)]}'
{
  "log": [
    {
      "commit": "fc5d81e69d15c65ca20d9e5b4e242690e3e9c27d",
      "tree": "487e7c5e25fb91246712747cc9595f750cffa30b",
      "parents": [
        "2ea5814472c3c910aed5c5b60f1f3b1000e353f1"
      ],
      "author": {
        "name": "Akinobu Mita",
        "email": "akinobu.mita@gmail.com",
        "time": "Mon Nov 27 15:16:48 2006 +0900"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Mon Nov 27 10:22:43 2006 -0500"
      },
      "message": "selinux: fix dentry_open() error check\n\nThe return value of dentry_open() shoud be checked by IS_ERR().\n\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Akinobu Mita \u003cakinobu.mita@gmail.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "f8687afefcc821fc47c75775eec87731fe3de360",
      "tree": "9835a3c95fb94597ede42cfdf732b97cc495c9bf",
      "parents": [
        "920b868ae1dfdac77c5e8c97e7067b23680f043e"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "paul.moore@hp.com",
        "time": "Mon Oct 30 15:22:15 2006 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Mon Oct 30 15:24:49 2006 -0800"
      },
      "message": "[NetLabel]: protect the CIPSOv4 socket option from setsockopt()\n\nThis patch makes two changes to protect applications from either removing or\ntampering with the CIPSOv4 IP option on a socket.  The first is the requirement\nthat applications have the CAP_NET_RAW capability to set an IPOPT_CIPSO option\non a socket; this prevents untrusted applications from setting their own\nCIPSOv4 security attributes on the packets they send.  The second change is to\nSELinux and it prevents applications from setting any IPv4 options when there\nis an IPOPT_CIPSO option already present on the socket; this prevents\napplications from removing CIPSOv4 security attributes from the packets they\nsend.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "bf0edf39296097f20c5fcc4919ed7d339194bd75",
      "tree": "0cde65c275cd7bab51c306cde3bf80487655f6ba",
      "parents": [
        "044a68ed8a692f643cf3c0a54c380a922584f34f"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "paul.moore@hp.com",
        "time": "Wed Oct 11 19:10:48 2006 -0400"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Sun Oct 15 23:14:15 2006 -0700"
      },
      "message": "NetLabel: better error handling involving mls_export_cat()\n\nUpon inspection it looked like the error handling for mls_export_cat() was\nrather poor.  This patch addresses this by NULL\u0027ing out kfree()\u0027d pointers\nbefore returning and checking the return value of the function everywhere\nit is called.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "6e8c751e07b34d73069e9333f67fbe5ffe31ec3a",
      "tree": "6fe661be57040eebd237c5bed86e5eb76910639e",
      "parents": [
        "3bccfbc7a7ba4085817deae6e7c67daf0cbd045a"
      ],
      "author": {
        "name": "Chad Sellers",
        "email": "csellers@tresys.com",
        "time": "Fri Oct 06 16:09:52 2006 -0400"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Wed Oct 11 23:59:41 2006 -0700"
      },
      "message": "SELinux: Bug fix in polidydb_destroy\n\nThis patch fixes two bugs in policydb_destroy. Two list pointers\n(policydb.ocontexts[i] and policydb.genfs) were not being reset to NULL when\nthe lists they pointed to were being freed. This caused a problem when the\ninitial policy load failed, as the policydb being destroyed was not a\ntemporary new policydb that was thrown away, but rather was the global\n(active) policydb. Consequently, later functions, particularly\nsys_bind-\u003eselinux_socket_bind-\u003esecurity_node_sid and\ndo_rw_proc-\u003eselinux_sysctl-\u003eselinux_proc_get_sid-\u003esecurity_genfs_sid tried\nto dereference memory that had previously been freed.\n\nSigned-off-by: Chad Sellers \u003ccsellers@tresys.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "5b368e61c2bcb2666bb66e2acf1d6d85ba6f474d",
      "tree": "293f595f737540a546ba186ba1f054389aa95f6f",
      "parents": [
        "134b0fc544ba062498451611cb6f3e4454221b3d"
      ],
      "author": {
        "name": "Venkat Yekkirala",
        "email": "vyekkirala@trustedcs.com",
        "time": "Thu Oct 05 15:42:18 2006 -0500"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Wed Oct 11 23:59:37 2006 -0700"
      },
      "message": "IPsec: correct semantics for SELinux policy matching\n\nCurrently when an IPSec policy rule doesn\u0027t specify a security\ncontext, it is assumed to be \"unlabeled\" by SELinux, and so\nthe IPSec policy rule fails to match to a flow that it would\notherwise match to, unless one has explicitly added an SELinux\npolicy rule allowing the flow to \"polmatch\" to the \"unlabeled\"\nIPSec policy rules. In the absence of such an explicitly added\nSELinux policy rule, the IPSec policy rule fails to match and\nso the packet(s) flow in clear text without the otherwise applicable\nxfrm(s) applied.\n\nThe above SELinux behavior violates the SELinux security notion of\n\"deny by default\" which should actually translate to \"encrypt by\ndefault\" in the above case.\n\nThis was first reported by Evgeniy Polyakov and the way James Morris\nwas seeing the problem was when connecting via IPsec to a\nconfined service on an SELinux box (vsftpd), which did not have the\nappropriate SELinux policy permissions to send packets via IPsec.\n\nWith this patch applied, SELinux \"polmatching\" of flows Vs. IPSec\npolicy rules will only come into play when there\u0027s a explicit context\nspecified for the IPSec policy rule (which also means there\u0027s corresponding\nSELinux policy allowing appropriate domains/flows to polmatch to this context).\n\nSecondly, when a security module is loaded (in this case, SELinux), the\nsecurity_xfrm_policy_lookup() hook can return errors other than access denied,\nsuch as -EINVAL.  We were not handling that correctly, and in fact\ninverting the return logic and propagating a false \"ok\" back up to\nxfrm_lookup(), which then allowed packets to pass as if they were not\nassociated with an xfrm policy.\n\nThe solution for this is to first ensure that errno values are\ncorrectly propagated all the way back up through the various call chains\nfrom security_xfrm_policy_lookup(), and handled correctly.\n\nThen, flow_cache_lookup() is modified, so that if the policy resolver\nfails (typically a permission denied via the security module), the flow\ncache entry is killed rather than having a null policy assigned (which\nindicates that the packet can pass freely).  This also forces any future\nlookups for the same flow to consult the security module (e.g. SELinux)\nfor current security policy (rather than, say, caching the error on the\nflow cache entry).\n\nThis patch: Fix the selinux side of things.\n\nThis makes sure SELinux polmatching of flow contexts to IPSec policy\nrules comes into play only when an explicit context is associated\nwith the IPSec policy rule.\n\nAlso, this no longer defaults the context of a socket policy to\nthe context of the socket since the \"no explicit context\" case\nis now handled properly.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "388b24057f90ba109d4bf855006a8809c383eb76",
      "tree": "44ab16f68b08ac7ed64ba4e4f2be87a6476a5d4c",
      "parents": [
        "ffb733c65000ee701294f7b80c4eca2a5f335637"
      ],
      "author": {
        "name": "paul.moore@hp.com",
        "email": "paul.moore@hp.com",
        "time": "Thu Oct 05 18:28:24 2006 -0400"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Wed Oct 11 23:59:32 2006 -0700"
      },
      "message": "NetLabel: use SECINITSID_UNLABELED for a base SID\n\nThis patch changes NetLabel to use SECINITSID_UNLABLELED as it\u0027s source of\nSELinux type information when generating a NetLabel context.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "ffb733c65000ee701294f7b80c4eca2a5f335637",
      "tree": "edda8e25792fe4a7bf0c619787949291276b9ed7",
      "parents": [
        "c25d5180441e344a3368d100c57f0a481c6944f7"
      ],
      "author": {
        "name": "paul.moore@hp.com",
        "email": "paul.moore@hp.com",
        "time": "Wed Oct 04 11:46:31 2006 -0400"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Wed Oct 11 23:59:29 2006 -0700"
      },
      "message": "NetLabel: fix a cache race condition\n\nTesting revealed a problem with the NetLabel cache where a cached entry could\nbe freed while in use by the LSM layer causing an oops and other problems.\nThis patch fixes that problem by introducing a reference counter to the cache\nentry so that it is only freed when it is no longer in use.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "cab00891c5489cb6d0cde0a55d39bd5f2871fa70",
      "tree": "0dc810a15ad02dc76939b6ea021a4a24794561bb",
      "parents": [
        "44c09201a4178e08ed1c8cc37e7aea0683888f0a"
      ],
      "author": {
        "name": "Matt LaPlante",
        "email": "kernel1@cyberdogtech.com",
        "time": "Tue Oct 03 22:36:44 2006 +0200"
      },
      "committer": {
        "name": "Adrian Bunk",
        "email": "bunk@stusta.de",
        "time": "Tue Oct 03 22:36:44 2006 +0200"
      },
      "message": "Still more typo fixes\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\n"
    },
    {
      "commit": "44c09201a4178e08ed1c8cc37e7aea0683888f0a",
      "tree": "2b8a859ef668b24cc7c41331d29357979e07c364",
      "parents": [
        "095096038d637c477ef3c1b674612bcbc4d60c2d"
      ],
      "author": {
        "name": "Matt LaPlante",
        "email": "kernel1@cyberdogtech.com",
        "time": "Tue Oct 03 22:34:14 2006 +0200"
      },
      "committer": {
        "name": "Adrian Bunk",
        "email": "bunk@stusta.de",
        "time": "Tue Oct 03 22:34:14 2006 +0200"
      },
      "message": "more misc typo fixes\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\n"
    },
    {
      "commit": "d8c76e6f45c111c32a4b3e50a2adc9210737b0d8",
      "tree": "25521b59d48c6d8c9aec1af54dbe5008ad4b215b",
      "parents": [
        "9a53c3a783c2fa9b969628e65695c11c3e51e673"
      ],
      "author": {
        "name": "Dave Hansen",
        "email": "haveblue@us.ibm.com",
        "time": "Sat Sep 30 23:29:04 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Sun Oct 01 00:39:30 2006 -0700"
      },
      "message": "[PATCH] r/o bind mount prepwork: inc_nlink() helper\n\nThis is mostly included for parity with dec_nlink(), where we will have some\nmore hooks.  This one should stay pretty darn straightforward for now.\n\nSigned-off-by: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nAcked-by: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "2148ccc437a9eac9f0d4b3c27cb1e41f6a48194c",
      "tree": "03dc59734526aa654d29e1b81cdad18369598182",
      "parents": [
        "9a69d1aeccf169d9a1e442c07d3a6e87f06a7b49"
      ],
      "author": {
        "name": "David Woodhouse",
        "email": "dwmw2@infradead.org",
        "time": "Fri Sep 29 15:50:25 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Fri Sep 29 15:58:21 2006 -0700"
      },
      "message": "[PATCH] MLSXFRM: fix mis-labelling of child sockets\n\nAccepted connections of types other than AF_INET, AF_INET6, AF_UNIX won\u0027t\nhave an appropriate label derived from the peer, so don\u0027t use it.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "3528a95322b5c1ce882ab723f175a1845430cd89",
      "tree": "3aa8b456e08ed3e57fe23152c934b8ed1b234022",
      "parents": [
        "79f5acf5d784492afe80723496624093079aed9c"
      ],
      "author": {
        "name": "Cory Olmo",
        "email": "colmo@TrustedCS.com",
        "time": "Fri Sep 29 01:58:44 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Fri Sep 29 09:18:03 2006 -0700"
      },
      "message": "[PATCH] SELinux: support mls categories for context mounts\n\nAllows commas to be embedded into context mount options (i.e.  \"-o\ncontext\u003dsome_selinux_context_t\"), to better support multiple categories,\nwhich are separated by commas and confuse mount.\n\nFor example, with the current code:\n\n  mount -t iso9660 /dev/cdrom /media/cdrom -o \\\n  ro,context\u003dsystem_u:object_r:iso9660_t:s0:c1,c3,c4,exec\n\nThe context option that will be interpreted by SELinux is\ncontext\u003dsystem_u:object_r:iso9660_t:s0:c1\n\ninstead of\ncontext\u003dsystem_u:object_r:iso9660_t:s0:c1,c3,c4\n\nThe options that will be passed on to the file system will be\nro,c3,c4,exec.\n\nThe proposed solution is to allow/require the SELinux context option\nspecified to mount to use quotes when the context contains a comma.\n\nThis patch modifies the option parsing in parse_opts(), contained in\nmount.c, to take options after finding a comma only if it hasn\u0027t seen a\nquote or if the quotes are matched.  It also introduces a new function that\nwill strip the quotes from the context option prior to translation.  The\nquotes are replaced after the translation is completed to insure that in\nthe event the raw context contains commas the kernel will be able to\ninterpret the correct context.\n\nSigned-off-by: Cory Olmo \u003ccolmo@TrustedCS.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "ba52de123d454b57369f291348266d86f4b35070",
