)]}' { "log": [ { "commit": "b385a144ee790f00e8559bcb8024d042863f9be1", "tree": "c2f2df78805fe8eff006716cee7b8fa8010d3b62", "parents": [ "521dae191e5ba9362152da9fd3a12203e087df83" ], "author": { "name": "Robert P. J. Day", "email": "rpjday@mindspring.com", "time": "Sat Feb 10 01:46:25 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sun Feb 11 11:18:06 2007 -0800" }, "message": "[PATCH] Replace regular code with appropriate calls to container_of()\n\nReplace a small number of expressions with a call to the \"container_of()\"\nmacro.\n\nSigned-off-by: Robert P. J. Day \u003crpjday@mindspring.com\u003e\nAcked-by: Paul Mackerras \u003cpaulus@samba.org\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c376222960ae91d5ffb9197ee36771aaed1d9f90", "tree": "7f431c42529fec77433d33490bd9f2a8c47ba091", "parents": [ "1b135431abf5ea92e61bf4e91d93726c7b96da5f" ], "author": { "name": "Robert P. J. Day", "email": "rpjday@mindspring.com", "time": "Sat Feb 10 01:45:03 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sun Feb 11 10:51:27 2007 -0800" }, "message": "[PATCH] Transform kmem_cache_alloc()+memset(0) -\u003e kmem_cache_zalloc().\n\nReplace appropriate pairs of \"kmem_cache_alloc()\" + \"memset(0)\" with the\ncorresponding \"kmem_cache_zalloc()\" call.\n\nSigned-off-by: Robert P. J. Day \u003crpjday@mindspring.com\u003e\nCc: \"Luck, Tony\" \u003ctony.luck@intel.com\u003e\nCc: Andi Kleen \u003cak@muc.de\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: James Bottomley \u003cJames.Bottomley@steeleye.com\u003e\nCc: Greg KH \u003cgreg@kroah.com\u003e\nAcked-by: Joel Becker \u003cJoel.Becker@oracle.com\u003e\nCc: Steven Whitehouse \u003cswhiteho@redhat.com\u003e\nCc: Jan Kara \u003cjack@ucw.cz\u003e\nCc: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9ad0830f307bcd8dc285cfae58998d43b21727f4", "tree": "237119861640847301c6af758650b05ea353a1da", "parents": [ "768c242b30d9ec5581dd245e8289acb6b77815d1" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Feb 06 13:45:51 2007 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 06 14:45:00 2007 -0800" }, "message": "[PATCH] Keys: Fix key serial number collision handling\n\nFix the key serial number collision avoidance code in key_alloc_serial().\n\nThis didn\u0027t use to be so much of a problem as the key serial numbers were\nallocated from a simple incremental counter, and it would have to go through\ntwo billion keys before it could possibly encounter a collision. However, now\nthat random numbers are used instead, collisions are much more likely.\n\nThis is fixed by finding a hole in the rbtree where the next unused serial\nnumber ought to be and using that by going almost back to the top of the\ninsertion routine and redoing the insertion with the new serial number rather\nthan trying to be clever and attempting to work out the insertion point\npointer directly.\n\nThis fixes kernel BZ #7727.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "342a0cff0ad5fba6b591cfa37db3c65c4d9913f8", "tree": "d437dd552e615faa7825101197909a8bf515661e", "parents": [ "c229ec5dae58b218cab0bc1b36a7647b0ec4900f" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Fri Jan 26 19:03:48 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Jan 26 19:03:48 2007 -0800" }, "message": "[SELINUX]: Fix 2.6.20-rc6 build when no xfrm\n\nThis patch is an incremental fix to the flow_cache_genid\npatch for selinux that breaks the build of 2.6.20-rc6 when\nxfrm is not configured.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "334c85569b8adeaa820c0f2fab3c8f0a9dc8b92e", "tree": "a813e11fc4168e8eb2597364b7d809cd981859ac", "parents": [ "d88ae4cc97b24783ee4480697fbdcc02ab4133a6" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Mon Jan 15 16:38:45 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jan 23 20:25:41 2007 -0800" }, "message": "[SELINUX]: increment flow cache genid\n\nCurrently, old flow cache entries remain valid even after\na reload of SELinux policy.\n\nThis patch increments the flow cache generation id\non policy (re)loads so that flow cache entries are\nrevalidated as needed.\n\nThanks to Herbet Xu for pointing this out. See:\nhttp://marc.theaimsgroup.com/?l\u003dlinux-netdev\u0026m\u003d116841378704536\u0026w\u003d2\n\nThere\u0027s also a general issue as well as a solution proposed\nby David Miller for when flow_cache_genid wraps. I might be\nsubmitting a separate patch for that later.\n\nI request that this be applied to 2.6.20 since it\u0027s\na security relevant fix.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "797951200679f1d5ea12a2e58cc7bdbc2848764c", "tree": "aaf0785e317ad5f4651324669bcafbd163d1833d", "parents": [ "86112ffdccab3ee75bc9d9dfae6745df73189e37" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Jan 05 15:08:21 2007 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jan 09 00:30:00 2007 -0800" }, "message": "NetLabel: correct locking in selinux_netlbl_socket_setsid()\n\nThe spinlock protecting the update of the \"sksec-\u003enlbl_state\" variable is not\ncurrently softirq safe which can lead to problems. This patch fixes this by\nchanging the spin_{un}lock() functions into spin_{un}lock_bh() functions.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0efc61eaee5471acd7399c8536feff280b4966dd", "tree": "c57dbd32f8a318082ba4f35092b5679d23cfb184", "parents": [ "bf81b46482c0fa8ea638e409d39768ea92a6b0f0" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Tue Dec 12 13:02:41 2006 -0600" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 08 17:32:51 2007 -0500" }, "message": "selinux: Delete mls_copy_context\n\nThis deletes mls_copy_context() in favor of mls_context_cpy() and\nreplaces mls_scopy_context() with mls_context_cpy_low().\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9883a13c72dbf8c518814b6091019643cdb34429", "tree": "cb904d6db071a985598d8b8659dee1556f6fb231", "parents": [ "ec8acb6904fabb8e741f741ec99bb1c18f2b3dee" ], "author": { "name": "Parag Warudkar", "email": "paragw@paragw.zapto.org", "time": "Tue Jan 02 21:09:31 2007 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Tue Jan 02 13:32:21 2007 -0800" }, "message": "[PATCH] selinux: fix selinux_netlbl_inode_permission() locking\n\ndo not call a sleeping lock API in an RCU read section.\nlock_sock_nested can sleep, its BH counterpart doesn\u0027t.\nselinux_netlbl_inode_permission() needs to use the BH counterpart\nunconditionally.\n\nCompile tested.\n\nFrom: Ingo Molnar \u003cmingo@elte.hu\u003e\n\nadded BH disabling, because this function can be called from non-atomic\ncontexts too, so a naked bh_lock_sock() would be deadlock-prone.\n\nBoot-tested the resulting kernel.\n\nSigned-off-by: Parag Warudkar \u003cparagw@paragw.zapto.org\u003e\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "bbea9f69668a3d0cf9feba15a724cd02896f8675", "tree": "bc58506e4daba4a04309181a5501ae4eb5424783", "parents": [ "f3d19c90fb117a5f080310a4592929aa8e1ad8e9" ], "author": { "name": "Vadim Lobanov", "email": "vlobanov@speakeasy.net", "time": "Sun Dec 10 02:21:12 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Sun Dec 10 09:57:22 2006 -0800" }, "message": "[PATCH] fdtable: Make fdarray and fdsets equal in size\n\nCurrently, each fdtable supports three dynamically-sized arrays of data: the\nfdarray and two fdsets. The code allows the number of fds supported by the\nfdarray (fdtable-\u003emax_fds) to differ from the number of fds supported by each\nof the fdsets (fdtable-\u003emax_fdset).\n\nIn practice, it is wasteful for these two sizes to differ: whenever we hit a\nlimit on the smaller-capacity structure, we will reallocate the entire fdtable\nand all the dynamic arrays within it, so any delta in the memory used by the\nlarger-capacity structure will never be touched at all.\n\nRather than hogging this excess, we shouldn\u0027t even allocate it in the first\nplace, and keep the capacities of the fdarray and the fdsets equal. This\npatch removes fdtable-\u003emax_fdset. As an added bonus, most of the supporting\ncode becomes simpler.\n\nSigned-off-by: Vadim Lobanov \u003cvlobanov@speakeasy.net\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Dipankar Sarma \u003cdipankar@in.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "3d5ff529ea222461a5fa3c4df05cbdc5eb56864d", "tree": "28ec8432eb9212bc04e345c2e85addc132f3a34e", "parents": [ "7ac6207b2a6a5b828bc333f2530a3bd48197af3e" ], "author": { "name": "Josef Sipek", "email": "jsipek@fsl.cs.sunysb.edu", "time": "Fri Dec 08 02:37:38 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:49 2006 -0800" }, "message": "[PATCH] struct path: convert selinux\n\nSigned-off-by: Josef Sipek \u003cjsipek@fsl.cs.sunysb.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "24ec839c431eb79bb8f6abc00c4e1eb3b8c4d517", "tree": "2ff478b1925159eeac007913c2a8f19d5f5e6010", "parents": [ "562f9c574e0707f9159a729ea41faf53b221cd30" ], "author": { "name": "Peter Zijlstra", "email": "a.p.zijlstra@chello.nl", "time": "Fri Dec 08 02:36:04 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:38 2006 -0800" }, "message": "[PATCH] tty: -\u003esignal-\u003etty locking\n\nFix the locking of signal-\u003etty.\n\nUse -\u003esighand-\u003esiglock to protect -\u003esignal-\u003etty; this lock is already used\nby most other members of -\u003esignal/-\u003esighand. And unless we are \u0027current\u0027\nor the tasklist_lock is held we need -\u003esiglock to access -\u003esignal anyway.\n\n(NOTE: sys_unshare() is broken wrt -\u003esighand locking rules)\n\nNote that tty_mutex is held over tty destruction, so while holding\ntty_mutex any tty pointer remains valid. Otherwise the lifetime of ttys\nare governed by their open file handles. This leaves some holes for tty\naccess from signal-\u003etty (or any other non file related tty access).\n\nIt solves the tty SLAB scribbles we were seeing.\n\n(NOTE: the change from group_send_sig_info to __group_send_sig_info needs to\n be examined by someone familiar with the security framework, I think\n it is safe given the SEND_SIG_PRIV from other __group_send_sig_info\n invocations)\n\n[schwidefsky@de.ibm.com: 3270 fix]\n[akpm@osdl.org: various post-viro fixes]\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nAcked-by: Alan Cox \u003calan@redhat.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: Prarit Bhargava \u003cprarit@redhat.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Jeff Dike \u003cjdike@addtoit.com\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Jan Kara \u003cjack@ucw.cz\u003e\nSigned-off-by: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6cfd76a26d9fe2ba54b9d496a48c1d9285e5c5ed", "tree": "1114a0630c5045d0650c6d78a8097fdea6f94d8e", "parents": [ "a4c410f00f7ca4bd448b0d63f6f882fd244dc991" ], "author": { "name": "Peter Zijlstra", "email": "a.p.zijlstra@chello.nl", "time": "Wed Dec 06 20:37:22 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:36 2006 -0800" }, "message": "[PATCH] lockdep: name some old style locks\n\nName some of the remaning \u0027old_style_spin_init\u0027 locks\n\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nAcked-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "48ad504ee7d598431cb2d0b2f01c6d1aff1d2a07", "tree": "52862e12cdca605b04959fc0fa28164dc015013b", "parents": [ "7cf9c2c76c1a17b32f2da85b50cd4fe468ed44b5" ], "author": { "name": "Eric Sesterhenn", "email": "snakebyte@gmx.de", "time": "Wed Dec 06 20:33:47 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:25 2006 -0800" }, "message": "[PATCH] security/keys/*: user kmemdup()\n\nSigned-off-by: Eric Sesterhenn \u003csnakebyte@gmx.de\u003e\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nAcked-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e18b890bb0881bbab6f4f1a6cd20d9c60d66b003", "tree": "4828be07e1c24781c264b42c5a75bcd968223c3f", "parents": [ "441e143e95f5aa1e04026cb0aa71c801ba53982f" ], "author": { "name": "Christoph Lameter", "email": "clameter@sgi.com", "time": "Wed Dec 06 20:33:20 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:25 2006 -0800" }, "message": "[PATCH] slab: remove kmem_cache_t\n\nReplace all uses of kmem_cache_t with struct kmem_cache.