny. For instance\n\n\techo \u0027c 1:3 mr\u0027 \u003e /cgroups/1/devices.allow\n\nallows cgroup 1 to read and mknod the device usually known as\n/dev/null. Doing\n\n\techo a \u003e /cgroups/1/devices.deny\n\nwill remove the default \u0027a *:* mrw\u0027 entry.\n\nCAP_SYS_ADMIN is needed to change permissions or move another task to a new\ncgroup. A cgroup may not be granted more permissions than the cgroup\u0027s parent\nhas. Any task can move itself between cgroups. This won\u0027t be sufficient, but\nwe can decide the best way to adequately restrict movement later.\n\n[akpm@linux-foundation.org: coding-style fixes]\n[akpm@linux-foundation.org: fix may-be-used-uninitialized warning]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nLooks-good-to: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Daniel Hokka Zakrisson \u003cdaniel@hozac.com\u003e\nCc: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8f0cfa52a1d4ffacd8e7de906d19662f5da58d58", "tree": "2aa82e3682e75330d9b5d601855e3af3c57c03d8", "parents": [ "7ec02ef1596bb3c829a7e8b65ebf13b87faf1819" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Apr 29 00:59:41 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:06 2008 -0700" }, "message": "xattr: add missing consts to function arguments\n\nAdd missing consts to xattr function arguments.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cfd299dffe6f47c04c47b95893708cdc65876fbd", "tree": "469eb611cdda8ee2b0775e018756be8df2d3ffd4", "parents": [ "6b8588f71890fba78742f90e22390028a6cd706f", "c9b7b9793764b171a118d049d4b721a7f5d8ac82" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 10:08:49 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 10:08:49 2008 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n SELinux: Fix a RCU free problem with the netport cache\n SELinux: Made netnode cache adds faster\n SELinux: include/security.h whitespace, syntax, and other cleanups\n SELinux: policydb.h whitespace, syntax, and other cleanups\n SELinux: mls_types.h whitespace, syntax, and other cleanups\n SELinux: mls.h whitespace, syntax, and other cleanups\n SELinux: hashtab.h whitespace, syntax, and other cleanups\n SELinux: context.h whitespace, syntax, and other cleanups\n SELinux: ss/conditional.h whitespace, syntax, and other cleanups\n SELinux: selinux/include/security.h whitespace, syntax, and other cleanups\n SELinux: objsec.h whitespace, syntax, and other cleanups\n SELinux: netlabel.h whitespace, syntax, and other cleanups\n SELinux: avc_ss.h whitespace, syntax, and other cleanups\n\nFixed up conflict in include/linux/security.h manually\n" }, { "commit": "1236cc3cf8c69bd316c940b2e94f91b3795f97fe", "tree": "c33374ffa89d34f901d91888851970071700c38d", "parents": [ "30aa4faf62b2dd9b239ae06ca7a85f1d36d7ef25" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Apr 28 02:13:43 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 08:58:27 2008 -0700" }, "message": "smack: use cap_task_prctl\n\nWith the introduction of per-process securebits, the capabilities-related\nprctl callbacks were moved into cap_task_prctl(). Have smack use\ncap_task_prctl() so that PR_SET_KEEPCAPS is defined.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "30aa4faf62b2dd9b239ae06ca7a85f1d36d7ef25", "tree": "37eb2c4fa1195f668d1d3a16653bdc93da5f5e6b", "parents": [ "55d00ccfb336b4f85a476a24e18c17b2eaff919e" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Apr 28 02:13:43 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 08:58:27 2008 -0700" }, "message": "smack: make smk_cipso_doi() and smk_unlbl_ambient()\n\nThe functions smk_cipso_doi and smk_unlbl_ambient are not used outside\nsmackfs.c and should hence be static.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "55d00ccfb336b4f85a476a24e18c17b2eaff919e", "tree": "5be259b88f5cfe17206ad20dcb11929dd4a40781", "parents": [ "c60264c494a119cd3a716a22edc0137b11de6d1e" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Apr 28 02:13:42 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 08:58:27 2008 -0700" }, "message": "root_plug: use cap_task_prctl\n\nWith the introduction of per-process securebits, the capabilities-related\nprctl callbacks were moved into cap_task_prctl(). Have root_plug use\ncap_task_prctl() so that PR_SET_KEEPCAPS is defined.