      "tree": "3973f3f3c853b5857b6b64a027cadd4fe954e3b9",
      "parents": [
        "577c4eb09d1034d0739e3135fd2cff50588024be"
      ],
      "author": {
        "name": "Theodore Ts\u0027o",
        "email": "tytso@mit.edu",
        "time": "Wed Sep 27 01:50:49 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Wed Sep 27 08:26:18 2006 -0700"
      },
      "message": "[PATCH] inode-diet: Eliminate i_blksize from the inode structure\n\nThis eliminates the i_blksize field from struct inode.  Filesystems that want\nto provide a per-inode st_blksize can do so by providing their own getattr\nroutine instead of using the generic_fillattr() function.\n\nNote that some filesystems were providing pretty much random (and incorrect)\nvalues for i_blksize.\n\n[bunk@stusta.de: cleanup]\n[akpm@osdl.org: generic_fillattr() fix]\nSigned-off-by: \"Theodore Ts\u0027o\" \u003ctytso@mit.edu\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "b20c8122a3204496fca8b5343c93b60fe11dad04",
      "tree": "f807fb699dcec3f40a8de1a5c64f3653cf68bb6a",
      "parents": [
        "bc7e982b84aceef0a040c88ff659eb5c83818f72"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Mon Sep 25 23:32:03 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Tue Sep 26 08:48:53 2006 -0700"
      },
      "message": "[PATCH] selinux: fix tty locking\n\nTake tty_mutex when accessing -\u003esignal-\u003etty in selinux code.  Noted by Alan\nCox.  Longer term, we are looking at refactoring the code to provide better\nencapsulation of the tty layer, but this is a simple fix that addresses the\nimmediate bug.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Alan Cox \u003calan@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "bc7e982b84aceef0a040c88ff659eb5c83818f72",
      "tree": "0e351e00c5fa90cd5b6a9b9f710e95ecb953b1f2",
      "parents": [
        "23970741720360de9dd0a4e87fbeb1d5927aa474"
      ],
      "author": {
        "name": "Eric Paris",
        "email": "eparis@redhat.com",
        "time": "Mon Sep 25 23:32:02 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Tue Sep 26 08:48:53 2006 -0700"
      },
      "message": "[PATCH] SELinux: convert sbsec semaphore to a mutex\n\nThis patch converts the semaphore in the superblock security struct to a\nmutex.  No locking changes or other code changes are done.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "23970741720360de9dd0a4e87fbeb1d5927aa474",
      "tree": "2dc28ddfeae751a673d43e1925fd131d6ed3e222",
      "parents": [
        "296fddf7513c155adbd3a443d12add1f62b5cddb"
      ],
      "author": {
        "name": "Eric Paris",
        "email": "eparis@redhat.com",
        "time": "Mon Sep 25 23:32:01 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Tue Sep 26 08:48:53 2006 -0700"
      },
      "message": "[PATCH] SELinux: change isec semaphore to a mutex\n\nThis patch converts the remaining isec-\u003esem into a mutex.  Very similar\nlocking is provided as before only in the faster smaller mutex rather than a\nsemaphore.  An out_unlock path is introduced rather than the conditional\nunlocking found in the original code.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "296fddf7513c155adbd3a443d12add1f62b5cddb",
      "tree": "1fc7e3067f1b635b34a178fcb9a96b88bf5c626e",
      "parents": [
        "f3f8771420737004da55159c2f2dc0b6f483a4ef"
      ],
      "author": {
        "name": "Eric Paris",
        "email": "eparis@redhat.com",
        "time": "Mon Sep 25 23:32:00 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Tue Sep 26 08:48:53 2006 -0700"
      },
      "message": "[PATCH] SELinux: eliminate inode_security_set_security\n\ninode_security_set_sid is only called by security_inode_init_security, which\nis called when a new file is being created and needs to have its incore\nsecurity state initialized and its security xattr set.  This helper used to be\ncalled in other places in the past, but now only has the one.  So this patch\nrolls inode_security_set_sid directly back into security_inode_init_security.\nThere also is no need to hold the isec-\u003esem while doing this, as the inode is\nnot available to other threads at this point in time.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "f3f8771420737004da55159c2f2dc0b6f483a4ef",
      "tree": "01ff2aa4dc82cdc5b2383648f9fabb8378250d00",
      "parents": [
        "016b9bdb81d9c9c7800e4e224ade38d8b37669d3"
      ],
      "author": {
        "name": "Darrel Goeddel",
        "email": "dgoeddel@TrustedCS.com",
        "time": "Mon Sep 25 23:31:59 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Tue Sep 26 08:48:52 2006 -0700"
      },
      "message": "[PATCH] selinux: add support for range transitions on object classes\n\nIntroduces support for policy version 21.  This version of the binary\nkernel policy allows for defining range transitions on security classes\nother than the process security class.  As always, backwards compatibility\nfor older formats is retained.  The security class is read in as specified\nwhen using the new format, while the \"process\" security class is assumed\nwhen using an older policy format.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "016b9bdb81d9c9c7800e4e224ade38d8b37669d3",
      "tree": "47335b123973d918a9686cd2647e5e314ed2c1dd",
      "parents": [
        "9a2f44f01a67a6ecca71515af999895b45a2aeb0"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Mon Sep 25 23:31:58 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Tue Sep 26 08:48:52 2006 -0700"
      },
      "message": "[PATCH] selinux: enable configuration of max policy version\n\nEnable configuration of SELinux maximum supported policy version to support\nlegacy userland (init) that does not gracefully handle kernels that support\nnewer policy versions two or more beyond the installed policy, as in FC3\nand FC4.\n\n[bunk@stusta.de: improve Kconfig help text]\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "9a2f44f01a67a6ecca71515af999895b45a2aeb0",
      "tree": "badb3047f9a80013ad0d00a413f6ca038ba3f3ce",
      "parents": [
        "1a70cd40cb291c25b67ec0da715a49d76719329d"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Mon Sep 25 23:31:58 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Tue Sep 26 08:48:52 2006 -0700"
      },
      "message": "[PATCH] selinux: replace ctxid with sid in selinux_audit_rule_match interface\n\nReplace ctxid with sid in selinux_audit_rule_match interface for\nconsistency with other interfaces.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "1a70cd40cb291c25b67ec0da715a49d76719329d",
      "tree": "ffb4c6cd3f7ef1b92822ebbda11bd2b035c2bc86",
      "parents": [
        "62bac0185ad3dfef11d9602980445c54d45199c6"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Mon Sep 25 23:31:57 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Tue Sep 26 08:48:52 2006 -0700"
      },
      "message": "[PATCH] selinux: rename selinux_ctxid_to_string\n\nRename selinux_ctxid_to_string to selinux_sid_to_string to be\nconsistent with other interfaces.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "62bac0185ad3dfef11d9602980445c54d45199c6",
      "tree": "8478673a1dccac5f4e7add4ad802a2bf69b269a4",
      "parents": [
        "89fa30242facca249aead2aac03c4c69764f911c"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Mon Sep 25 23:31:56 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Tue Sep 26 08:48:52 2006 -0700"
      },
      "message": "[PATCH] selinux: eliminate selinux_task_ctxid\n\nEliminate selinux_task_ctxid since it duplicates selinux_task_get_sid.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "df2115c3134d0d1a18c1f37f5192394e7f64d1e0",
      "tree": "6a248318fa84838967376269fbd2e999ebeef3f2",
      "parents": [
        "609c92feea5652809319bb77f19d24a44615687d"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "paul.moore@hp.com",
        "time": "Mon Sep 25 15:53:13 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Mon Sep 25 15:53:13 2006 -0700"
      },
      "message": "[NetLabel]: change the SELinux permissions\n\nChange NetLabel to use the \u0027recvfrom\u0027 socket permission and the\nSECINITSID_NETMSG SELinux SID as the NetLabel base SID for incoming packets.\nThis patch effectively makes the old, and currently unused, SELinux NETMSG\npermissions NetLabel permissions.\n\nSigned-of-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "14a72f53fb1bb5d5c2bdd8cf172219519664729a",
      "tree": "95a077fb9289a95c352af77f18f12e5aba3313c6",
      "parents": [
        "597811ec167fa01c926a0957a91d9e39baa30e64"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "paul.moore@hp.com",
        "time": "Mon Sep 25 15:52:01 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Mon Sep 25 15:52:01 2006 -0700"
      },
      "message": "[NetLabel]: correct improper handling of non-NetLabel peer contexts\n\nFix a problem where NetLabel would always set the value of \nsk_security_struct-\u003epeer_sid in selinux_netlbl_sock_graft() to the context of\nthe socket, causing problems when users would query the context of the\nconnection.  This patch fixes this so that the value in\nsk_security_struct-\u003epeer_sid is only set when the connection is NetLabel based,\notherwise the value is untouched.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "4eb327b517cf85f6cb7dcd5691e7b748cbe8c343",
      "tree": "51bd92e6b5582a10f21de0d909fb062d6ecf8cce",
      "parents": [
        "161643660129dd7d98f0b12418c0a2710ffa7db6"
      ],
      "author": {
        "name": "Venkat Yekkirala",
        "email": "vyekkirala@TrustedCS.com",
        "time": "Tue Sep 19 10:24:19 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 15:19:04 2006 -0700"
      },
      "message": "[SELINUX]: Fix bug in security_sid_mls_copy\n\nThe following fixes a bug where random mem is being tampered with in the\nnon-mls case; encountered by Jashua Brindle on a gentoo box.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nAcked-by:  Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "7a0e1d602288370801c353221c6a938eab925053",
      "tree": "f11ef396a27549513a91fcaf7d06dafb2b84509a",
      "parents": [
        "e448e931309e703f51d71a557973c620ff12fbda"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "paul.moore@hp.com",
        "time": "Tue Aug 29 17:56:04 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 15:18:39 2006 -0700"
      },
      "message": "[NetLabel]: add some missing #includes to various header files\n\nAdd some missing include files to the NetLabel related header files.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "e448e931309e703f51d71a557973c620ff12fbda",
      "tree": "8a738f5f45367965c29210402d28464fec3c04be",
      "parents": [
        "7b3bbb926f4b3dd3a007dcf8dfa00203f52cb58d"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "paul.moore@hp.com",
        "time": "Tue Aug 29 17:55:38 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 15:18:38 2006 -0700"
      },
      "message": "[NetLabel]: uninline selinux_netlbl_inode_permission()\n\nUninline the selinux_netlbl_inode_permission() at the request of\nAndrew Morton.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "7b3bbb926f4b3dd3a007dcf8dfa00203f52cb58d",
      "tree": "1ee2ab452f5c94ce4779171d6ebaa07f7d1fcd21",
      "parents": [
        "c1b14c0a46232246f61d3157bac1201e1e102227"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "paul.moore@hp.com",
        "time": "Tue Aug 29 17:55:11 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 15:18:37 2006 -0700"
      },
      "message": "[NetLabel]: Cleanup ebitmap_import()\n\nRewrite ebitmap_import() so it is a bit cleaner and easier to read.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "c1b14c0a46232246f61d3157bac1201e1e102227",
      "tree": "51c8097371c251c7dc17a6e637009523ce558bca",
      "parents": [
        "1b7f775209bbee6b993587bae69acb9fc12ceb17"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "paul.moore@hp.com",
        "time": "Tue Aug 29 17:54:41 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 15:18:36 2006 -0700"
      },
      "message": "[NetLabel]: Comment corrections.\n\nFix some incorrect comments.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "99f59ed073d3c1b890690064ab285a201dea2e35",
      "tree": "0f6ae012cf4f988d3ae0c665fd3b12ea05409ec8",
      "parents": [
        "fc747e82b40ea50a62eb2aef55bedd4465607cb0"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "paul.moore@hp.com",
        "time": "Tue Aug 29 17:53:48 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 15:18:34 2006 -0700"
      },
      "message": "[NetLabel]: Correctly initialize the NetLabel fields.\n\nFix a problem where the NetLabel specific fields of the sk_security_struct\nstructure were not being initialized early enough in some cases.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "9a673e563e543a5c8a6f9824562e55e807b8a56c",
      "tree": "53d26641175411b04ce7c755df72e515b3bf79ad",
      "parents": [
        "97a4f3e7110619568aa239fe19143d9ec42dede5"
      ],
      "author": {
        "name": "Adrian Bunk",
        "email": "bunk@stusta.de",
