)]}' { "log": [ { "commit": "1b9a3917366028cc451a98dd22e3bcd537d4e5c1", "tree": "d911058720e0a9aeeaf9f407ccdc6fbf4047f47d", "parents": [ "3661f00e2097676847deb01add1a0918044bd816", "71e1c784b24a026a490b3de01541fc5ee14ebc09" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 09:24:53 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 09:24:53 2006 -0800" }, "message": "Merge branch \u0027audit.b3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current\n\n* \u0027audit.b3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits)\n [PATCH] fix audit_init failure path\n [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format\n [PATCH] sem2mutex: audit_netlink_sem\n [PATCH] simplify audit_free() locking\n [PATCH] Fix audit operators\n [PATCH] promiscuous mode\n [PATCH] Add tty to syscall audit records\n [PATCH] add/remove rule update\n [PATCH] audit string fields interface + consumer\n [PATCH] SE Linux audit events\n [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c\n [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL\n [PATCH] Fix IA64 success/failure indication in syscall auditing.\n [PATCH] Miscellaneous bug and warning fixes\n [PATCH] Capture selinux subject/object context information.\n [PATCH] Exclude messages by message type\n [PATCH] Collect more inode information during syscall processing.\n [PATCH] Pass dentry, not just name, in fsnotify creation hooks.\n [PATCH] Define new range of userspace messages.\n [PATCH] Filter rule comparators\n ...\n\nFixed trivial conflict in security/selinux/hooks.c\n" }, { "commit": "7cae7e26f245151b9ccad868bf2edf8c8048d307", "tree": "db785f2a471c5b97db2551402e067b9559a8989d", "parents": [ "cf01efd098597f7ee88a61e645afacba987c4531" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 22 00:09:22 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:07 2006 -0800" }, "message": "[PATCH] SELinux: add slab cache for inode security struct\n\nAdd a slab cache for the SELinux inode security struct, one of which is\nallocated for every inode instantiated by the system.\n\nThe memory savings are considerable.\n\nOn 64-bit, instead of the size-128 cache, we have a slab object of 96\nbytes, saving 32 bytes per object. After booting, I see about 4000 of\nthese and then about 17,000 after a kernel compile. With this patch, we\nsave around 530KB of kernel memory in the latter case. On 32-bit, the\nsavings are about half of this.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "cf01efd098597f7ee88a61e645afacba987c4531", "tree": "8602df509dc2a2b067063f40084c83a4f698fb15", "parents": [ "edb20fb5be2ff6943920aca4ccab0f4fdacddb9c" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 22 00:09:21 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:07 2006 -0800" }, "message": "[PATCH] SELinux: cleanup stray variable in selinux_inode_init_security()\n\nRemove an unneded pointer variable in selinux_inode_init_security().\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "8aad38752e81d1d4de67e3d8e2524618ce7c9276", "tree": "5813d3f31133313a5bcd77cb3298f7cb26b814ed", "parents": [ "b20a35035f983f4ac7e29c4a68f30e43510007e0" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Mar 22 00:09:13 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Mar 22 07:54:06 2006 -0800" }, "message": "[PATCH] selinux: Disable automatic labeling of new inodes when no policy is loaded\n\nThis patch disables the automatic labeling of new inodes on disk\nwhen no policy is loaded.\n\nDiscussion is here:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id\u003d180296\n\nIn short, we\u0027re changing the behavior so that when no policy is loaded,\nSELinux does not label files at all. Currently it does add an \u0027unlabeled\u0027\nlabel in this case, which we\u0027ve found causes problems later.\n\nSELinux always maintains a safe internal label if there is none, so with this\npatch, we just stick with that and wait until a policy is loaded before adding\na persistent label on disk.\n\nThe effect is simply that if you boot with SELinux enabled but no policy\nloaded and create a file in that state, SELinux won\u0027t try to set a security\nextended attribute on the new inode on the disk. This is the only sane\nbehavior for SELinux in that state, as it cannot determine the right label to\nassign in the absence of a policy. That state usually doesn\u0027t occur, but the\nrawhide installer seemed to be misbehaving temporarily so it happened to show\nup on a test install.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "2c7946a7bf45ae86736ab3b43d0085e43947945c", "tree": "b956f301033ebaefe8d2701b257edfd947f537f3", "parents": [ "be33690d8fcf40377f16193c463681170eb6b295" ], "author": { "name": "Catherine Zhang", "email": "cxzhang@watson.ibm.com", "time": "Mon Mar 20 22:41:23 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 22:41:23 2006 -0800" }, "message": "[SECURITY]: TCP/UDP getpeersec\n\nThis patch implements an application of the LSM-IPSec networking\ncontrols whereby an application can determine the label of the\nsecurity association its TCP or UDP sockets are currently connected to\nvia getsockopt and the auxiliary data mechanism of recvmsg.\n\nPatch purpose:\n\nThis patch enables a security-aware application to retrieve the\nsecurity context of an IPSec security association a particular TCP or\nUDP socket is using. The application can then use this security\ncontext to determine the security context for processing on behalf of\nthe peer at the other end of this connection. In the case of UDP, the\nsecurity context is for each individual packet. An example\napplication is the inetd daemon, which could be modified to start\ndaemons running at security contexts dependent on the remote client.\n\nPatch design approach:\n\n- Design for TCP\nThe patch enables the SELinux LSM to set the peer security context for\na socket based on the security context of the IPSec security\nassociation. The application may retrieve this context using\ngetsockopt. When called, the kernel determines if the socket is a\nconnected (TCP_ESTABLISHED) TCP socket and, if so, uses the dst_entry\ncache on the socket to retrieve the security associations. If a\nsecurity association has a security context, the context string is\nreturned, as for UNIX domain sockets.