\n\nThe patch was generated using the following script:\n\n\t#!/bin/sh\n\t#\n\t# Replace one string by another in all the kernel sources.\n\t#\n\n\tset -e\n\n\tfor file in `find * -name \"*.c\" -o -name \"*.h\"|xargs grep -l $1`; do\n\t\tquilt add $file\n\t\tsed -e \"1,\\$s/$1/$2/g\" $file \u003e/tmp/$$\n\t\tmv /tmp/$$ $file\n\t\tquilt refresh\n\tdone\n\nThe script was run like this\n\n\tsh replace kmem_cache_t \"struct kmem_cache\"\n\nSigned-off-by: Christoph Lameter \u003cclameter@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e94b1766097d53e6f3ccfb36c8baa562ffeda3fc", "tree": "93fa0a8ab84976d4e89c50768ca8b8878d642a0d", "parents": [ "54e6ecb23951b195d02433a741c7f7cb0b796c78" ], "author": { "name": "Christoph Lameter", "email": "clameter@sgi.com", "time": "Wed Dec 06 20:33:17 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:24 2006 -0800" }, "message": "[PATCH] slab: remove SLAB_KERNEL\n\nSLAB_KERNEL is an alias of GFP_KERNEL.\n\nSigned-off-by: Christoph Lameter \u003cclameter@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "54e6ecb23951b195d02433a741c7f7cb0b796c78", "tree": "c8885c49f37c8d383945b8af69d51597494ed62c", "parents": [ "f7267c0c0721fd02ad3dc37c3d6dd24ccd81d4d6" ], "author": { "name": "Christoph Lameter", "email": "clameter@sgi.com", "time": "Wed Dec 06 20:33:16 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:24 2006 -0800" }, "message": "[PATCH] slab: remove SLAB_ATOMIC\n\nSLAB_ATOMIC is an alias of GFP_ATOMIC\n\nSigned-off-by: Christoph Lameter \u003cclameter@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9db73724453a9350e1c22dbe732d427e2939a5c9", "tree": "15e3ead6413ae97398a54292acc199bee0864d42", "parents": [ "4c1ac1b49122b805adfa4efc620592f68dccf5db", "e62438630ca37539c8cc1553710bbfaa3cf960a7" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Dec 05 17:01:28 2006 +0000" }, "committer": { "name": "David Howells", "email": "dhowells@warthog.cambridge.redhat.com", "time": "Tue Dec 05 17:01:28 2006 +0000" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6\n\nConflicts:\n\n\tdrivers/ata/libata-scsi.c\n\tinclude/linux/libata.h\n\nFuther merge of Linus\u0027s head and compilation fixups.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "4c1ac1b49122b805adfa4efc620592f68dccf5db", "tree": "87557f4bc2fd4fe65b7570489c2f610c45c0adcd", "parents": [ "c4028958b6ecad064b1a6303a6a5906d4fe48d73", "d916faace3efc0bf19fe9a615a1ab8fa1a24cd93" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Dec 05 14:37:56 2006 +0000" }, "committer": { "name": "David Howells", "email": "dhowells@warthog.cambridge.redhat.com", "time": "Tue Dec 05 14:37:56 2006 +0000" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6\n\nConflicts:\n\n\tdrivers/infiniband/core/iwcm.c\n\tdrivers/net/chelsio/cxgb2.c\n\tdrivers/net/wireless/bcm43xx/bcm43xx_main.c\n\tdrivers/net/wireless/prism54/islpci_eth.c\n\tdrivers/usb/core/hub.h\n\tdrivers/usb/input/hid-core.c\n\tnet/core/netpoll.c\n\nFix up merge failures with Linus\u0027s head and fix new compilation failures.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "87fcd70d983d30eca4b933fff2e97d9a31743d0a", "tree": "2c79943f7691f80123af0145a8909f14011b0761", "parents": [ "91f433cacc9d1ae95ae46ce26d7bcf3a724c72d0" ], "author": { "name": "Al Viro", "email": "viro@hera.kernel.org", "time": "Mon Dec 04 22:00:55 2006 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Mon Dec 04 19:32:44 2006 -0800" }, "message": "[PATCH] selinux endianness annotations\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6cbda6b6e2e2a0a84c0fcda8ea262c16d7a63fc8", "tree": "ca4c974f9eedc3ab756b6eecb7c2db2a68095493", "parents": [ "484b366932be0b73a22c74a82748ca10a721643e" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 29 16:50:27 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:31:39 2006 -0800" }, "message": "Rename class_destroy to avoid namespace conflicts.\n\nWe\u0027re seeing increasing namespace conflicts between the global\nclass_destroy() function declared in linux/device.h, and the private\nfunction in the SELinux core code. This patch renames the SELinux\nfunction to cls_destroy() to avoid this conflict.\n\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "02752760359db6b00a3ffb1acfc13ef8d9eb1e3f", "tree": "796cd65fd4cd732b295e61dac194efbf36b78842", "parents": [ "ef91fd522ba3c88d9c68261c243567bc4c5a8f55" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Nov 29 13:18:18 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:31:36 2006 -0800" }, "message": "NetLabel: convert to an extensibile/sparse category bitmap\n\nThe original NetLabel category bitmap was a straight char bitmap which worked\nfine for the initial release as it only supported 240 bits due to limitations\nin the CIPSO restricted bitmap tag (tag type 0x01). This patch converts that\nstraight char bitmap into an extensibile/sparse bitmap in order to lay the\nfoundation for other CIPSO tag types and protocols.\n\nThis patch also has a nice side effect in that all of the security attributes\npassed by NetLabel into the LSM are now in a format which is in the host\u0027s\nnative byte/bit ordering which makes the LSM specific code much simpler; look\nat the changes in security/selinux/ss/ebitmap.c as an example.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bb22f58087fdf8b617803c9b65bc86c6d26b5115", "tree": "ff68f85498cedce8858d44b80d0ae8c65b757056", "parents": [ "de64688ffb952a65ddbc5295ccd235d35f292593" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 17 23:01:03 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:24:16 2006 -0800" }, "message": "Compile fix for \"peer secid consolidation for external network labeling\"\n\nUse a forward declaration instead of dragging in skbuff.h and\nrelated junk.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3de4bab5b9f8848a0c16a4b1ffe0452f0d670237", "tree": "f65c12b53bf2ad02645ea31522f67e7318019498", "parents": [ "9f2ad66509b182b399a5b03de487f45bde623524" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Nov 17 17:38:54 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:24:14 2006 -0800" }, "message": "SELinux: peer secid consolidation for external network labeling\n\nNow that labeled IPsec makes use of the peer_sid field in the\nsk_security_struct we can remove a lot of the special cases between labeled\nIPsec and NetLabel. In addition, create a new function,\nsecurity_skb_extlbl_sid(), which we can use in several places to get the\nsecurity context of the packet\u0027s external label which allows us to further\nsimplify the code in a few places.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9f2ad66509b182b399a5b03de487f45bde623524", "tree": "8376dc2db99a78c1b043644f019c4dc224187f16", "parents": [ "9bb5fd2b05cb4dba229e225536faa59eaadd837d" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Nov 17 17:38:53 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:24:13 2006 -0800" }, "message": "NetLabel: SELinux cleanups\n\nThis patch does a lot of cleanup in the SELinux NetLabel support code. A\nsummary of the changes include:\n\n* Use RCU locking for the NetLabel state variable in the skk_security_struct\n instead of using the inode_security_struct mutex.\n* Remove unnecessary parameters in selinux_netlbl_socket_post_create().\n* Rename selinux_netlbl_sk_clone_security() to\n selinux_netlbl_sk_security_clone() to better fit the other NetLabel\n sk_security functions.\n* Improvements to selinux_netlbl_inode_permission() to help reduce the cost of\n the common case.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "701a90bad99b8081a824cca52c178c8fc8f46bb2", "tree": "5fed88e6707e9122d7f16e4c5d8fea7c69e090ac", "parents": [ "c6fa82a9dd6160e0bc980cb0401c16bf62f2fe66" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Nov 17 17:38:46 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:24:07 2006 -0800" }, "message": "NetLabel: make netlbl_lsm_secattr struct easier/quicker to understand\n\nThe existing netlbl_lsm_secattr struct required the LSM to check all of the\nfields to determine if any security attributes were present resulting in a lot\nof work in the common case of no attributes. This patch adds a \u0027flags\u0027 field\nwhich is used to indicate which attributes are present in the structure; this\nshould allow the LSM to do a quick comparison to determine if the structure\nholds any security attributes.\n\nExample:\n\n if (netlbl_lsm_secattr-\u003eflags)\n\t/* security attributes present */\n else\n\t/* NO security attributes present */\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6051e2f4fb68fc8e5343db58fa680ece376f405c", "tree": "b061f38f00100e40a3c5b9f33e3acb58c5aa3e7b", "parents": [ "04561c1fe7b067a8250e6caaf168256783580c4c" ], "author": { "name": "Thomas Graf", "email": "tgraf@suug.ch", "time": "Tue Nov 14 19:54:19 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:22:45 2006 -0800" }, "message": "[IPv6] prefix: Convert RTM_NEWPREFIX notifications to use the new netlink api\n\nRTM_GETPREFIX is completely unused and is thus removed.\n\nSigned-off-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2ee92d46c6cabedd50edf6f273fa8cf84f707618", "tree": "bdf7c64514a5063ba4ef41915f9efb6f803fc38a", "parents": [ "90833aa4f496d69ca374af6acef7d1614c8693ff" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 13 16:09:01 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:22:24 2006 -0800" }, "message": "[SELinux]: Add support for DCCP\n\nThis patch implements SELinux kernel support for DCCP\n(http://linux-net.osdl.org/index.php/DCCP), which is similar in\noperation to TCP in terms of connected state between peers.\n\nThe SELinux support for DCCP is thus modeled on existing handling of\nTCP.\n\nA new DCCP socket class is introduced, to allow protocol\ndifferentation. The permissions for this class inherit all of the\nsocket permissions, as well as the current TCP permissions (node_bind,\nname_bind etc). IPv4 and IPv6 are supported, although labeled\nnetworking is not, at this stage.\n\nPatches for SELinux userspace are at:\nhttp://people.redhat.com/jmorris/selinux/dccp/user/\n\nI\u0027ve performed some basic testing, and it seems to be working as\nexpected. Adding policy support is similar to TCP, the only real\ndifference being that it\u0027s a different protocol.\n\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "67f83cbf081a70426ff667e8d14f94e13ed3bdca", "tree": "776a40733eacb9071478f865e6791daa3f6fd602", "parents": [ "6b877699c6f1efede4545bcecc367786a472eedb" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@trustedcs.com", "time": "Wed Nov 08 17:04:26 2006 -0600" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:21:34 2006 -0800" }, "message": "SELinux: Fix SA selection semantics\n\nFix the selection of an SA for an outgoing packet to be at the same\ncontext as the originating socket/flow. This eliminates the SELinux\npolicy\u0027s ability to use/sendto SAs with contexts other than the socket\u0027s.