        "time": "Tue Aug 15 00:03:53 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 14:54:44 2006 -0700"
      },
      "message": "[SELINUX]: security/selinux/hooks.c: Make 4 functions static.\n\nThis patch makes four needlessly global functions static.\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "7420ed23a4f77480b5b7b3245e5da30dd24b7575",
      "tree": "016f5bb996c5eae66754b10243c5be6226d773f2",
      "parents": [
        "96cb8e3313c7a12e026c1ed510522ae6f6023875"
      ],
      "author": {
        "name": "Venkat Yekkirala",
        "email": "vyekkirala@TrustedCS.com",
        "time": "Fri Aug 04 23:17:57 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 14:53:36 2006 -0700"
      },
      "message": "[NetLabel]: SELinux support\n\nAdd NetLabel support to the SELinux LSM and modify the\nsocket_post_create() LSM hook to return an error code.  The most\nsignificant part of this patch is the addition of NetLabel hooks into\nthe following SELinux LSM hooks:\n\n * selinux_file_permission()\n * selinux_socket_sendmsg()\n * selinux_socket_post_create()\n * selinux_socket_sock_rcv_skb()\n * selinux_socket_getpeersec_stream()\n * selinux_socket_getpeersec_dgram()\n * selinux_sock_graft()\n * selinux_inet_conn_request()\n\nThe basic reasoning behind this patch is that outgoing packets are\n\"NetLabel\u0027d\" by labeling their socket and the NetLabel security\nattributes are checked via the additional hook in\nselinux_socket_sock_rcv_skb().  NetLabel itself is only a labeling\nmechanism, similar to filesystem extended attributes, it is up to the\nSELinux enforcement mechanism to perform the actual access checks.\n\nIn addition to the changes outlined above this patch also includes\nsome changes to the extended bitmap (ebitmap) and multi-level security\n(mls) code to import and export SELinux TE/MLS attributes into and out\nof NetLabel.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "a51c64f1e5c2876eab2a32955acd9e8015c91c15",
      "tree": "1cc49c6ee7a3135ea000956e5fef41ff4c8e2ebe",
      "parents": [
        "4237c75c0a35535d7f9f2bfeeb4b4df1e068a0bf"
      ],
      "author": {
        "name": "Venkat Yekkirala",
        "email": "vyekkirala@TrustedCS.com",
        "time": "Thu Jul 27 22:01:34 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 14:53:30 2006 -0700"
      },
      "message": "[MLSXFRM]: Fix build with SECURITY_NETWORK_XFRM disabled.\n\nThe following patch will fix the build problem (encountered by Andrew\nMorton) when SECURITY_NETWORK_XFRM is not enabled.\n\nAs compared to git-net-selinux_xfrm_decode_session-build-fix.patch in\n-mm, this patch sets the return parameter sid to SECSID_NULL in\nselinux_xfrm_decode_session() and handles this value in the caller\nselinux_inet_conn_request() appropriately.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "4237c75c0a35535d7f9f2bfeeb4b4df1e068a0bf",
      "tree": "02adcb6fe6c346a8b99cf161ba5233ed1e572727",
      "parents": [
        "cb969f072b6d67770b559617f14e767f47e77ece"
      ],
      "author": {
        "name": "Venkat Yekkirala",
        "email": "vyekkirala@TrustedCS.com",
        "time": "Mon Jul 24 23:32:50 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 14:53:29 2006 -0700"
      },
      "message": "[MLSXFRM]: Auto-labeling of child sockets\n\nThis automatically labels the TCP, Unix stream, and dccp child sockets\nas well as openreqs to be at the same MLS level as the peer. This will\nresult in the selection of appropriately labeled IPSec Security\nAssociations.\n\nThis also uses the sock\u0027s sid (as opposed to the isec sid) in SELinux\nenforcement of secmark in rcv_skb and postroute_last hooks.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "cb969f072b6d67770b559617f14e767f47e77ece",
      "tree": "4112eb0182e8b3e28b42aebaa40ca25454fc6b76",
      "parents": [
        "beb8d13bed80f8388f1a9a107d07ddd342e627e8"
      ],
      "author": {
        "name": "Venkat Yekkirala",
        "email": "vyekkirala@TrustedCS.com",
        "time": "Mon Jul 24 23:32:20 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 14:53:28 2006 -0700"
      },
      "message": "[MLSXFRM]: Default labeling of socket specific IPSec policies\n\nThis defaults the label of socket-specific IPSec policies to be the\nsame as the socket they are set on.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "beb8d13bed80f8388f1a9a107d07ddd342e627e8",
      "tree": "19d5763b9b3b8ff3969997565e5ec0edd6e4bd33",
      "parents": [
        "4e2ba18eae7f370c7c3ed96eaca747cc9b39f917"
      ],
      "author": {
        "name": "Venkat Yekkirala",
        "email": "vyekkirala@TrustedCS.com",
        "time": "Fri Aug 04 23:12:42 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 14:53:27 2006 -0700"
      },
      "message": "[MLSXFRM]: Add flow labeling\n\nThis labels the flows that could utilize IPSec xfrms at the points the\nflows are defined so that IPSec policy and SAs at the right label can\nbe used.\n\nThe following protos are currently not handled, but they should\ncontinue to be able to use single-labeled IPSec like they currently\ndo.\n\nipmr\nip_gre\nipip\nigmp\nsit\nsctp\nip6_tunnel (IPv6 over IPv6 tunnel device)\ndecnet\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "e0d1caa7b0d5f02e4f34aa09c695d04251310c6c",
      "tree": "bf023c17abf6813f2694ebf5fafff82edd6a1023",
      "parents": [
        "b6340fcd761acf9249b3acbc95c4dc555d9beb07"
      ],
      "author": {
        "name": "Venkat Yekkirala",
        "email": "vyekkirala@TrustedCS.com",
        "time": "Mon Jul 24 23:29:07 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 14:53:24 2006 -0700"
      },
      "message": "[MLSXFRM]: Flow based matching of xfrm policy and state\n\nThis implements a seemless mechanism for xfrm policy selection and\nstate matching based on the flow sid. This also includes the necessary\nSELinux enforcement pieces.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "892c141e62982272b9c738b5520ad0e5e1ad7b42",
      "tree": "c8e0c9b3e55106d2cb085a5047b9d02dbbb28653",
      "parents": [
        "08554d6b33e60aa8ee40bbef94505941c0eefef2"
      ],
      "author": {
        "name": "Venkat Yekkirala",
        "email": "vyekkirala@TrustedCS.com",
        "time": "Fri Aug 04 23:08:56 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 14:53:22 2006 -0700"
      },
      "message": "[MLSXFRM]: Add security sid to sock\n\nThis adds security for IP sockets at the sock level. Security at the\nsock level is needed to enforce the SELinux security policy for\nsecurity associations even when a sock is orphaned (such as in the TCP\nLAST_ACK state).\n\nThis will also be used to enforce SELinux controls over data arriving\nat or leaving a child socket while it\u0027s still waiting to be accepted.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "08554d6b33e60aa8ee40bbef94505941c0eefef2",
      "tree": "1610750ccd13872a33fffffcce057e10aa785d2e",
      "parents": [
        "51bd39860ff829475aef611a3234309e37e090d9"
      ],
      "author": {
        "name": "Venkat Yekkirala",
        "email": "vyekkirala@TrustedCS.com",
        "time": "Mon Jul 24 23:27:16 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 14:53:21 2006 -0700"
      },
      "message": "[MLSXFRM]: Define new SELinux service routine\n\nThis defines a routine that combines the Type Enforcement portion of\none sid with the MLS portion from the other sid to arrive at a new\nsid. This would be used to define a sid for a security association\nthat is to be negotiated by IKE as well as for determing the sid for\nopen requests and connection-oriented child sockets.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "51bd39860ff829475aef611a3234309e37e090d9",
      "tree": "2ff1569f44f54ecad1d1d232bacfa4c76b9502a6",
      "parents": [
        "e6e5fee1426bef07f4e6c3c76f48343c14207938"
      ],
      "author": {
        "name": "Venkat Yekkirala",
        "email": "vyekkirala@TrustedCS.com",
        "time": "Mon Jul 24 23:26:30 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 14:53:20 2006 -0700"
      },
      "message": "[MLSXFRM]: Granular IPSec associations for use in MLS environments\n\nThe current approach to labeling Security Associations for SELinux\npurposes uses a one-to-one mapping between xfrm policy rules and\nsecurity associations.\n\nThis doesn\u0027t address the needs of real world MLS (Multi-level System,\ntraditional Bell-LaPadula) environments where a single xfrm policy\nrule (pertaining to a range, classified to secret for example) might\nneed to map to multiple Security Associations (one each for\nclassified, secret, top secret and all the compartments applicable to\nthese security levels).\n\nThis patch set addresses the above problem by allowing for the mapping\nof a single xfrm policy rule to multiple security associations, with\neach association used in the security context it is defined for. It\nalso includes the security context to be used in IKE negotiation in\nthe acquire messages sent to the IKE daemon so that a unique SA can be\nnegotiated for each unique security context. A couple of bug fixes are\nalso included; checks to make sure the SAs used by a packet match\npolicy (security context-wise) on the inbound and also that the bundle\nused for the outbound matches the security context of the flow. This\npatch set also makes the use of the SELinux sid in flow cache lookups\nseemless by including the sid in the flow key itself. Also, open\nrequests as well as connection-oriented child sockets are labeled\nautomatically to be at the same level as the peer to allow for use of\nappropriately labeled IPSec associations.\n\nDescription of changes:\n\nA \"sid\" member has been added to the flow cache key resulting in the\nsid being available at all needed locations and the flow cache lookups\nautomatically using the sid. The flow sid is derived from the socket\non the outbound and the SAs (unlabeled where an SA was not used) on\nthe inbound.\n\nOutbound case:\n1. Find policy for the socket.\n\n2. OLD: Find an SA that matches the policy.\n NEW: Find an SA that matches BOTH the policy and the flow/socket.\n   This is necessary since not every SA that matches the policy\n   can be used for the flow/socket. Consider policy range Secret-TS,\n   and SAs each for Secret and TS. We don\u0027t want a TS socket to\n   use the Secret SA. Hence the additional check for the SA Vs. flow/socket.\n\n3. NEW: When looking thru bundles for a policy, make sure the\n        flow/socket can use the bundle. If a bundle is not found,\n        create one, calling for IKE if necessary. If using IKE,\n        include the security context in the acquire message to the IKE\n        daemon.\n\nInbound case:\n1. OLD: Find policy for the socket.\n NEW: Find policy for the incoming packet based on the sid of the\n      SA(s) it used or the unlabeled sid if no SAs were\n      used. (Consider a case where a socket is \"authorized\" for two\n      policies (unclassified-confidential, secret-top_secret). If the\n      packet has come in using a secret SA, we really ought to be\n      using the latter policy (secret-top_secret).)\n\n2. OLD: BUG: No check to see if the SAs used by the packet agree with\n             the policy sec_ctx-wise.\n\n             (It was indicated in selinux_xfrm_sock_rcv_skb() that\n              this was being accomplished by\n              (x-\u003eid.spi \u003d\u003d tmpl-\u003eid.spi || !tmpl-\u003eid.spi) in xfrm_state_ok,\n\t      but it turns out tmpl-\u003eid.spi\n              would normally be zero (unless xfrm policy rules specify one\n              at the template level, which they usually don\u0027t).\n NEW: The socket is checked for access to the SAs used (based on the\n      sid of the SAs) in selinux_xfrm_sock_rcv_skb().\n\nForward case:\n This would be Step 1 from the Inbound case, followed by Steps 2 and 3\nfrom the Outbound case.\n\nOutstanding items/issues:\n\n- Timewait acknowledgements and such are generated in the\n  current/upstream implementation using a NULL socket resulting in the\n  any_socket sid (SYSTEM_HIGH) to be used. This problem is not addressed\n  by this patch set.\n\nThis patch: Add new flask definitions to SELinux\n\nAdds a new avperm \"polmatch\" to arbitrate flow/state access to a xfrm\npolicy rule.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "dc49c1f94e3469d94b952e8f5160dd4ccd791d79",
      "tree": "e47b1974c262a03dbabf0a148325d9089817e78e",
      "parents": [
        "2b7e24b66d31d677d76b49918e711eb360c978b6"
      ],
      "author": {
        "name": "Catherine Zhang",
        "email": "cxzhang@watson.ibm.com",
        "time": "Wed Aug 02 14:12:06 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Aug 02 14:12:06 2006 -0700"
      },