\n\n- Design for UDP\nUnlike TCP, UDP is connectionless. This requires a somewhat different\nAPI to retrieve the peer security context. With TCP, the peer\nsecurity context stays the same throughout the connection, thus it can\nbe retrieved at any time between when the connection is established\nand when it is torn down. With UDP, each read/write can have\ndifferent peer and thus the security context might change every time.\nAs a result the security context retrieval must be done TOGETHER with\nthe packet retrieval.\n\nThe solution is to build upon the existing Unix domain socket API for\nretrieving user credentials. Linux offers the API for obtaining user\ncredentials via ancillary messages (i.e., out of band/control messages\nthat are bundled together with a normal message).\n\nPatch implementation details:\n\n- Implementation for TCP\nThe security context can be retrieved by applications using getsockopt\nwith the existing SO_PEERSEC flag. As an example (ignoring error\nchecking):\n\ngetsockopt(sockfd, SOL_SOCKET, SO_PEERSEC, optbuf, \u0026optlen);\nprintf(\"Socket peer context is: %s\\n\", optbuf);\n\nThe SELinux function, selinux_socket_getpeersec, is extended to check\nfor labeled security associations for connected (TCP_ESTABLISHED \u003d\u003d\nsk-\u003esk_state) TCP sockets only. If so, the socket has a dst_cache of\nstruct dst_entry values that may refer to security associations. If\nthese have security associations with security contexts, the security\ncontext is returned.\n\ngetsockopt returns a buffer that contains a security context string or\nthe buffer is unmodified.\n\n- Implementation for UDP\nTo retrieve the security context, the application first indicates to\nthe kernel such desire by setting the IP_PASSSEC option via\ngetsockopt. Then the application retrieves the security context using\nthe auxiliary data mechanism.\n\nAn example server application for UDP should look like this:\n\ntoggle \u003d 1;\ntoggle_len \u003d sizeof(toggle);\n\nsetsockopt(sockfd, SOL_IP, IP_PASSSEC, \u0026toggle, \u0026toggle_len);\nrecvmsg(sockfd, \u0026msg_hdr, 0);\nif (msg_hdr.msg_controllen \u003e sizeof(struct cmsghdr)) {\n cmsg_hdr \u003d CMSG_FIRSTHDR(\u0026msg_hdr);\n if (cmsg_hdr-\u003ecmsg_len \u003c\u003d CMSG_LEN(sizeof(scontext)) \u0026\u0026\n cmsg_hdr-\u003ecmsg_level \u003d\u003d SOL_IP \u0026\u0026\n cmsg_hdr-\u003ecmsg_type \u003d\u003d SCM_SECURITY) {\n memcpy(\u0026scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));\n }\n}\n\nip_setsockopt is enhanced with a new socket option IP_PASSSEC to allow\na server socket to receive security context of the peer. A new\nancillary message type SCM_SECURITY.\n\nWhen the packet is received we get the security context from the\nsec_path pointer which is contained in the sk_buff, and copy it to the\nancillary message space. An additional LSM hook,\nselinux_socket_getpeersec_udp, is defined to retrieve the security\ncontext from the SELinux space. The existing function,\nselinux_socket_getpeersec does not suit our purpose, because the\nsecurity context is copied directly to user space, rather than to\nkernel space.\n\nTesting:\n\nWe have tested the patch by setting up TCP and UDP connections between\napplications on two machines using the IPSec policies that result in\nlabeled security associations being built. For TCP, we can then\nextract the peer security context using getsockopt on either end. For\nUDP, the receiving end can retrieve the security context using the\nauxiliary data mechanism of recvmsg.\n\nSigned-off-by: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7306a0b9b3e2056a616c84841288ca2431a05627", "tree": "d3f61ef43c7079790d6b8ef9bf307689a7d9ea16", "parents": [ "8c8570fb8feef2bc166bee75a85748b25cda22d9" ], "author": { "name": "Dustin Kirkland", "email": "dustin.kirkland@us.ibm.com", "time": "Wed Nov 16 15:53:13 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Miscellaneous bug and warning fixes\n\nThis patch fixes a couple of bugs revealed in new features recently\nadded to -mm1:\n* fixes warnings due to inconsistent use of const struct inode *inode\n* fixes bug that prevent a kernel from booting with audit on, and SELinux off\n due to a missing function in security/dummy.c\n* fixes a bug that throws spurious audit_panic() messages due to a missing\n return just before an error_path label\n* some reasonable house cleaning in audit_ipc_context(),\n audit_inode_context(), and audit_log_task_context()\n\nSigned-off-by: Dustin Kirkland \u003cdustin.kirkland@us.ibm.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "8c8570fb8feef2bc166bee75a85748b25cda22d9", "tree": "ed783d405ea9d5f3d3ccc57fb56c7b7cb2cdfb82", "parents": [ "c8edc80c8b8c397c53f4f659a05b9ea6208029bf" ], "author": { "name": "Dustin Kirkland", "email": "dustin.kirkland@us.ibm.com", "time": "Thu Nov 03 17:15:16 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Capture selinux subject/object context information.\n\nThis patch extends existing audit records with subject/object context\ninformation. Audit records associated with filesystem inodes, ipc, and\ntasks now contain SELinux label information in the field \"subj\" if the\nitem is performing the action, or in \"obj\" if the item is the receiver\nof an action.\n\nThese labels are collected via hooks in SELinux and appended to the\nappropriate record in the audit code.\n\nThis additional information is required for Common Criteria Labeled\nSecurity Protection Profile (LSPP).\n\n[AV: fixed kmalloc flags use]\n[folded leak fixes]\n[folded cleanup from akpm (kfree(NULL)]\n[folded audit_inode_context() leak fix]\n[folded akpm\u0027s fix for audit_ipc_perm() definition in case of !CONFIG_AUDIT]\n\nSigned-off-by: Dustin Kirkland \u003cdustin.kirkland@us.ibm.