)]}' { "log": [ { "commit": "e52e713ec30a31e9a4663d9aebbaae5ec07466a6", "tree": "68f9680577ae68f3972a5ed73afed5d1c2794310", "parents": [ "bdf7cf1c83872a0586ce4c4da6889103cc36dbd3", "2f3e4af471e38e0658e701973238ae4b5e50fcd6" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri May 27 10:25:02 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri May 27 10:25:02 2011 -0700" }, "message": "Merge branch \u0027docs-move\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rdunlap/linux-docs\n\n* \u0027docs-move\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rdunlap/linux-docs:\n Create Documentation/security/, move LSM-, credentials-, and keys-related files from Documentation/ to Documentation/security/, add Documentation/security/00-INDEX, and update all occurrences of Documentation/\u003cmoved_file\u003e to Documentation/security/\u003cmoved_file\u003e.\n" }, { "commit": "f01e1af445fac107e91d62a2d59dd535f633810b", "tree": "f5da7e4162f0a6f4bb50e4cb41f6a06c672f66b0", "parents": [ "bc9bc72e2f9bb07384c00604d1a40d0b5f62be6c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue May 24 13:48:51 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 26 18:13:57 2011 -0700" }, "message": "selinux: don\u0027t pass in NULL avd to avc_has_perm_noaudit\n\nRight now security_get_user_sids() will pass in a NULL avd pointer to\navc_has_perm_noaudit(), which then forces that function to have a dummy\nentry for that case and just generally test it.\n\nDon\u0027t do it. The normal callers all pass a real avd pointer, and this\nhelper function is incredibly hot. So don\u0027t make avc_has_perm_noaudit()\ndo conditional stuff that isn\u0027t needed for the common case.\n\nThis also avoids some duplicated stack space.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f780bdb7c1c73009cb57adcf99ef50027d80bf3c", "tree": "d15668ffcc40a2aaa31723b87cfda0b166f84d57", "parents": [ "4714d1d32d97239fb5ae3e10521d3f133a899b66" ], "author": { "name": "Ben Blum", "email": "bblum@andrew.cmu.edu", "time": "Thu May 26 16:25:19 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 26 17:12:34 2011 -0700" }, "message": "cgroups: add per-thread subsystem callbacks\n\nAdd cgroup subsystem callbacks for per-thread attachment in atomic contexts\n\nAdd can_attach_task(), pre_attach(), and attach_task() as new callbacks\nfor cgroups\u0027s subsystem interface. Unlike can_attach and attach, these\nare for per-thread operations, to be called potentially many times when\nattaching an entire threadgroup.\n\nAlso, the old \"bool threadgroup\" interface is removed, as replaced by\nthis. All subsystems are modified for the new interface - of note is\ncpuset, which requires from/to nodemasks for attach to be globally scoped\n(though per-cpuset would work too) to persist from its pre_attach to\nattach_task and attach.\n\nThis is a pre-patch for cgroup-procs-writable.patch.\n\nSigned-off-by: Ben Blum \u003cbblum@andrew.cmu.edu\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Matt Helsley \u003cmatthltc@us.ibm.com\u003e\nReviewed-by: Paul Menage \u003cmenage@google.com\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: David Rientjes \u003crientjes@google.com\u003e\nCc: Miao Xie \u003cmiaox@cn.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f7285b5d631fd6096b11c6af0058ed3a2b30ef4e", "tree": "956fff16b2327818eae72cfe47cf2260986e2fd2", "parents": [ "b7c2f036284452627d793af981877817b37d4351" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Thu May 26 15:25:05 2011 -0500" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 26 13:49:19 2011 -0700" }, "message": "Set cred-\u003euser_ns in key_replace_session_keyring\n\nSince this cred was not created with copy_creds(), it needs to get\ninitialized. Otherwise use of syscall(__NR_keyctl, KEYCTL_SESSION_TO_PARENT);\ncan lead to a NULL deref. Thanks to Robert for finding this.\n\nBut introduced by commit 47a150edc2a (\"Cache user_ns in struct cred\").\n\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nReported-by: Robert Święcki \u003crobert@swiecki.net\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nCc: stable@kernel.org (2.6.39)\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b7b57551bbda1390959207f79f2038aa7adb72ae", "tree": "d591a08e7e45615b51d8b5ee1634a29920f62c3f", "parents": [ "434d42cfd05a7cc452457a81d2029540cba12150", "7a627e3b9a2bd0f06945bbe64bcf403e788ecf6e" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 24 23:20:19 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 24 23:20:19 2011 +1000" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into for-linus\n\nConflicts:\n\tlib/flex_array.c\n\tsecurity/selinux/avc.c\n\tsecurity/selinux/hooks.c\n\tsecurity/selinux/ss/policydb.c\n\tsecurity/smack/smack_lsm.c\n\nManually resolve conflicts.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "434d42cfd05a7cc452457a81d2029540cba12150", "tree": "3a6b9b7f9ff2e1b7409dd66c15242b2a75aa4422", "parents": [ "d762f4383100c2a87b1a3f2d678cd3b5425655b4", "12a5a2621b1ee14d32beca35304d7c6076a58815" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 24 22:55:24 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 24 22:55:24 2011 +1000" }, "message": "Merge branch \u0027next\u0027 into for-linus\n" }, { "commit": "57d19e80f459dd845fb3cfeba8e6df8471bac142", "tree": "8254766715720228db3d50f1ef3c7fe003c06d65", "parents": [ "ee9ec4f82049c678373a611ce20ac67fe9ad836e", "e64851f5a0ad6ec991f74ebb3108c35aa0323d5f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon May 23 09:12:26 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon May 23 09:12:26 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (39 commits)\n b43: fix comment typo reqest -\u003e request\n Haavard Skinnemoen has left Atmel\n cris: typo in mach-fs Makefile\n Kconfig: fix copy/paste-ism for dell-wmi-aio driver\n doc: timers-howto: fix a typo (\"unsgined\")\n perf: Only include annotate.h once in tools/perf/util/ui/browsers/annotate.c\n md, raid5: Fix spelling error in comment (\u0027Ofcourse\u0027 --\u003e \u0027Of course\u0027).\n treewide: fix a few typos in comments\n regulator: change debug statement be consistent with the style of the rest\n Revert \"arm: mach-u300/gpio: Fix mem_region resource size miscalculations\"\n audit: acquire creds selectively to reduce atomic op overhead\n rtlwifi: don\u0027t touch with treewide double semicolon removal\n treewide: cleanup continuations and remove logging message whitespace\n ath9k_hw: don\u0027t touch with treewide double semicolon removal\n include/linux/leds-regulator.h: fix syntax in example code\n tty: fix typo in descripton of tty_termios_encode_baud_rate\n xtensa: remove obsolete BKL kernel option from defconfig\n m68k: fix comment typo \u0027occcured\u0027\n arch:Kconfig.locks Remove unused config option.\n treewide: remove extra semicolons\n ...\n" }, { "commit": "257313b2a87795e07a0bdf58d0fffbdba8b31051", "tree": "ff5043526b0381cdc1f1f68d3c6f8ed3635e0ddb", "parents": [ "044aea9b83614948c98564000db07d1d32b2d29b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 19 21:22:53 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 19 21:22:53 2011 -0700" }, "message": "selinux: avoid unnecessary avc cache stat hit count\n\nThere is no point in counting hits - we can calculate it from the number\nof lookups and misses.\n\nThis makes the avc statistics a bit smaller, and makes the code\ngeneration better too.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "044aea9b83614948c98564000db07d1d32b2d29b", "tree": "b1f13ed2f4bb0bd40f7915a89aafaf449b6145cd", "parents": [ "39ab05c8e0b519ff0a04a869f065746e6e8c3d95" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 19 18:59:47 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 19 18:59:47 2011 -0700" }, "message": "selinux: de-crapify avc cache stat code generation\n\nYou can turn off the avc cache stats, but distributions seem to not do\nthat (perhaps because several performance tuning how-to\u0027s talk about the\navc cache statistics).