      "message": "[AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch\n\nFrom: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\n\nThis patch implements a cleaner fix for the memory leak problem of the\noriginal unix datagram getpeersec patch.  Instead of creating a\nsecurity context each time a unix datagram is sent, we only create the\nsecurity context when the receiver requests it.\n\nThis new design requires modification of the current\nunix_getsecpeer_dgram LSM hook and addition of two new hooks, namely,\nsecid_to_secctx and release_secctx.  The former retrieves the security\ncontext and the latter releases it.  A hook is required for releasing\nthe security context because it is up to the security module to decide\nhow that\u0027s done.  In the case of Selinux, it\u0027s a simple kfree\noperation.\n\nAcked-by:  Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "851f8a6906b71f7a19043d4d722dd4ffab7aeafc",
      "tree": "2d1c8c23b1ab70095f442f93ecb5629c273390ee",
      "parents": [
        "ddccef3b5ec906ff181171e8ffad4fcb996792fd"
      ],
      "author": {
        "name": "Venkat Yekkirala",
        "email": "vyekkirala@trustedcs.com",
        "time": "Sun Jul 30 03:03:18 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Mon Jul 31 13:28:38 2006 -0700"
      },
      "message": "[PATCH] selinux: fix bug in security_compute_sid\n\nInitializes newcontext sooner to allow for its destruction in all cases.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "ddccef3b5ec906ff181171e8ffad4fcb996792fd",
      "tree": "fd65ff65baf451983c862b4a3a8c08e925ca5629",
      "parents": [
        "d1bbf14f37261c2c0dba71404602e1ddcec069d2"
      ],
      "author": {
        "name": "Darrel Goeddel",
        "email": "dgoeddel@TrustedCS.com",
        "time": "Sun Jul 30 03:03:17 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Mon Jul 31 13:28:37 2006 -0700"
      },
      "message": "[PATCH] selinux: fix memory leak\n\nThis patch fixes a memory leak when a policydb structure is destroyed.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "b04ea3cebf79d6808632808072f276dbc98aaf01",
      "tree": "7620a01477510d9e4ae042baab17bce103b59185",
      "parents": [
        "517e7aa5b022f9dc486639c7689666663daee24f"
      ],
      "author": {
        "name": "Eric Paris",
        "email": "eparis@parisplace.org",
        "time": "Fri Jul 14 00:24:33 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Fri Jul 14 21:53:55 2006 -0700"
      },
      "message": "[PATCH] Fix security check for joint context\u003d and fscontext\u003d mount options\n\nAfter some discussion on the actual meaning of the filesystem class\nsecurity check in try context mount it was determined that the checks for\nthe context\u003d mount options were not correct if fscontext mount option had\nalready been used.\n\nWhen labeling the superblock we should be checking relabel_from and\nrelabel_to.  But if the superblock has already been labeled (with\nfscontext) then context\u003d is actually labeling the inodes, and so we should\nbe checking relabel_from and associate.  This patch fixes which checks are\ncalled depending on the mount options.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "0808925ea5684a0ce25483b30e94d4f398804978",
      "tree": "62456726442d656d21bc4fa6b1339f0236f0a6e8",
      "parents": [
        "c312feb2931ded0582378712727b7ea017a951bd"
      ],
      "author": {
        "name": "Eric Paris",
        "email": "eparis@parisplace.org",
        "time": "Mon Jul 10 04:43:55 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Mon Jul 10 13:24:13 2006 -0700"
      },
      "message": "[PATCH] SELinux: add rootcontext\u003d option to label root inode when mounting\n\nIntroduce a new rootcontext\u003d option to FS mounting.  This option will allow\nyou to explicitly label the root inode of an FS being mounted before that\nFS or inode because visible to userspace.  This was found to be useful for\nthings like stateless linux, see\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id\u003d190001\n\nSigned-off-by: Eric Paris \u003ceparis@parisplace.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "c312feb2931ded0582378712727b7ea017a951bd",
      "tree": "dd985aa4dd0b759690af9557a5170dabf589d87f",
      "parents": [
        "2ed6e34f88a0d896a6f889b00693cae0fadacfd0"
      ],
      "author": {
        "name": "Eric Paris",
        "email": "eparis@parisplace.org",
        "time": "Mon Jul 10 04:43:53 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Mon Jul 10 13:24:13 2006 -0700"
      },
      "message": "[PATCH] SELinux: decouple fscontext/context mount options\n\nRemove the conflict between fscontext and context mount options.  If\ncontext\u003d is specified without fscontext it will operate just as before, if\nboth are specified we will use mount point labeling and all inodes will get\nthe label specified by context\u003d.  The superblock will be labeled with the\nlabel of fscontext\u003d, thus affecting operations which check the superblock\nsecurity context, such as associate permissions.\n\nSigned-off-by: Eric Paris \u003ceparis@parisplace.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "6e5a2d1d32596850a0ebf7fb3e54c0d69901dabd",
      "tree": "27718d7df96c9b9f08a2ba333aa36c8e9ebbadfe",
      "parents": [
        "3a6b9f85c641a3b89420b0c8150ed377526a1fe1"
      ],
      "author": {
        "name": "Darrel Goeddel",
        "email": "dgoeddel@trustedcs.com",
        "time": "Thu Jun 29 16:57:08 2006 -0500"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Sat Jul 01 05:44:19 2006 -0400"
      },
      "message": "[PATCH] audit: support for object context filters\n\nThis patch introduces object audit filters based on the elements\nof the SELinux context.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nAcked-by:  Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n\n kernel/auditfilter.c           |   25 +++++++++++++++++++++++++\n kernel/auditsc.c               |   40 ++++++++++++++++++++++++++++++++++++++++\n security/selinux/ss/services.c |   18 +++++++++++++++++-\n 3 files changed, 82 insertions(+), 1 deletion(-)\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n"
    },
    {
      "commit": "3a6b9f85c641a3b89420b0c8150ed377526a1fe1",
      "tree": "e44e64edf0620d3f6da443c57540b09882231459",
      "parents": [
        "5adc8a6adc91c4c85a64c75a70a619fffc924817"
      ],
      "author": {
        "name": "Darrel Goeddel",
        "email": "dgoeddel@trustedcs.com",
        "time": "Thu Jun 29 16:56:39 2006 -0500"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Sat Jul 01 05:44:08 2006 -0400"
      },
      "message": "[PATCH] audit: rename AUDIT_SE_* constants\n\nThis patch renames some audit constant definitions and adds\nadditional definitions used by the following patch.  The renaming\navoids ambiguity with respect to the new definitions.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\n\n include/linux/audit.h          |   15 ++++++++----\n kernel/auditfilter.c           |   50 ++++++++++++++++++++---------------------\n kernel/auditsc.c               |   10 ++++----\n security/selinux/ss/services.c |   32 +++++++++++++-------------\n 4 files changed, 56 insertions(+), 51 deletions(-)\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n"
    },
    {
      "commit": "22a3e233ca08a2ddc949ba1ae8f6e16ec7ef1a13",
      "tree": "7ef158ba2c30e0dde2dc103d1904fae243759a6b",
      "parents": [
        "39302175c26d74be35715c05a0f342c9e64c21bf",
        "6ab3d5624e172c553004ecc862bfeac16d9d68b7"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Fri Jun 30 15:39:30 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Fri Jun 30 15:39:30 2006 -0700"
      },
      "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial:\n  Remove obsolete #include \u003clinux/config.h\u003e\n  remove obsolete swsusp_encrypt\n  arch/arm26/Kconfig typos\n  Documentation/IPMI typos\n  Kconfig: Typos in net/sched/Kconfig\n  v9fs: do not include linux/version.h\n  Documentation/DocBook/mtdnand.tmpl: typo fixes\n  typo fixes: specfic -\u003e specific\n  typo fixes in Documentation/networking/pktgen.txt\n  typo fixes: occuring -\u003e occurring\n  typo fixes: infomation -\u003e information\n  typo fixes: disadvantadge -\u003e disadvantage\n  typo fixes: aquire -\u003e acquire\n  typo fixes: mecanism -\u003e mechanism\n  typo fixes: bandwith -\u003e bandwidth\n  fix a typo in the RTC_CLASS help text\n  smb is no longer maintained\n\nManually merged trivial conflict in arch/um/kernel/vmlinux.lds.S\n"
    },
    {
      "commit": "a1836a42daf5ddfe9a891973734bd9a7d62eb504",
      "tree": "e8819aec40aff3fa0eecd2ef9d92df8213bce58b",
      "parents": [
        "7a01955f99b65622a00ba5c8b39202ddc6fa65f8"
      ],
      "author": {
        "name": "David Quigley",
        "email": "dpquigl@tycho.nsa.gov",
        "time": "Fri Jun 30 01:55:49 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Fri Jun 30 11:25:37 2006 -0700"
      },
      "message": "[PATCH] SELinux: Add security hook definition for getioprio and insert hooks\n\nAdd a new security hook definition for the sys_ioprio_get operation.  At\npresent, the SELinux hook function implementation for this hook is\nidentical to the getscheduler implementation but a separate hook is\nintroduced to allow this check to be specialized in the future if\nnecessary.\n\nThis patch also creates a helper function get_task_ioprio which handles the\naccess check in addition to retrieving the ioprio value for the task.\n\nSigned-off-by: David Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Jens Axboe \u003caxboe@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "f9008e4c5c525941967b67777945aa6266ab6326",
      "tree": "a0c9436485b80d548ef74d5f1aec0f6d0309af6e",
      "parents": [
        "ed11d9eb2228acc483c819ab353e3c41bcb158fa"
      ],
      "author": {
        "name": "David Quigley",
        "email": "dpquigl@tycho.nsa.gov",
        "time": "Fri Jun 30 01:55:46 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Fri Jun 30 11:25:36 2006 -0700"
      },
      "message": "[PATCH] SELinux: extend task_kill hook to handle signals sent by AIO completion\n\nThis patch extends the security_task_kill hook to handle signals sent by AIO\ncompletion.  In this case, the secid of the task responsible for the signal\nneeds to be obtained and saved earlier, so a security_task_getsecid() hook is\nadded, and then this saved value is passed subsequently to the extended\ntask_kill hook for use in checking.\n\nSigned-off-by: David Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "6ab3d5624e172c553004ecc862bfeac16d9d68b7",
      "tree": "6d98881fe91fd9583c109208d5c27131b93fa248",
      "parents": [
        "e02169b682bc448ccdc819dc8639ed34a23cedd8"
      ],
      "author": {
        "name": "Jörn Engel",
        "email": "joern@wohnheim.fh-wedel.de",
        "time": "Fri Jun 30 19:25:36 2006 +0200"
      },
      "committer": {
        "name": "Adrian Bunk",
        "email": "bunk@stusta.de",
        "time": "Fri Jun 30 19:25:36 2006 +0200"
      },
      "message": "Remove obsolete #include \u003clinux/config.h\u003e\n\nSigned-off-by: Jörn Engel \u003cjoern@wohnheim.fh-wedel.de\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\n"
    },
    {
      "commit": "877ce7c1b3afd69a9b1caeb1b9964c992641f52a",
      "tree": "740c6c0d4a2858af53c09c4635cadf06833536c1",
      "parents": [
        "d6b4991ad5d1a9840e12db507be1a6593def01fe"
      ],
      "author": {
        "name": "Catherine Zhang",
        "email": "cxzhang@watson.ibm.com",
        "time": "Thu Jun 29 12:27:47 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Thu Jun 29 16:58:06 2006 -0700"
      },
      "message": "[AF_UNIX]: Datagram getpeersec\n\nThis patch implements an API whereby an application can determine the\nlabel of its peer\u0027s Unix datagram sockets via the auxiliary data mechanism of\nrecvmsg.\n\nPatch purpose:\n\nThis patch enables a security-aware application to retrieve the\nsecurity context of the peer of a Unix datagram socket.  The application\ncan then use this security context to determine the security context for\nprocessing on behalf of the peer who sent the packet.\n\nPatch design and implementation:\n\nThe design and implementation is very similar to the UDP case for INET\nsockets.  Basically we build upon the existing Unix domain socket API for\nretrieving user credentials.  Linux offers the API for obtaining user\ncredentials via ancillary messages (i.e., out of band/control messages\nthat are bundled together with a normal message).  To retrieve the security\ncontext, the application first indicates to the kernel such desire by\nsetting the SO_PASSSEC option via getsockopt.  Then the application\nretrieves the security context using the auxiliary data mechanism.\n\nAn example server application for Unix datagram socket should look like this:\n\ntoggle \u003d 1;\ntoggle_len \u003d sizeof(toggle);\n\nsetsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, \u0026toggle, \u0026toggle_len);\nrecvmsg(sockfd, \u0026msg_hdr, 0);\nif (msg_hdr.msg_controllen \u003e sizeof(struct cmsghdr)) {\n    cmsg_hdr \u003d CMSG_FIRSTHDR(\u0026msg_hdr);\n    if (cmsg_hdr-\u003ecmsg_len \u003c\u003d CMSG_LEN(sizeof(scontext)) \u0026\u0026\n        cmsg_hdr-\u003ecmsg_level \u003d\u003d SOL_SOCKET \u0026\u0026\n        cmsg_hdr-\u003ecmsg_type \u003d\u003d SCM_SECURITY) {\n        memcpy(\u0026scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));\n    }\n}\n\nsock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow\na server socket to receive security context of the peer.\n\nTesting:\n\nWe have tested the patch by setting up Unix datagram client and server\napplications.  We verified that the server can retrieve the security context\nusing the auxiliary data mechanism of recvmsg.\n\nSigned-off-by: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\nAcked-by: Acked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "c7bdb545d23026b18be53289fd866d1ac07f5f8c",