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "341c2d806b71cc3596afeb2d9bd26cd718e75202", "tree": "851a5b5cab5b836c8021bdac89a9a257887ede69", "parents": [ "4136cabff33d6d73b8daf2f2612670cc0296f844" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sat Mar 11 03:27:16 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 11 09:19:34 2006 -0800" }, "message": "[PATCH] selinux: tracer SID fix\n\nFix SELinux to not reset the tracer SID when the child is already being\ntraced, since selinux_ptrace is also called by proc for access checking\noutside of the context of a ptrace attach.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "c2b507fda390b8ae90deba9b8cdc3fe727482193", "tree": "6c839e9682fd1610dc6a9fb7cca9df2899ff05ca", "parents": [ "5c0d5d262aa4c5e93f9f5de298cf25d6d8b558c4" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sat Feb 04 23:27:50 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Feb 05 11:06:52 2006 -0800" }, "message": "[PATCH] selinux: require SECURITY_NETWORK\n\nMake SELinux depend on SECURITY_NETWORK (which depends on SECURITY), as it\nrequires the socket hooks for proper operation even in the local case.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9ac49d22138348198f729f07371ffb11991368e6", "tree": "4fb692731e6e72d0dc50add294128f6e5083d205", "parents": [ "26d2a4be6a56eec575dac651f6606756a971f0fb" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Feb 01 03:05:56 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Feb 01 08:53:19 2006 -0800" }, "message": "[PATCH] selinux: remove security struct magic number fields and tests\n\nRemove the SELinux security structure magic number fields and tests, along\nwith some unnecessary tests for NULL security pointers. These fields and\ntests are leftovers from the early attempts to support SELinux as a\nloadable module during LSM development.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "26d2a4be6a56eec575dac651f6606756a971f0fb", "tree": "3f27383674706bd535bc67c703827db8ecd5a1dc", "parents": [ "db4c9641def55d36a6f9df79deb8a949292313ca" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Feb 01 03:05:55 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Feb 01 08:53:18 2006 -0800" }, "message": "[PATCH] selinux: change file_alloc_security to use GFP_KERNEL\n\nThis patch changes the SELinux file_alloc_security function to use\nGFP_KERNEL rather than GFP_ATOMIC; the use of GFP_ATOMIC appears to be a\nremnant of when this function was being called with the files_lock spinlock\nheld, and is no longer necessary. Please apply.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "db4c9641def55d36a6f9df79deb8a949292313ca", "tree": "f3b786a346f0c987d796784e1e08154338263ad3", "parents": [ "ee13d785eac1fbe7e79ecca77bf7e902734a0b30" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Feb 01 03:05:54 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Feb 01 08:53:18 2006 -0800" }, "message": "[PATCH] selinux: fix and cleanup mprotect checks\n\nFix the SELinux mprotect checks on executable mappings so that they are not\nre-applied when the mapping is already executable as well as cleaning up\nthe code. This avoids a situation where e.g. an application is prevented\nfrom removing PROT_WRITE on an already executable mapping previously\nauthorized via execmem permission due to an execmod denial.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "858119e159384308a5dde67776691a2ebf70df0f", "tree": "f360768f999d51edc0863917ce0bf79e88c0ec4c", "parents": [ "b0a9499c3dd50d333e2aedb7e894873c58da3785" ], "author": { "name": "Arjan van de Ven", "email": "arjan@infradead.org", "time": "Sat Jan 14 13:20:43 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Jan 14 18:27:06 2006 -0800" }, "message": "[PATCH] Unlinline a bunch of other functions\n\nRemove the \"inline\" keyword from a bunch of big functions in the kernel with\nthe goal of shrinking it by 30kb to 40kb\n\nSigned-off-by: Arjan van de Ven \u003carjan@infradead.org\u003e\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nAcked-by: Jeff Garzik \u003cjgarzik@pobox.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "095975da26dba21698582e91e96be10f7417333f", "tree": "ce1ffac556d394ef56a18faa97d38f79b07f31e2", "parents": [ "a57004e1afb6ee03c509f1b1ec74a000682ab93b" ], "author": { "name": "Nick Piggin", "email": "nickpiggin@yahoo.com.au", "time": "Sun Jan 08 01:02:19 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Jan 08 20:13:48 2006 -0800" }, "message": "[PATCH] rcu file: use atomic primitives\n\nUse atomic_inc_not_zero for rcu files instead of special case rcuref.\n\nSigned-off-by: Nick Piggin \u003cnpiggin@suse.de\u003e\nCc: \"Paul E. McKenney\" \u003cpaulmck@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "d28d1e080132f28ab773291f10ad6acca4c8bba2", "tree": "4cc6abef076393bc4c9f0d4e4c9952b78c04d3ee", "parents": [ "df71837d5024e2524cd51c93621e558aa7dd9f3f" ], "author": { "name": "Trent Jaeger", "email": "tjaeger@cse.psu.edu", "time": "Tue Dec 13 23:12:40 2005 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jan 03 13:10:25 2006 -0800" }, "message": "[LSM-IPSec]: Per-packet access control.\n\nThis patch series implements per packet access control via the\nextension of the Linux Security Modules (LSM) interface by hooks in\nthe XFRM and pfkey subsystems that leverage IPSec security\nassociations to label packets. Extensions to the SELinux LSM are\nincluded that leverage the patch for this purpose.\n\nThis patch implements the changes necessary to the SELinux LSM to\ncreate, deallocate, and use security contexts for policies\n(xfrm_policy) and security associations (xfrm_state) that enable\ncontrol of a socket\u0027s ability to send and receive packets.\n\nPatch purpose:\n\nThe patch is designed to enable the SELinux LSM to implement access\ncontrol on individual packets based on the strongly authenticated\nIPSec security association. Such access controls augment the existing\nones in SELinux based on network interface and IP address. The former\nare very coarse-grained, and the latter can be spoofed. By using\nIPSec, the SELinux can control access to remote hosts based on\ncryptographic keys generated using the IPSec mechanism. This enables\naccess control on a per-machine basis or per-application if the remote\nmachine is running the same mechanism and trusted to enforce the\naccess control policy.