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c60264c494a119cd3a716a22edc0137b11de6d1e", "tree": "db985b1529a6a136a7f439a9a557bcb80278e471", "parents": [ "3898b1b4ebff8dcfbcf1807e0661585e06c9a91c" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Mon Apr 28 02:13:41 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 08:58:27 2008 -0700" }, "message": "smack: fix integer as NULL pointer warning in smack_lsm.c\n\nsecurity/smack/smack_lsm.c:1257:16: warning: Using plain integer as NULL pointer\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3898b1b4ebff8dcfbcf1807e0661585e06c9a91c", "tree": "69a338864dfe654f68064a599c5d0da460df34ac", "parents": [ "4016a1390d07f15b267eecb20e76a48fd5c524ef" ], "author": { "name": "Andrew G. Morgan", "email": "morgan@kernel.org", "time": "Mon Apr 28 02:13:40 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 08:58:26 2008 -0700" }, "message": "capabilities: implement per-process securebits\n\nFilesystem capability support makes it possible to do away with (set)uid-0\nbased privilege and use capabilities instead. That is, with filesystem\nsupport for capabilities but without this present patch, it is (conceptually)\npossible to manage a system with capabilities alone and never need to obtain\nprivilege via (set)uid-0.\n\nOf course, conceptually isn\u0027t quite the same as currently possible since few\nuser applications, certainly not enough to run a viable system, are currently\nprepared to leverage capabilities to exercise privilege. Further, many\napplications exist that may never get upgraded in this way, and the kernel\nwill continue to want to support their setuid-0 base privilege needs.\n\nWhere pure-capability applications evolve and replace setuid-0 binaries, it is\ndesirable that there be a mechanisms by which they can contain their\nprivilege. In addition to leveraging the per-process bounding and inheritable\nsets, this should include suppressing the privilege of the uid-0 superuser\nfrom the process\u0027 tree of children.\n\nThe feature added by this patch can be leveraged to suppress the privilege\nassociated with (set)uid-0. This suppression requires CAP_SETPCAP to\ninitiate, and only immediately affects the \u0027current\u0027 process (it is inherited\nthrough fork()/exec()). This reimplementation differs significantly from the\nhistorical support for securebits which was system-wide, unwieldy and which\nhas ultimately withered to a dead relic in the source of the modern kernel.\n\nWith this patch applied a process, that is capable(CAP_SETPCAP), can now drop\nall legacy privilege (through uid\u003d0) for itself and all subsequently\nfork()\u0027d/exec()\u0027d children with:\n\n prctl(PR_SET_SECUREBITS, 0x2f);\n\nThis patch represents a no-op unless CONFIG_SECURITY_FILE_CAPABILITIES is\nenabled at configure time.\n\n[akpm@linux-foundation.org: fix uninitialised var warning]\n[serue@us.ibm.com: capabilities: use cap_task_prctl when !CONFIG_SECURITY]\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b556f8ad58c6e9f8f485c8cef7546e3fc82c382a", "tree": "e7a1c5ce313b6dec9727d69b08b5005dc35709a3", "parents": [ "f09ac9db2aafe36fde9ebd63c8c5d776f6e7bd41" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:12:59 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:19:22 2008 -0400" }, "message": "Audit: standardize string audit interfaces\n\nThis patch standardized the string auditing interfaces. No userspace\nchanges will be visible and this is all just cleanup and consistancy\nwork. We have the following string audit interfaces to use:\n\nvoid audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len);\n\nvoid audit_log_n_string(struct audit_buffer *ab, const char *buf, size_t n);\nvoid audit_log_string(struct audit_buffer *ab, const char *buf);\n\nvoid audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string, size_t n);\nvoid audit_log_untrustedstring(struct audit_buffer *ab, const char *string);\n\nThis may be the first step to possibly fixing some of the issues that\npeople have with the string output from the kernel audit system. But we\nstill don\u0027t have an agreed upon solution to that problem.