      "tree": "6d9a218871d88f7579dd53f14692df2529b6e712",
      "parents": [
        "576a30eb6453439b3c37ba24455ac7090c247b5a"
      ],
      "author": {
        "name": "Darrel Goeddel",
        "email": "dgoeddel@trustedcs.com",
        "time": "Tue Jun 27 13:26:11 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Thu Jun 29 16:57:55 2006 -0700"
      },
      "message": "[NETLINK]: Encapsulate eff_cap usage within security framework.\n\nThis patch encapsulates the usage of eff_cap (in netlink_skb_params) within\nthe security framework by extending security_netlink_recv to include a required\ncapability parameter and converting all direct usage of eff_caps outside\nof the lsm modules to use the interface.  It also updates the SELinux\nimplementation of the security_netlink_send and security_netlink_recv\nhooks to take advantage of the sid in the netlink_skb_params struct.\nThis also enables SELinux to perform auditing of netlink capability checks.\nPlease apply, for 2.6.18 if possible.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by:  James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "28eba5bf9d4bf3ba4d58d985abf3a2903b7f2125",
      "tree": "e825fc3fb6bdd81ae0aa146572406eb69bc5404b",
      "parents": [
        "76b67ed9dce69a6a329cdd66f94af1787f417b62"
      ],
      "author": {
        "name": "Michael LeMay",
        "email": "mdlemay@epoch.ncsc.mil",
        "time": "Tue Jun 27 02:53:42 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Tue Jun 27 17:32:37 2006 -0700"
      },
      "message": "[PATCH] selinux: inherit /proc/self/attr/keycreate across fork\n\nUpdate SELinux to cause the keycreate process attribute held in\n/proc/self/attr/keycreate to be inherited across a fork and reset upon\nexecve.  This is consistent with the handling of the other process\nattributes provided by SELinux and also makes it simpler to adapt logon\nprograms to properly handle the keycreate attribute.\n\nSigned-off-by: Michael LeMay \u003cmdlemay@epoch.ncsc.mil\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by:  Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "42c3e03ef6b298813557cdb997bd6db619cd65a2",
      "tree": "c2fba776ccf7015d45651ff7d2aee89f06da6f42",
      "parents": [
        "c1df7fb88a011b39ea722ac00975c5b8a803261b"
      ],
      "author": {
        "name": "Eric Paris",
        "email": "eparis@redhat.com",
        "time": "Mon Jun 26 00:26:03 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Mon Jun 26 09:58:26 2006 -0700"
      },
      "message": "[PATCH] SELinux: Add sockcreate node to procattr API\n\nBelow is a patch to add a new /proc/self/attr/sockcreate A process may write a\ncontext into this interface and all subsequent sockets created will be labeled\nwith that context.  This is the same idea as the fscreate interface where a\nprocess can specify the label of a file about to be created.  At this time one\nenvisioned user of this will be xinetd.  It will be able to better label\nsockets for the actual services.  At this time all sockets take the label of\nthe creating process, so all xinitd sockets would just be labeled the same.\n\nI tested this by creating a tcp sender and listener.  The sender was able to\nwrite to this new proc file and then create sockets with the specified label.\nI am able to be sure the new label was used since the avc denial messages\nkicked out by the kernel included both the new security permission\nsetsockcreate and all the socket denials were for the new label, not the label\nof the running process.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "4eb582cf1fbd7b9e5f466e3718a59c957e75254e",
      "tree": "4387e460a50efa8d46a54526d0cf0959c0e3b428",
      "parents": [
        "06ec7be557a1259611d6093a00463c42650dc71a"
      ],
      "author": {
        "name": "Michael LeMay",
        "email": "mdlemay@epoch.ncsc.mil",
        "time": "Mon Jun 26 00:24:57 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Mon Jun 26 09:58:18 2006 -0700"
      },
      "message": "[PATCH] keys: add a way to store the appropriate context for newly-created keys\n\nAdd a /proc/\u003cpid\u003e/attr/keycreate entry that stores the appropriate context for\nnewly-created keys.  Modify the selinux_key_alloc hook to make use of the new\nentry.  Update the flask headers to include a new \"setkeycreate\" permission\nfor processes.  Update the flask headers to include a new \"create\" permission\nfor keys.  Use the create permission to restrict which SIDs each task can\nassign to newly-created keys.  Add a new parameter to the security hook\n\"security_key_alloc\" to indicate whether it is being invoked by the kernel, or\nfrom userspace.  If it is being invoked by the kernel, the security hook\nshould never fail.  Update the documentation to reflect these changes.\n\nSigned-off-by: Michael LeMay \u003cmdlemay@epoch.ncsc.mil\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "7e047ef5fe2d52e83020e856b1bf2556a6a2ce98",
      "tree": "97656e2c56a27be9d1da451dde627b693b8643f2",
      "parents": [
        "f116629d03655adaf7832b93b03c99391d09d4a7"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Mon Jun 26 00:24:50 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Mon Jun 26 09:58:18 2006 -0700"
      },
      "message": "[PATCH] keys: sort out key quota system\n\nAdd the ability for key creation to overrun the user\u0027s quota in some\ncircumstances - notably when a session keyring is created and assigned to a\nprocess that didn\u0027t previously have one.\n\nThis means it\u0027s still possible to log in, should PAM require the creation of a\nnew session keyring, and fix an overburdened key quota.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "35601547baf92d984b6e59cf3583649da04baea5",
      "tree": "a392501e6e004ed33789dbf3f7a9fe43295439e1",
      "parents": [
        "22fb52dd736a62e24c44c50739007496265dc38c"
      ],
      "author": {
        "name": "David Quigley",
        "email": "dpquigl@tycho.nsa.gov",
        "time": "Fri Jun 23 02:04:01 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Fri Jun 23 07:42:54 2006 -0700"
      },
      "message": "[PATCH] SELinux: add task_movememory hook\n\nThis patch adds new security hook, task_movememory, to be called when memory\nowened by a task is to be moved (e.g.  when migrating pages to a this hook is\nidentical to the setscheduler implementation, but a separate hook introduced\nto allow this check to be specialized in the future if necessary.\n\nSince the last posting, the hook has been renamed following feedback from\nChristoph Lameter.\n\nSigned-off-by: David Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nAcked-by:  Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Christoph Lameter \u003cclameter@sgi.com\u003e\nCc: Andi Kleen \u003cak@muc.de\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "03e68060636e05989ea94bcb671ab633948f328c",
      "tree": "aee5e7b55f31998536dd3a4f54f38caeee6105d6",
      "parents": [
        "9216dfad4fc97ab639ef0885efc713f3d7a20d5b"
      ],
      "author": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Fri Jun 23 02:03:58 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Fri Jun 23 07:42:53 2006 -0700"
      },
      "message": "[PATCH] lsm: add task_setioprio hook\n\nImplement an LSM hook for setting a task\u0027s IO priority, similar to the hook\nfor setting a tasks\u0027s nice value.\n\nA previous version of this LSM hook was included in an older version of\nmultiadm by Jan Engelhardt, although I don\u0027t recall it being submitted\nupstream.\n\nAlso included is the corresponding SELinux hook, which re-uses the setsched\npermission in the proccess class.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by:  Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Jan Engelhardt \u003cjengelh@linux01.gwdg.de\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Jens Axboe \u003caxboe@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "726c334223180e3c0197cc980a432681370d4baf",
      "tree": "8327b354bb3dc959a6606051ae6f8d4d035e38a2",
      "parents": [
        "454e2398be9b9fa30433fccc548db34d19aa9958"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Fri Jun 23 02:02:58 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Fri Jun 23 07:42:45 2006 -0700"
      },
      "message": "[PATCH] VFS: Permit filesystem to perform statfs with a known root dentry\n\nGive the statfs superblock operation a dentry pointer rather than a superblock\npointer.\n\nThis complements the get_sb() patch.  That reduced the significance of\nsb-\u003es_root, allowing NFS to place a fake root there.  However, NFS does\nrequire a dentry to use as a target for the statfs operation.  This permits\nthe root in the vfsmount to be used instead.\n\nlinux/mount.h has been added where necessary to make allyesconfig build\nsuccessfully.\n\nInterest has also been expressed for use with the FUSE and XFS filesystems.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Nathan Scott \u003cnathans@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "454e2398be9b9fa30433fccc548db34d19aa9958",
      "tree": "1f61cb0c3716a33b661cfc8977e9beeb480a322c",
      "parents": [
        "1ad5544098a69d7dc1fa508cbb17e13a7a952fd8"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Fri Jun 23 02:02:57 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Fri Jun 23 07:42:45 2006 -0700"
      },
      "message": "[PATCH] VFS: Permit filesystem to override root dentry on mount\n\nExtend the get_sb() filesystem operation to take an extra argument that\npermits the VFS to pass in the target vfsmount that defines the mountpoint.\n\nThe filesystem is then required to manually set the superblock and root dentry\npointers.  For most filesystems, this should be done with simple_set_mnt()\nwhich will set the superblock pointer and then set the root dentry to the\nsuperblock\u0027s s_root (as per the old default behaviour).\n\nThe get_sb() op now returns an integer as there\u0027s now no need to return the\nsuperblock pointer.\n\nThis patch permits a superblock to be implicitly shared amongst several mount\npoints, such as can be done with NFS to avoid potential inode aliasing.  In\nsuch a case, simple_set_mnt() would not be called, and instead the mnt_root\nand mnt_sb would be set directly.\n\nThe patch also makes the following changes:\n\n (*) the get_sb_*() convenience functions in the core kernel now take a vfsmount\n     pointer argument and return an integer, so most filesystems have to change\n     very little.\n\n (*) If one of the convenience function is not used, then get_sb() should\n     normally call simple_set_mnt() to instantiate the vfsmount. This will\n     always return 0, and so can be tail-called from get_sb().\n\n (*) generic_shutdown_super() now calls shrink_dcache_sb() to clean up the\n     dcache upon superblock destruction rather than shrink_dcache_anon().\n\n     This is required because the superblock may now have multiple trees that\n     aren\u0027t actually bound to s_root, but that still need to be cleaned up. The\n     currently called functions assume that the whole tree is rooted at s_root,\n     and that anonymous dentries are not the roots of trees which results in\n     dentries being left unculled.\n\n     However, with the way NFS superblock sharing are currently set to be\n     implemented, these assumptions are violated: the root of the filesystem is\n     simply a dummy dentry and inode (the real inode for \u0027/\u0027 may well be\n     inaccessible), and all the vfsmounts are rooted on anonymous[*] dentries\n     with child trees.\n\n     [*] Anonymous until discovered from another tree.\n\n (*) The documentation has been adjusted, including the additional bit of\n     changing ext2_* into foo_* in the documentation.\n\n[akpm@osdl.org: convert ipath_fs, do other stuff]\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Nathan Scott \u003cnathans@sgi.com\u003e\nCc: Roland Dreier \u003crolandd@cisco.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "d720024e94de4e8b7f10ee83c532926f3ad5d708",
      "tree": "8f21613c29a26bfbeb334cb0104b8b998b09fbdc",
      "parents": [
        "f893afbe1262e27e91234506f72e17716190dd2f"
      ],
      "author": {
        "name": "Michael LeMay",
        "email": "mdlemay@epoch.ncsc.mil",
        "time": "Thu Jun 22 14:47:17 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Thu Jun 22 15:05:55 2006 -0700"
      },