\n\nPatch design approach:\n\nThe patch\u0027s main function is to authorize a socket\u0027s access to a IPSec\npolicy based on their security contexts. Since the communication is\nimplemented by a security association, the patch ensures that the\nsecurity association\u0027s negotiated and used have the same security\ncontext. The patch enables allocation and deallocation of such\nsecurity contexts for policies and security associations. It also\nenables copying of the security context when policies are cloned.\nLastly, the patch ensures that packets that are sent without using a\nIPSec security assocation with a security context are allowed to be\nsent in that manner.\n\nA presentation available at\nwww.selinux-symposium.org/2005/presentations/session2/2-3-jaeger.pdf\nfrom the SELinux symposium describes the overall approach.\n\nPatch implementation details:\n\nThe function which authorizes a socket to perform a requested\noperation (send/receive) on a IPSec policy (xfrm_policy) is\nselinux_xfrm_policy_lookup. The Netfilter and rcv_skb hooks ensure\nthat if a IPSec SA with a securit y association has not been used,\nthen the socket is allowed to send or receive the packet,\nrespectively.\n\nThe patch implements SELinux function for allocating security contexts\nwhen policies (xfrm_policy) are created via the pfkey or xfrm_user\ninterfaces via selinux_xfrm_policy_alloc. When a security association\nis built, SELinux allocates the security context designated by the\nXFRM subsystem which is based on that of the authorized policy via\nselinux_xfrm_state_alloc.\n\nWhen a xfrm_policy is cloned, the security context of that policy, if\nany, is copied to the clone via selinux_xfrm_policy_clone.\n\nWhen a xfrm_policy or xfrm_state is freed, its security context, if\nany is also freed at selinux_xfrm_policy_free or\nselinux_xfrm_state_free.\n\nTesting:\n\nThe SELinux authorization function is tested using ipsec-tools. We\ncreated policies and security associations with particular security\ncontexts and added SELinux access control policy entries to verify the\nauthorization decision. We also made sure that packets for which no\nsecurity context was supplied (which either did or did not use\nsecurity associations) were authorized using an unlabelled context.\n\nSigned-off-by: Trent Jaeger \u003ctjaeger@cse.psu.edu\u003e\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "25a74f3ba8efb394e9a30d6de37566bf03fd3de8", "tree": "8fbe98b01a13946c02a56ab7bab2c4ed077aee3f", "parents": [ "e517a0cd859ae0c4d9451107113fc2b076456f8f" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Tue Nov 08 21:34:33 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Nov 09 07:55:51 2005 -0800" }, "message": "[PATCH] selinux: disable setxattr on mountpoint labeled filesystems\n\nThis patch disables the setting of SELinux xattrs on files created in\nfilesystems labeled via mountpoint labeling (mounted with the context\u003d\noption). selinux_inode_setxattr already prevents explicit setxattr from\nuserspace on such filesystems, so this provides consistent behavior for\nfile creation.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "621d31219d9a788bda924a0613048053f3f5f211", "tree": "9fb9846fdd999ba04c436aa84c7da0d8233ac545", "parents": [ "b67a1b9e4bf878aa5d4b6b44cb5a251a2f425f0d" ], "author": { "name": "Oleg Nesterov", "email": "oleg@tv-sign.ru", "time": "Sun Oct 30 15:03:45 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:31 2005 -0800" }, "message": "[PATCH] cleanup the usage of SEND_SIG_xxx constants\n\nThis patch simplifies some checks for magic siginfo values. It should not\nchange the behaviour in any way.\n\nSigned-off-by: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "b67a1b9e4bf878aa5d4b6b44cb5a251a2f425f0d", "tree": "8fa921440476083be42f21ce6d0c4091a3757742", "parents": [ "3e6716e748609a3a899e8d670e42832921bd45bc" ], "author": { "name": "Oleg Nesterov", "email": "oleg@tv-sign.ru", "time": "Sun Oct 30 15:03:44 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:31 2005 -0800" }, "message": "[PATCH] remove hardcoded SEND_SIG_xxx constants\n\nThis patch replaces hardcoded SEND_SIG_xxx constants with\ntheir symbolic names.\n\nNo changes in affected .o files.\n\nSigned-off-by: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "2f51201662b28dbf8c15fb7eb972bc51c6cc3fa5", "tree": "96826df796058560bc5dd1f7d8d476c5a741d7bc", "parents": [ "503af334ecf23b9d65d2ff0cc759f3a0bf338290" ], "author": { "name": "Eric Dumazet", "email": "dada1@cosmosbay.com", "time": "Sun Oct 30 15:02:16 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:19 2005 -0800" }, "message": "[PATCH] reduce sizeof(struct file)\n\nNow that RCU applied on \u0027struct file\u0027 seems stable, we can place f_rcuhead\nin a memory location that is not anymore used at call_rcu(\u0026f-\u003ef_rcuhead,\nfile_free_rcu) time, to reduce the size of this critical kernel object.\n\nThe trick I used is to move f_rcuhead and f_list in an union called f_u\n\nThe callers are changed so that f_rcuhead becomes f_u.fu_rcuhead and f_list\nbecomes f_u.f_list\n\nSigned-off-by: Eric Dumazet \u003cdada1@cosmosbay.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "ce4c2bd1a9dfebaefadc2d34b17c6f12101751be", "tree": "dde9437929d9b15ced25758c8389360ba4073cdb", "parents": [ "d381d8a9a08cac9824096213069159be17fd2e2f" ], "author": { "name": "Andrew Morton", "email": "akpm@osdl.org", "time": "Sun Oct 30 14:59:23 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:11 2005 -0800" }, "message": "[PATCH] selinux-canonicalize-getxattr-fix\n\nsecurity/selinux/hooks.c: In function `selinux_inode_getxattr\u0027:\nsecurity/selinux/hooks.c:2193: warning: unused variable `sbsec\u0027\n\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "d381d8a9a08cac9824096213069159be17fd2e2f", "tree": "0c19722b8f67c29b7c08c6ab8776a9c146395d03", "parents": [ "89d155ef62e5e0c10e4b37aaa5056f0beafe10e6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sun Oct 30 14:59:22 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:11 2005 -0800" }, "message": "[PATCH] SELinux: canonicalize getxattr()\n\nThis patch allows SELinux to canonicalize the value returned from\ngetxattr() via the security_inode_getsecurity() hook, which is called after\nthe fs level getxattr() function.