)]}' { "log": [ { "commit": "3556485f1595e3964ba539e39ea682acbb835cee", "tree": "7f5ee254f425b1427ac0059b5f347a307f8538a1", "parents": [ "b8716614a7cc2fc15ea2a518edd04755fb08d922", "09f61cdbb32a9d812c618d3922db533542736bb0" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:25:04 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:25:04 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates for 3.4 from James Morris:\n \"The main addition here is the new Yama security module from Kees Cook,\n which was discussed at the Linux Security Summit last year. Its\n purpose is to collect miscellaneous DAC security enhancements in one\n place. This also marks a departure in policy for LSM modules, which\n were previously limited to being standalone access control systems.\n Chromium OS is using Yama, and I believe there are plans for Ubuntu,\n at least.\n\n This patchset also includes maintenance updates for AppArmor, TOMOYO\n and others.\"\n\nFix trivial conflict in \u003cnet/sock.h\u003e due to the jumo_label-\u003estatic_key\nrename.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits)\n AppArmor: Fix location of const qualifier on generated string tables\n TOMOYO: Return error if fails to delete a domain\n AppArmor: add const qualifiers to string arrays\n AppArmor: Add ability to load extended policy\n TOMOYO: Return appropriate value to poll().\n AppArmor: Move path failure information into aa_get_name and rename\n AppArmor: Update dfa matching routines.\n AppArmor: Minor cleanup of d_namespace_path to consolidate error handling\n AppArmor: Retrieve the dentry_path for error reporting when path lookup fails\n AppArmor: Add const qualifiers to generated string tables\n AppArmor: Fix oops in policy unpack auditing\n AppArmor: Fix error returned when a path lookup is disconnected\n KEYS: testing wrong bit for KEY_FLAG_REVOKED\n TOMOYO: Fix mount flags checking order.\n security: fix ima kconfig warning\n AppArmor: Fix the error case for chroot relative path name lookup\n AppArmor: fix mapping of META_READ to audit and quiet flags\n AppArmor: Fix underflow in xindex calculation\n AppArmor: Fix dropping of allowed operations that are force audited\n AppArmor: Add mising end of structure test to caps unpacking\n ...\n" }, { "commit": "40e47125e6c5110383b0176d7b9d530f2936b1ae", "tree": "9653ac1f586cbfe36286c2d987c9330078eb37ad", "parents": [ "4e70daaf05a181b6968e29e72e9f1c16a183e92c" ], "author": { "name": "Masanari Iida", "email": "standby24x7@gmail.com", "time": "Sun Mar 04 23:16:11 2012 +0900" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Mar 07 16:08:24 2012 +0100" }, "message": "Documentation: Fix multiple typo in Documentation\n\nSigned-off-by: Masanari Iida \u003cstandby24x7@gmail.com\u003e\nAcked-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "bf06189e4d14641c0148bea16e9dd24943862215", "tree": "5c62eb24339041baf65b8e42daac42c7a01efc0e", "parents": [ "3ab1aff89477dafb1aaeafe8c8669114a02b7226" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Feb 14 16:48:09 2012 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 16 10:25:18 2012 +1100" }, "message": "Yama: add PR_SET_PTRACER_ANY\n\nFor a process to entirely disable Yama ptrace restrictions, it can use\nthe special PR_SET_PTRACER_ANY pid to indicate that any otherwise allowed\nprocess may ptrace it. This is stronger than calling PR_SET_PTRACER with\npid \"1\" because it includes processes in external pid namespaces. This is\ncurrently needed by the Chrome renderer, since its crash handler (Breakpad)\nruns external to the renderer\u0027s pid namespace.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2d514487faf188938a4ee4fb3464eeecfbdcf8eb", "tree": "42147f0459ab062375f63891943242e3b95797bb", "parents": [ "1a2a4d06e1e95260c470ebe3a945f61bbe8c1fd8" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Wed Dec 21 12:17:04 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 10 09:18:52 2012 +1100" }, "message": "security: Yama LSM\n\nThis adds the Yama Linux Security Module to collect DAC security\nimprovements (specifically just ptrace restrictions for now) that have\nexisted in various forms over the years and have been carried outside the\nmainline kernel by other Linux distributions like Openwall and grsecurity.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "700920eb5ba4de5417b446c9a8bb008df2b973e0", "tree": "8e2caa32a5cdcd47347ff84bc3e95915d000f537", "parents": [ "53999bf34d55981328f8ba9def558d3e104d6e36" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Jan 18 15:31:45 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jan 19 14:38:51 2012 +1100" }, "message": "KEYS: Allow special keyrings to be cleared\n\nThe kernel contains some special internal keyrings, for instance the DNS\nresolver keyring :\n\n2a93faf1 I----- 1 perm 1f030000 0 0 keyring .dns_resolver: empty\n\nIt would occasionally be useful to allow the contents of such keyrings to be\nflushed by root (cache invalidation).\n\nAllow a flag to be set on a keyring to mark that someone possessing the\nsysadmin capability can clear the keyring, even without normal write access to\nthe keyring.\n\nSet this flag on the special keyrings created by the DNS resolver, the NFS\nidentity mapper and the CIFS identity mapper.