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "2532386f480eefbdd67b48be55fb4fb3e5a6081c", "tree": "dd6a5a3c4116a67380a1336319c16632f04f80f9", "parents": [ "436c405c7d19455a71f42c9bec5fd5e028f1eb4e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:09:25 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:18:03 2008 -0400" }, "message": "Audit: collect sessionid in netlink messages\n\nPreviously I added sessionid output to all audit messages where it was\navailable but we still didn\u0027t know the sessionid of the sender of\nnetlink messages. This patch adds that information to netlink messages\nso we can audit who sent netlink messages.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c9b7b9793764b171a118d049d4b721a7f5d8ac82", "tree": "d9b0bf6c44a6672f6c3e08da340f6544056932e5", "parents": [ "a639e7ca8e8282b75be2724a28bfc788aa3bb156" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Apr 25 15:03:39 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 28 09:36:27 2008 +1000" }, "message": "SELinux: Fix a RCU free problem with the netport cache\n\nThe netport cache doesn\u0027t free resources in a manner which is safe or orderly.\nThis patch fixes this by adding in a missing call to rcu_dereference() in\nsel_netport_insert() as well as some general cleanup throughout the file.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a639e7ca8e8282b75be2724a28bfc788aa3bb156", "tree": "1a3308a354874ce1bc6b3c9ec71427a5204da7b5", "parents": [ "7b41b1733ca1d3278c8eb891e17905d7d54f5bfa" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Apr 25 15:03:34 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 28 09:36:23 2008 +1000" }, "message": "SELinux: Made netnode cache adds faster\n\nWhen adding new entries to the network node cache we would walk the entire\nhash bucket to make sure we didn\u0027t cross a threshold (done to bound the\ncache size). This isn\u0027t a very quick or elegant solution for something\nwhich is supposed to be quick-ish so add a counter to each hash bucket to\ntrack the size of the bucket and eliminate the need to walk the entire\nbucket list on each add.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "489a5fd7198d2d2368dd5cf697c841ea4d61ddd1", "tree": "9cf434782a56fc4aedb841baed02a5124ed464b8", "parents": [ "8bf1f3a6c0f7e4092c0c041175a52734600490ba" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 22 17:46:17 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 28 09:29:07 2008 +1000" }, "message": "SELinux: policydb.h whitespace, syntax, and other cleanups\n\nThis patch changes policydb.h to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nspaces followed by tabs\nspaces used instead of tabs\nlocation of * in pointer declarations\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8bf1f3a6c0f7e4092c0c041175a52734600490ba", "tree": "891ea0e861108b4facb3ac2b5b9e361149b15de8", "parents": [ "d497fc87c0e201194c3af75b787178cf4559f84b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 22 17:46:16 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 28 09:29:06 2008 +1000" }, "message": "SELinux: mls_types.h whitespace, syntax, and other cleanups\n\nThis patch changes mls_types.h to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nspaces used instead of tabs\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d497fc87c0e201194c3af75b787178cf4559f84b", "tree": "ce9e09baf8800ccc1f247e8a8db51efca1de234f", "parents": [ "faff786ce2f7c14f25d29cf61b0634c8f6c4827f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 22 17:46:15 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 28 09:29:05 2008 +1000" }, "message": "SELinux: mls.h whitespace, syntax, and other cleanups\n\nThis patch changes mls.h to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nspaces used instead of tabs\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "faff786ce2f7c14f25d29cf61b0634c8f6c4827f", "tree": "b46a284e42afc12a2baf8bdaba06081fd858bd4e", "parents": [ "81fa42df78511e3bdbc0ea545990bda6a5b3e7de" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 22 17:46:14 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 28 09:29:04 2008 +1000" }, "message": "SELinux: hashtab.h whitespace, syntax, and other cleanups\n\nThis patch changes hashtab.h to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nspaces used instead of