\n\nThe purpose of this is to allow the in-core security context for an inode\nto override the on-disk value. This could happen in cases such as\nupgrading a system to a different labeling form (e.g. standard SELinux to\nMLS) without needing to do a full relabel of the filesystem.\n\nIn such cases, we want getxattr() to return the canonical security context\nthat the kernel is using rather than what is stored on disk.\n\nThe implementation hooks into the inode_getsecurity(), adding another\nparameter to indicate the result of the preceding fs-level getxattr() call,\nso that SELinux knows whether to compare a value obtained from disk with\nthe kernel value.\n\nWe also now allow getxattr() to work for mountpoint labeled filesystems\n(i.e. mount with option context\u003dfoo_t), as we are able to return the\nkernel value to the user.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "89d155ef62e5e0c10e4b37aaa5056f0beafe10e6", "tree": "7de1f357efd619000970526ca2688f79b9022417", "parents": [ "0d078f6f96809c95c69b99d6605a502b0ac63d3d" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sun Oct 30 14:59:21 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:11 2005 -0800" }, "message": "[PATCH] SELinux: convert to kzalloc\n\nThis patch converts SELinux code from kmalloc/memset to the new kazalloc\nunction. On i386, this results in a text saving of over 1K.\n\nBefore:\ntext data bss dec hex filename\n86319 4642 15236 106197 19ed5 security/selinux/built-in.o\n\nAfter:\ntext data bss dec hex filename\n85278 4642 15236 105156 19ac4 security/selinux/built-in.o\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "7d877f3bda870ab5f001bd92528654471d5966b3", "tree": "1c05b62abead153956c4ca250ffb1891887e77c9", "parents": [ "fd4f2df24bc23e6b8fc069765b425c7dacf52347" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 21 03:20:43 2005 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Oct 28 08:16:47 2005 -0700" }, "message": "[PATCH] gfp_t: net/*\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "13402580021a52e49c6d1068ff28ade4d5a175f1", "tree": "5617d1eaa7409d8ac3680cdada5e5ef45d0c8753", "parents": [ "b33fa1f3c3ec05e54e73f06c4578948c55d89ef6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 30 14:24:34 2005 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 30 11:36:04 2005 -0700" }, "message": "[PATCH] SELinux - fix SCTP socket bug and general IP protocol handling\n\nThe following patch updates the way SELinux classifies and handles IP\nbased protocols.\n\nCurrently, IP sockets are classified by SELinux as being either TCP, UDP\nor \u0027Raw\u0027, the latter being a default for IP socket that is not TCP or UDP.\n\nThe classification code is out of date and uses only the socket type\nparameter to socket(2) to determine the class of IP socket. So, any\nsocket created with SOCK_STREAM will be classified by SELinux as TCP, and\nSOCK_DGRAM as UDP. Also, other socket types such as SOCK_SEQPACKET and\nSOCK_DCCP are currently ignored by SELinux, which classifies them as\ngeneric sockets, which means they don\u0027t even get basic IP level checking.\n\nThis patch changes the SELinux IP socket classification logic, so that\nonly an IPPROTO_IP protocol value passed to socket(2) classify the socket\nas TCP or UDP. The patch also drops the check for SOCK_RAW and converts\nit into a default, so that socket types like SOCK_DCCP and SOCK_SEQPACKET\nare classified as SECCLASS_RAWIP_SOCKET (instead of generic sockets).\n\nNote that protocol-specific support for SCTP, DCCP etc. is not addressed\nhere, we\u0027re just getting these protocols checked at the IP layer.\n\nThis fixes a reported problem where SCTP sockets were being recognized as\ngeneric SELinux sockets yet still being passed in one case to an IP level\ncheck, which then fails for generic sockets.\n\nIt will also fix bugs where any SOCK_STREAM socket is classified as TCP or\nany SOCK_DGRAM socket is classified as UDP.\n\nThis patch also unifies the way IP sockets classes are determined in\nselinux_socket_bind(), so we use the already calculated value instead of\ntrying to recalculate it.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "5d54e69c68c05b162a56f9914cae72afd7e6f40a", "tree": "c5933858c4861bc3e358559f64ef459a1f56ab75", "parents": [ "63f3d1df1ad276a30b75339dd682a6e1f9d0c181", "b6ddc518520887a62728b0414efbf802a9dfdd55" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 09:47:30 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 09:47:30 2005 -0700" }, "message": "Merge master.kernel.org:/pub/scm/linux/kernel/git/dwmw2/audit-2.6 \n" }, { "commit": "b835996f628eadb55c5fb222ba46fe9395bf73c7", "tree": "d63d80585d197e1ffc299af4a0034049790fb197", "parents": [ "ab2af1f5005069321c5d130f09cce577b03f43ef" ], "author": { "name": "Dipankar Sarma", "email": "dipankar@in.ibm.com", "time": "Fri Sep 09 13:04:14 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:55 2005 -0700" }, "message": "[PATCH] files: lock-free fd look-up\n\nWith the use of RCU in files structure, the look-up of files using fds can now\nbe lock-free. The lookup is protected by rcu_read_lock()/rcu_read_unlock().\nThis patch changes the readers to use lock-free lookup.\n\nSigned-off-by: Maneesh Soni \u003cmaneesh@in.ibm.com\u003e\nSigned-off-by: Ravikiran Thirumalai \u003ckiran_th@gmail.com\u003e\nSigned-off-by: Dipankar Sarma \u003cdipankar@in.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "badf16621c1f9d1ac753be056fce11b43d6e0be5", "tree": "3fdf833fdf2e3d3a439090743539680449ec3428", "parents": [ "c0dfb2905126e9e94edebbce8d3e05001301f52d" ], "author": { "name": "Dipankar Sarma", "email": "dipankar@in.ibm.com", "time": "Fri Sep 09 13:04:10 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:55 2005 -0700" }, "message": "[PATCH] files: break up files struct\n\nIn order for the RCU to work, the file table array, sets and their sizes must\nbe updated atomically. Instead of ensuring this through too many memory\nbarriers, we put the arrays and their sizes in a separate structure. This\npatch takes the first step of putting the file table elements in a separate\nstructure fdtable that is embedded withing files_struct. It also changes all\nthe users to refer to the file table using files_fdtable() macro. Subsequent\napplciation of RCU becomes easier after this.