\n\nWhich is sad, because the code it generates is truly horrendous, with\nthe statistics update being sandwitched between get_cpu/put_cpu which in\nturn causes preemption disables etc. We\u0027re talking ten+ instructions\njust to increment a per-cpu variable in some pretty hot code.\n\nFix the craziness by just using \u0027this_cpu_inc()\u0027 instead. Suddenly we\nonly need a single \u0027inc\u0027 instruction to increment the statistics. This\nis quite noticeable in the incredibly hot avc_has_perm_noaudit()\nfunction (which triggers all the statistics by virtue of doing an\navc_lookup() call).\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "eb04f2f04ed1227c266b3219c0aaeda525639718", "tree": "7f224483a3cd0e439cd64a8666ec9dc5ed178a3d", "parents": [ "5765040ebfc9a28d9dcfaaaaf3d25840d922de96", "80d02085d99039b3b7f3a73c8896226b0cb1ba07" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 19 18:14:34 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 19 18:14:34 2011 -0700" }, "message": "Merge branch \u0027core-rcu-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip\n\n* \u0027core-rcu-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (78 commits)\n Revert \"rcu: Decrease memory-barrier usage based on semi-formal proof\"\n net,rcu: convert call_rcu(prl_entry_destroy_rcu) to kfree\n batman,rcu: convert call_rcu(softif_neigh_free_rcu) to kfree_rcu\n batman,rcu: convert call_rcu(neigh_node_free_rcu) to kfree()\n batman,rcu: convert call_rcu(gw_node_free_rcu) to kfree_rcu\n net,rcu: convert call_rcu(kfree_tid_tx) to kfree_rcu()\n net,rcu: convert call_rcu(xt_osf_finger_free_rcu) to kfree_rcu()\n net/mac80211,rcu: convert call_rcu(work_free_rcu) to kfree_rcu()\n net,rcu: convert call_rcu(wq_free_rcu) to kfree_rcu()\n net,rcu: convert call_rcu(phonet_device_rcu_free) to kfree_rcu()\n perf,rcu: convert call_rcu(swevent_hlist_release_rcu) to kfree_rcu()\n perf,rcu: convert call_rcu(free_ctx) to kfree_rcu()\n net,rcu: convert call_rcu(__nf_ct_ext_free_rcu) to kfree_rcu()\n net,rcu: convert call_rcu(net_generic_release) to kfree_rcu()\n net,rcu: convert call_rcu(netlbl_unlhsh_free_addr6) to kfree_rcu()\n net,rcu: convert call_rcu(netlbl_unlhsh_free_addr4) to kfree_rcu()\n security,rcu: convert call_rcu(sel_netif_free) to kfree_rcu()\n net,rcu: convert call_rcu(xps_dev_maps_release) to kfree_rcu()\n net,rcu: convert call_rcu(xps_map_release) to kfree_rcu()\n net,rcu: convert call_rcu(rps_map_release) to kfree_rcu()\n ...\n" }, { "commit": "d410fa4ef99112386de5f218dd7df7b4fca910b4", "tree": "e29fbc3f6d27b20d73d8feb4ed73f6767f2e18fe", "parents": [ "61c4f2c81c61f73549928dfd9f3e8f26aa36a8cf" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Thu May 19 15:59:38 2011 -0700" }, "committer": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Thu May 19 15:59:38 2011 -0700" }, "message": "Create Documentation/security/,\nmove LSM-, credentials-, and keys-related files from Documentation/\n to Documentation/security/,\nadd Documentation/security/00-INDEX, and\nupdate all occurrences of Documentation/\u003cmoved_file\u003e\n to Documentation/security/\u003cmoved_file\u003e.\n" }, { "commit": "12a5a2621b1ee14d32beca35304d7c6076a58815", "tree": "213e13f99de690b3c4a510f504393b63ada626bd", "parents": [ "e77dc3460fa59be5759e9327ad882868eee9d61b", "61c4f2c81c61f73549928dfd9f3e8f26aa36a8cf" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 19 18:51:57 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 19 18:51:57 2011 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n\nConflicts:\n\tinclude/linux/capability.h\n\nManually resolve merge conflict w/ thanks to Stephen Rothwell.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ca7d12000895ae5dfef8b8ff2648a0d50abd397c", "tree": "259fb1e473ef6129b9fa5faf771c9e811ab572c4", "parents": [ "411f05f123cbd7f8aa1edcae86970755a6e2a9d9", "93826c092c385549c04af184fbebd43f36995c69" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 13 09:52:16 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 13 09:52:16 2011 +1000" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.infradead.org/users/eparis/selinux into for-linus\n" }, { "commit": "93826c092c385549c04af184fbebd43f36995c69", "tree": "20f77a85a74a24ed3418da8818e12b439f70fc81", "parents": [ "bf69d41d198138e3c601e9a6645f4f1369aff7e0" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 07 14:46:59 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu May 12 16:02:42 2011 -0400" }, "message": "SELinux: delete debugging printks from filename_trans rule processing\n\nThe filename_trans rule processing has some printk(KERN_ERR ) messages\nwhich were intended as debug aids in creating the code but weren\u0027t removed\nbefore it was submitted. Remove them.\n\nReported-by: Paul Bolle \u003cpebolle@tiscali.nl\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "e77dc3460fa59be5759e9327ad882868eee9d61b", "tree": "dc342433cce9dbdaa3ad36f250d21d575d1c8775", "parents": [ "3a852d3bd53e718206a18b015909c4b575952692" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu May 12 06:40:51 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 12 11:07:21 2011 +1000" }, "message": "TOMOYO: Fix wrong domainname validation.\n\nIn tomoyo_correct_domain() since 2.6.36, TOMOYO was by error validating\n\"\u003ckernel\u003e\" + \"/foo/\\\" + \"/bar\" when \"\u003ckernel\u003e /foo/\\* /bar\" was given.\nAs a result, legal domainnames like \"\u003ckernel\u003e /foo/\\* /bar\" are rejected.\n\nReported-by: Hayama Yossihiro \u003cyossi@yedo.src.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7a627e3b9a2bd0f06945bbe64bcf403e788ecf6e", "tree": "5d79dfee7868debdf428640477adce32be10968f", "parents": [ "2875fa00830be62431f5ac22d8f85d57f9fa3033" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Tue May 10 15:34:16 2011 -0700" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed May 11 12:58:09 2011 -0400" }, "message": "SELINUX: add /sys/fs/selinux mount point to put selinuxfs\n\nIn the interest of keeping userspace from having to create new root\nfilesystems all the time, let\u0027s follow the lead of the other in-kernel\nfilesystems and provide a proper mount point for it in sysfs.\n\nFor selinuxfs, this mount point should be in /sys/fs/selinux/\n\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: Lennart Poettering \u003cmzerqung@0pointer.de\u003e\nCc: Daniel J Walsh \u003cdwalsh@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n[include kobject.h - Eric Paris]\n[use selinuxfs_obj throughout - Eric Paris]\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "690273fc70e94a07d70044881e5e52926301bcd3", "tree": "f72c7942fb91d74e9f18ab169c213a21f1b40505", "parents": [ "b55071eb6011413af3b9c434ae77dea8832069c8" ], "author": { "name": "Lai Jiangshan", "email": "laijs@cn.fujitsu.com", "time": "Fri Mar 18 12:03:19 2011 +0800" }, "committer": { "name": "Paul E. McKenney", "email": "paulmck@linux.vnet.ibm.com", "time": "Sat May 07 22:51:05 2011 -0700" }, "message": "security,rcu: convert call_rcu(sel_netif_free) to kfree_rcu()\n\nThe rcu callback sel_netif_free() just calls a kfree(),\nso we use kfree_rcu() instead of the call_rcu(sel_netif_free).