\n\nWith this patch applied, the SELinux policy will require one or more of the\nfollowing for a socket to be able to communicate with/without SAs:\n\n1. To enable a socket to communicate without using labeled-IPSec SAs:\n\nallow socket_t unlabeled_t:association { sendto recvfrom }\n\n2. To enable a socket to communicate with labeled-IPSec SAs:\n\nallow socket_t self:association { sendto };\nallow socket_t peer_sa_t:association { recvfrom };\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6b877699c6f1efede4545bcecc367786a472eedb", "tree": "c0a60dc90578fa9f16d4496e2700bc285eab47c0", "parents": [ "c1a856c9640c9ff3d70bbd8214b6a0974609eef8" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@trustedcs.com", "time": "Wed Nov 08 17:04:09 2006 -0600" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:21:33 2006 -0800" }, "message": "SELinux: Return correct context for SO_PEERSEC\n\nFix SO_PEERSEC for tcp sockets to return the security context of\nthe peer (as represented by the SA from the peer) as opposed to the\nSA used by the local/source socket.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c1a856c9640c9ff3d70bbd8214b6a0974609eef8", "tree": "76166bf784edd968ffac8c3dcc607d73580c509a", "parents": [ "e8db8c99100750ade5a9b4072b9469cab718a5b7" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@trustedcs.com", "time": "Wed Nov 08 17:03:44 2006 -0600" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:21:31 2006 -0800" }, "message": "SELinux: Various xfrm labeling fixes\n\nSince the upstreaming of the mlsxfrm modification a few months back,\ntesting has resulted in the identification of the following issues/bugs that\nare resolved in this patch set.\n\n1. Fix the security context used in the IKE negotiation to be the context\n of the socket as opposed to the context of the SPD rule.\n\n2. Fix SO_PEERSEC for tcp sockets to return the security context of\n the peer as opposed to the source.\n\n3. Fix the selection of an SA for an outgoing packet to be at the same\n context as the originating socket/flow.\n\nThe following would be the result of applying this patchset:\n\n- SO_PEERSEC will now correctly return the peer\u0027s context.\n\n- IKE deamons will receive the context of the source socket/flow\n as opposed to the SPD rule\u0027s context so that the negotiated SA\n will be at the same context as the source socket/flow.\n\n- The SELinux policy will require one or more of the\n following for a socket to be able to communicate with/without SAs:\n\n 1. To enable a socket to communicate without using labeled-IPSec SAs:\n\n allow socket_t unlabeled_t:association { sendto recvfrom }\n\n 2. To enable a socket to communicate with labeled-IPSec SAs:\n\n allow socket_t self:association { sendto };\n allow socket_t peer_sa_t:association { recvfrom };\n\nThis Patch: Pass correct security context to IKE for use in negotiation\n\nFix the security context passed to IKE for use in negotiation to be the\ncontext of the socket as opposed to the context of the SPD rule so that\nthe SA carries the label of the originating socket/flow.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b07e3c3a1db0ce399d2a1d04860e1b901927c05e", "tree": "474c17e969b5462a3702f0021249e1d78522ac35", "parents": [ "5f56bbdf1e35d41b4b3d4c92bdb3e70c63877e4d", "b94c7e677b9d28bd3f9ba4a70df6bfa7942867ca" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 01 16:43:42 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 01 16:43:42 2006 -0800" }, "message": "Merge branch \u0027for-2.6.20\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-2.6.20\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n SELinux: validate kernel object classes and permissions\n SELinux: ensure keys constant in hashtab_search\n SELinux: export object class and permission definitions\n SELinux: remove current object class and permission validation mechanism\n" }, { "commit": "b94c7e677b9d28bd3f9ba4a70df6bfa7942867ca", "tree": "ea116d586f821526513d32fd5e7c2f8fa6d59485", "parents": [ "bb242497474da317a7169cc939c741ccf2e79e8c" ], "author": { "name": "Chad Sellers", "email": "csellers@tresys.com", "time": "Mon Nov 06 12:38:18 2006 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 28 12:04:38 2006 -0500" }, "message": "SELinux: validate kernel object classes and permissions\n\nThis is a new object class and permission validation scheme that validates\nagainst the defined kernel headers. This scheme allows extra classes\nand permissions that do not conflict with the kernel definitions to be\nadded to the policy. This validation is now done for all policy loads,\nnot just subsequent loads after the first policy load.\n\nThe implementation walks the three structrures containing the defined\nobject class and permission values and ensures their values are the\nsame in the policy being loaded. This includes verifying the object\nclasses themselves, the permissions they contain, and the permissions\nthey inherit from commons. Classes or permissions that are present in the\nkernel but missing from the policy cause a warning (printed to KERN_INFO)\nto be printed, but do not stop the policy from loading, emulating current\nbehavior. Any other inconsistencies cause the load to fail.\n\nSigned-off-by: Chad Sellers \u003ccsellers@tresys.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bb242497474da317a7169cc939c741ccf2e79e8c", "tree": "f0388fcadc32e98ae977ba7d1b42f724697cd756", "parents": [ "5c45899879e8caadb78f04c9c639f4c2025b9f00" ], "author": { "name": "Chad Sellers", "email": "csellers@tresys.com", "time": "Mon Nov 06 12:38:17 2006 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 28 12:04:37 2006 -0500" }, "message": "SELinux: ensure keys constant in hashtab_search\n\nMakes the key argument passed into hashtab_search and all the functions\nit calls constant. These functions include hash table function pointers\nhash_value and keycmp. The only implementations of these currently\nare symhash and symcmp, which do not modify the key. The key parameter\nshould never be changed by any of these, so it should be const. This\nis necessary to allow calling these functions with keys found in kernel\nobject class and permission definitions.\n\nSigned-off-by: Chad Sellers \u003ccsellers@tresys.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5c45899879e8caadb78f04c9c639f4c2025b9f00", "tree": "ee47228ccb816e523ac1051cfe41927059bc5ef9", "parents": [ "5a64d4438ed1e759ccd30d9e90842bf360f19298" ], "author": { "name": "Chad Sellers", "email": "csellers@tresys.com", "time": "Mon Nov 06 12:38:16 2006 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 28 12:04:36 2006 -0500" }, "message": "SELinux: export object class and permission definitions\n\nMoves the definition of the 3 structs containing object class and\npermission definitions from avc.c to avc_ss.h so that the security\nserver can access them for validation on policy load. This also adds\na new struct type, defined_classes_perms_t, suitable for allowing the\nsecurity server to access these data structures from the avc.\n\nSigned-off-by: Chad Sellers \u003ccsellers@tresys.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5a64d4438ed1e759ccd30d9e90842bf360f19298", "tree": "b9165ff810788cc934778345201d442f8e869a00", "parents": [ "2ea5814472c3c910aed5c5b60f1f3b1000e353f1" ], "author": { "name": "Chad Sellers", "email": "csellers@tresys.com", "time": "Mon Nov 06 12:38:15 2006 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 28 12:04:35 2006 -0500" }, "message": "SELinux: remove current object class and permission validation mechanism\n\nRemoves the current SELinux object class and permission validation code,\nas the current code makes it impossible to change or remove object classes\nand permissions on a running system. Additionally, the current code does\nnot actually validate that the classes and permissions are correct, but\ninstead merely validates that they do not change between policy reloads.\n\nSigned-off-by: Chad Sellers \u003ccsellers@tresys.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fc5d81e69d15c65ca20d9e5b4e242690e3e9c27d", "tree": "487e7c5e25fb91246712747cc9595f750cffa30b", "parents": [ "2ea5814472c3c910aed5c5b60f1f3b1000e353f1" ], "author": { "name": "Akinobu Mita", "email": "akinobu.mita@gmail.com", "time": "Mon Nov 27 15:16:48 2006 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 27 10:22:43 2006 -0500" }, "message": "selinux: fix dentry_open() error check\n\nThe return value of dentry_open() shoud be checked by IS_ERR().\n\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Akinobu Mita \u003cakinobu.mita@gmail.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "65f27f38446e1976cc98fd3004b110fedcddd189", "tree": "68f8be93feae31dfa018c22db392a05546b63ee1", "parents": [ "365970a1ea76d81cb1ad2f652acb605f06dae256" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Nov 22 14:55:48 2006 +0000" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Nov 22 14:55:48 2006 +0000" }, "message": "WorkStruct: Pass the work_struct pointer instead of context data\n\nPass the work_struct pointer to the work function rather than context data.\nThe work function can use container_of() to work out the data.\n\nFor the cases where the container of the work_struct may go away the moment the\npending bit is cleared, it is made possible to defer the release of the\nstructure by deferring the clearing of the pending bit.\n\nTo make this work, an extra flag is introduced into the management side of the\nwork_struct. This governs auto-release of the structure upon execution.\n\nOrdinarily, the work queue executor would release the work_struct for further\nscheduling or deallocation by clearing the pending bit prior to jumping to the\nwork function. This means that, unless the driver makes some guarantee itself\nthat the work_struct won\u0027t go away, the work function may not access anything\nelse in the work_struct or its container lest they be deallocated.. This is a\nproblem if the auxiliary data is taken away (as done by the last patch).\n\nHowever, if the pending bit is *not* cleared before jumping to the work\nfunction, then the work function *may* access the work_struct and its container\nwith no problems. But then the work function must itself release the\nwork_struct by calling work_release().\n\nIn most cases, automatic release is fine, so this is the default. Special\ninitiators exist for the non-auto-release case (ending in _NAR).\n\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "f8687afefcc821fc47c75775eec87731fe3de360", "tree": "9835a3c95fb94597ede42cfdf732b97cc495c9bf", "parents": [ "920b868ae1dfdac77c5e8c97e7067b23680f043e" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Oct 30 15:22:15 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Oct 30 15:24:49 2006 -0800" }, "message": "[NetLabel]: protect the CIPSOv4 socket option from setsockopt()\n\nThis patch makes two changes to protect applications from either removing or\ntampering with the CIPSOv4 IP option on a socket. The first is the requirement\nthat applications have the CAP_NET_RAW capability to set an IPOPT_CIPSO option\non a socket; this prevents untrusted applications from setting their own\nCIPSOv4 security attributes on the packets they send. The second change is to\nSELinux and it prevents applications from setting any IPv4 options when there\nis an IPOPT_CIPSO option already present on the socket; this prevents\napplications from removing CIPSOv4 security attributes from the packets they\nsend.