\n\nSigned-off-by: Dipankar Sarma \u003cdipankar@in.ibm.com\u003e\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e31e14ec356f36b131576be5bc31d8fef7e95483", "tree": "5597419cf186904d77c4b4ecf117287bcc1db986", "parents": [ "a74574aafea3a63add3251047601611111f44562" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Sep 09 13:01:45 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:28 2005 -0700" }, "message": "[PATCH] remove the inode_post_link and inode_post_rename LSM hooks\n\nThis patch removes the inode_post_link and inode_post_rename LSM hooks as\nthey are unused (and likely useless).\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "a74574aafea3a63add3251047601611111f44562", "tree": "a8f4a809589513c666c6f5518cbe84f50ee5523e", "parents": [ "570bc1c2e5ccdb408081e77507a385dc7ebed7fa" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Sep 09 13:01:44 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:28 2005 -0700" }, "message": "[PATCH] Remove security_inode_post_create/mkdir/symlink/mknod hooks\n\nThis patch removes the inode_post_create/mkdir/mknod/symlink LSM hooks as\nthey are obsoleted by the new inode_init_security hook that enables atomic\ninode security labeling.\n\nIf anyone sees any reason to retain these hooks, please speak now. Also,\nis anyone using the post_rename/link hooks; if not, those could also be\nremoved.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "570bc1c2e5ccdb408081e77507a385dc7ebed7fa", "tree": "d00d2df7c93899fa2028128c40961fec46ede471", "parents": [ "ac50960afa31877493add6d941d8402fa879c452" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Sep 09 13:01:43 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:28 2005 -0700" }, "message": "[PATCH] tmpfs: Enable atomic inode security labeling\n\nThis patch modifies tmpfs to call the inode_init_security LSM hook to set\nup the incore inode security state for new inodes before the inode becomes\naccessible via the dcache.\n\nAs there is no underlying storage of security xattrs in this case, it is\nnot necessary for the hook to return the (name, value, len) triple to the\ntmpfs code, so this patch also modifies the SELinux hook function to\ncorrectly handle the case where the (name, value, len) pointers are NULL.\n\nThe hook call is needed in tmpfs in order to support proper security\nlabeling of tmpfs inodes (e.g. for udev with tmpfs /dev in Fedora). With\nthis change in place, we should then be able to remove the\nsecurity_inode_post_create/mkdir/... hooks safely.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Hugh Dickins \u003chugh@veritas.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "5e41ff9e0650f327a6c819841fa412da95d57319", "tree": "a525df8bda34c2aa52f30326f94cd15109bb58b3", "parents": [ "f5ee56cc184e0944ebc9ff1691985219959596f6" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Sep 09 13:01:35 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:27 2005 -0700" }, "message": "[PATCH] security: enable atomic inode security labeling\n\nThe following patch set enables atomic security labeling of newly created\ninodes by altering the fs code to invoke a new LSM hook to obtain the security\nattribute to apply to a newly created inode and to set up the incore inode\nsecurity state during the inode creation transaction. This parallels the\nexisting processing for setting ACLs on newly created inodes. Otherwise, it\nis possible for new inodes to be accessed by another thread via the dcache\nprior to complete security setup (presently handled by the\npost_create/mkdir/... LSM hooks in the VFS) and a newly created inode may be\nleft unlabeled on the disk in the event of a crash. SELinux presently works\naround the issue by ensuring that the incore inode security label is\ninitialized to a special SID that is inaccessible to unprivileged processes\n(in accordance with policy), thereby preventing inappropriate access but\npotentially causing false denials on legitimate accesses. A simple test\nprogram demonstrates such false denials on SELinux, and the patch solves the\nproblem. Similar such false denials have been encountered in real\napplications.\n\nThis patch defines a new inode_init_security LSM hook to obtain the security\nattribute to apply to a newly created inode and to set up the incore inode\nsecurity state for it, and adds a corresponding hook function implementation\nto SELinux.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "216efaaaa006d2f3ecbb5bbc2b6673423813254e", "tree": "c05cd2d0ec829d18a8f85ff8611c0e1424303f52", "parents": [ "066286071d3542243baa68166acb779187c848b3" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 15 20:34:48 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 16:01:15 2005 -0700" }, "message": "[SELINUX]: Update for tcp_diag rename to inet_diag.\n\nAlso, support dccp sockets.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c973b112c76c9d8fd042991128f218a738cc8d0a", "tree": "e813b0da5d0a0e19e06de6462d145a29ad683026", "parents": [ "c5fbc3966f48279dbebfde10248c977014aa9988", "00dd1e433967872f3997a45d5adf35056fdf2f56" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Tue Aug 09 16:51:35 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Tue Aug 09 16:51:35 2005 +0100" }, "message": "Merge with /shiny/git/linux-2.6/.git\n" }, { "commit": "911656f8a630e36b22c7e2bba3317dec9174209c", "tree": "2257dd4c04f4d234caf770a748b290b4d144fcf5", "parents": [ "f0b9d796002d9d39575cf1beabfb625f68b507fa" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jul 28 21:16:21 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Thu Jul 28 21:46:05 2005 -0700" }, "message": "[PATCH] selinux: Fix address length checks in connect hook\n\nThis patch fixes the address length checks in the selinux_socket_connect\nhook to be no more restrictive than the underlying ipv4 and ipv6 code;\notherwise, this hook can reject valid connect calls. This patch is in\nresponse to a bug report where an application was calling connect on an\nINET6 socket with an address that didn\u0027t include the optional scope id and\nfailing due to these checks.