tabs\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "81fa42df78511e3bdbc0ea545990bda6a5b3e7de", "tree": "ba0df8fd9d7542224ef83d2778550291c0ab3139", "parents": [ "ccb3cbeb4f285a02103ded5298850a21e7028ba4" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 22 17:46:13 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 28 09:29:03 2008 +1000" }, "message": "SELinux: context.h whitespace, syntax, and other cleanups\n\nThis patch changes context.h to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\ninclude spaces around , in function calls\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ccb3cbeb4f285a02103ded5298850a21e7028ba4", "tree": "94ebb6b9f3ddc6802013efc1206b5378b3a0a417", "parents": [ "b19d8eae99dae42bb747954fdbb2cd456922eb5f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 22 17:46:12 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 28 09:29:02 2008 +1000" }, "message": "SELinux: ss/conditional.h whitespace, syntax, and other cleanups\n\nThis patch changes ss/conditional.h to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nlocation of * in pointer declarations\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b19d8eae99dae42bb747954fdbb2cd456922eb5f", "tree": "9f6ab00ada0e7a893ae0c995f30e068998b90fe9", "parents": [ "a936b79bdf97285e0274eca7b656fc6350ca57ea" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 22 17:46:11 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 28 09:29:01 2008 +1000" }, "message": "SELinux: selinux/include/security.h whitespace, syntax, and other cleanups\n\nThis patch changes selinux/include/security.h to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocation of { around structs and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nno assignments in if statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a936b79bdf97285e0274eca7b656fc6350ca57ea", "tree": "19278c901668d074324c94a8efad59257ca355d3", "parents": [ "cc03766aaf0b670581ec2bd5cba2b9051d14df8d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 22 17:46:10 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 28 09:29:00 2008 +1000" }, "message": "SELinux: objsec.h whitespace, syntax, and other cleanups\n\nThis patch changes objsec.h to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocation of { around structs and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nno assignments in if statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cc03766aaf0b670581ec2bd5cba2b9051d14df8d", "tree": "10005580a9fa66fbaa5398de921418a074133c91", "parents": [ "e392febedb6e1050a1a81a7bd72456a32c88e710" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 22 17:46:09 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 28 09:28:59 2008 +1000" }, "message": "SELinux: netlabel.h whitespace, syntax, and other cleanups\n\nThis patch changes netlabel.h to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nspaces used instead of tabs\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e392febedb6e1050a1a81a7bd72456a32c88e710", "tree": "6f1ea622ff88b3b5941392a44e7315c70536a79e", "parents": [ "064922a805ec7aadfafdd27aa6b4908d737c3c1d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 22 17:46:08 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 28 09:28:58 2008 +1000" }, "message": "SELinux: avc_ss.h whitespace, syntax, and other cleanups\n\nThis patch changes avc_ss.h to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocation of { around structs and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nno assignments in if statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "94bc891b00e40cbec375feb4568780af183fd7f4", "tree": "fd48d354c61d2e736aa593c324a6d794afd8a4e7", "parents": [ "934b7024f0ed29003c95cef447d92737ab86dc4f", "1ec7f1ddbe5ba49f7b10c3b129d6d5c90c43526c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 22 18:27:56 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 22 18:28:34 2008 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:\n [PATCH] get rid of __exit_files(), __exit_fs() and __put_fs_struct()\n [PATCH] proc_readfd_common() race fix\n [PATCH] double-free of inode on alloc_file() failure exit in create_write_pipe()\n [PATCH] teach seq_file to discard entries\n [PATCH] umount_tree() will unhash everything itself\n [PATCH] get rid of more nameidata passing in namespace.c\n [PATCH] switch a bunch