      "message": "[PATCH] selinux: add hooks for key subsystem\n\nIntroduce SELinux hooks to support the access key retention subsystem\nwithin the kernel.  Incorporate new flask headers from a modified version\nof the SELinux reference policy, with support for the new security class\nrepresenting retained keys.  Extend the \"key_alloc\" security hook with a\ntask parameter representing the intended ownership context for the key\nbeing allocated.  Attach security information to root\u0027s default keyrings\nwithin the SELinux initialization routine.\n\nHas passed David\u0027s testsuite.\n\nSigned-off-by: Michael LeMay \u003cmdlemay@epoch.ncsc.mil\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "d9eaec9e295a84a80b663996d0489fcff3a1dca9",
      "tree": "85cfc09bb5f0eb42d3be7dfbddaad31353307796",
      "parents": [
        "cee4cca740d209bcb4b9857baa2253d5ba4e3fbe",
        "41757106b9ca7867dafb2404d618f947b4786fd7"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Tue Jun 20 15:37:56 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Tue Jun 20 15:37:56 2006 -0700"
      },
      "message": "Merge branch \u0027audit.b21\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current\n\n* \u0027audit.b21\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (25 commits)\n  [PATCH] make set_loginuid obey audit_enabled\n  [PATCH] log more info for directory entry change events\n  [PATCH] fix AUDIT_FILTER_PREPEND handling\n  [PATCH] validate rule fields\u0027 types\n  [PATCH] audit: path-based rules\n  [PATCH] Audit of POSIX Message Queue Syscalls v.2\n  [PATCH] fix se_sen audit filter\n  [PATCH] deprecate AUDIT_POSSBILE\n  [PATCH] inline more audit helpers\n  [PATCH] proc_loginuid_write() uses simple_strtoul() on non-terminated array\n  [PATCH] update of IPC audit record cleanup\n  [PATCH] minor audit updates\n  [PATCH] fix audit_krule_to_{rule,data} return values\n  [PATCH] add filtering by ppid\n  [PATCH] log ppid\n  [PATCH] collect sid of those who send signals to auditd\n  [PATCH] execve argument logging\n  [PATCH] fix deadlocks in AUDIT_LIST/AUDIT_LIST_RULES\n  [PATCH] audit_panic() is audit-internal\n  [PATCH] inotify (5/5): update kernel documentation\n  ...\n\nManual fixup of conflict in unclude/linux/inotify.h\n"
    },
    {
      "commit": "8ba8e0fbe6321961f6ba04e2fd7215b37d935c83",
      "tree": "040b02209b21a06fc0c45cafce599773c905ef75",
      "parents": [
        "014149cce19c5acb19014e57a5b739b7f64e6fbf"
      ],
      "author": {
        "name": "Darrel Goeddel",
        "email": "dgoeddel@trustedcs.com",
        "time": "Wed May 24 09:38:25 2006 -0500"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Tue Jun 20 05:25:26 2006 -0400"
      },
      "message": "[PATCH] fix se_sen audit filter\n\nFix a broken comparison that causes the process clearance to be checked for\nboth se_clr and se_sen audit filters.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n"
    },
    {
      "commit": "4e5ab4cb85683cf77b507ba0c4d48871e1562305",
      "tree": "aef7ba8b6050fcaccbaf0d05f8e5ba860a143eaf",
      "parents": [
        "100468e9c05c10fb6872751c1af523b996d6afa9"
      ],
      "author": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Fri Jun 09 00:33:33 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Sat Jun 17 21:30:05 2006 -0700"
      },
      "message": "[SECMARK]: Add new packet controls to SELinux\n\nAdd new per-packet access controls to SELinux, replacing the old\npacket controls.\n\nPackets are labeled with the iptables SECMARK and CONNSECMARK targets,\nthen security policy for the packets is enforced with these controls.\n\nTo allow for a smooth transition to the new controls, the old code is\nstill present, but not active by default.  To restore previous\nbehavior, the old controls may be activated at runtime by writing a\n\u00271\u0027 to /selinux/compat_net, and also via the kernel boot parameter\nselinux_compat_net.  Switching between the network control models\nrequires the security load_policy permission.  The old controls will\nprobably eventually be removed and any continued use is discouraged.\n\nWith this patch, the new secmark controls for SElinux are disabled by\ndefault, so existing behavior is entirely preserved, and the user is\nnot affected at all.\n\nIt also provides a config option to enable the secmark controls by\ndefault (which can always be overridden at boot and runtime).  It is\nalso noted in the kconfig help that the user will need updated\nuserspace if enabling secmark controls for SELinux and that they\u0027ll\nprobably need the SECMARK and CONNMARK targets, and conntrack protocol\nhelpers, although such decisions are beyond the scope of kernel\nconfiguration.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "c749b29fae74ed59c507d84025b3298202b42609",
      "tree": "c06b1fb17cce425692f7ab40b2df8c5b00d8c931",
      "parents": [
        "29a395eac4c320c570e73f0a90d8953d80da8359"
      ],
      "author": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Fri Jun 09 00:28:25 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Sat Jun 17 21:29:55 2006 -0700"
      },
      "message": "[SECMARK]: Add SELinux exports\n\nAdd and export new functions to the in-kernel SELinux API in support of the\nnew secmark-based packet controls.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "29a395eac4c320c570e73f0a90d8953d80da8359",
      "tree": "9d34d7987754004e76de76d3f9facbee804779b7",
      "parents": [
        "3e3ff15e6d8ba931fa9a6c7f9fe711edc77e96e5"
      ],
      "author": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Fri Jun 09 00:27:28 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Sat Jun 17 21:29:53 2006 -0700"
      },
      "message": "[SECMARK]: Add new flask definitions to SELinux\n\nSecmark implements a new scheme for adding security markings to\npackets via iptables, as well as changes to SELinux to use these\nmarkings for security policy enforcement.  The rationale for this\nscheme is explained and discussed in detail in the original threads:\n\n http://thread.gmane.org/gmane.linux.network/34927/\n http://thread.gmane.org/gmane.linux.network/35244/\n\nExamples of policy and rulesets, as well as a full archive of patches\nfor iptables and SELinux userland, may be found at:\n\nhttp://people.redhat.com/jmorris/selinux/secmark/\n\nThe code has been tested with various compilation options and in\nseveral scenarios, including with \u0027complicated\u0027 protocols such as FTP\nand also with the new generic conntrack code with IPv6 connection\ntracking.\n\nThis patch:\n\nAdd support for a new object class (\u0027packet\u0027), and associated\npermissions (\u0027send\u0027, \u0027recv\u0027, \u0027relabelto\u0027).  These are used to enforce\nsecurity policy for network packets labeled with SECMARK, and for\nadding labeling rules.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "3e3ff15e6d8ba931fa9a6c7f9fe711edc77e96e5",
      "tree": "e3b3edcf5092e9533539f6e8abdda83eee2cb96d",
      "parents": [
        "6f68dc37759b1d6ff3b4d4a9d097605a09f8f043"
      ],
      "author": {
        "name": "Christopher J. PeBenito",
        "email": "cpebenito@tresys.com",
        "time": "Fri Jun 09 00:25:03 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Sat Jun 17 21:29:51 2006 -0700"
      },
      "message": "[SELINUX]: add security class for appletalk sockets\n\nAdd a security class for appletalk sockets so that they can be\ndistinguished in SELinux policy.  Please apply.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "c8c05a8eec6f1258f6d5cb71a44ee5dc1e989b63",
      "tree": "b4a04dd9e2b940cb5b2911fb67fbe49c5f8b3fbf",
      "parents": [
        "cec6f7f39c3db7d9f6091bf2f8fc8d520f372719"
      ],
      "author": {
        "name": "Catherine Zhang",
        "email": "cxzhang@watson.ibm.com",
        "time": "Thu Jun 08 23:39:49 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Sat Jun 17 21:29:45 2006 -0700"
      },
      "message": "[LSM-IPsec]: SELinux Authorize\n\nThis patch contains a fix for the previous patch that adds security\ncontexts to IPsec policies and security associations.  In the previous\npatch, no authorization (besides the check for write permissions to\nSAD and SPD) is required to delete IPsec policies and security\nassocations with security contexts.  Thus a user authorized to change\nSAD and SPD can bypass the IPsec policy authorization by simply\ndeleteing policies with security contexts.  To fix this security hole,\nan additional authorization check is added for removing security\npolicies and security associations with security contexts.\n\nNote that if no security context is supplied on add or present on\npolicy to be deleted, the SELinux module allows the change\nunconditionally.  The hook is called on deletion when no context is\npresent, which we may want to change.  At present, I left it up to the\nmodule.\n\nLSM changes:\n\nThe patch adds two new LSM hooks: xfrm_policy_delete and\nxfrm_state_delete.  The new hooks are necessary to authorize deletion\nof IPsec policies that have security contexts.  The existing hooks\nxfrm_policy_free and xfrm_state_free lack the context to do the\nauthorization, so I decided to split authorization of deletion and\nmemory management of security data, as is typical in the LSM\ninterface.\n\nUse:\n\nThe new delete hooks are checked when xfrm_policy or xfrm_state are\ndeleted by either the xfrm_user interface (xfrm_get_policy,\nxfrm_del_sa) or the pfkey interface (pfkey_spddelete, pfkey_delete).\n\nSELinux changes:\n\nThe new policy_delete and state_delete functions are added.\n\nSigned-off-by: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\nSigned-off-by: Trent Jaeger \u003ctjaeger@cse.psu.edu\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "ba0c19ed6a61a96d4b42b81cb19d4bc81b5f728c",
      "tree": "5e6d1774265140f1f4eddab043c90920414abe59",
      "parents": [
        "93ff66bf1ef29881dffd6fdc344555dab03cdb42"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Sun Jun 04 02:51:30 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Mon Jun 05 12:29:16 2006 -0700"
      },
      "message": "[PATCH] selinux: fix sb_lock/sb_security_lock nesting\n\nFrom: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n\nFix unsafe nesting of sb_lock inside sb_security_lock in\nselinux_complete_init.  Detected by the kernel locking validator.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "d4e9dc63dca91cd89086b5a686d7f7635c8319e5",
      "tree": "c6ec1b8801d8e526e0d7373b7cd91e46f20a4299",
      "parents": [
        "df88912a2165f56a7402db80126cf8ea075221fe"
      ],
      "author": {
        "name": "Alexey Dobriyan",
        "email": "adobriyan@gmail.com",
        "time": "Sat May 20 15:00:02 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Sun May 21 12:59:17 2006 -0700"
      },
      "message": "[PATCH] selinux: endian fix\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "0cccca06f9870eb6daa89357b8a99ad041865553",
      "tree": "216251e4cbbdbb9509ed0b6fc769050ece2fb93e",
      "parents": [
        "9be2f7c38e0bd64e8a0f74ea68df1e73e2ddfcc3"
      ],
      "author": {
        "name": "Serge E. Hallyn",
        "email": "serue@us.ibm.com",
        "time": "Mon May 15 09:43:48 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Mon May 15 11:20:54 2006 -0700"
      },
      "message": "[PATCH] selinux: check for failed kmalloc in security_sid_to_context()\n\nCheck for NULL kmalloc return value before writing to it.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "30d55280b867aa0cae99f836ad0181bb0bf8f9cb",
      "tree": "8df537addd3709f36f24dbd654662568b79ca943",
      "parents": [
        "e17df688f7064dae1417ce425dd1e4b71d24d63b"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Wed May 03 10:52:36 2006 -0400"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Wed May 03 10:08:11 2006 -0700"
      },
      "message": "[PATCH] selinux: Clear selinux_enabled flag upon runtime disable.\n\nClear selinux_enabled flag upon runtime disable of SELinux by userspace,\nand make sure it is defined even if selinux\u003d boot parameter support is\nnot enabled in configuration.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nTested-by: Jon Smirl \u003cjonsmirl@gmail.com\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "e7c3497013a7e5496ce3d5fd3c73b5cf5af7a56e",
      "tree": "2a57da5e958011b300256988e414387b1455660c",
      "parents": [
        "9c7aa6aa74fa8a5cda36e54cbbe4fffe0214497d"
      ],
      "author": {
        "name": "Steve Grubb",
        "email": "sgrubb@redhat.com",
        "time": "Mon Apr 03 09:08:13 2006 -0400"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Mon May 01 06:09:58 2006 -0400"
      },
      "message": "[PATCH] Reworked patch for labels on user space messages\n\nThe below patch should be applied after the inode and ipc sid patches.\nThis patch is a reworking of Tim\u0027s patch that has been updated to match\nthe inode and ipc patches since its similar.\n\n[updated:\n\u003e  Stephen Smalley also wanted to change a variable from isec to tsec in the\n\u003e  user sid patch.                                                              ]\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n"
    },
    {
      "commit": "9c7aa6aa74fa8a5cda36e54cbbe4fffe0214497d",
      "tree": "1e1489ed5080ea4aff6206bfa904f549de8e56ca",