\n\nSigned-off-by: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\nAcked-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nReviewed-by: Josh Triplett \u003cjosh@joshtriplett.org\u003e\n" }, { "commit": "3acb458c32293405cf68985b7b3ac5dc0a5e7929", "tree": "2943bc04adaedf25377c954087c7277118a4aae1", "parents": [ "75ef0368d182785c7c5c06ac11081e31257a313e" ], "author": { "name": "Lai Jiangshan", "email": "laijs@cn.fujitsu.com", "time": "Fri Mar 18 12:11:07 2011 +0800" }, "committer": { "name": "Paul E. McKenney", "email": "paulmck@linux.vnet.ibm.com", "time": "Sat May 07 22:50:54 2011 -0700" }, "message": "security,rcu: convert call_rcu(user_update_rcu_disposal) to kfree_rcu()\n\nThe rcu callback user_update_rcu_disposal() just calls a kfree(),\nso we use kfree_rcu() instead of the call_rcu(user_update_rcu_disposal).\n\nSigned-off-by: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nReviewed-by: Josh Triplett \u003cjosh@joshtriplett.org\u003e\n" }, { "commit": "6f239284542bae297d27355d06afbb8df23c5db9", "tree": "b0ba42fb54cd05178c61584e0913be38a57f0384", "parents": [ "609cfda586c7fe3e5d1a02c51edb587506294167", "bf69d41d198138e3c601e9a6645f4f1369aff7e0" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed May 04 11:59:34 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed May 04 11:59:34 2011 +1000" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.infradead.org/users/eparis/selinux into for-linus\n" }, { "commit": "5d30b10bd68df007e7ae21e77d1e0ce184b53040", "tree": "61d97a80d0fac7c6dfd97db7040fedd75771adda", "parents": [ "cb1e922fa104bb0bb3aa5fc6ca7f7e070f3b55e9" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:55:52 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 16:12:47 2011 -0400" }, "message": "flex_array: flex_array_prealloc takes a number of elements, not an end\n\nChange flex_array_prealloc to take the number of elements for which space\nshould be allocated instead of the last (inclusive) element. Users\nand documentation are updated accordingly. flex_arrays got introduced before\nthey had users. When folks started using it, they ended up needing a\ndifferent API than was coded up originally. This swaps over to the API that\nfolks apparently need.\n\nBased-on-patch-by: Steffen Klassert \u003csteffen.klassert@secunet.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nTested-by: Chris Richards \u003cgizmo@giz-works.com\u003e\nAcked-by: Dave Hansen \u003cdave@linux.vnet.ibm.com\u003e\nCc: stable@kernel.org [2.6.38+]\n" }, { "commit": "cb1e922fa104bb0bb3aa5fc6ca7f7e070f3b55e9", "tree": "c776ceca8e63dd8de70f242fe6883320004884eb", "parents": [ "fe3fa43039d47ee4e22caf460b79b62a14937f79" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:11:21 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 16:12:41 2011 -0400" }, "message": "SELinux: pass last path component in may_create\n\nNew inodes are created in a two stage process. We first will compute the\nlabel on a new inode in security_inode_create() and check if the\noperation is allowed. We will then actually re-compute that same label and\napply it in security_inode_init_security(). The change to do new label\ncalculations based in part on the last component of the path name only\npassed the path component information all the way down the\nsecurity_inode_init_security hook. Down the security_inode_create hook the\npath information did not make it past may_create. Thus the two calculations\ncame up differently and the permissions check might not actually be against\nthe label that is created. Pass and use the same information in both places\nto harmonize the calculations and checks.\n\nReported-by: Dominick Grift \u003cdomg472@gmail.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2875fa00830be62431f5ac22d8f85d57f9fa3033", "tree": "541fdb15e39711fb1ad901223d823421c7b77526", "parents": [ "a8d05c81fb238bbb18878ccfae7599ca79448dd3" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 16:04:24 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 16:09:59 2011 -0400" }, "message": "SELinux: introduce path_has_perm\n\nWe currently have inode_has_perm and dentry_has_perm. dentry_has_perm just\ncalls inode_has_perm with additional audit data. But dentry_has_perm can\ntake either a dentry or a path. Split those to make the code obvious and\nto fix the previous problem where I thought dentry_has_perm always had a\nvalid dentry and mnt.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "5a3ea8782c63d3501cb764c176f153c0d9a400e1", "tree": "3ff57105c8c3f3ad696b29511d1cf69f434caeab", "parents": [ "562abf624175e3f8487b7f064e516805e437e597" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:55:52 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:56:06 2011 -0400" }, "message": "flex_array: flex_array_prealloc takes a number of elements, not an end\n\nChange flex_array_prealloc to take the number of elements for which space\nshould be allocated instead of the last (inclusive) element. Users\nand documentation are updated accordingly. flex_arrays got introduced before\nthey had users. When folks started using it, they ended up needing a\ndifferent API than was coded up originally. This swaps over to the API that\nfolks apparently need.\n\nBased-on-patch-by: Steffen Klassert \u003csteffen.klassert@secunet.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nTested-by: Chris Richards \u003cgizmo@giz-works.com\u003e\nAcked-by: Dave Hansen \u003cdave@linux.vnet.ibm.com\u003e\nCc: stable@kernel.org [2.6.38+]\n" }, { "commit": "562abf624175e3f8487b7f064e516805e437e597", "tree": "75e52d8f8f91fc42c28ca2e0b7196b9fd16c25e0", "parents": [ "2463c26d50adc282d19317013ba0ff473823ca47" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:11:21 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:15:54 2011 -0400" }, "message": "SELinux: pass last path component in may_create\n\nNew inodes are created in a two stage process. We first will compute the\nlabel on a new inode in security_inode_create() and check if the\noperation is allowed. We will then actually re-compute that same label and\napply it in security_inode_init_security(). The change to do new label\ncalculations based in part on the last component of the path name only\npassed the path component information all the way down the\nsecurity_inode_init_security hook. Down the security_inode_create hook the\npath information did not make it past may_create. Thus the two calculations\ncame up differently and the permissions check might not actually be against\nthe label that is created. Pass and use the same information in both places\nto harmonize the calculations and checks.\n\nReported-by: Dominick Grift \u003cdomg472@gmail.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2463c26d50adc282d19317013ba0ff473823ca47", "tree": "e92438150bb380c0dc0867b00f1ae89f73646b2a", "parents": [ "3f058ef7787e1b48720622346de9a5317aeb749a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:11:21 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:15:53 2011 -0400" }, "message": "SELinux: put name based create rules in a hashtable\n\nTo shorten the list we need to run if filename trans rules exist for the type\nof the given parent directory I put them in a hashtable. Given the policy we\nare expecting to use in Fedora this takes the worst case list run from about\n5,000 entries to 17.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3f058ef7787e1b48720622346de9a5317aeb749a", "tree": "3cfdfa068b6eae4716f3be7d02f44bbd15e64573", "parents": [ "be30b16d43f4781406de0c08c96501dae4cc5a77" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:11:21 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:15:52 2011 -0400" }, "message": "SELinux: generic hashtab entry counter\n\nInstead of a hashtab entry counter function only useful for range\ntransition rules make a function generic for any hashtable to use.