of LSM hooks from nameidata to path\n [PATCH] lock exclusively in collect_mounts() and drop_collected_mounts()\n [PATCH] move a bunch of declarations to fs/internal.h\n" }, { "commit": "618442509128fe4514be94de70ce54075cd9a706", "tree": "9aea814978791abd8c4f9a5c60de879b2811c063", "parents": [ "0f5e64200f20fc8f5b759c4010082f577ab0af3f" ], "author": { "name": "Paul E. McKenney", "email": "paulmck@linux.vnet.ibm.com", "time": "Mon Apr 21 18:12:33 2008 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 22 15:37:23 2008 +1000" }, "message": "SELinux fixups needed for preemptable RCU from -rt\n\nThe attached patch needs to move from -rt to mainline given preemptable RCU.\nThis patch fixes SELinux code that implicitly assumes that disabling\npreemption prevents an RCU grace period from completing, an assumption that\nis valid for Classic RCU, but not necessarily for preemptable RCU. Explicit\nrcu_read_lock() calls are thus added.\n\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Steven Rostedt \u003csrostedt@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b5266eb4c8d1a2887a19aaec8144ee4ad1b054c3", "tree": "37105d0640169ad758d20847cf3effe77381f50f", "parents": [ "1a60a280778ff90270fc7390d9ec102f713a5a29" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 22 17:48:24 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 21 23:13:23 2008 -0400" }, "message": "[PATCH] switch a bunch of LSM hooks from nameidata to path\n\nNamely, ones from namespace.c\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "0f5e64200f20fc8f5b759c4010082f577ab0af3f", "tree": "e59565d010a5538910a89f0c44122e802ba011a3", "parents": [ "e9b62693ae0a1e13ccc97a6792d9a7770c8d1b5b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 21 16:24:11 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 22 10:00:09 2008 +1000" }, "message": "SELinux: no BUG_ON(!ss_initialized) in selinux_clone_mnt_opts\n\nThe Fedora installer actually makes multiple NFS mounts before it loads\nselinux policy. The code in selinux_clone_mnt_opts() assumed that the\ninit process would always be loading policy before NFS was up and\nrunning. It might be possible to hit this in a diskless environment as\nwell, I\u0027m not sure. There is no need to BUG_ON() in this situation\nsince we can safely continue given the circumstances.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "19b5b517a8b81a448be9b2bdaf18a761a7b9799e", "tree": "b1e83e331769d44f98e564c984acf3841261c2a8", "parents": [ "bda0c0afa7a694bb1459fd023515aca681e4d79a", "95fff33b8e306a4331024bbd31c0999d5bf48fcf" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 21 16:01:40 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 21 16:01:40 2008 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n SELinux: one little, two little, three little whitespaces, the avc.c saga.\n SELinux: cleanup on isle selinuxfs.c\n changing whitespace for fun and profit: policydb.c\n SELinux: whitespace and formating fixes for hooks.c\n SELinux: clean up printks\n SELinux: sidtab.c whitespace, syntax, and static declaraction cleanups\n SELinux: services.c whitespace, syntax, and static declaraction cleanups\n SELinux: mls.c whitespace, syntax, and static declaraction cleanups\n SELinux: hashtab.c whitespace, syntax, and static declaraction cleanups\n SELinux: ebitmap.c whitespace, syntax, and static declaraction cleanups\n SELinux: conditional.c whitespace, syntax, and static declaraction cleanups\n SELinux: avtab.c whitespace, syntax, and static declaraction cleanups\n SELinux: xfrm.c whitespace, syntax, and static declaraction cleanups\n SELinux: nlmsgtab.c whitespace, syntax, and static declaraction cleanups\n SELinux: netnode.c whitespace, syntax, and static declaraction cleanups\n SELinux: netlink.c whitespace, syntax, and static declaraction cleanups\n SELinux: netlabel.c whitespace, syntax, and static declaraction cleanups\n SELinux: netif.c whitespace, syntax, and static declaraction cleanups\n" }, { "commit": "95fff33b8e306a4331024bbd31c0999d5bf48fcf", "tree": "822da169332912a8149a7947388347118d7921bf", "parents": [ "1872981b51dac9d1f5bcae17803bf368f7fa19cd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 17 14:42:10 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:12:02 2008 +1000" }, "message": "SELinux: one little, two little, three little whitespaces, the avc.c saga.