      "parents": [
        "1b50eed9cac0e8e5e4d3a522d8aa267f7f8f8acb"
      ],
      "author": {
        "name": "Steve Grubb",
        "email": "sgrubb@redhat.com",
        "time": "Fri Mar 31 15:22:49 2006 -0500"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Mon May 01 06:09:56 2006 -0400"
      },
      "message": "[PATCH] change lspp ipc auditing\n\nHi,\n\nThe patch below converts IPC auditing to collect sid\u0027s and convert to context\nstring only if it needs to output an audit record. This patch depends on the\ninode audit change patch already being applied.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n"
    },
    {
      "commit": "1b50eed9cac0e8e5e4d3a522d8aa267f7f8f8acb",
      "tree": "c66a1c3be846e34f1aac5db640b7ccb8770e8a80",
      "parents": [
        "3dc7e3153eddfcf7ba8b50628775ba516e5f759f"
      ],
      "author": {
        "name": "Steve Grubb",
        "email": "sgrubb@redhat.com",
        "time": "Mon Apr 03 14:06:13 2006 -0400"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Mon May 01 06:09:53 2006 -0400"
      },
      "message": "[PATCH] audit inode patch\n\nPreviously, we were gathering the context instead of the sid. Now in this patch,\nwe gather just the sid and convert to context only if an audit event is being\noutput.\n\nThis patch brings the performance hit from 146% down to 23%\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n"
    },
    {
      "commit": "376bd9cb357ec945ac893feaeb63af7370a6e70b",
      "tree": "7e2848792982dfe30e19a600a41fa5cb49ee6e6e",
      "parents": [
        "97e94c453073a2aba4bb5e0825ddc5e923debf11"
      ],
      "author": {
        "name": "Darrel Goeddel",
        "email": "dgoeddel@trustedcs.com",
        "time": "Fri Feb 24 15:44:05 2006 -0600"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Mon May 01 06:06:24 2006 -0400"
      },
      "message": "[PATCH] support for context based audit filtering\n\nThe following patch provides selinux interfaces that will allow the audit\nsystem to perform filtering based on the process context (user, role, type,\nsensitivity, and clearance).  These interfaces will allow the selinux\nmodule to perform efficient matches based on lower level selinux constructs,\nrather than relying on context retrievals and string comparisons within\nthe audit module.  It also allows for dominance checks on the mls portion\nof the contexts that are impossible with only string comparisons.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n"
    },
    {
      "commit": "ab5703b34237da7034800ec2466ceebf88a7e685",
      "tree": "1c319edf228bb9467a0b8b2bc2a069d0545f5c52",
      "parents": [
        "dda27d1a55e185b0c5fd184b86ac26c66846f095"
      ],
      "author": {
        "name": "Ron Yorston",
        "email": "rmy@tigress.co.uk",
        "time": "Tue Apr 18 22:21:04 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Wed Apr 19 09:13:50 2006 -0700"
      },
      "message": "[PATCH] selinux: Fix MLS compatibility off-by-one bug\n\nFix an off-by-one error in the MLS compatibility code that was causing\ncontexts with a MLS suffix to be rejected, preventing sharing partitions\nbetween FC4 and FC5.  Bug reported in\n\n   https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id\u003d188068\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@redhat.com\u003e\nCc: \u003cstable@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "67644726317a8274be4a3d0ef85b9ccebaa90304",
      "tree": "c2bcf873d19d1b18d65e4f5d6d5c3cd613e9cb13",
      "parents": [
        "66004a6ca23f2a2408b32cbe27fda0389fb8f9dc"
      ],
      "author": {
        "name": "Dave Jones",
        "email": "davej@redhat.com",
        "time": "Sun Apr 02 23:34:19 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Sun Apr 09 12:35:53 2006 -0700"
      },
      "message": "[SELINUX] Fix build after ipsec decap state changes.\n\n    security/selinux/xfrm.c: In function \u0027selinux_socket_getpeer_dgram\u0027:\n    security/selinux/xfrm.c:284: error: \u0027struct sec_path\u0027 has no member named \u0027x\u0027\n    security/selinux/xfrm.c: In function \u0027selinux_xfrm_sock_rcv_skb\u0027:\n    security/selinux/xfrm.c:317: error: \u0027struct sec_path\u0027 has no member named \u0027x\u0027\n\nSigned-off-by: Dave Jones \u003cdavej@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "1b9a3917366028cc451a98dd22e3bcd537d4e5c1",
      "tree": "d911058720e0a9aeeaf9f407ccdc6fbf4047f47d",
      "parents": [
        "3661f00e2097676847deb01add1a0918044bd816",
        "71e1c784b24a026a490b3de01541fc5ee14ebc09"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Sat Mar 25 09:24:53 2006 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Sat Mar 25 09:24:53 2006 -0800"
      },
      "message": "Merge branch \u0027audit.b3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current\n\n* \u0027audit.b3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits)\n  [PATCH] fix audit_init failure path\n  [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format\n  [PATCH] sem2mutex: audit_netlink_sem\n  [PATCH] simplify audit_free() locking\n  [PATCH] Fix audit operators\n  [PATCH] promiscuous mode\n  [PATCH] Add tty to syscall audit records\n  [PATCH] add/remove rule update\n  [PATCH] audit string fields interface + consumer\n  [PATCH] SE Linux audit events\n  [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c\n  [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL\n  [PATCH] Fix IA64 success/failure indication in syscall auditing.\n  [PATCH] Miscellaneous bug and warning fixes\n  [PATCH] Capture selinux subject/object context information.\n  [PATCH] Exclude messages by message type\n  [PATCH] Collect more inode information during syscall processing.\n  [PATCH] Pass dentry, not just name, in fsnotify creation hooks.\n  [PATCH] Define new range of userspace messages.\n  [PATCH] Filter rule comparators\n  ...\n\nFixed trivial conflict in security/selinux/hooks.c\n"
    },
    {
      "commit": "7cae7e26f245151b9ccad868bf2edf8c8048d307",
      "tree": "db785f2a471c5b97db2551402e067b9559a8989d",
      "parents": [
        "cf01efd098597f7ee88a61e645afacba987c4531"
      ],
      "author": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed Mar 22 00:09:22 2006 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Wed Mar 22 07:54:07 2006 -0800"
      },
      "message": "[PATCH] SELinux: add slab cache for inode security struct\n\nAdd a slab cache for the SELinux inode security struct, one of which is\nallocated for every inode instantiated by the system.\n\nThe memory savings are considerable.\n\nOn 64-bit, instead of the size-128 cache, we have a slab object of 96\nbytes, saving 32 bytes per object.  After booting, I see about 4000 of\nthese and then about 17,000 after a kernel compile.  With this patch, we\nsave around 530KB of kernel memory in the latter case.  On 32-bit, the\nsavings are about half of this.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "cf01efd098597f7ee88a61e645afacba987c4531",
      "tree": "8602df509dc2a2b067063f40084c83a4f698fb15",
      "parents": [
        "edb20fb5be2ff6943920aca4ccab0f4fdacddb9c"
      ],
      "author": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed Mar 22 00:09:21 2006 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Wed Mar 22 07:54:07 2006 -0800"
      },
      "message": "[PATCH] SELinux: cleanup stray variable in selinux_inode_init_security()\n\nRemove an unneded pointer variable in selinux_inode_init_security().\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "edb20fb5be2ff6943920aca4ccab0f4fdacddb9c",
      "tree": "6961017d5b02a6320b85826c33ccc81017c2e58f",
      "parents": [
        "d6aafa65354cd2dbb089ab9e7dc618f22230fe32"
      ],
      "author": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed Mar 22 00:09:20 2006 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Wed Mar 22 07:54:07 2006 -0800"
      },
      "message": "[PATCH] SELinux: fix hard link count for selinuxfs root directory\n\nA further fix is needed for selinuxfs link count management, to ensure that\nthe count is correct for the parent directory when a subdirectory is\ncreated.  This is only required for the root directory currently, but the\ncode has been updated for the general case.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "d6aafa65354cd2dbb089ab9e7dc618f22230fe32",
      "tree": "b274daf127ac8500229754d9841c8af1547bd66f",
      "parents": [
        "253a8b1db1af146d3a7eef0f3626781df12c7141"
      ],
      "author": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed Mar 22 00:09:19 2006 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Wed Mar 22 07:54:07 2006 -0800"
      },
      "message": "[PATCH] selinuxfs cleanups: sel_make_avc_files\n\nFix copy \u0026 paste error in sel_make_avc_files(), removing a supurious call to\nd_genocide() in the error path.  All of this will be cleaned up by\nkill_litter_super().\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "253a8b1db1af146d3a7eef0f3626781df12c7141",
      "tree": "9aea4b9864a3dc12df89c73e5cf156bd3e7932ad",
      "parents": [
        "161ce45a8a34ba81673f60c603e6fc6d37d99c8f"
      ],
      "author": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed Mar 22 00:09:18 2006 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Wed Mar 22 07:54:07 2006 -0800"
      },
      "message": "[PATCH] selinuxfs cleanups: sel_make_bools\n\nRemove the call to sel_make_bools() from sel_fill_super(), as policy needs to\nbe loaded before the boolean files can be created.  Policy will never be\nloaded during sel_fill_super() as selinuxfs is kernel mounted during init and\nthe only means to load policy is via selinuxfs.\n\nAlso, the call to d_genocide() on the error path of sel_make_bools() is\nincorrect and replaced with sel_remove_bools().\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "161ce45a8a34ba81673f60c603e6fc6d37d99c8f",
      "tree": "7e3851140870164beb585f32a70e2dc81668f391",
      "parents": [
        "cde174a885821b5eee7e00c8a9a426c9c8186a29"
      ],
      "author": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed Mar 22 00:09:17 2006 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Wed Mar 22 07:54:07 2006 -0800"
      },
      "message": "[PATCH] selinuxfs cleanups: sel_fill_super exit path\n\nUnify the error path of sel_fill_super() so that all errors pass through the\nsame point and generate an error message.  Also, removes a spurious dput() in\nthe error path which breaks the refcounting for the filesystem\n(litter_kill_super() will correctly clean things up itself on error).\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "cde174a885821b5eee7e00c8a9a426c9c8186a29",
      "tree": "95c36020357f26d6a7ebfc3cc9d6d6ac8d250844",
      "parents": [
        "40e906f8224966ef65756cc75f9999ea2de0523d"
      ],
      "author": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed Mar 22 00:09:17 2006 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Wed Mar 22 07:54:07 2006 -0800"
      },
      "message": "[PATCH] selinuxfs cleanups: use sel_make_dir()\n\nUse existing sel_make_dir() helper to create booleans directory rather than\nduplicating the logic.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "40e906f8224966ef65756cc75f9999ea2de0523d",
      "tree": "6e72a24a93d1f36ae5d89e81d2020cd3d8a0bd9b",
      "parents": [
        "68bdcf28a8d245208a02dc9caa60fe13cc1b0ea8"
      ],
      "author": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed Mar 22 00:09:16 2006 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Wed Mar 22 07:54:07 2006 -0800"
      },
      "message": "[PATCH] selinuxfs cleanups: fix hard link count\n\nFix the hard link count for selinuxfs directories, which are currently one\nshort.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "68bdcf28a8d245208a02dc9caa60fe13cc1b0ea8",
      "tree": "4d50f43597d677c7b1b88b10696cb2358abaf83e",
      "parents": [
        "bb0030797f55c9996ea1cebd16b65750ceb7e4fd"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Wed Mar 22 00:09:15 2006 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Wed Mar 22 07:54:07 2006 -0800"
      },
      "message": "[PATCH] selinux: simplify sel_read_bool\n\nSimplify sel_read_bool to use the simple_read_from_buffer helper, like the\nother selinuxfs functions.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "bb0030797f55c9996ea1cebd16b65750ceb7e4fd",
      "tree": "58256f9840bf05f141d986b6329a08e38065616a",
      "parents": [
        "8aad38752e81d1d4de67e3d8e2524618ce7c9276"
      ],
      "author": {
        "name": "Ingo Molnar",
        "email": "mingo@elte.hu",
        "time": "Wed Mar 22 00:09:14 2006 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Wed Mar 22 07:54:06 2006 -0800"
      },
      "message": "[PATCH] sem2mutex: security/\n\nSemaphore to mutex conversion.\n\nThe conversion was generated via scripts, and the result was validated\nautomatically via a script as well.\n\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "8aad38752e81d1d4de67e3d8e2524618ce7c9276",
      "tree": "5813d3f31133313a5bcd77cb3298f7cb26b814ed",