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "be30b16d43f4781406de0c08c96501dae4cc5a77", "tree": "957792a2eae5f16a87b79f4ca8aa434b6fa9c7de", "parents": [ "03a4c0182a156547edd5f2717c1702590fe36bbf" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:11:21 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:15:52 2011 -0400" }, "message": "SELinux: calculate and print hashtab stats with a generic function\n\nWe have custom debug functions like rangetr_hash_eval and symtab_hash_eval\nwhich do the same thing. Just create a generic function that takes the name\nof the hash table as an argument instead of having custom functions.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "03a4c0182a156547edd5f2717c1702590fe36bbf", "tree": "c4585fab7c37d4eb2cc46e93c925e7c2a5e7b1a2", "parents": [ "2667991f60e67d28c495b8967aaabf84b4ccd560" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:11:21 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:15:52 2011 -0400" }, "message": "SELinux: skip filename trans rules if ttype does not match parent dir\n\nRight now we walk to filename trans rule list for every inode that is\ncreated. First passes at policy using this facility creates around 5000\nfilename trans rules. Running a list of 5000 entries every time is a bad\nidea. This patch adds a new ebitmap to policy which has a bit set for each\nttype that has at least 1 filename trans rule. Thus when an inode is\ncreated we can quickly determine if any rules exist for this parent\ndirectory type and can skip the list if we know there is definitely no\nrelevant entry.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2667991f60e67d28c495b8967aaabf84b4ccd560", "tree": "893c006121f2be1b44e270fc5b43d8f94435dc81", "parents": [ "4742600cf536c0c115b6f769eda82ee377d199c9" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:11:20 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:15:51 2011 -0400" }, "message": "SELinux: rename filename_compute_type argument to *type instead of *con\n\nfilename_compute_type() takes as arguments the numeric value of the type of\nthe subject and target. It does not take a context. Thus the names are\nmisleading. Fix the argument names.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4742600cf536c0c115b6f769eda82ee377d199c9", "tree": "599922c770c628c3d484ee7460fe1fc361c3c509", "parents": [ "92f4250901476fcadc4f52ace36e453c61f5591d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:11:20 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:15:51 2011 -0400" }, "message": "SELinux: fix comment to state filename_compute_type takes an objname not a qstr\n\nfilename_compute_type used to take a qstr, but it now takes just a name.\nFix the comments to indicate it is an objname, not a qstr.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "07f9479a40cc778bc1462ada11f95b01360ae4ff", "tree": "0676cf38df3844004bb3ebfd99dfa67a4a8998f5", "parents": [ "9d5e6bdb3013acfb311ab407eeca0b6a6a3dedbf", "cd2e49e90f1cae7726c9a2c54488d881d7f1cd1c" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Tue Apr 26 10:22:15 2011 +0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Tue Apr 26 10:22:59 2011 +0200" }, "message": "Merge branch \u0027master\u0027 into for-next\n\nFast-forwarded to current state of Linus\u0027 tree as there are patches to be\napplied for files that didn\u0027t exist on the old branch.\n" }, { "commit": "9ade0cf440a1e5800dc68eef2e77b8d9d83a6dff", "tree": "17a06970af5a26cd340b785a894f20f262335575", "parents": [ "1879fd6a26571fd4e8e1f4bb3e7537bc936b1fe7" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 16:26:29 2011 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 25 18:16:32 2011 -0700" }, "message": "SELINUX: Make selinux cache VFS RCU walks safe\n\nNow that the security modules can decide whether they support the\ndcache RCU walk or not it\u0027s possible to make selinux a bit more\nRCU friendly. The SELinux AVC and security server access decision\ncode is RCU safe. A specific piece of the LSM audit code may not\nbe RCU safe.\n\nThis patch makes the VFS RCU walk retry if it would hit the non RCU\nsafe chunk of code. It will normally just work under RCU. This is\ndone simply by passing the VFS RCU state as a flag down into the\navc_audit() code and returning ECHILD there if it would have an issue.\n\nBased-on-patch-by: Andi Kleen \u003cak@linux.intel.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "92f4250901476fcadc4f52ace36e453c61f5591d", "tree": "eadee3bbaa53226874d64dcb192699775fdf3792", "parents": [ "a269434d2fb48a4d66c1d7bf821b7874b59c5b41" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 13:15:55 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 18:14:45 2011 -0400" }, "message": "SMACK: smack_file_lock can use the struct path\n\nsmack_file_lock has a struct path, so use that instead of only the\ndentry.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "a269434d2fb48a4d66c1d7bf821b7874b59c5b41", "tree": "9c84b5f3e9f3adb3dd4a7e9da2b72dd7fe7eec49", "parents": [ "f48b7399840b453e7282b523f535561fe9638a2d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 13:10:27 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 18:14:07 2011 -0400" }, "message": "LSM: separate LSM_AUDIT_DATA_DENTRY from LSM_AUDIT_DATA_PATH\n\nThis patch separates and audit message that only contains a dentry from\none that contains a full path. This allows us to make it harder to\nmisuse the interfaces or for the interfaces to be implemented wrong.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "f48b7399840b453e7282b523f535561fe9638a2d", "tree": "29eed009469d35473367708ea60b9c5b01fc0c5f", "parents": [ "0dc1ba24f7fff659725eecbba2c9ad679a0954cd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 12:54:27 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 18:13:15 2011 -0400" }, "message": "LSM: split LSM_AUDIT_DATA_FS into _PATH and _INODE\n\nThe lsm common audit code has wacky contortions making sure which pieces\nof information are set based on if it was given a path, dentry, or\ninode. Split this into path and inode to get rid of some of the code\ncomplexity.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "0dc1ba24f7fff659725eecbba2c9ad679a0954cd", "tree": "ad5831b52b38ca8157dd3ba4e5dfb75768bd372f", "parents": [ "1c9904297451f558191e211a48d8838b4bf792b0" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 21 17:23:20 2011 -0700" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 16:24:41 2011 -0400" }, "message": "SELINUX: Make selinux cache VFS RCU walks safe\n\nNow that the security modules can decide whether they support the\ndcache RCU walk or not it\u0027s possible to make selinux a bit more\nRCU friendly. The SELinux AVC and security server access decision\ncode is RCU safe. A specific piece of the LSM audit code may not\nbe RCU safe.\n\nThis patch makes the VFS RCU walk retry if it would hit the non RCU\nsafe chunk of code. It will normally just work under RCU. This is\ndone simply by passing the VFS RCU state as a flag down into the\navc_audit() code and returning ECHILD there if it would have an issue.\n\nBased-on-patch-by: Andi Kleen \u003cak@linux.intel.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "1c9904297451f558191e211a48d8838b4bf792b0", "tree": "9c7cabec6ce3d6604147de73953cfaca672f1c0d", "parents": [ "6b697323a78bed254ee372f71b1a6a2901bb4b7a" ], "author": { "name": "Andi Kleen", "email": "ak@linux.intel.com", "time": "Thu Apr 21 17:23:19 2011 -0700" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 10:20:32 2011 -0400" }, "message": "SECURITY: Move exec_permission RCU checks into security modules\n\nRight now all RCU walks fall back to reference walk when CONFIG_SECURITY\nis enabled, even though just the standard capability module is active.\nThis is because security_inode_exec_permission unconditionally fails\nRCU walks.\n\nMove this decision to the low level security module. This requires\npassing the RCU flags down the security hook. This way at least\nthe capability module and a few easy cases in selinux/smack work\nwith RCU walks with CONFIG_SECURITY\u003dy\n\nSigned-off-by: Andi Kleen \u003cak@linux.intel.