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "bf0edf39296097f20c5fcc4919ed7d339194bd75", "tree": "0cde65c275cd7bab51c306cde3bf80487655f6ba", "parents": [ "044a68ed8a692f643cf3c0a54c380a922584f34f" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Oct 11 19:10:48 2006 -0400" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sun Oct 15 23:14:15 2006 -0700" }, "message": "NetLabel: better error handling involving mls_export_cat()\n\nUpon inspection it looked like the error handling for mls_export_cat() was\nrather poor. This patch addresses this by NULL\u0027ing out kfree()\u0027d pointers\nbefore returning and checking the return value of the function everywhere\nit is called.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6e8c751e07b34d73069e9333f67fbe5ffe31ec3a", "tree": "6fe661be57040eebd237c5bed86e5eb76910639e", "parents": [ "3bccfbc7a7ba4085817deae6e7c67daf0cbd045a" ], "author": { "name": "Chad Sellers", "email": "csellers@tresys.com", "time": "Fri Oct 06 16:09:52 2006 -0400" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 11 23:59:41 2006 -0700" }, "message": "SELinux: Bug fix in polidydb_destroy\n\nThis patch fixes two bugs in policydb_destroy. Two list pointers\n(policydb.ocontexts[i] and policydb.genfs) were not being reset to NULL when\nthe lists they pointed to were being freed. This caused a problem when the\ninitial policy load failed, as the policydb being destroyed was not a\ntemporary new policydb that was thrown away, but rather was the global\n(active) policydb. Consequently, later functions, particularly\nsys_bind-\u003eselinux_socket_bind-\u003esecurity_node_sid and\ndo_rw_proc-\u003eselinux_sysctl-\u003eselinux_proc_get_sid-\u003esecurity_genfs_sid tried\nto dereference memory that had previously been freed.\n\nSigned-off-by: Chad Sellers \u003ccsellers@tresys.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5b368e61c2bcb2666bb66e2acf1d6d85ba6f474d", "tree": "293f595f737540a546ba186ba1f054389aa95f6f", "parents": [ "134b0fc544ba062498451611cb6f3e4454221b3d" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@trustedcs.com", "time": "Thu Oct 05 15:42:18 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 11 23:59:37 2006 -0700" }, "message": "IPsec: correct semantics for SELinux policy matching\n\nCurrently when an IPSec policy rule doesn\u0027t specify a security\ncontext, it is assumed to be \"unlabeled\" by SELinux, and so\nthe IPSec policy rule fails to match to a flow that it would\notherwise match to, unless one has explicitly added an SELinux\npolicy rule allowing the flow to \"polmatch\" to the \"unlabeled\"\nIPSec policy rules. In the absence of such an explicitly added\nSELinux policy rule, the IPSec policy rule fails to match and\nso the packet(s) flow in clear text without the otherwise applicable\nxfrm(s) applied.\n\nThe above SELinux behavior violates the SELinux security notion of\n\"deny by default\" which should actually translate to \"encrypt by\ndefault\" in the above case.\n\nThis was first reported by Evgeniy Polyakov and the way James Morris\nwas seeing the problem was when connecting via IPsec to a\nconfined service on an SELinux box (vsftpd), which did not have the\nappropriate SELinux policy permissions to send packets via IPsec.\n\nWith this patch applied, SELinux \"polmatching\" of flows Vs. IPSec\npolicy rules will only come into play when there\u0027s a explicit context\nspecified for the IPSec policy rule (which also means there\u0027s corresponding\nSELinux policy allowing appropriate domains/flows to polmatch to this context).\n\nSecondly, when a security module is loaded (in this case, SELinux), the\nsecurity_xfrm_policy_lookup() hook can return errors other than access denied,\nsuch as -EINVAL. We were not handling that correctly, and in fact\ninverting the return logic and propagating a false \"ok\" back up to\nxfrm_lookup(), which then allowed packets to pass as if they were not\nassociated with an xfrm policy.\n\nThe solution for this is to first ensure that errno values are\ncorrectly propagated all the way back up through the various call chains\nfrom security_xfrm_policy_lookup(), and handled correctly.\n\nThen, flow_cache_lookup() is modified, so that if the policy resolver\nfails (typically a permission denied via the security module), the flow\ncache entry is killed rather than having a null policy assigned (which\nindicates that the packet can pass freely). This also forces any future\nlookups for the same flow to consult the security module (e.g. SELinux)\nfor current security policy (rather than, say, caching the error on the\nflow cache entry).\n\nThis patch: Fix the selinux side of things.\n\nThis makes sure SELinux polmatching of flow contexts to IPSec policy\nrules comes into play only when an explicit context is associated\nwith the IPSec policy rule.\n\nAlso, this no longer defaults the context of a socket policy to\nthe context of the socket since the \"no explicit context\" case\nis now handled properly.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "388b24057f90ba109d4bf855006a8809c383eb76", "tree": "44ab16f68b08ac7ed64ba4e4f2be87a6476a5d4c", "parents": [ "ffb733c65000ee701294f7b80c4eca2a5f335637" ], "author": { "name": "paul.moore@hp.com", "email": "paul.moore@hp.com", "time": "Thu Oct 05 18:28:24 2006 -0400" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 11 23:59:32 2006 -0700" }, "message": "NetLabel: use SECINITSID_UNLABELED for a base SID\n\nThis patch changes NetLabel to use SECINITSID_UNLABLELED as it\u0027s source of\nSELinux type information when generating a NetLabel context.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ffb733c65000ee701294f7b80c4eca2a5f335637", "tree": "edda8e25792fe4a7bf0c619787949291276b9ed7", "parents": [ "c25d5180441e344a3368d100c57f0a481c6944f7" ], "author": { "name": "paul.moore@hp.com", "email": "paul.moore@hp.com", "time": "Wed Oct 04 11:46:31 2006 -0400" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 11 23:59:29 2006 -0700" }, "message": "NetLabel: fix a cache race condition\n\nTesting revealed a problem with the NetLabel cache where a cached entry could\nbe freed while in use by the LSM layer causing an oops and other problems.\nThis patch fixes that problem by introducing a reference counter to the cache\nentry so that it is only freed when it is no longer in use.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cab00891c5489cb6d0cde0a55d39bd5f2871fa70", "tree": "0dc810a15ad02dc76939b6ea021a4a24794561bb", "parents": [ "44c09201a4178e08ed1c8cc37e7aea0683888f0a" ], "author": { "name": "Matt LaPlante", "email": "kernel1@cyberdogtech.com", "time": "Tue Oct 03 22:36:44 2006 +0200" }, "committer": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Tue Oct 03 22:36:44 2006 +0200" }, "message": "Still more typo fixes\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\n" }, { "commit": "44c09201a4178e08ed1c8cc37e7aea0683888f0a", "tree": "2b8a859ef668b24cc7c41331d29357979e07c364", "parents": [ "095096038d637c477ef3c1b674612bcbc4d60c2d" ], "author": { "name": "Matt LaPlante", "email": "kernel1@cyberdogtech.com", "time": "Tue Oct 03 22:34:14 2006 +0200" }, "committer": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Tue Oct 03 22:34:14 2006 +0200" }, "message": "more misc typo fixes\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\n" }, { "commit": "d8c76e6f45c111c32a4b3e50a2adc9210737b0d8", "tree": "25521b59d48c6d8c9aec1af54dbe5008ad4b215b", "parents": [ "9a53c3a783c2fa9b969628e65695c11c3e51e673" ], "author": { "name": "Dave Hansen", "email": "haveblue@us.ibm.com", "time": "Sat Sep 30 23:29:04 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 01 00:39:30 2006 -0700" }, "message": "[PATCH] r/o bind mount prepwork: inc_nlink() helper\n\nThis is mostly included for parity with dec_nlink(), where we will have some\nmore hooks. This one should stay pretty darn straightforward for now.\n\nSigned-off-by: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nAcked-by: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "2148ccc437a9eac9f0d4b3c27cb1e41f6a48194c", "tree": "03dc59734526aa654d29e1b81cdad18369598182", "parents": [ "9a69d1aeccf169d9a1e442c07d3a6e87f06a7b49" ], "author": { "name": "David Woodhouse", "email": "dwmw2@infradead.org", "time": "Fri Sep 29 15:50:25 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 29 15:58:21 2006 -0700" }, "message": "[PATCH] MLSXFRM: fix mis-labelling of child sockets\n\nAccepted connections of types other than AF_INET, AF_INET6, AF_UNIX won\u0027t\nhave an appropriate label derived from the peer, so don\u0027t use it.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "f400e198b2ed26ce55b22a1412ded0896e7516ac", "tree": "a3d78bfc1c20635e199fe0fe85aaa1d8792acc58", "parents": [ "959ed340f4867fda7684340625f60e211c2296d6" ], "author": { "name": "Sukadev Bhattiprolu", "email": "sukadev@us.ibm.com", "time": "Fri Sep 29 02:00:07 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 29 09:18:12 2006 -0700" }, "message": "[PATCH] pidspace: is_init()\n\nThis is an updated version of Eric Biederman\u0027s is_init() patch.\n(http://lkml.org/lkml/2006/2/6/280). It applies cleanly to 2.6.18-rc3 and\nreplaces a few more instances of -\u003epid \u003d\u003d 1 with is_init().\n\nFurther, is_init() checks pid and thus removes dependency on Eric\u0027s other\npatches for now.\n\nEric\u0027s original description:\n\n\tThere are a lot of places in the kernel where we test for init\n\tbecause we give it special properties. Most significantly init\n\tmust not die. This results in code all over the kernel test\n\t-\u003epid \u003d\u003d 1.\n\n\tIntroduce is_init to capture this case.\n\n\tWith multiple pid spaces for all of the cases affected we are\n\tlooking for only the first process on the system, not some other\n\tprocess that has pid \u003d\u003d 1.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: Sukadev Bhattiprolu \u003csukadev@us.ibm.com\u003e\nCc: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: \u003clxc-devel@lists.sourceforge.net\u003e\nAcked-by: Paul Mackerras \u003cpaulus@samba.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "3bc1fa8ae18f281b40903cce94baba10c3cf9d88", "tree": "9097244b28cbf4eba16368803272af0fc70224d5", "parents": [ "cd1c6a48ac16b360746f9f111895931d332c35dd" ], "author": { "name": "Chris Wright", "email": "chrisw@sous-sol.org", "time": "Fri Sep 29 01:59:49 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 29 09:18:10 2006 -0700" }, "message": "[PATCH] LSM: remove BSD secure level security module\n\nThis code has suffered from broken core design and lack of developer\nattention. Broken security modules are too dangerous to leave around. It\nis time to remove this one.\n\nSigned-off-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nAcked-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Davi Arnaut \u003cdavi.arnaut@gmail.com\u003e\nAcked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Alan Cox \u003calan@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "3528a95322b5c1ce882ab723f175a1845430cd89", "tree": "3aa8b456e08ed3e57fe23152c934b8ed1b234022", "parents": [ "79f5acf5d784492afe80723496624093079aed9c" ], "author": { "name": "Cory Olmo", "email": "colmo@TrustedCS.com", "time": "Fri Sep 29 01:58:44 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 29 09:18:03 2006 -0700" }, "message": "[PATCH] SELinux: support mls categories for context mounts\n\nAllows commas to be embedded into context mount options (i.e. \"-o\ncontext\u003dsome_selinux_context_t\"), to better support multiple categories,\nwhich are separated by commas and confuse mount.