\n\navc.c was bad. It had whitespace and syntax issues which are against\nour coding style. I have had a little chat with it and the result of\nthat conversation looked like this patch.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1872981b51dac9d1f5bcae17803bf368f7fa19cd", "tree": "4d76e8f0cdd663a31d5fd99e96964e91d6bafdfb", "parents": [ "2ced3dfd3148fd8e2170ff06d6f72fd9f2f7b639" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 17 14:15:45 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:12:01 2008 +1000" }, "message": "SELinux: cleanup on isle selinuxfs.c\n\nWhy would anyone just clean up white space all day? Because they were\nout too late last night and don\u0027t want to think for a day. So here is a\nnice clean selinuxfs.c patch.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2ced3dfd3148fd8e2170ff06d6f72fd9f2f7b639", "tree": "e401ba8b134ef94fd6c63e1b3ce9975a4d9c04d3", "parents": [ "828dfe1da54fce81f80f97275353ba33be09a76e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 17 13:37:12 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:11:58 2008 +1000" }, "message": "changing whitespace for fun and profit: policydb.c\n\nMore formatting changes. Aside from the 80 character line limit even\nthe checkpatch scripts like this file now. Too bad I don\u0027t get paid by\nthe lines of code I change.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "828dfe1da54fce81f80f97275353ba33be09a76e", "tree": "c3eec5cf7ae7858614b2ba705aa53944861c19c2", "parents": [ "744ba35e455b0d5cf4f85208a8ca0edcc9976b95" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 17 13:17:49 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:11:56 2008 +1000" }, "message": "SELinux: whitespace and formating fixes for hooks.c\n\nAll whitespace and formatting. Nothing interesting to see here. About\nthe only thing to remember is that we aren\u0027t supposed to initialize\nstatic variables to 0/NULL. It is done for us and doing it ourselves\nputs them in a different section.\n\nWith this patch running checkpatch.pl against hooks.c only gives us\ncomplaints about busting the 80 character limit and declaring extern\u0027s\nin .c files. Apparently they don\u0027t like it, but I don\u0027t feel like going\nto the trouble of moving those to .h files...\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "744ba35e455b0d5cf4f85208a8ca0edcc9976b95", "tree": "1b242324aeba16d07e1a3811df041969c10422a6", "parents": [ "11670889380b144adfa5a91dc184c8f6300c4b28" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 17 11:52:44 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:09:26 2008 +1000" }, "message": "SELinux: clean up printks\n\nMake sure all printk start with KERN_*\nMake sure all printk end with \\n\nMake sure all printk have the word \u0027selinux\u0027 in them\nChange \"function name\" to \"%s\", __func__ (found 2 wrong)\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "11670889380b144adfa5a91dc184c8f6300c4b28", "tree": "eb9a75859f1d3227e3c9d0bde05e77a97f25bddf", "parents": [ "5d55a345c09ef1708bd341395792931a66306ba6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:34 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:09:09 2008 +1000" }, "message": "SELinux: sidtab.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes sidtab.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5d55a345c09ef1708bd341395792931a66306ba6", "tree": "137da17e617d8854f65ae878ebb125a0b6e9208d", "parents": [ "1a5e6f8729266154f34c84d25bb83942f99ba002" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:33 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:09:08 2008 +1000" }, "message": "SELinux: services.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes services.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1a5e6f8729266154f34c84d25bb83942f99ba002", "tree": "38a53fae39c506ec7a2c4d1a79604c78e190bda4", "parents": [ "719a2f8e5f7b07a3be0d59fdc6edeb8120653918" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:32 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:07:33 2008 +1000" }, "message": "SELinux: mls.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes mls.