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6b697323a78bed254ee372f71b1a6a2901bb4b7a", "tree": "ef1282bd99f549074253b33deeb6436809566ad4", "parents": [ "a35c6c8368d88deae6890205e73ed330b6df1db7" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 20 10:21:28 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 10:19:02 2011 -0400" }, "message": "SELinux: security_read_policy should take a size_t not ssize_t\n\nThe len should be an size_t but is a ssize_t. Easy enough fix to silence\nbuild warnings. We have no need for signed-ness.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a35c6c8368d88deae6890205e73ed330b6df1db7", "tree": "f61c3da7460bb5ab39353404456d92e005e9000e", "parents": [ "425b473de5372cad6fffc6b98a758ed8e3fc70ce" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 20 10:21:28 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 10:18:27 2011 -0400" }, "message": "SELinux: silence build warning when !CONFIG_BUG\n\nIf one builds a kernel without CONFIG_BUG there are a number of \u0027may be\nused uninitialized\u0027 warnings. Silence these by returning after the BUG().\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8c9e80ed276fc4b9c9fadf29d8bf6b3576112f1a", "tree": "7595dd217545593675d40f85cfb11d69697a8300", "parents": [ "8d082f8f3fb89e8a1fcb5120ad98cd9860c8a3e8" ], "author": { "name": "Andi Kleen", "email": "ak@linux.intel.com", "time": "Thu Apr 21 17:23:19 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 22 16:17:29 2011 -0700" }, "message": "SECURITY: Move exec_permission RCU checks into security modules\n\nRight now all RCU walks fall back to reference walk when CONFIG_SECURITY\nis enabled, even though just the standard capability module is active.\nThis is because security_inode_exec_permission unconditionally fails\nRCU walks.\n\nMove this decision to the low level security module. This requires\npassing the RCU flags down the security hook. This way at least\nthe capability module and a few easy cases in selinux/smack work\nwith RCU walks with CONFIG_SECURITY\u003dy\n\nSigned-off-by: Andi Kleen \u003cak@linux.intel.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "425b473de5372cad6fffc6b98a758ed8e3fc70ce", "tree": "532811d99d68d2ba58bc111b33a959ddb8a1a1e2", "parents": [ "1214eac73f798bccabc6adb55e7b2d787527c13c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 07 14:46:59 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 20 11:45:14 2011 -0400" }, "message": "SELinux: delete debugging printks from filename_trans rule processing\n\nThe filename_trans rule processing has some printk(KERN_ERR ) messages\nwhich were intended as debug aids in creating the code but weren\u0027t removed\nbefore it was submitted. Remove them.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "db5ca356d8af8e43832c185ceec90850ff2ebb45", "tree": "f079addde0b6a8e5a883b5d2f1363496f6511f32", "parents": [ "d4ab4e6a23f805abb8fc3cc34525eec3788aeca1" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Apr 20 06:49:15 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 20 10:16:21 2011 +1000" }, "message": "TOMOYO: Fix refcount leak in tomoyo_mount_acl().\n\nIn tomoyo_mount_acl() since 2.6.36, reference to device file (e.g. /dev/sda1)\nwas leaking.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d4ab4e6a23f805abb8fc3cc34525eec3788aeca1", "tree": "eefd82c155bc27469a85667d759cd90facf4a6e3", "parents": [ "c0fa797ae6cd02ff87c0bfe0d509368a3b45640e", "96fd2d57b8252e16dfacf8941f7a74a6119197f5" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 19 21:32:41 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 19 21:32:41 2011 +1000" }, "message": "Merge branch \u0027master\u0027; commit \u0027v2.6.39-rc3\u0027 into next\n" }, { "commit": "c0fa797ae6cd02ff87c0bfe0d509368a3b45640e", "tree": "4f484333268919be0487ff5fdf9dd380d8bf6ed2", "parents": [ "e4f5f26d8336318a5aa0858223c81cf29fcf5f68" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Apr 03 00:12:54 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 19 09:37:12 2011 +1000" }, "message": "TOMOYO: Fix infinite loop bug when reading /sys/kernel/security/tomoyo/audit\n\nIn tomoyo_flush(), head-\u003er.w[0] holds pointer to string data to be printed.\nBut head-\u003er.w[0] was updated only when the string data was partially\nprinted (because head-\u003er.w[0] will be updated by head-\u003er.w[1] later if\ncompletely printed). However, regarding /sys/kernel/security/tomoyo/query ,\nan additional \u0027\\0\u0027 is printed after the string data was completely printed.\nBut if free space for read buffer became 0 before printing the additional \u0027\\0\u0027,\ntomoyo_flush() was returning without updating head-\u003er.w[0]. As a result,\ntomoyo_flush() forever reprints already printed string data.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e4f5f26d8336318a5aa0858223c81cf29fcf5f68", "tree": "8d28363c736c363d05f31e8417f11a2b5cce67a0", "parents": [ "2a086e5d3a23570735f75b784d29b93068070833" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Apr 03 00:11:50 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 19 09:37:09 2011 +1000" }, "message": "TOMOYO: Don\u0027t add / for allow_unmount permission check.\n\n\"mount --bind /path/to/file1 /path/to/file2\" is legal. Therefore,\n\"umount /path/to/file2\" is also legal. Do not automatically append trailing \u0027/\u0027\nif pathname to be unmounted does not end with \u0027/\u0027.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2a086e5d3a23570735f75b784d29b93068070833", "tree": "43949632ba2e1c8ed4a8169d64c406d66ce36f23", "parents": [ "a3232d2fa2e3cbab3e76d91cdae5890fee8a4034" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Apr 03 00:09:26 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 19 09:37:06 2011 +1000" }, "message": "TOMOYO: Fix race on updating profile\u0027s comment line.\n\nIn tomoyo_write_profile() since 2.6.34, a lock was by error missing when\nreplacing profile\u0027s comment line. If multiple threads attempted\n\n echo \u00270-COMMENT\u003dcomment\u0027 \u003e /sys/kernel/security/tomoyo/profile\n\nin parallel, garbage collector will fail to kfree() the old value.\nProtect the replacement using a lock. Also, keep the old value rather than\nreplace with empty string when out of memory error has occurred.\n\nSigned-off-by: Xiaochen Wang \u003cwangxiaochen0@gmail.com\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6eab04a87677a37cf15b52e2b4b4fd57917102ad", "tree": "dc92e25473e7e5c9183312d7feeeaeabb2157baf", "parents": [ "9f0af69b2dd34d2c21817d599db7bdb3c972a759" ], "author": { "name": "Justin P. Mattock", "email": "justinmattock@gmail.com", "time": "Fri Apr 08 19:49:08 2011 -0700" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Sun Apr 10 17:01:05 2011 +0200" }, "message": "treewide: remove extra semicolons\n\nSigned-off-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "1214eac73f798bccabc6adb55e7b2d787527c13c", "tree": "4b379622da0d56be88d7ea87af558ef719317c7d", "parents": [ "eba71de2cb7c02c5ae4f2ad3656343da71bc4661" ], "author": { "name": "Harry Ciao", "email": "qingtao.cao@windriver.com", "time": "Thu Apr 07 14:12:57 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 07 12:00:26 2011 -0400" }, "message": "Initialize policydb.process_class eariler.\n\nInitialize policydb.process_class once all symtabs read from policy image,\nso that it could be used to setup the role_trans.tclass field when a lower\nversion policy.X is loaded.