\n\nFor example, with the current code:\n\n mount -t iso9660 /dev/cdrom /media/cdrom -o \\\n ro,context\u003dsystem_u:object_r:iso9660_t:s0:c1,c3,c4,exec\n\nThe context option that will be interpreted by SELinux is\ncontext\u003dsystem_u:object_r:iso9660_t:s0:c1\n\ninstead of\ncontext\u003dsystem_u:object_r:iso9660_t:s0:c1,c3,c4\n\nThe options that will be passed on to the file system will be\nro,c3,c4,exec.\n\nThe proposed solution is to allow/require the SELinux context option\nspecified to mount to use quotes when the context contains a comma.\n\nThis patch modifies the option parsing in parse_opts(), contained in\nmount.c, to take options after finding a comma only if it hasn\u0027t seen a\nquote or if the quotes are matched. It also introduces a new function that\nwill strip the quotes from the context option prior to translation. The\nquotes are replaced after the translation is completed to insure that in\nthe event the raw context contains commas the kernel will be able to\ninterpret the correct context.\n\nSigned-off-by: Cory Olmo \u003ccolmo@TrustedCS.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "ba52de123d454b57369f291348266d86f4b35070", "tree": "3973f3f3c853b5857b6b64a027cadd4fe954e3b9", "parents": [ "577c4eb09d1034d0739e3135fd2cff50588024be" ], "author": { "name": "Theodore Ts\u0027o", "email": "tytso@mit.edu", "time": "Wed Sep 27 01:50:49 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Sep 27 08:26:18 2006 -0700" }, "message": "[PATCH] inode-diet: Eliminate i_blksize from the inode structure\n\nThis eliminates the i_blksize field from struct inode. Filesystems that want\nto provide a per-inode st_blksize can do so by providing their own getattr\nroutine instead of using the generic_fillattr() function.\n\nNote that some filesystems were providing pretty much random (and incorrect)\nvalues for i_blksize.\n\n[bunk@stusta.de: cleanup]\n[akpm@osdl.org: generic_fillattr() fix]\nSigned-off-by: \"Theodore Ts\u0027o\" \u003ctytso@mit.edu\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "8e18e2941c53416aa219708e7dcad21fb4bd6794", "tree": "44118f8b09556193ac93e0b71aecfa3e1d4bc182", "parents": [ "6a1d9805ec506d8b9d04450997707da5f643d87c" ], "author": { "name": "Theodore Ts\u0027o", "email": "tytso@mit.edu", "time": "Wed Sep 27 01:50:46 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Sep 27 08:26:17 2006 -0700" }, "message": "[PATCH] inode_diet: Replace inode.u.generic_ip with inode.i_private\n\nThe following patches reduce the size of the VFS inode structure by 28 bytes\non a UP x86. (It would be more on an x86_64 system). This is a 10% reduction\nin the inode size on a UP kernel that is configured in a production mode\n(i.e., with no spinlock or other debugging functions enabled; if you want to\nsave memory taken up by in-core inodes, the first thing you should do is\ndisable the debugging options; they are responsible for a huge amount of bloat\nin the VFS inode structure).\n\nThis patch:\n\nThe filesystem or device-specific pointer in the inode is inside a union,\nwhich is pretty pointless given that all 30+ users of this field have been\nusing the void pointer. Get rid of the union and rename it to i_private, with\na comment to explain who is allowed to use the void pointer. This is just a\ncleanup, but it allows us to reuse the union \u0027u\u0027 for something something where\nthe union will actually be used.\n\n[judith@osdl.org: powerpc build fix]\nSigned-off-by: \"Theodore Ts\u0027o\" \u003ctytso@mit.edu\u003e\nSigned-off-by: Judith Lebzelter \u003cjudith@osdl.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "b20c8122a3204496fca8b5343c93b60fe11dad04", "tree": "f807fb699dcec3f40a8de1a5c64f3653cf68bb6a", "parents": [ "bc7e982b84aceef0a040c88ff659eb5c83818f72" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Sep 25 23:32:03 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:53 2006 -0700" }, "message": "[PATCH] selinux: fix tty locking\n\nTake tty_mutex when accessing -\u003esignal-\u003etty in selinux code. Noted by Alan\nCox. Longer term, we are looking at refactoring the code to provide better\nencapsulation of the tty layer, but this is a simple fix that addresses the\nimmediate bug.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Alan Cox \u003calan@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "bc7e982b84aceef0a040c88ff659eb5c83818f72", "tree": "0e351e00c5fa90cd5b6a9b9f710e95ecb953b1f2", "parents": [ "23970741720360de9dd0a4e87fbeb1d5927aa474" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Sep 25 23:32:02 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:53 2006 -0700" }, "message": "[PATCH] SELinux: convert sbsec semaphore to a mutex\n\nThis patch converts the semaphore in the superblock security struct to a\nmutex. No locking changes or other code changes are done.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "23970741720360de9dd0a4e87fbeb1d5927aa474", "tree": "2dc28ddfeae751a673d43e1925fd131d6ed3e222", "parents": [ "296fddf7513c155adbd3a443d12add1f62b5cddb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Sep 25 23:32:01 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:53 2006 -0700" }, "message": "[PATCH] SELinux: change isec semaphore to a mutex\n\nThis patch converts the remaining isec-\u003esem into a mutex. Very similar\nlocking is provided as before only in the faster smaller mutex rather than a\nsemaphore. An out_unlock path is introduced rather than the conditional\nunlocking found in the original code.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "296fddf7513c155adbd3a443d12add1f62b5cddb", "tree": "1fc7e3067f1b635b34a178fcb9a96b88bf5c626e", "parents": [ "f3f8771420737004da55159c2f2dc0b6f483a4ef" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Sep 25 23:32:00 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:53 2006 -0700" }, "message": "[PATCH] SELinux: eliminate inode_security_set_security\n\ninode_security_set_sid is only called by security_inode_init_security, which\nis called when a new file is being created and needs to have its incore\nsecurity state initialized and its security xattr set. This helper used to be\ncalled in other places in the past, but now only has the one. So this patch\nrolls inode_security_set_sid directly back into security_inode_init_security.\nThere also is no need to hold the isec-\u003esem while doing this, as the inode is\nnot available to other threads at this point in time.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "f3f8771420737004da55159c2f2dc0b6f483a4ef", "tree": "01ff2aa4dc82cdc5b2383648f9fabb8378250d00", "parents": [ "016b9bdb81d9c9c7800e4e224ade38d8b37669d3" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@TrustedCS.com", "time": "Mon Sep 25 23:31:59 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:52 2006 -0700" }, "message": "[PATCH] selinux: add support for range transitions on object classes\n\nIntroduces support for policy version 21. This version of the binary\nkernel policy allows for defining range transitions on security classes\nother than the process security class. As always, backwards compatibility\nfor older formats is retained. The security class is read in as specified\nwhen using the new format, while the \"process\" security class is assumed\nwhen using an older policy format.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "016b9bdb81d9c9c7800e4e224ade38d8b37669d3", "tree": "47335b123973d918a9686cd2647e5e314ed2c1dd", "parents": [ "9a2f44f01a67a6ecca71515af999895b45a2aeb0" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Sep 25 23:31:58 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:52 2006 -0700" }, "message": "[PATCH] selinux: enable configuration of max policy version\n\nEnable configuration of SELinux maximum supported policy version to support\nlegacy userland (init) that does not gracefully handle kernels that support\nnewer policy versions two or more beyond the installed policy, as in FC3\nand FC4.\n\n[bunk@stusta.de: improve Kconfig help text]\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9a2f44f01a67a6ecca71515af999895b45a2aeb0", "tree": "badb3047f9a80013ad0d00a413f6ca038ba3f3ce", "parents": [ "1a70cd40cb291c25b67ec0da715a49d76719329d" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Sep 25 23:31:58 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:52 2006 -0700" }, "message": "[PATCH] selinux: replace ctxid with sid in selinux_audit_rule_match interface\n\nReplace ctxid with sid in selinux_audit_rule_match interface for\nconsistency with other interfaces.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1a70cd40cb291c25b67ec0da715a49d76719329d", "tree": "ffb4c6cd3f7ef1b92822ebbda11bd2b035c2bc86", "parents": [ "62bac0185ad3dfef11d9602980445c54d45199c6" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Sep 25 23:31:57 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:52 2006 -0700" }, "message": "[PATCH] selinux: rename selinux_ctxid_to_string\n\nRename selinux_ctxid_to_string to selinux_sid_to_string to be\nconsistent with other interfaces.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "62bac0185ad3dfef11d9602980445c54d45199c6", "tree": "8478673a1dccac5f4e7add4ad802a2bf69b269a4", "parents": [ "89fa30242facca249aead2aac03c4c69764f911c" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Sep 25 23:31:56 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:52 2006 -0700" }, "message": "[PATCH] selinux: eliminate selinux_task_ctxid\n\nEliminate selinux_task_ctxid since it duplicates selinux_task_get_sid.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "df2115c3134d0d1a18c1f37f5192394e7f64d1e0", "tree": "6a248318fa84838967376269fbd2e999ebeef3f2", "parents": [ "609c92feea5652809319bb77f19d24a44615687d" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Sep 25 15:53:13 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Sep 25 15:53:13 2006 -0700" }, "message": "[NetLabel]: change the SELinux permissions\n\nChange NetLabel to use the \u0027recvfrom\u0027 socket permission and the\nSECINITSID_NETMSG SELinux SID as the NetLabel base SID for incoming packets.\nThis patch effectively makes the old, and currently unused, SELinux NETMSG\npermissions NetLabel permissions.\n\nSigned-of-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "14a72f53fb1bb5d5c2bdd8cf172219519664729a", "tree": "95a077fb9289a95c352af77f18f12e5aba3313c6", "parents": [ "597811ec167fa01c926a0957a91d9e39baa30e64" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Sep 25 15:52:01 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Sep 25 15:52:01 2006 -0700" }, "message": "[NetLabel]: correct improper handling of non-NetLabel peer contexts\n\nFix a problem where NetLabel would always set the value of \nsk_security_struct-\u003epeer_sid in selinux_netlbl_sock_graft() to the context of\nthe socket, causing problems when users would query the context of the\nconnection. This patch fixes this so that the value in\nsk_security_struct-\u003epeer_sid is only set when the connection is NetLabel based,\notherwise the value is untouched.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4eb327b517cf85f6cb7dcd5691e7b748cbe8c343", "tree": "51bd92e6b5582a10f21de0d909fb062d6ecf8cce", "parents": [ "161643660129dd7d98f0b12418c0a2710ffa7db6" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Tue Sep 19 10:24:19 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 15:19:04 2006 -0700" }, "message": "[SELINUX]: Fix bug in security_sid_mls_copy\n\nThe following fixes a bug where random mem is being tampered with in the\nnon-mls case; encountered by Jashua Brindle on a gentoo box.