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nAcked-by: Steve Dickson \u003csteved@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "24942c8e5cc8696064ee207ff29d4cf21f70dafc", "tree": "08a8221eb72ec3da7746d7d76f6f5915ce77cde7", "parents": [ "e163bc8e4a0cd1cdffadb58253f7651201722d56", "ff0ff78068dd8a962358dbbdafa9d6f24540d3e5" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 16 12:39:48 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 16 12:39:48 2011 +1100" }, "message": "Merge branch \u0027master\u0027; commit \u0027v3.2-rc2\u0027 into next\n" }, { "commit": "e163bc8e4a0cd1cdffadb58253f7651201722d56", "tree": "66570af9c0304cf53350e8e67c67e407e92ee12f", "parents": [ "1933ca8771585d43d3d2099c0c9ba7ca6b96e303" ], "author": { "name": "Kees Cook", "email": "kees@outflux.net", "time": "Tue Nov 01 17:20:01 2011 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 16 12:37:27 2011 +1100" }, "message": "Documentation: clarify the purpose of LSMs\n\nClarify the purpose of the LSM interface with some brief examples and\npointers to additional documentation.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "395cf9691d72173d8cdaa613c5f0255f993af94b", "tree": "813be524794fe1c0850805d7faca90e45fd0e60b", "parents": [ "e060c38434b2caa78efe7cedaff4191040b65a15" ], "author": { "name": "Paul Bolle", "email": "pebolle@tiscali.nl", "time": "Mon Aug 15 02:02:26 2011 +0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Tue Sep 27 18:08:04 2011 +0200" }, "message": "doc: fix broken references\n\nThere are numerous broken references to Documentation files (in other\nDocumentation files, in comments, etc.). These broken references are\ncaused by typo\u0027s in the references, and by renames or removals of the\nDocumentation files. Some broken references are simply odd.\n\nFix these broken references, sometimes by dropping the irrelevant text\nthey were part of.\n\nSigned-off-by: Paul Bolle \u003cpebolle@tiscali.nl\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "ad599f9cf0187e823bc92bc83f3867a38fa266b9", "tree": "cb018d0a4ec10e3710e1048624998d84ee58ca88", "parents": [ "3ddf17f08cf2f0d7ff06858eb07d1cc3db8994de" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jun 29 14:53:56 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 30 19:08:14 2011 +1000" }, "message": "encrypted-keys: move ecryptfs documentation to proper location\n\nMove keys-ecryptfs.txt to Documentation/security.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "79a73d188726b473ca3bf483244bc96096831905", "tree": "787ba050c91981cae2524b1e95e415424b067e64", "parents": [ "f8f8527103a264b5e4ab2ce5c1743b28f3219d90" ], "author": { "name": "Roberto Sassu", "email": "roberto.sassu@polito.it", "time": "Mon Jun 27 13:45:44 2011 +0200" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jun 27 09:11:17 2011 -0400" }, "message": "encrypted-keys: add ecryptfs format support\n\nThe \u0027encrypted\u0027 key type defines its own payload format which contains a\nsymmetric key randomly generated that cannot be used directly to mount\nan eCryptfs filesystem, because it expects an authentication token\nstructure.\n\nThis patch introduces the new format \u0027ecryptfs\u0027 that allows to store an\nauthentication token structure inside the encrypted key payload containing\na randomly generated symmetric key, as the same for the format \u0027default\u0027.\n\nMore details about the usage of encrypted keys with the eCryptfs\nfilesystem can be found in the file \u0027Documentation/keys-ecryptfs.txt\u0027.\n\nSigned-off-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nAcked-by: Gianluca Ramunno \u003cramunno@polito.it\u003e\nAcked-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "4e561d388feff18e4b798cef6a1a84a2cc7f20c2", "tree": "9208588c7d0e5e75766dd2c98e960840fdc8681e", "parents": [ "7103dff0e598cd634767f17a2958302c515700ca" ], "author": { "name": "Roberto Sassu", "email": "roberto.sassu@polito.it", "time": "Mon Jun 27 13:45:42 2011 +0200" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jun 27 09:10:45 2011 -0400" }, "message": "encrypted-keys: add key format support\n\nThis patch introduces a new parameter, called \u0027format\u0027, that defines the\nformat of data stored by encrypted keys. The \u0027default\u0027 format identifies\nencrypted keys containing only the symmetric key, while other formats can\nbe defined to support additional information. The \u0027format\u0027 parameter is\nwritten in the datablob produced by commands \u0027keyctl print\u0027 or\n\u0027keyctl pipe\u0027 and is integrity protected by the HMAC.\n\nSigned-off-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nAcked-by: Gianluca Ramunno \u003cramunno@polito.it\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "d410fa4ef99112386de5f218dd7df7b4fca910b4", "tree": "e29fbc3f6d27b20d73d8feb4ed73f6767f2e18fe", "parents": [ "61c4f2c81c61f73549928dfd9f3e8f26aa36a8cf" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Thu May 19 15:59:38 2011 -0700" }, "committer": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Thu May 19 15:59:38 2011 -0700" }, "message": "Create Documentation/security/,\nmove LSM-, credentials-, and keys-related files from Documentation/\n to Documentation/security/,\nadd Documentation/security/00-INDEX, and\nupdate all occurrences of Documentation/\u003cmoved_file\u003e\n to Documentation/security/\u003cmoved_file\u003e.\n" } ] }