\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "eba71de2cb7c02c5ae4f2ad3656343da71bc4661", "tree": "3eb37c447b2023c86d2c2cadc7b84656c134b646", "parents": [ "f50a3ec961f90e38c0311411179d5dfee1412192" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Mar 25 10:13:43 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 07 12:00:12 2011 -0400" }, "message": "selinux: Fix regression for Xorg\n\nCommit 6f5317e730505d5cbc851c435a2dfe3d5a21d343 introduced a bug in the\nhandling of userspace object classes that is causing breakage for Xorg\nwhen XSELinux is enabled. Fix the bug by changing map_class() to return\nSECCLASS_NULL when the class cannot be mapped to a kernel object class.\n\nReported-by: \"Justin P. Mattock\" \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4bf2ea77dba76a22f49db3c10773896aaeeb8f66", "tree": "a59c1f924c022864f259ed56b6326a35ab2ceee2", "parents": [ "17f60a7da150fdd0cfb9756f86a262daa72c835f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 01 17:08:28 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 04 10:31:06 2011 +1000" }, "message": "capabilities: do not special case exec of init\n\nWhen the global init task is exec\u0027d we have special case logic to make sure\nthe pE is not reduced. There is no reason for this. If init wants to drop\nit\u0027s pE is should be allowed to do so. Remove this special logic.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserge@hallyn.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f50a3ec961f90e38c0311411179d5dfee1412192", "tree": "600b7909964cd116af1252ecabb5b1415c01d7a0", "parents": [ "6bde95ce33e1c2ac9b5cb3d814722105131090ec" ], "author": { "name": "Kohei Kaigai", "email": "Kohei.Kaigai@eu.nec.com", "time": "Fri Apr 01 15:39:26 2011 +0100" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 01 17:13:23 2011 -0400" }, "message": "selinux: add type_transition with name extension support for selinuxfs\n\nThe attached patch allows /selinux/create takes optional 4th argument\nto support TYPE_TRANSITION with name extension for userspace object\nmanagers.\nIf 4th argument is not supplied, it shall perform as existing kernel.\nIn fact, the regression test of SE-PostgreSQL works well on the patched\nkernel.\n\nThanks,\n\nSigned-off-by: KaiGai Kohei \u003ckohei.kaigai@eu.nec.com\u003e\n[manually verify fuzz was not an issue, and it wasn\u0027t: eparis]\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "25985edcedea6396277003854657b5f3cb31a628", "tree": "f026e810210a2ee7290caeb737c23cb6472b7c38", "parents": [ "6aba74f2791287ec407e0f92487a725a25908067" ], "author": { "name": "Lucas De Marchi", "email": "lucas.demarchi@profusion.mobi", "time": "Wed Mar 30 22:57:33 2011 -0300" }, "committer": { "name": "Lucas De Marchi", "email": "lucas.demarchi@profusion.mobi", "time": "Thu Mar 31 11:26:23 2011 -0300" }, "message": "Fix common misspellings\n\nFixes generated by \u0027codespell\u0027 and manually reviewed.\n\nSigned-off-by: Lucas De Marchi \u003clucas.demarchi@profusion.mobi\u003e\n" }, { "commit": "cfc64fd91fabed099a4c3df58559f4b7efe9bcce", "tree": "6ecc7efb4d61ba9e1ae21a11e50f175961f76cf8", "parents": [ "93b9c98b3498db5842e2812b32cff4c1ae947eb1" ], "author": { "name": "Xiaochen Wang", "email": "wangxiaochen0@gmail.com", "time": "Thu Mar 31 00:27:32 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 31 10:25:06 2011 +1100" }, "message": "tomoyo: fix memory leak in tomoyo_commit_ok()\n\nWhen memory used for policy exceeds the quota, tomoyo_memory_ok() return false.\nIn this case, tomoyo_commit_ok() must call kfree() before returning NULL.\nThis bug exists since 2.6.35.\n\nSigned-off-by: Xiaochen Wang \u003cwangxiaochen0@gmail.com\u003e\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "93b9c98b3498db5842e2812b32cff4c1ae947eb1", "tree": "2d18e46cadcbf66fff695bb16e86531281cde7be", "parents": [ "efb3bb4fad062f8e9b8c9c945d499597e14007e7", "5806896019ceaa0a1e808182afb4bba33c948ad6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 30 08:51:46 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 30 08:51:46 2011 +1100" }, "message": "Merge branch \u0027next-queue\u0027 into next\n" }, { "commit": "85cd6da53a8073d3f4503f56e4ea6cddccbb1c7f", "tree": "9c71a1426c09767e7470fea2c244c9ebd3ec4d8c", "parents": [ "036a98263a30930a329e7bb184d5e77f27358e40" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Mar 25 10:13:43 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 29 10:26:30 2011 +1100" }, "message": "selinux: Fix regression for Xorg\n\nCommit 6f5317e730505d5cbc851c435a2dfe3d5a21d343 introduced a bug in the\nhandling of userspace object classes that is causing breakage for Xorg\nwhen XSELinux is enabled. Fix the bug by changing map_class() to return\nSECCLASS_NULL when the class cannot be mapped to a kernel object class.\n\nReported-by: \"Justin P. Mattock\" \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c900ff323d761753a56d8d6a67b034ceee277b6e", "tree": "0294cfb5904eec80cf8e84004d46cb8734b714e7", "parents": [ "63a312ca55d09a3f6526919df495fff1073c88f4" ], "author": { "name": "Harry Ciao", "email": "qingtao.cao@windriver.com", "time": "Fri Mar 25 13:52:00 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Mar 28 14:21:05 2011 -0400" }, "message": "SELinux: Write class field in role_trans_write.\n\nIf kernel policy version is \u003e\u003d 26, then write the class field of the\nrole_trans structure into the binary reprensentation.\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "63a312ca55d09a3f6526919df495fff1073c88f4", "tree": "43fe9a17837fff6bc71e789dbb8fa0f8d03d01aa", "parents": [ "8023976cf4627d9f1d82ad468ec40e32eb87d211" ], "author": { "name": "Harry Ciao", "email": "harrytaurus200@hotmail.com", "time": "Fri Mar 25 13:51:58 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Mar 28 14:21:01 2011 -0400" }, "message": "SELinux: Compute role in newcontext for all classes\n\nApply role_transition rules for all kinds of classes.\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "8023976cf4627d9f1d82ad468ec40e32eb87d211", "tree": "82af1157ffbb00be2a8d2357a8c2fd88826233b1", "parents": [ "fe3fa43039d47ee4e22caf460b79b62a14937f79" ], "author": { "name": "Harry Ciao", "email": "qingtao.cao@windriver.com", "time": "Fri Mar 25 13:51:56 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Mar 28 14:20:58 2011 -0400" }, "message": "SELinux: Add class support to the role_trans structure\n\nIf kernel policy version is \u003e\u003d 26, then the binary representation of\nthe role_trans structure supports specifying the class for the current\nsubject or the newly created object.\n\nIf kernel policy version is \u003c 26, then the class field would be default\nto the process class.\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2e1496707560ecf98e9b0604622c0990f94861d3", "tree": "d1473b70fad31a903fedc87221680678a6c6c5f6", "parents": [ "e795b71799ff0b27365020c9ddaa25d0d83f99c8" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Wed Mar 23 16:43:26 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:47:13 2011 -0700" }, "message": "userns: rename is_owner_or_cap to inode_owner_or_capable\n\nAnd give it a kernel-doc comment.\n\n[akpm@linux-foundation.org: btrfs changed in linux-next]\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8409cca7056113bee3236cb6a8e4d8d4d1eef102", "tree": "d9f1ced0d47070fcdf8b399021f33770c150b1ec", "parents": [ "39fd33933b0209e4b6254743f2cede07c5ad4c52" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Wed Mar 23 16:43:20 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:47:05 2011 -0700" }, "message": "userns: allow ptrace from non-init user namespaces\n\nptrace is allowed to tasks in the same user namespace according to the\nusual rules (i.e. the same rules as for two tasks in the init user\nnamespace). ptrace is also allowed to a user namespace to which the\ncurrent task the has CAP_SYS_PTRACE capability.\n\nChangelog:\n\tDec 31: Address feedback by Eric:\n\t\t. Correct ptrace uid check\n\t\t. Rename may_ptrace_ns to ptrace_capable\n\t\t. Also fix the cap_ptrace checks.