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "f5c1d5b2aaf9a98f15a6dcdfbba1f494d0aaae52", "tree": "e896d0b6b9f561c9d124fa81efd261518ccbddf4", "parents": [ "e1699f508ab5098de4b258268fa8913db38d9d35" ], "author": { "name": "James Morris", "email": "jmorris@redhat.com", "time": "Thu Jul 28 01:07:37 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Thu Jul 28 08:39:02 2005 -0700" }, "message": "[PATCH] SELinux: default labeling of MLS field\n\nImplement kernel labeling of the MLS (multilevel security) field of\nsecurity contexts for files which have no existing MLS field. This is to\nenable upgrades of a system from non-MLS to MLS without performing a full\nfilesystem relabel including all of the mountpoints, which would be quite\npainful for users.\n\nWith this patch, with MLS enabled, if a file has no MLS field, the kernel\ninternally adds an MLS field to the in-core inode (but not to the on-disk\nfile). This MLS field added is the default for the superblock, allowing\nper-mountpoint control over the values via fixed policy or mount options.\n\nThis patch has been tested by enabling MLS without relabeling its\nfilesystem, and seems to be working correctly.\n\nSigned-off-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "d2f6409584e2c62ffad81690562330ff3bf4a458", "tree": "3bdfb97d0b51be2f7f414f2107e97603c1206abb", "parents": [ "e1b09eba2686eca94a3a188042b518df6044a3c1", "4a89a04f1ee21a7c1f4413f1ad7dcfac50ff9b63" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat Jul 02 13:39:09 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat Jul 02 13:39:09 2005 +0100" }, "message": "Merge with master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6.git\n\n" }, { "commit": "6931dfc9f3f81d148b7ed0ab3fd796f8b986a995", "tree": "8c7251413b1243e29dc155fd9590931b423c5e31", "parents": [ "9a936eb928c1a253c2e5d66b947688bdc55094a6" ], "author": { "name": "Eric Paris", "email": "eparis@parisplace.org", "time": "Thu Jun 30 02:58:51 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Thu Jun 30 08:45:09 2005 -0700" }, "message": "[PATCH] selinux_sb_copy_data() should not require a whole page\n\nCurrently selinux_sb_copy_data requires an entire page be allocated to\n*orig when the function is called. This \"requirement\" is based on the fact\nthat we call copy_page(in_save, nosec_save) and in_save \u003d orig when the\ndata is not FS_BINARY_MOUNTDATA. This means that if a caller were to call\ndo_kern_mount with only about 10 bytes of options, they would get passed\nhere and then we would corrupt PAGE_SIZE - 10 bytes of memory (with all\nzeros.)\n\nCurrently it appears all in kernel FS\u0027s use one page of data so this has\nnot been a problem. An out of kernel FS did just what is described above\nand it would almost always panic shortly after they tried to mount. From\nlooking else where in the kernel it is obvious that this string of data\nmust always be null terminated. (See example in do_mount where it always\nzeros the last byte.) Thus I suggest we use strcpy in place of copy_page.\nIn this way we make sure the amount we copy is always less than or equal to\nthe amount we received and since do_mount is zeroing the last byte this\nshould be safe for all.\n\nSigned-off-by: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nAcked-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9a5f04bf798254390f89445ecf0b6f4c70ddc1f8", "tree": "ed9aa17d9d980f3f013ccc84e12135c65b51757d", "parents": [ "a2ba192c96d12447472e105890a9cd1b97952747" ], "author": { "name": "Jesper Juhl", "email": "juhl-lkml@dif.dk", "time": "Sat Jun 25 14:58:51 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Jun 25 16:25:00 2005 -0700" }, "message": "[PATCH] selinux: kfree cleanup\n\nkfree(NULL) is legal.\n\nSigned-off-by: Jesper Juhl \u003cjuhl-lkml@dif.dk\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "09ffd94fb15d85fbf9eebb8180f50264b264d6fe", "tree": "688a5b60f9718a56a5d4386ef10596e77fb65b7b", "parents": [ "6b9921976f0861e04828b3aff66696c1f3fd900d" ], "author": { "name": "Lorenzo Hernández García-Hierro", "email": "lorenzo@gnu.org", "time": "Sat Jun 25 14:54:35 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Jun 25 16:24:26 2005 -0700" }, "message": "[PATCH] selinux: add executable heap check\n\nThis patch,based on sample code by Roland McGrath, adds an execheap\npermission check that controls the ability to make the heap executable so\nthat this can be prevented in almost all cases (the X server is presently\nan exception, but this will hopefully be resolved in the future) so that\neven programs with execmem permission will need to have the anonymous\nmemory mapped in order to make it executable.\n\nThe only reason that we use a permission check for such restriction (vs.\nmaking it unconditional) is that the X module loader presently needs it; it\ncould possibly be made unconditional in the future when X is changed.\n\nThe policy patch for the execheap permission is available at:\nhttp://pearls.tuxedo-es.org/patches/selinux/policy-execheap.patch\n\nSigned-off-by: Lorenzo Hernandez Garcia-Hierro \u003clorenzo@gnu.org\u003e\nAcked-by: James Morris \u003cjmorris@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6b9921976f0861e04828b3aff66696c1f3fd900d", "tree": "be372b9dc81e393c909c7fecf8778e8864ba3a0d", "parents": [ "2d15cab85b85a56cc886037cab43cc292923ff22" ], "author": { "name": "Lorenzo Hernandez García-Hierro", "email": "lorenzo@gnu.org", "time": "Sat Jun 25 14:54:34 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Jun 25 16:24:26 2005 -0700" }, "message": "[PATCH] selinux: add executable stack check\n\nThis patch adds an execstack permission check that controls the ability to\nmake the main process stack executable so that attempts to make the stack\nexecutable can still be prevented even if the process is allowed the\nexisting execmem permission in order to e.g. perform runtime code\ngeneration. Note that this does not yet address thread stacks. Note also\nthat unlike the execmem check, the execstack check is only applied on\nmprotect calls, not mmap calls, as the current security_file_mmap hook is\nnot passed the necessary information presently.