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7a0e1d602288370801c353221c6a938eab925053", "tree": "f11ef396a27549513a91fcaf7d06dafb2b84509a", "parents": [ "e448e931309e703f51d71a557973c620ff12fbda" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Aug 29 17:56:04 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 15:18:39 2006 -0700" }, "message": "[NetLabel]: add some missing #includes to various header files\n\nAdd some missing include files to the NetLabel related header files.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "e448e931309e703f51d71a557973c620ff12fbda", "tree": "8a738f5f45367965c29210402d28464fec3c04be", "parents": [ "7b3bbb926f4b3dd3a007dcf8dfa00203f52cb58d" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Aug 29 17:55:38 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 15:18:38 2006 -0700" }, "message": "[NetLabel]: uninline selinux_netlbl_inode_permission()\n\nUninline the selinux_netlbl_inode_permission() at the request of\nAndrew Morton.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7b3bbb926f4b3dd3a007dcf8dfa00203f52cb58d", "tree": "1ee2ab452f5c94ce4779171d6ebaa07f7d1fcd21", "parents": [ "c1b14c0a46232246f61d3157bac1201e1e102227" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Aug 29 17:55:11 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 15:18:37 2006 -0700" }, "message": "[NetLabel]: Cleanup ebitmap_import()\n\nRewrite ebitmap_import() so it is a bit cleaner and easier to read.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c1b14c0a46232246f61d3157bac1201e1e102227", "tree": "51c8097371c251c7dc17a6e637009523ce558bca", "parents": [ "1b7f775209bbee6b993587bae69acb9fc12ceb17" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Aug 29 17:54:41 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 15:18:36 2006 -0700" }, "message": "[NetLabel]: Comment corrections.\n\nFix some incorrect comments.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "99f59ed073d3c1b890690064ab285a201dea2e35", "tree": "0f6ae012cf4f988d3ae0c665fd3b12ea05409ec8", "parents": [ "fc747e82b40ea50a62eb2aef55bedd4465607cb0" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Aug 29 17:53:48 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 15:18:34 2006 -0700" }, "message": "[NetLabel]: Correctly initialize the NetLabel fields.\n\nFix a problem where the NetLabel specific fields of the sk_security_struct\nstructure were not being initialized early enough in some cases.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "9a673e563e543a5c8a6f9824562e55e807b8a56c", "tree": "53d26641175411b04ce7c755df72e515b3bf79ad", "parents": [ "97a4f3e7110619568aa239fe19143d9ec42dede5" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Tue Aug 15 00:03:53 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:54:44 2006 -0700" }, "message": "[SELINUX]: security/selinux/hooks.c: Make 4 functions static.\n\nThis patch makes four needlessly global functions static.\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7420ed23a4f77480b5b7b3245e5da30dd24b7575", "tree": "016f5bb996c5eae66754b10243c5be6226d773f2", "parents": [ "96cb8e3313c7a12e026c1ed510522ae6f6023875" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Fri Aug 04 23:17:57 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:36 2006 -0700" }, "message": "[NetLabel]: SELinux support\n\nAdd NetLabel support to the SELinux LSM and modify the\nsocket_post_create() LSM hook to return an error code. The most\nsignificant part of this patch is the addition of NetLabel hooks into\nthe following SELinux LSM hooks:\n\n * selinux_file_permission()\n * selinux_socket_sendmsg()\n * selinux_socket_post_create()\n * selinux_socket_sock_rcv_skb()\n * selinux_socket_getpeersec_stream()\n * selinux_socket_getpeersec_dgram()\n * selinux_sock_graft()\n * selinux_inet_conn_request()\n\nThe basic reasoning behind this patch is that outgoing packets are\n\"NetLabel\u0027d\" by labeling their socket and the NetLabel security\nattributes are checked via the additional hook in\nselinux_socket_sock_rcv_skb(). NetLabel itself is only a labeling\nmechanism, similar to filesystem extended attributes, it is up to the\nSELinux enforcement mechanism to perform the actual access checks.\n\nIn addition to the changes outlined above this patch also includes\nsome changes to the extended bitmap (ebitmap) and multi-level security\n(mls) code to import and export SELinux TE/MLS attributes into and out\nof NetLabel.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a51c64f1e5c2876eab2a32955acd9e8015c91c15", "tree": "1cc49c6ee7a3135ea000956e5fef41ff4c8e2ebe", "parents": [ "4237c75c0a35535d7f9f2bfeeb4b4df1e068a0bf" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Thu Jul 27 22:01:34 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:30 2006 -0700" }, "message": "[MLSXFRM]: Fix build with SECURITY_NETWORK_XFRM disabled.\n\nThe following patch will fix the build problem (encountered by Andrew\nMorton) when SECURITY_NETWORK_XFRM is not enabled.\n\nAs compared to git-net-selinux_xfrm_decode_session-build-fix.patch in\n-mm, this patch sets the return parameter sid to SECSID_NULL in\nselinux_xfrm_decode_session() and handles this value in the caller\nselinux_inet_conn_request() appropriately.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4237c75c0a35535d7f9f2bfeeb4b4df1e068a0bf", "tree": "02adcb6fe6c346a8b99cf161ba5233ed1e572727", "parents": [ "cb969f072b6d67770b559617f14e767f47e77ece" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Mon Jul 24 23:32:50 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:29 2006 -0700" }, "message": "[MLSXFRM]: Auto-labeling of child sockets\n\nThis automatically labels the TCP, Unix stream, and dccp child sockets\nas well as openreqs to be at the same MLS level as the peer. This will\nresult in the selection of appropriately labeled IPSec Security\nAssociations.\n\nThis also uses the sock\u0027s sid (as opposed to the isec sid) in SELinux\nenforcement of secmark in rcv_skb and postroute_last hooks.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "cb969f072b6d67770b559617f14e767f47e77ece", "tree": "4112eb0182e8b3e28b42aebaa40ca25454fc6b76", "parents": [ "beb8d13bed80f8388f1a9a107d07ddd342e627e8" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Mon Jul 24 23:32:20 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:28 2006 -0700" }, "message": "[MLSXFRM]: Default labeling of socket specific IPSec policies\n\nThis defaults the label of socket-specific IPSec policies to be the\nsame as the socket they are set on.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "beb8d13bed80f8388f1a9a107d07ddd342e627e8", "tree": "19d5763b9b3b8ff3969997565e5ec0edd6e4bd33", "parents": [ "4e2ba18eae7f370c7c3ed96eaca747cc9b39f917" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Fri Aug 04 23:12:42 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:27 2006 -0700" }, "message": "[MLSXFRM]: Add flow labeling\n\nThis labels the flows that could utilize IPSec xfrms at the points the\nflows are defined so that IPSec policy and SAs at the right label can\nbe used.\n\nThe following protos are currently not handled, but they should\ncontinue to be able to use single-labeled IPSec like they currently\ndo.\n\nipmr\nip_gre\nipip\nigmp\nsit\nsctp\nip6_tunnel (IPv6 over IPv6 tunnel device)\ndecnet\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "e0d1caa7b0d5f02e4f34aa09c695d04251310c6c", "tree": "bf023c17abf6813f2694ebf5fafff82edd6a1023", "parents": [ "b6340fcd761acf9249b3acbc95c4dc555d9beb07" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Mon Jul 24 23:29:07 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:24 2006 -0700" }, "message": "[MLSXFRM]: Flow based matching of xfrm policy and state\n\nThis implements a seemless mechanism for xfrm policy selection and\nstate matching based on the flow sid. This also includes the necessary\nSELinux enforcement pieces.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "892c141e62982272b9c738b5520ad0e5e1ad7b42", "tree": "c8e0c9b3e55106d2cb085a5047b9d02dbbb28653", "parents": [ "08554d6b33e60aa8ee40bbef94505941c0eefef2" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Fri Aug 04 23:08:56 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:22 2006 -0700" }, "message": "[MLSXFRM]: Add security sid to sock\n\nThis adds security for IP sockets at the sock level. Security at the\nsock level is needed to enforce the SELinux security policy for\nsecurity associations even when a sock is orphaned (such as in the TCP\nLAST_ACK state).\n\nThis will also be used to enforce SELinux controls over data arriving\nat or leaving a child socket while it\u0027s still waiting to be accepted.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "08554d6b33e60aa8ee40bbef94505941c0eefef2", "tree": "1610750ccd13872a33fffffcce057e10aa785d2e", "parents": [ "51bd39860ff829475aef611a3234309e37e090d9" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Mon Jul 24 23:27:16 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:21 2006 -0700" }, "message": "[MLSXFRM]: Define new SELinux service routine\n\nThis defines a routine that combines the Type Enforcement portion of\none sid with the MLS portion from the other sid to arrive at a new\nsid. This would be used to define a sid for a security association\nthat is to be negotiated by IKE as well as for determing the sid for\nopen requests and connection-oriented child sockets.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "51bd39860ff829475aef611a3234309e37e090d9", "tree": "2ff1569f44f54ecad1d1d232bacfa4c76b9502a6", "parents": [ "e6e5fee1426bef07f4e6c3c76f48343c14207938" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Mon Jul 24 23:26:30 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:20 2006 -0700" }, "message": "[MLSXFRM]: Granular IPSec associations for use in MLS environments\n\nThe current approach to labeling Security Associations for SELinux\npurposes uses a one-to-one mapping between xfrm policy rules and\nsecurity associations.\n\nThis doesn\u0027t address the needs of real world MLS (Multi-level System,\ntraditional Bell-LaPadula) environments where a single xfrm policy\nrule (pertaining to a range, classified to secret for example) might\nneed to map to multiple Security Associations (one each for\nclassified, secret, top secret and all the compartments applicable to\nthese security levels).\n\nThis patch set addresses the above problem by allowing for the mapping\nof a single xfrm policy rule to multiple security associations, with\neach association used in the security context it is defined for. It\nalso includes the security context to be used in IKE negotiation in\nthe acquire messages sent to the IKE daemon so that a unique SA can be\nnegotiated for each unique security context. A couple of bug fixes are\nalso included; checks to make sure the SAs used by a packet match\npolicy (security context-wise) on the inbound and also that the bundle\nused for the outbound matches the security context of the flow. This\npatch set also makes the use of the SELinux sid in flow cache lookups\nseemless by including the sid in the flow key itself. Also, open\nrequests as well as connection-oriented child sockets are labeled\nautomatically to be at the same level as the peer to allow for use of\nappropriately labeled IPSec associations.\n\nDescription of changes:\n\nA \"sid\" member has been added to the flow cache key resulting in the\nsid being available at all needed locations and the flow cache lookups\nautomatically using the sid. The flow sid is derived from the socket\non the outbound and the SAs (unlabeled where an SA was not used) on\nthe inbound.\n\nOutbound case:\n1. Find policy for the socket.\n\n2. OLD: Find an SA that matches the policy.