      "parents": [
        "b20a35035f983f4ac7e29c4a68f30e43510007e0"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Wed Mar 22 00:09:13 2006 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Wed Mar 22 07:54:06 2006 -0800"
      },
      "message": "[PATCH] selinux: Disable automatic labeling of new inodes when no policy is loaded\n\nThis patch disables the automatic labeling of new inodes on disk\nwhen no policy is loaded.\n\nDiscussion is here:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id\u003d180296\n\nIn short, we\u0027re changing the behavior so that when no policy is loaded,\nSELinux does not label files at all.  Currently it does add an \u0027unlabeled\u0027\nlabel in this case, which we\u0027ve found causes problems later.\n\nSELinux always maintains a safe internal label if there is none, so with this\npatch, we just stick with that and wait until a policy is loaded before adding\na persistent label on disk.\n\nThe effect is simply that if you boot with SELinux enabled but no policy\nloaded and create a file in that state, SELinux won\u0027t try to set a security\nextended attribute on the new inode on the disk.  This is the only sane\nbehavior for SELinux in that state, as it cannot determine the right label to\nassign in the absence of a policy.  That state usually doesn\u0027t occur, but the\nrawhide installer seemed to be misbehaving temporarily so it happened to show\nup on a test install.\n\nSigned-off-by:  Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "e6f507196c2b50243beb09b1bfa4639f999d4d1e",
      "tree": "216886fba2700aa01970046e4c7412dce6638fa1",
      "parents": [
        "543d9cfeec4d58ad3fd974db5531b06b6b95deb4"
      ],
      "author": {
        "name": "Catherine Zhang",
        "email": "cxzhang@watson.ibm.com",
        "time": "Mon Mar 20 22:49:00 2006 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Mon Mar 20 22:49:00 2006 -0800"
      },
      "message": "[SELINUX]: selinux_socket_getpeer_{stream,dgram} fixup\n\nSigned-off-by: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@mandriva.com\u003e\n"
    },
    {
      "commit": "2c7946a7bf45ae86736ab3b43d0085e43947945c",
      "tree": "b956f301033ebaefe8d2701b257edfd947f537f3",
      "parents": [
        "be33690d8fcf40377f16193c463681170eb6b295"
      ],
      "author": {
        "name": "Catherine Zhang",
        "email": "cxzhang@watson.ibm.com",
        "time": "Mon Mar 20 22:41:23 2006 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Mon Mar 20 22:41:23 2006 -0800"
      },
      "message": "[SECURITY]: TCP/UDP getpeersec\n\nThis patch implements an application of the LSM-IPSec networking\ncontrols whereby an application can determine the label of the\nsecurity association its TCP or UDP sockets are currently connected to\nvia getsockopt and the auxiliary data mechanism of recvmsg.\n\nPatch purpose:\n\nThis patch enables a security-aware application to retrieve the\nsecurity context of an IPSec security association a particular TCP or\nUDP socket is using.  The application can then use this security\ncontext to determine the security context for processing on behalf of\nthe peer at the other end of this connection.  In the case of UDP, the\nsecurity context is for each individual packet.  An example\napplication is the inetd daemon, which could be modified to start\ndaemons running at security contexts dependent on the remote client.\n\nPatch design approach:\n\n- Design for TCP\nThe patch enables the SELinux LSM to set the peer security context for\na socket based on the security context of the IPSec security\nassociation.  The application may retrieve this context using\ngetsockopt.  When called, the kernel determines if the socket is a\nconnected (TCP_ESTABLISHED) TCP socket and, if so, uses the dst_entry\ncache on the socket to retrieve the security associations.  If a\nsecurity association has a security context, the context string is\nreturned, as for UNIX domain sockets.\n\n- Design for UDP\nUnlike TCP, UDP is connectionless.  This requires a somewhat different\nAPI to retrieve the peer security context.  With TCP, the peer\nsecurity context stays the same throughout the connection, thus it can\nbe retrieved at any time between when the connection is established\nand when it is torn down.  With UDP, each read/write can have\ndifferent peer and thus the security context might change every time.\nAs a result the security context retrieval must be done TOGETHER with\nthe packet retrieval.\n\nThe solution is to build upon the existing Unix domain socket API for\nretrieving user credentials.  Linux offers the API for obtaining user\ncredentials via ancillary messages (i.e., out of band/control messages\nthat are bundled together with a normal message).\n\nPatch implementation details:\n\n- Implementation for TCP\nThe security context can be retrieved by applications using getsockopt\nwith the existing SO_PEERSEC flag.  As an example (ignoring error\nchecking):\n\ngetsockopt(sockfd, SOL_SOCKET, SO_PEERSEC, optbuf, \u0026optlen);\nprintf(\"Socket peer context is: %s\\n\", optbuf);\n\nThe SELinux function, selinux_socket_getpeersec, is extended to check\nfor labeled security associations for connected (TCP_ESTABLISHED \u003d\u003d\nsk-\u003esk_state) TCP sockets only.  If so, the socket has a dst_cache of\nstruct dst_entry values that may refer to security associations.  If\nthese have security associations with security contexts, the security\ncontext is returned.\n\ngetsockopt returns a buffer that contains a security context string or\nthe buffer is unmodified.\n\n- Implementation for UDP\nTo retrieve the security context, the application first indicates to\nthe kernel such desire by setting the IP_PASSSEC option via\ngetsockopt.  Then the application retrieves the security context using\nthe auxiliary data mechanism.\n\nAn example server application for UDP should look like this:\n\ntoggle \u003d 1;\ntoggle_len \u003d sizeof(toggle);\n\nsetsockopt(sockfd, SOL_IP, IP_PASSSEC, \u0026toggle, \u0026toggle_len);\nrecvmsg(sockfd, \u0026msg_hdr, 0);\nif (msg_hdr.msg_controllen \u003e sizeof(struct cmsghdr)) {\n    cmsg_hdr \u003d CMSG_FIRSTHDR(\u0026msg_hdr);\n    if (cmsg_hdr-\u003ecmsg_len \u003c\u003d CMSG_LEN(sizeof(scontext)) \u0026\u0026\n        cmsg_hdr-\u003ecmsg_level \u003d\u003d SOL_IP \u0026\u0026\n        cmsg_hdr-\u003ecmsg_type \u003d\u003d SCM_SECURITY) {\n        memcpy(\u0026scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));\n    }\n}\n\nip_setsockopt is enhanced with a new socket option IP_PASSSEC to allow\na server socket to receive security context of the peer.  A new\nancillary message type SCM_SECURITY.\n\nWhen the packet is received we get the security context from the\nsec_path pointer which is contained in the sk_buff, and copy it to the\nancillary message space.  An additional LSM hook,\nselinux_socket_getpeersec_udp, is defined to retrieve the security\ncontext from the SELinux space.  The existing function,\nselinux_socket_getpeersec does not suit our purpose, because the\nsecurity context is copied directly to user space, rather than to\nkernel space.\n\nTesting:\n\nWe have tested the patch by setting up TCP and UDP connections between\napplications on two machines using the IPSec policies that result in\nlabeled security associations being built.  For TCP, we can then\nextract the peer security context using getsockopt on either end.  For\nUDP, the receiving end can retrieve the security context using the\nauxiliary data mechanism of recvmsg.\n\nSigned-off-by: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "8c29bfe1cfbe6050c797a6364a0cc0ff57c377fc",
      "tree": "f5e48a81ea6b12d4a4d20960750ce5c87c241d1f",
      "parents": [
        "6c5c8ca7ff20523e427b955aa84cef407934710f"
      ],
      "author": {
        "name": "Jamal Hadi Salim",
        "email": "hadi@cyberus.ca",
        "time": "Mon Mar 20 19:17:39 2006 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Mon Mar 20 19:17:39 2006 -0800"
      },
      "message": "[IPSEC]: Sync series - update selinux\n\nAdd new netlink messages to selinux framework\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "93315ed6dd12dacfc941f9eb8ca0293aadf99793",
      "tree": "4fc070c92a1de21d3befe4ce48c733c65d044bb3",
      "parents": [
        "af601e4623d0303bfafa54ec728b7ae8493a8e1b"
      ],
      "author": {
        "name": "Amy Griffis",
        "email": "amy.griffis@hp.com",
        "time": "Tue Feb 07 12:05:27 2006 -0500"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Mon Mar 20 14:08:54 2006 -0500"
      },
      "message": "[PATCH] audit string fields interface + consumer\n\nUpdated patch to dynamically allocate audit rule fields in kernel\u0027s\ninternal representation.  Added unlikely() calls for testing memory\nallocation result.\n\nAmy Griffis wrote:     [Wed Jan 11 2006, 02:02:31PM EST]\n\u003e Modify audit\u0027s kernel-userspace interface to allow the specification\n\u003e of string fields in audit rules.\n\u003e\n\u003e Signed-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n(cherry picked from 5ffc4a863f92351b720fe3e9c5cd647accff9e03 commit)\n"
    },
    {
      "commit": "af601e4623d0303bfafa54ec728b7ae8493a8e1b",
      "tree": "5f79d5ae42eeccfc1ffaf8e82a1999e4d3af793e",
      "parents": [
        "d884596f44ef5a0bcd8a66405dc04902aeaa6fc7"
      ],
      "author": {
        "name": "Steve Grubb",
        "email": "sgrubb@redhat.com",
        "time": "Wed Jan 04 14:08:39 2006 +0000"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Mon Mar 20 14:08:54 2006 -0500"
      },
      "message": "[PATCH] SE Linux audit events\n\nAttached is a patch that hardwires important SE Linux events to the audit\nsystem. Please Apply.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nAcked-by:  Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n"
    },
    {
      "commit": "7306a0b9b3e2056a616c84841288ca2431a05627",
      "tree": "d3f61ef43c7079790d6b8ef9bf307689a7d9ea16",
      "parents": [
        "8c8570fb8feef2bc166bee75a85748b25cda22d9"
      ],
      "author": {
        "name": "Dustin Kirkland",
        "email": "dustin.kirkland@us.ibm.com",
        "time": "Wed Nov 16 15:53:13 2005 +0000"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Mon Mar 20 14:08:54 2006 -0500"
      },
      "message": "[PATCH] Miscellaneous bug and warning fixes\n\nThis patch fixes a couple of bugs revealed in new features recently\nadded to -mm1:\n* fixes warnings due to inconsistent use of const struct inode *inode\n* fixes bug that prevent a kernel from booting with audit on, and SELinux off\n  due to a missing function in security/dummy.c\n* fixes a bug that throws spurious audit_panic() messages due to a missing\n  return just before an error_path label\n* some reasonable house cleaning in audit_ipc_context(),\n  audit_inode_context(), and audit_log_task_context()\n\nSigned-off-by: Dustin Kirkland \u003cdustin.kirkland@us.ibm.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n"
    },
    {
      "commit": "8c8570fb8feef2bc166bee75a85748b25cda22d9",
      "tree": "ed783d405ea9d5f3d3ccc57fb56c7b7cb2cdfb82",
      "parents": [
        "c8edc80c8b8c397c53f4f659a05b9ea6208029bf"
      ],
      "author": {
        "name": "Dustin Kirkland",
        "email": "dustin.kirkland@us.ibm.com",
        "time": "Thu Nov 03 17:15:16 2005 +0000"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Mon Mar 20 14:08:54 2006 -0500"
      },
      "message": "[PATCH] Capture selinux subject/object context information.\n\nThis patch extends existing audit records with subject/object context\ninformation. Audit records associated with filesystem inodes, ipc, and\ntasks now contain SELinux label information in the field \"subj\" if the\nitem is performing the action, or in \"obj\" if the item is the receiver\nof an action.\n\nThese labels are collected via hooks in SELinux and appended to the\nappropriate record in the audit code.\n\nThis additional information is required for Common Criteria Labeled\nSecurity Protection Profile (LSPP).\n\n[AV: fixed kmalloc flags use]\n[folded leak fixes]\n[folded cleanup from akpm (kfree(NULL)]\n[folded audit_inode_context() leak fix]\n[folded akpm\u0027s fix for audit_ipc_perm() definition in case of !CONFIG_AUDIT]\n\nSigned-off-by: Dustin Kirkland \u003cdustin.kirkland@us.ibm.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n"
    },
    {
      "commit": "90d526c074ae5db484388da56c399acf892b6c17",
      "tree": "edeb7c47d9144f3995846c5fc25db8e49ef12f5d",
      "parents": [
        "b63862f46547487388e582e8ac9083830d34f058"
      ],
      "author": {
        "name": "Steve Grubb",
        "email": "sgrubb@redhat.com",
        "time": "Thu Nov 03 15:48:08 2005 +0000"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Mon Mar 20 14:08:53 2006 -0500"
      },
      "message": "[PATCH] Define new range of userspace messages.\n\nThe attached patch updates various items for the new user space\nmessages. Please apply.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n"
    }
  ],
  "next": "341c2d806b71cc3596afeb2d9bd26cd718e75202"
}