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "719a2f8e5f7b07a3be0d59fdc6edeb8120653918", "tree": "2190cfc6038b9dee25319d7c1a8fb8da4f1d8f7e", "parents": [ "7696ee80ac037959fc708156255d1bfec1f9ad70" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:31 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:07:32 2008 +1000" }, "message": "SELinux: hashtab.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes hashtab.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7696ee80ac037959fc708156255d1bfec1f9ad70", "tree": "824647d7c1d5767067fa044ad76ad1a8101fd896", "parents": [ "7c2b240ef2ae05a0081b4004176fd5838cecc4f6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:30 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:07:32 2008 +1000" }, "message": "SELinux: ebitmap.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes ebitmap.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7c2b240ef2ae05a0081b4004176fd5838cecc4f6", "tree": "2013e70b664b108b396864e61c658f3a84347076", "parents": [ "eb5df9a7ae794a7e352e0582011e9e2b586051b5" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:29 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:07:31 2008 +1000" }, "message": "SELinux: conditional.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes conditional.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "eb5df9a7ae794a7e352e0582011e9e2b586051b5", "tree": "cb232b131a7ed4be275027caf3c60996ad92c1b0", "parents": [ "3c1c88ab8ad8d1f7db74f719f2649a070190fd5e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:28 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:07:30 2008 +1000" }, "message": "SELinux: avtab.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes avtab.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3c1c88ab8ad8d1f7db74f719f2649a070190fd5e", "tree": "4801e6045ec34deb14b215b6e9b7b00dad5bb2da", "parents": [ "bfff3aa49765eb10053b58ee220949cfcc7a1a80" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:27 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:07:26 2008 +1000" }, "message": "SELinux: xfrm.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes xfrm.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bfff3aa49765eb10053b58ee220949cfcc7a1a80", "tree": "2695e909f58e9b1f683dae9c9a08090bd662e34f", "parents": [ "7b6b239c805ab372145c8a43ffa25529923d2658" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:26 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:05:07 2008 +1000" }, "message": "SELinux: nlmsgtab.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes nlmsgtab.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7b6b239c805ab372145c8a43ffa25529923d2658", "tree": "c5281805ee859d205cc981107e46bf1ad853cda7", "parents": [ "c544c028e45feceeb48b629456d0eb43adc8eaaf" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:25 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:05:06 2008 +1000" }, "message": "SELinux: netnode.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes netnode.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c544c028e45feceeb48b629456d0eb43adc8eaaf", "tree": "feb455ffd74d43df3667f1f59688e10e14f627fd", "parents": [ "a6aaafeecca7ea1ddb5d7dac09e468ae14751fcd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:24 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:05:05 2008 +1000" }, "message": "SELinux: netlink.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes netlink.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a6aaafeecca7ea1ddb5d7dac09e468ae14751fcd", "tree": "15b33a43a2d6335b2d7c72b131e614d547f7f195", "parents": [ "338366cbba686a06f9e17f33c31d533901e8639f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:23 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:05:04 2008 +1000" }, "message": "SELinux: netlabel.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes netlabel.