\n\tJan 1: Use const cred struct\n\tJan 11: use task_ns_capable() in place of ptrace_capable().\n\tFeb 23: same_or_ancestore_user_ns() was not an appropriate\n\t\tcheck to constrain cap_issubset. Rather, cap_issubset()\n\t\tonly is meaningful when both capsets are in the same\n\t\tuser_ns.\n\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3486740a4f32a6a466f5ac931654d154790ba648", "tree": "ac5d968a66057fa84933b8f89fd3e916270dffed", "parents": [ "59607db367c57f515183cb203642291bb14d9c40" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Wed Mar 23 16:43:17 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:47:02 2011 -0700" }, "message": "userns: security: make capabilities relative to the user namespace\n\n- Introduce ns_capable to test for a capability in a non-default\n user namespace.\n- Teach cap_capable to handle capabilities in a non-default\n user namespace.\n\nThe motivation is to get to the unprivileged creation of new\nnamespaces. It looks like this gets us 90% of the way there, with\nonly potential uid confusion issues left.\n\nI still need to handle getting all caps after creation but otherwise I\nthink I have a good starter patch that achieves all of your goals.\n\nChangelog:\n\t11/05/2010: [serge] add apparmor\n\t12/14/2010: [serge] fix capabilities to created user namespaces\n\tWithout this, if user serge creates a user_ns, he won\u0027t have\n\tcapabilities to the user_ns he created. THis is because we\n\twere first checking whether his effective caps had the caps\n\the needed and returning -EPERM if not, and THEN checking whether\n\the was the creator. Reverse those checks.\n\t12/16/2010: [serge] security_real_capable needs ns argument in !security case\n\t01/11/2011: [serge] add task_ns_capable helper\n\t01/11/2011: [serge] add nsown_capable() helper per Bastian Blank suggestion\n\t02/16/2011: [serge] fix a logic bug: the root user is always creator of\n\t\t init_user_ns, but should not always have capabilities to\n\t\t it! Fix the check in cap_capable().\n\t02/21/2011: Add the required user_ns parameter to security_capable,\n\t\t fixing a compile failure.\n\t02/23/2011: Convert some macros to functions as per akpm comments. Some\n\t\t couldn\u0027t be converted because we can\u0027t easily forward-declare\n\t\t them (they are inline if !SECURITY, extern if SECURITY). Add\n\t\t a current_user_ns function so we can use it in capability.h\n\t\t without #including cred.h. Move all forward declarations\n\t\t together to the top of the #ifdef __KERNEL__ section, and use\n\t\t kernel-doc format.\n\t02/23/2011: Per dhowells, clean up comment in cap_capable().\n\t02/23/2011: Per akpm, remove unreachable \u0027return -EPERM\u0027 in cap_capable.\n\n(Original written and signed off by Eric; latest, modified version\nacked by him)\n\n[akpm@linux-foundation.org: fix build]\n[akpm@linux-foundation.org: export current_user_ns() for ecryptfs]\n[serge.hallyn@canonical.com: remove unneeded extra argument in selinux\u0027s task_has_capability]\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5806896019ceaa0a1e808182afb4bba33c948ad6", "tree": "d0fe25384a3c87048b5eec639a11e57c9629d854", "parents": [ "4aab1e896a0a9d57420ff2867caa5a369123d8cb" ], "author": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Mon Mar 14 19:32:21 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 22 09:35:12 2011 +1100" }, "message": "security: select correct default LSM_MMAP_MIN_ADDR on ARM.\n\nThe default for this is universally set to 64k, but the help says:\n\n For most ia64, ppc64 and x86 users with lots of address space\n a value of 65536 is reasonable and should cause no problems.\n On arm and other archs it should not be higher than 32768.\n\nThe text is right, in that we are seeing selinux-enabled ARM targets\nthat fail to launch /sbin/init because selinux blocks a memory map.\nSo select the right value if we know we are building ARM.\n\nSigned-off-by: Paul Gortmaker \u003cpaul.gortmaker@windriver.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4aab1e896a0a9d57420ff2867caa5a369123d8cb", "tree": "92212870353a9493c10fb46a0dd9b6ce27230012", "parents": [ "78b7280cce23293f7570ad52c1ffe1485c6d9669" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Mar 11 17:57:33 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 17 11:59:49 2011 +1100" }, "message": "KEYS: Make request_key() and co. return an error for a negative key\n\nMake request_key() and co. return an error for a negative or rejected key. If\nthe key was simply negated, then return ENOKEY, otherwise return the error\nwith which it was rejected.\n\nWithout this patch, the following command returns a key number (with the latest\nkeyutils):\n\n\t[root@andromeda ~]# keyctl request2 user debug:foo rejected @s\n\t586569904\n\nTrying to print the key merely gets you a permission denied error:\n\n\t[root@andromeda ~]# keyctl print 586569904\n\tkeyctl_read_alloc: Permission denied\n\nDoing another request_key() call does get you the error, as long as it hasn\u0027t\nexpired yet:\n\n\t[root@andromeda ~]# keyctl request user debug:foo\n\trequest_key: Key was rejected by service\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "78b7280cce23293f7570ad52c1ffe1485c6d9669", "tree": "f3051c5fe69cb41e88f9470dead8534dda3e94e0", "parents": [ "c151694b2c48d956ac8c8c59c6927f89cc29ef70" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Mar 11 17:57:23 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 17 11:59:32 2011 +1100" }, "message": "KEYS: Improve /proc/keys\n\nImprove /proc/keys by:\n\n (1) Don\u0027t attempt to summarise the payload of a negated key. It won\u0027t have\n one. To this end, a helper function - key_is_instantiated() has been\n added that allows the caller to find out whether the key is positively\n instantiated (as opposed to being uninstantiated or negatively\n instantiated).\n\n (2) Do show keys that are negative, expired or revoked rather than hiding\n them. This requires an override flag (no_state_check) to be passed to\n search_my_process_keyrings() and keyring_search_aux() to suppress this\n check.\n\n Without this, keys that are possessed by the caller, but only grant\n permissions to the caller if possessed are skipped as the possession check\n fails.\n\n Keys that are visible due to user, group or other checks are visible with\n or without this patch.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7a6362800cb7d1d618a697a650c7aaed3eb39320", "tree": "087f9bc6c13ef1fad4b392c5cf9325cd28fa8523", "parents": [ "6445ced8670f37cfc2c5e24a9de9b413dbfc788d", "ceda86a108671294052cbf51660097b6534672f5" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 16 16:29:25 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 16 16:29:25 2011 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1480 commits)\n bonding: enable netpoll without checking link status\n xfrm: Refcount destination entry on xfrm_lookup\n net: introduce rx_handler results and logic around that\n bonding: get rid of IFF_SLAVE_INACTIVE netdev-\u003epriv_flag\n bonding: wrap slave state work\n net: get rid of multiple bond-related netdevice-\u003epriv_flags\n bonding: register slave pointer for rx_handler\n be2net: Bump up the version number\n be2net: Copyright notice change. Update to Emulex instead of ServerEngines\n e1000e: fix kconfig for crc32 dependency\n netfilter ebtables: fix xt_AUDIT to work with ebtables\n xen network backend driver\n bonding: Improve syslog message at device creation time\n bonding: Call netif_carrier_off after register_netdevice\n bonding: Incorrect TX queue offset\n net_sched: fix ip_tos2prio\n xfrm: fix __xfrm_route_forward()\n be2net: Fix UDP packet detected status in RX compl\n Phonet: fix aligned-mode pipe socket buffer header reserve\n netxen: support for GbE port settings\n ...