\n NEW: Find an SA that matches BOTH the policy and the flow/socket.\n This is necessary since not every SA that matches the policy\n can be used for the flow/socket. Consider policy range Secret-TS,\n and SAs each for Secret and TS. We don\u0027t want a TS socket to\n use the Secret SA. Hence the additional check for the SA Vs. flow/socket.\n\n3. NEW: When looking thru bundles for a policy, make sure the\n flow/socket can use the bundle. If a bundle is not found,\n create one, calling for IKE if necessary. If using IKE,\n include the security context in the acquire message to the IKE\n daemon.\n\nInbound case:\n1. OLD: Find policy for the socket.\n NEW: Find policy for the incoming packet based on the sid of the\n SA(s) it used or the unlabeled sid if no SAs were\n used. (Consider a case where a socket is \"authorized\" for two\n policies (unclassified-confidential, secret-top_secret). If the\n packet has come in using a secret SA, we really ought to be\n using the latter policy (secret-top_secret).)\n\n2. OLD: BUG: No check to see if the SAs used by the packet agree with\n the policy sec_ctx-wise.\n\n (It was indicated in selinux_xfrm_sock_rcv_skb() that\n this was being accomplished by\n (x-\u003eid.spi \u003d\u003d tmpl-\u003eid.spi || !tmpl-\u003eid.spi) in xfrm_state_ok,\n\t but it turns out tmpl-\u003eid.spi\n would normally be zero (unless xfrm policy rules specify one\n at the template level, which they usually don\u0027t).\n NEW: The socket is checked for access to the SAs used (based on the\n sid of the SAs) in selinux_xfrm_sock_rcv_skb().\n\nForward case:\n This would be Step 1 from the Inbound case, followed by Steps 2 and 3\nfrom the Outbound case.\n\nOutstanding items/issues:\n\n- Timewait acknowledgements and such are generated in the\n current/upstream implementation using a NULL socket resulting in the\n any_socket sid (SYSTEM_HIGH) to be used. This problem is not addressed\n by this patch set.\n\nThis patch: Add new flask definitions to SELinux\n\nAdds a new avperm \"polmatch\" to arbitrate flow/state access to a xfrm\npolicy rule.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "35058687912aa2f0b4554383cc10be4e0683b9a4", "tree": "3e18d13aef6682553887076c1e9872e91e6fc5c4", "parents": [ "dc64ddf4918f0da52df10d83c2a5941a547c2035" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Thu Aug 24 19:10:20 2006 +1000" }, "committer": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Thu Sep 21 11:46:21 2006 +1000" }, "message": "[CRYPTO] users: Use crypto_hash interface instead of crypto_digest\n\nThis patch converts all remaining crypto_digest users to use the new\ncrypto_hash interface.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\n" }, { "commit": "dc49c1f94e3469d94b952e8f5160dd4ccd791d79", "tree": "e47b1974c262a03dbabf0a148325d9089817e78e", "parents": [ "2b7e24b66d31d677d76b49918e711eb360c978b6" ], "author": { "name": "Catherine Zhang", "email": "cxzhang@watson.ibm.com", "time": "Wed Aug 02 14:12:06 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Aug 02 14:12:06 2006 -0700" }, "message": "[AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch\n\nFrom: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\n\nThis patch implements a cleaner fix for the memory leak problem of the\noriginal unix datagram getpeersec patch. Instead of creating a\nsecurity context each time a unix datagram is sent, we only create the\nsecurity context when the receiver requests it.\n\nThis new design requires modification of the current\nunix_getsecpeer_dgram LSM hook and addition of two new hooks, namely,\nsecid_to_secctx and release_secctx. The former retrieves the security\ncontext and the latter releases it. A hook is required for releasing\nthe security context because it is up to the security module to decide\nhow that\u0027s done. In the case of Selinux, it\u0027s a simple kfree\noperation.\n\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "851f8a6906b71f7a19043d4d722dd4ffab7aeafc", "tree": "2d1c8c23b1ab70095f442f93ecb5629c273390ee", "parents": [ "ddccef3b5ec906ff181171e8ffad4fcb996792fd" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@trustedcs.com", "time": "Sun Jul 30 03:03:18 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jul 31 13:28:38 2006 -0700" }, "message": "[PATCH] selinux: fix bug in security_compute_sid\n\nInitializes newcontext sooner to allow for its destruction in all cases.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "ddccef3b5ec906ff181171e8ffad4fcb996792fd", "tree": "fd65ff65baf451983c862b4a3a8c08e925ca5629", "parents": [ "d1bbf14f37261c2c0dba71404602e1ddcec069d2" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@TrustedCS.com", "time": "Sun Jul 30 03:03:17 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jul 31 13:28:37 2006 -0700" }, "message": "[PATCH] selinux: fix memory leak\n\nThis patch fixes a memory leak when a policydb structure is destroyed.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "b04ea3cebf79d6808632808072f276dbc98aaf01", "tree": "7620a01477510d9e4ae042baab17bce103b59185", "parents": [ "517e7aa5b022f9dc486639c7689666663daee24f" ], "author": { "name": "Eric Paris", "email": "eparis@parisplace.org", "time": "Fri Jul 14 00:24:33 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jul 14 21:53:55 2006 -0700" }, "message": "[PATCH] Fix security check for joint context\u003d and fscontext\u003d mount options\n\nAfter some discussion on the actual meaning of the filesystem class\nsecurity check in try context mount it was determined that the checks for\nthe context\u003d mount options were not correct if fscontext mount option had\nalready been used.\n\nWhen labeling the superblock we should be checking relabel_from and\nrelabel_to. But if the superblock has already been labeled (with\nfscontext) then context\u003d is actually labeling the inodes, and so we should\nbe checking relabel_from and associate. This patch fixes which checks are\ncalled depending on the mount options.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "0808925ea5684a0ce25483b30e94d4f398804978", "tree": "62456726442d656d21bc4fa6b1339f0236f0a6e8", "parents": [ "c312feb2931ded0582378712727b7ea017a951bd" ], "author": { "name": "Eric Paris", "email": "eparis@parisplace.org", "time": "Mon Jul 10 04:43:55 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jul 10 13:24:13 2006 -0700" }, "message": "[PATCH] SELinux: add rootcontext\u003d option to label root inode when mounting\n\nIntroduce a new rootcontext\u003d option to FS mounting. This option will allow\nyou to explicitly label the root inode of an FS being mounted before that\nFS or inode because visible to userspace. This was found to be useful for\nthings like stateless linux, see\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id\u003d190001\n\nSigned-off-by: Eric Paris \u003ceparis@parisplace.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "c312feb2931ded0582378712727b7ea017a951bd", "tree": "dd985aa4dd0b759690af9557a5170dabf589d87f", "parents": [ "2ed6e34f88a0d896a6f889b00693cae0fadacfd0" ], "author": { "name": "Eric Paris", "email": "eparis@parisplace.org", "time": "Mon Jul 10 04:43:53 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jul 10 13:24:13 2006 -0700" }, "message": "[PATCH] SELinux: decouple fscontext/context mount options\n\nRemove the conflict between fscontext and context mount options. If\ncontext\u003d is specified without fscontext it will operate just as before, if\nboth are specified we will use mount point labeling and all inodes will get\nthe label specified by context\u003d. The superblock will be labeled with the\nlabel of fscontext\u003d, thus affecting operations which check the superblock\nsecurity context, such as associate permissions.\n\nSigned-off-by: Eric Paris \u003ceparis@parisplace.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6e5a2d1d32596850a0ebf7fb3e54c0d69901dabd", "tree": "27718d7df96c9b9f08a2ba333aa36c8e9ebbadfe", "parents": [ "3a6b9f85c641a3b89420b0c8150ed377526a1fe1" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@trustedcs.com", "time": "Thu Jun 29 16:57:08 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 01 05:44:19 2006 -0400" }, "message": "[PATCH] audit: support for object context filters\n\nThis patch introduces object audit filters based on the elements\nof the SELinux context.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n\n kernel/auditfilter.c | 25 +++++++++++++++++++++++++\n kernel/auditsc.c | 40 ++++++++++++++++++++++++++++++++++++++++\n security/selinux/ss/services.c | 18 +++++++++++++++++-\n 3 files changed, 82 insertions(+), 1 deletion(-)\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3a6b9f85c641a3b89420b0c8150ed377526a1fe1", "tree": "e44e64edf0620d3f6da443c57540b09882231459", "parents": [ "5adc8a6adc91c4c85a64c75a70a619fffc924817" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@trustedcs.com", "time": "Thu Jun 29 16:56:39 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 01 05:44:08 2006 -0400" }, "message": "[PATCH] audit: rename AUDIT_SE_* constants\n\nThis patch renames some audit constant definitions and adds\nadditional definitions used by the following patch. The renaming\navoids ambiguity with respect to the new definitions.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\n\n include/linux/audit.h | 15 ++++++++----\n kernel/auditfilter.c | 50 ++++++++++++++++++++---------------------\n kernel/auditsc.c | 10 ++++----\n security/selinux/ss/services.c | 32 +++++++++++++-------------\n 4 files changed, 56 insertions(+), 51 deletions(-)\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "22a3e233ca08a2ddc949ba1ae8f6e16ec7ef1a13", "tree": "7ef158ba2c30e0dde2dc103d1904fae243759a6b", "parents": [ "39302175c26d74be35715c05a0f342c9e64c21bf", "6ab3d5624e172c553004ecc862bfeac16d9d68b7" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jun 30 15:39:30 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jun 30 15:39:30 2006 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial:\n Remove obsolete #include \u003clinux/config.h\u003e\n remove obsolete swsusp_encrypt\n arch/arm26/Kconfig typos\n Documentation/IPMI typos\n Kconfig: Typos in net/sched/Kconfig\n v9fs: do not include linux/version.h\n Documentation/DocBook/mtdnand.tmpl: typo fixes\n typo fixes: specfic -\u003e specific\n typo fixes in Documentation/networking/pktgen.txt\n typo fixes: occuring -\u003e occurring\n typo fixes: infomation -\u003e information\n typo fixes: disadvantadge -\u003e disadvantage\n typo fixes: aquire -\u003e acquire\n typo fixes: mecanism -\u003e mechanism\n typo fixes: bandwith -\u003e bandwidth\n fix a typo in the RTC_CLASS help text\n smb is no longer maintained\n\nManually merged trivial conflict in arch/um/kernel/vmlinux.lds.S\n" }, { "commit": "a1836a42daf5ddfe9a891973734bd9a7d62eb504", "tree": "e8819aec40aff3fa0eecd2ef9d92df8213bce58b", "parents": [ "7a01955f99b65622a00ba5c8b39202ddc6fa65f8" ], "author": { "name": "David Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Fri Jun 30 01:55:49 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jun 30 11:25:37 2006 -0700" }, "message": "[PATCH] SELinux: Add security hook definition for getioprio and insert hooks\n\nAdd a new security hook definition for the sys_ioprio_get operation. At\npresent, the SELinux hook function implementation for this hook is\nidentical to the getscheduler implementation but a separate hook is\nintroduced to allow this check to be specialized in the future if\nnecessary.\n\nThis patch also creates a helper function get_task_ioprio which handles the\naccess check in addition to retrieving the ioprio value for the task.