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocateion of { around struct and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "338366cbba686a06f9e17f33c31d533901e8639f", "tree": "7d6062a9939f4f6299570bcfdc1c231231d264dd", "parents": [ "3925e6fc1f774048404fdd910b0345b06c699eb4" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 17:38:22 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 21 19:05:03 2008 +1000" }, "message": "SELinux: netif.c whitespace, syntax, and static declaraction cleanups\n\nThis patch changes netif.c to fix whitespace and syntax issues. Things that\nare fixed may include (does not not have to include)\n\nwhitespace at end of lines\nspaces followed by tabs\nspaces used instead of tabs\nspacing around parenthesis\nlocation of { around structs and else clauses\nlocation of * in pointer declarations\nremoval of initialization of static data to keep it in the right section\nuseless {} in if statemetns\nuseless checking for NULL before kfree\nfixing of the indentation depth of switch statements\nand any number of other things I forgot to mention\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d7b1acd3b524b39f418e463e836b48ac041954d6", "tree": "38e0c822bc6ed1aac05c51eb4f17c57c48f31766", "parents": [ "f42b38009e1dbd4509a865e5ea0e91a1722c979d" ], "author": { "name": "Matthew Wilcox", "email": "matthew@wil.cx", "time": "Tue Feb 26 10:49:01 2008 -0500" }, "committer": { "name": "Matthew Wilcox", "email": "willy@linux.intel.com", "time": "Fri Apr 18 22:17:25 2008 -0400" }, "message": "security: Remove unnecessary inclusions of asm/semaphore.h\n\nNone of these files use any of the functionality promised by\nasm/semaphore.h.\n\nSigned-off-by: Matthew Wilcox \u003cwilly@linux.intel.com\u003e\n" }, { "commit": "3925e6fc1f774048404fdd910b0345b06c699eb4", "tree": "c9a58417d9492f39f7fe81d4721d674c34dd8be2", "parents": [ "334d094504c2fe1c44211ecb49146ae6bca8c321", "7cea51be4e91edad05bd834f3235b45c57783f0d" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 18 18:18:30 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 18 18:18:30 2008 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:\n security: fix up documentation for security_module_enable\n Security: Introduce security\u003d boot parameter\n Audit: Final renamings and cleanup\n SELinux: use new audit hooks, remove redundant exports\n Audit: internally use the new LSM audit hooks\n LSM/Audit: Introduce generic Audit LSM hooks\n SELinux: remove redundant exports\n Netlink: Use generic LSM hook\n Audit: use new LSM hooks instead of SELinux exports\n SELinux: setup new inode/ipc getsecid hooks\n LSM: Introduce inode_getsecid and ipc_getsecid hooks\n" }, { "commit": "334d094504c2fe1c44211ecb49146ae6bca8c321", "tree": "d3c0f68e4b9f8e3d2ccc39e7dfe5de0534a5fad9", "parents": [ "d1a4be630fb068f251d64b62919f143c49ca8057", "d1643d24c61b725bef399cc1cf2944b4c9c23177" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 18 18:02:35 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 18 18:02:35 2008 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26: (1090 commits)\n [NET]: Fix and allocate less memory for -\u003epriv\u0027less netdevices\n [IPV6]: Fix dangling references on error in fib6_add().\n [NETLABEL]: Fix NULL deref in netlbl_unlabel_staticlist_gen() if ifindex not found\n [PKT_SCHED]: Fix datalen check in tcf_simp_init().\n [INET]: Uninline the __inet_inherit_port call.\n [INET]: Drop the inet_inherit_port() call.\n SCTP: Initialize partial_bytes_acked to 0, when all of the data is acked.\n [netdrvr] forcedeth: internal simplifications; changelog removal\n phylib: factor out get_phy_id from within get_phy_device\n PHY: add BCM5464 support to broadcom PHY driver\n cxgb3: Fix __must_check warning with dev_dbg.\n tc35815: Statistics cleanup\n natsemi: fix MMIO for PPC 44x platforms\n [TIPC]: Cleanup of TIPC reference table code\n [TIPC]: Optimized initialization of TIPC reference table\n [TIPC]: Remove inlining of reference table locking routines\n e1000: convert uint16_t style integers to u16\n ixgb: convert uint16_t style integers to u16\n sb1000.c: make const arrays static\n sb1000.c: stop inlining largish static functions\n ...\n" }, { "commit": "7cea51be4e91edad05bd834f3235b45c57783f0d", "tree": "55843bf8ab3afc3e33a99e86391668d48355d614", "parents": [ "076c54c5bcaed2081c0cba94a6f77c4d470236ad" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Mar 07 12:23:49 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 10:00:59 2008 +1000" }, "message": "security: fix up documentation for security_module_enable\n\nsecurity_module_enable() can only be called during kernel init.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "076c54c5bcaed2081c0cba94a6f77c4d470236ad" }