\n\nThe original author of the code that makes the distinction of the stack\nregion, is Ingo Molnar, who wrote it within his patch for\n/proc/\u003cpid\u003e/maps markers.\n(http://marc.theaimsgroup.com/?l\u003dlinux-kernel\u0026m\u003d110719881508591\u0026w\u003d2)\n\nThe patches also can be found at:\nhttp://pearls.tuxedo-es.org/patches/selinux/policy-execstack.patch\nhttp://pearls.tuxedo-es.org/patches/selinux/kernel-execstack.patch\n\npolicy-execstack.patch is the patch that needs to be applied to the policy in\norder to support the execstack permission and exclude it\nfrom general_domain_access within macros/core_macros.te.\n\nkernel-execstack.patch adds such permission to the SELinux code within\nthe kernel and adds the proper permission check to the selinux_file_mprotect() hook.\n\nSigned-off-by: Lorenzo Hernandez Garcia-Hierro \u003clorenzo@gnu.org\u003e\nAcked-by: James Morris \u003cjmorris@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9ad9ad385be27fcc7c16d290d972c6173e780a61", "tree": "bbca700c2d88ba421a6c9c348de367eaf4de0e2c", "parents": [ "177bbc733a1d9c935bc3d6efd776a6699b29b1ca" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 15:04:33 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 15:04:33 2005 +0100" }, "message": "AUDIT: Wait for backlog to clear when generating messages.\n\nAdd a gfp_mask to audit_log_start() and audit_log(), to reduce the\namount of GFP_ATOMIC allocation -- most of it doesn\u0027t need to be \nGFP_ATOMIC. Also if the mask includes __GFP_WAIT, then wait up to\n60 seconds for the auditd backlog to clear instead of immediately \nabandoning the message. \n\nThe timeout should probably be made configurable, but for now it\u0027ll \nsuffice that it only happens if auditd is actually running.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "da3caa204ca40c32dcb751ebead2a6835b83e8d1", "tree": "0bf36cf3bd9bee84cc4f93de5e99d6a0832329cb", "parents": [ "8680e22f296e75e5497edb660c59c6b4dcfbbd32" ], "author": { "name": "Gerald Schaefer", "email": "geraldsc@de.ibm.com", "time": "Tue Jun 21 17:15:18 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Tue Jun 21 18:46:22 2005 -0700" }, "message": "[PATCH] SELinux: memory leak in selinux_sb_copy_data()\n\nThere is a memory leak during mount when SELinux is active and mount\noptions are specified.\n\nSigned-off-by: Gerald Schaefer \u003cgeraldsc@de.ibm.com\u003e\nAcked-by: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "c04049939f88b29e235d2da217bce6e8ead44f32", "tree": "9bf3ab72b9939c529e7c96f8768bc8b7e1d768c9", "parents": [ "9ea74f0655412d0fbd12bf9adb6c14c8fe707a42" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Fri May 13 18:17:42 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Fri May 13 18:17:42 2005 +0100" }, "message": "AUDIT: Add message types to audit records\n\nThis patch adds more messages types to the audit subsystem so that audit \nanalysis is quicker, intuitive, and more useful.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\n---\nI forgot one type in the big patch. I need to add one for user space \noriginating SE Linux avc messages. This is used by dbus and nscd.\n\n-Steve\n---\nUpdated to 2.6.12-rc4-mm1.\n-dwmw2\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "6af963f1d6789ef20abca5696cd52a758b396e52", "tree": "20990e909fc4a79789de54cfcae7ea150329cdc5", "parents": [ "de7d5a3b6c9ff8429bf046c36b56d3192b75c3da" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Sun May 01 08:58:39 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sun May 01 08:58:39 2005 -0700" }, "message": "[PATCH] SELinux: cleanup ipc_has_perm\n\nThis patch removes the sclass argument from ipc_has_perm in the SELinux\nmodule, as it can be obtained from the ipc security structure. The use of\na separate argument was a legacy of the older precondition function\nhandling in SELinux and is obsolete. Please apply.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "0d3d077cd4f1154e63a9858e47fe3fb1ad0c03e5", "tree": "63f376b3586412af712ffac7d500516c98f7bb2c", "parents": [ "aa77d26961fa4ecb11fe4209578dcd62ad15819d" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Sun Apr 24 20:16:19 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Apr 24 20:16:19 2005 -0700" }, "message": "[SELINUX]: Fix ipv6_skip_exthdr() invocation causing OOPS.\n\nThe SELinux hooks invoke ipv6_skip_exthdr() with an incorrect\nlength final argument. However, the length argument turns out\nto be superfluous.\n\nI was just reading ipv6_skip_exthdr and it occured to me that we can\nget rid of len altogether. The only place where len is used is to\ncheck whether the skb has two bytes for ipv6_opt_hdr. This check\nis done by skb_header_pointer/skb_copy_bits anyway.\n\nNow it might appear that we\u0027ve made the code slower by deferring\nthe check to skb_copy_bits. However, this check should not trigger\nin the common case so this is OK.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "0c9b79429c83a404a04908be65baa9d97836bbb6", "tree": "66cdf9fc4cf40867ed8c9dc060661615941cd95f", "parents": [ "7e5c6bc0a600c49e5922591ad41ff41987f54eb4" ], "author": { "name": "James Morris", "email": "jmorris@redhat.com", "time": "Sat Apr 16 15:24:13 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:24:13 2005 -0700" }, "message": "[PATCH] SELinux: add support for NETLINK_KOBJECT_UEVENT\n\nThis patch adds SELinux support for the KOBJECT_UEVENT Netlink family, so\nthat SELinux can apply finer grained controls to it. For example, security\npolicy for hald can be locked down to the KOBJECT_UEVENT Netlink family\nonly. Currently, this family simply defaults to the default Netlink socket\nclass.\n\nNote that some new permission definitions are added to sync with changes in\nthe core userspace policy package, which auto-generates header files.\n\nSigned-off-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d", "parents": [], "author": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n" } ] }