\n\nSigned-off-by: David Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Jens Axboe \u003caxboe@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "f9008e4c5c525941967b67777945aa6266ab6326", "tree": "a0c9436485b80d548ef74d5f1aec0f6d0309af6e", "parents": [ "ed11d9eb2228acc483c819ab353e3c41bcb158fa" ], "author": { "name": "David Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Fri Jun 30 01:55:46 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jun 30 11:25:36 2006 -0700" }, "message": "[PATCH] SELinux: extend task_kill hook to handle signals sent by AIO completion\n\nThis patch extends the security_task_kill hook to handle signals sent by AIO\ncompletion. In this case, the secid of the task responsible for the signal\nneeds to be obtained and saved earlier, so a security_task_getsecid() hook is\nadded, and then this saved value is passed subsequently to the extended\ntask_kill hook for use in checking.\n\nSigned-off-by: David Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6ab3d5624e172c553004ecc862bfeac16d9d68b7", "tree": "6d98881fe91fd9583c109208d5c27131b93fa248", "parents": [ "e02169b682bc448ccdc819dc8639ed34a23cedd8" ], "author": { "name": "Jörn Engel", "email": "joern@wohnheim.fh-wedel.de", "time": "Fri Jun 30 19:25:36 2006 +0200" }, "committer": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Fri Jun 30 19:25:36 2006 +0200" }, "message": "Remove obsolete #include \u003clinux/config.h\u003e\n\nSigned-off-by: Jörn Engel \u003cjoern@wohnheim.fh-wedel.de\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\n" }, { "commit": "877ce7c1b3afd69a9b1caeb1b9964c992641f52a", "tree": "740c6c0d4a2858af53c09c4635cadf06833536c1", "parents": [ "d6b4991ad5d1a9840e12db507be1a6593def01fe" ], "author": { "name": "Catherine Zhang", "email": "cxzhang@watson.ibm.com", "time": "Thu Jun 29 12:27:47 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Thu Jun 29 16:58:06 2006 -0700" }, "message": "[AF_UNIX]: Datagram getpeersec\n\nThis patch implements an API whereby an application can determine the\nlabel of its peer\u0027s Unix datagram sockets via the auxiliary data mechanism of\nrecvmsg.\n\nPatch purpose:\n\nThis patch enables a security-aware application to retrieve the\nsecurity context of the peer of a Unix datagram socket. The application\ncan then use this security context to determine the security context for\nprocessing on behalf of the peer who sent the packet.\n\nPatch design and implementation:\n\nThe design and implementation is very similar to the UDP case for INET\nsockets. Basically we build upon the existing Unix domain socket API for\nretrieving user credentials. Linux offers the API for obtaining user\ncredentials via ancillary messages (i.e., out of band/control messages\nthat are bundled together with a normal message). To retrieve the security\ncontext, the application first indicates to the kernel such desire by\nsetting the SO_PASSSEC option via getsockopt. Then the application\nretrieves the security context using the auxiliary data mechanism.\n\nAn example server application for Unix datagram socket should look like this:\n\ntoggle \u003d 1;\ntoggle_len \u003d sizeof(toggle);\n\nsetsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, \u0026toggle, \u0026toggle_len);\nrecvmsg(sockfd, \u0026msg_hdr, 0);\nif (msg_hdr.msg_controllen \u003e sizeof(struct cmsghdr)) {\n cmsg_hdr \u003d CMSG_FIRSTHDR(\u0026msg_hdr);\n if (cmsg_hdr-\u003ecmsg_len \u003c\u003d CMSG_LEN(sizeof(scontext)) \u0026\u0026\n cmsg_hdr-\u003ecmsg_level \u003d\u003d SOL_SOCKET \u0026\u0026\n cmsg_hdr-\u003ecmsg_type \u003d\u003d SCM_SECURITY) {\n memcpy(\u0026scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));\n }\n}\n\nsock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow\na server socket to receive security context of the peer.\n\nTesting:\n\nWe have tested the patch by setting up Unix datagram client and server\napplications. We verified that the server can retrieve the security context\nusing the auxiliary data mechanism of recvmsg.\n\nSigned-off-by: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\nAcked-by: Acked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c7bdb545d23026b18be53289fd866d1ac07f5f8c", "tree": "6d9a218871d88f7579dd53f14692df2529b6e712", "parents": [ "576a30eb6453439b3c37ba24455ac7090c247b5a" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@trustedcs.com", "time": "Tue Jun 27 13:26:11 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Thu Jun 29 16:57:55 2006 -0700" }, "message": "[NETLINK]: Encapsulate eff_cap usage within security framework.\n\nThis patch encapsulates the usage of eff_cap (in netlink_skb_params) within\nthe security framework by extending security_netlink_recv to include a required\ncapability parameter and converting all direct usage of eff_caps outside\nof the lsm modules to use the interface. It also updates the SELinux\nimplementation of the security_netlink_send and security_netlink_recv\nhooks to take advantage of the sid in the netlink_skb_params struct.\nThis also enables SELinux to perform auditing of netlink capability checks.\nPlease apply, for 2.6.18 if possible.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4e54f08543d05e519e601368571cc3787fefae96", "tree": "0cd9d982e5bb25abcb9251d26c36ff11e7dc81a5", "parents": [ "94583779e6625154e8d7fce33d097ae7d089e9de" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Jun 29 02:24:28 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Thu Jun 29 10:26:20 2006 -0700" }, "message": "[PATCH] Keys: Allow in-kernel key requestor to pass auxiliary data to upcaller\n\nThe proposed NFS key type uses its own method of passing key requests to\nuserspace (upcalling) rather than invoking /sbin/request-key. This is\nbecause the responsible userspace daemon should already be running and will\nbe contacted through rpc_pipefs.\n\nThis patch permits the NFS filesystem to pass auxiliary data to the upcall\noperation (struct key_type::request_key) so that the upcaller can use a\npre-existing communications channel more easily.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-By: Kevin Coffman \u003ckwc@citi.umich.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "a7807a32bbb027ab9955b96734fdc7f1e6497a9f", "tree": "8ed62e305638e1b853f1c80b5bb7ed818418765c", "parents": [ "b3c681e09193559ba15f6c9562bd37045f120a96" ], "author": { "name": "Randy Dunlap", "email": "rdunlap@xenotime.net", "time": "Tue Jun 27 02:53:54 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jun 27 17:32:38 2006 -0700" }, "message": "[PATCH] poison: add \u0026 use more constants\n\nAdd more poison values to include/linux/poison.h. It\u0027s not clear to me\nwhether some others should be added or not, so I haven\u0027t added any of\nthese:\n\n./include/linux/libata.h:#define ATA_TAG_POISON\t\t0xfafbfcfdU\n./arch/ppc/8260_io/fcc_enet.c:1918:\tmemset((char *)(\u0026(immap-\u003eim_dprambase[(mem_addr+64)])), 0x88, 32);\n./drivers/usb/mon/mon_text.c:429:\tmemset(mem, 0xe5, sizeof(struct mon_event_text));\n./drivers/char/ftape/lowlevel/ftape-ctl.c:738:\t\tmemset(ft_buffer[i]-\u003eaddress, 0xAA, FT_BUFF_SIZE);\n./drivers/block/sx8.c:/* 0xf is just arbitrary, non-zero noise; this is sorta like poisoning */\n\nSigned-off-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "28eba5bf9d4bf3ba4d58d985abf3a2903b7f2125", "tree": "e825fc3fb6bdd81ae0aa146572406eb69bc5404b", "parents": [ "76b67ed9dce69a6a329cdd66f94af1787f417b62" ], "author": { "name": "Michael LeMay", "email": "mdlemay@epoch.ncsc.mil", "time": "Tue Jun 27 02:53:42 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jun 27 17:32:37 2006 -0700" }, "message": "[PATCH] selinux: inherit /proc/self/attr/keycreate across fork\n\nUpdate SELinux to cause the keycreate process attribute held in\n/proc/self/attr/keycreate to be inherited across a fork and reset upon\nexecve. This is consistent with the handling of the other process\nattributes provided by SELinux and also makes it simpler to adapt logon\nprograms to properly handle the keycreate attribute.\n\nSigned-off-by: Michael LeMay \u003cmdlemay@epoch.ncsc.mil\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "42c3e03ef6b298813557cdb997bd6db619cd65a2", "tree": "c2fba776ccf7015d45651ff7d2aee89f06da6f42", "parents": [ "c1df7fb88a011b39ea722ac00975c5b8a803261b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jun 26 00:26:03 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jun 26 09:58:26 2006 -0700" }, "message": "[PATCH] SELinux: Add sockcreate node to procattr API\n\nBelow is a patch to add a new /proc/self/attr/sockcreate A process may write a\ncontext into this interface and all subsequent sockets created will be labeled\nwith that context. This is the same idea as the fscreate interface where a\nprocess can specify the label of a file about to be created. At this time one\nenvisioned user of this will be xinetd. It will be able to better label\nsockets for the actual services. At this time all sockets take the label of\nthe creating process, so all xinitd sockets would just be labeled the same.\n\nI tested this by creating a tcp sender and listener. The sender was able to\nwrite to this new proc file and then create sockets with the specified label.\nI am able to be sure the new label was used since the avc denial messages\nkicked out by the kernel included both the new security permission\nsetsockcreate and all the socket denials were for the new label, not the label\nof the running process.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "4eb582cf1fbd7b9e5f466e3718a59c957e75254e", "tree": "4387e460a50efa8d46a54526d0cf0959c0e3b428", "parents": [ "06ec7be557a1259611d6093a00463c42650dc71a" ], "author": { "name": "Michael LeMay", "email": "mdlemay@epoch.ncsc.mil", "time": "Mon Jun 26 00:24:57 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jun 26 09:58:18 2006 -0700" }, "message": "[PATCH] keys: add a way to store the appropriate context for newly-created keys\n\nAdd a /proc/\u003cpid\u003e/attr/keycreate entry that stores the appropriate context for\nnewly-created keys. Modify the selinux_key_alloc hook to make use of the new\nentry. Update the flask headers to include a new \"setkeycreate\" permission\nfor processes. Update the flask headers to include a new \"create\" permission\nfor keys. Use the create permission to restrict which SIDs each task can\nassign to newly-created keys. Add a new parameter to the security hook\n\"security_key_alloc\" to indicate whether it is being invoked by the kernel, or\nfrom userspace. If it is being invoked by the kernel, the security hook\nshould never fail. Update the documentation to reflect these changes.\n\nSigned-off-by: Michael LeMay \u003cmdlemay@epoch.ncsc.mil\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "06ec7be557a1259611d6093a00463c42650dc71a", "tree": "b83cdbc8405e0a174939d36e4fe40fb8adb51071", "parents": [ "e51f6d343789a4f0a2a7587ad7ec7746969d5c1c" ], "author": { "name": "Michael LeMay", "email": "mdlemay@epoch.ncsc.mil", "time": "Mon Jun 26 00:24:56 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jun 26 09:58:18 2006 -0700" }, "message": "[PATCH] keys: restrict contents of /proc/keys to Viewable keys\n\nRestrict /proc/keys such that only those keys to which the current task is\ngranted View permission are presented.\n\nThe documentation is also updated to reflect these changes.\n\nSigned-off-by: Michael LeMay \u003cmdlemay@epoch.ncsc.mil\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" } ], "next": "e51f6d343789a4f0a2a7587ad7ec7746969d5c1c" }