\n\nFix up conflicts in drivers/staging/brcm80211/brcmsmac/wl_mac80211.c\nwith the staging updates.\n" }, { "commit": "0f6e0e8448a16d8d22119ce91d8dd24b44865b51", "tree": "7c295c02db035fc6a0b867465911a2bc9dc6b1ef", "parents": [ "0d2ecee2bdb2a19d04bc5cefac0f86e790f1aad4", "a002951c97ff8da49938c982a4c236bf2fafdc9f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 16 09:15:43 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 16 09:15:43 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (33 commits)\n AppArmor: kill unused macros in lsm.c\n AppArmor: cleanup generated files correctly\n KEYS: Add an iovec version of KEYCTL_INSTANTIATE\n KEYS: Add a new keyctl op to reject a key with a specified error code\n KEYS: Add a key type op to permit the key description to be vetted\n KEYS: Add an RCU payload dereference macro\n AppArmor: Cleanup make file to remove cruft and make it easier to read\n SELinux: implement the new sb_remount LSM hook\n LSM: Pass -o remount options to the LSM\n SELinux: Compute SID for the newly created socket\n SELinux: Socket retains creator role and MLS attribute\n SELinux: Auto-generate security_is_socket_class\n TOMOYO: Fix memory leak upon file open.\n Revert \"selinux: simplify ioctl checking\"\n selinux: drop unused packet flow permissions\n selinux: Fix packet forwarding checks on postrouting\n selinux: Fix wrong checks for selinux_policycap_netpeer\n selinux: Fix check for xfrm selinux context algorithm\n ima: remove unnecessary call to ima_must_measure\n IMA: remove IMA imbalance checking\n ...\n" }, { "commit": "420c1c572d4ceaa2f37b6311b7017ac6cf049fe2", "tree": "df04e6b4b756b7a46d9887462d54a3ad0e1f91d5", "parents": [ "9620639b7ea3843983f4ced8b4c81eb4d8974838", "6e6823d17b157f185be09f4c70181299f9273f0b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Mar 15 18:53:35 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Mar 15 18:53:35 2011 -0700" }, "message": "Merge branch \u0027timers-core-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip\n\n* \u0027timers-core-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (62 commits)\n posix-clocks: Check write permissions in posix syscalls\n hrtimer: Remove empty hrtimer_init_hres_timer()\n hrtimer: Update hrtimer-\u003estate documentation\n hrtimer: Update base[CLOCK_BOOTTIME].offset correctly\n timers: Export CLOCK_BOOTTIME via the posix timers interface\n timers: Add CLOCK_BOOTTIME hrtimer base\n time: Extend get_xtime_and_monotonic_offset() to also return sleep\n time: Introduce get_monotonic_boottime and ktime_get_boottime\n hrtimers: extend hrtimer base code to handle more then 2 clockids\n ntp: Remove redundant and incorrect parameter check\n mn10300: Switch do_timer() to xtimer_update()\n posix clocks: Introduce dynamic clocks\n posix-timers: Cleanup namespace\n posix-timers: Add support for fd based clocks\n x86: Add clock_adjtime for x86\n posix-timers: Introduce a syscall for clock tuning.\n time: Splitout compat timex accessors\n ntp: Add ADJ_SETOFFSET mode bit\n time: Introduce timekeeping_inject_offset\n posix-timer: Update comment\n ...\n\nFix up new system-call-related conflicts in\n\tarch/x86/ia32/ia32entry.S\n\tarch/x86/include/asm/unistd_32.h\n\tarch/x86/include/asm/unistd_64.h\n\tarch/x86/kernel/syscall_table_32.S\n(name_to_handle_at()/open_by_handle_at() vs clock_adjtime()), and some\ndue to movement of get_jiffies_64() in:\n\tkernel/time.c\n" }, { "commit": "1d28f42c1bd4bb2363d88df74d0128b4da135b4a", "tree": "cb2e652fe79a2bc307e871bc2d3fa51cc8051e45", "parents": [ "ca116922afa8cc5ad46b00c0a637b1cde5ca478a" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Mar 12 00:29:39 2011 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Mar 12 15:08:44 2011 -0800" }, "message": "net: Put flowi_* prefix on AF independent members of struct flowi\n\nI intend to turn struct flowi into a union of AF specific flowi\nstructs. There will be a common structure that each variant includes\nfirst, much like struct sock_common.\n\nThis is the first step to move in that direction.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c151694b2c48d956ac8c8c59c6927f89cc29ef70", "tree": "6d24bfde33c2c5899ea33aef4b81d06d7ac36a2f", "parents": [ "fe3fa43039d47ee4e22caf460b79b62a14937f79", "1936113c820bc3bfac49c266ccf972f7f8552aae" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 09 14:12:07 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 09 14:12:07 2011 +1100" }, "message": "Merge branch \u0027security-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev into next\n" }, { "commit": "1936113c820bc3bfac49c266ccf972f7f8552aae", "tree": "6adabc28f9cb3c21160c9e7f227cff3c50a24e89", "parents": [ "0f8250265623e57971cbb57fc8d92e58dd883a19" ], "author": { "name": "Shan Wei", "email": "shanwei@cn.fujitsu.com", "time": "Fri Jan 21 10:13:13 2011 +0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Tue Mar 08 17:04:07 2011 -0800" }, "message": "AppArmor: kill unused macros in lsm.c\n\nRemove unused macros.\n\nSigned-off-by: Shan Wei \u003cshanwei@cn.fujitsu.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "0f8250265623e57971cbb57fc8d92e58dd883a19", "tree": "8acddd1019f2558ed5fd6b84431736b890197c47", "parents": [ "4fdef2183e6598cc977a9bb9321ef99a44125da3" ], "author": { "name": "Michal Hocko", "email": "mhocko@suse.cz", "time": "Fri Jan 07 15:03:02 2011 +0100" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Tue Mar 08 17:03:53 2011 -0800" }, "message": "AppArmor: cleanup generated files correctly\n\nclean-files should be defined as a variable not a target.\n\nSigned-off-by: Michal Hocko \u003cmhocko@suse.cz\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "fe3fa43039d47ee4e22caf460b79b62a14937f79", "tree": "9eab8d00f1227b9fe0959f32a62d892ed35803ba", "parents": [ "ee009e4a0d4555ed522a631bae9896399674f064", "026eb167ae77244458fa4b4b9fc171209c079ba7" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:38:10 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:38:10 2011 +1100" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into next\n" }, { "commit": "ee009e4a0d4555ed522a631bae9896399674f064", "tree": "ee309fb4a98d9e7792cec99935c2d33652b3f440", "parents": [ "fdd1b94581782a2ddf9124414e5b7a5f48ce2f9c" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 07 15:06:20 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:17:22 2011 +1100" }, "message": "KEYS: Add an iovec version of KEYCTL_INSTANTIATE\n\nAdd a keyctl op (KEYCTL_INSTANTIATE_IOV) that is like KEYCTL_INSTANTIATE, but\ntakes an iovec array and concatenates the data in-kernel into one buffer.\nSince the KEYCTL_INSTANTIATE copies the data anyway, this isn\u0027t too much of a\nproblem.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fdd1b94581782a2ddf9124414e5b7a5f48ce2f9c", "tree": "ce83bfd1f0b1a7d4b9521bdb3d6afef1bff1d4f2", "parents": [ "b9fffa3877a3ebbe0a5ad5a247358e2f7df15b24" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 07 15:06:09 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:17:18 2011 +1100" }, "message": "KEYS: Add a new keyctl op to reject a key with a specified error code\n\nAdd a new keyctl op to reject a key with a specified error code. This works\nmuch the same as negating a key, and so keyctl_negate_key() is made a special\ncase of keyctl_reject_key(). The difference is that keyctl_negate_key()\nselects ENOKEY as the error to be reported.\n\nTypically the key would be rejected with EKEYEXPIRED, EKEYREVOKED or\nEKEYREJECTED, but this is not mandatory.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b9fffa3877a3ebbe0a5ad5a247358e2f7df15b24", "tree": "0f58a92c2616b3663f88935290d32a4c90d57025", "parents": [ "633e804e89464d3875e59de1959a53f9041d3094" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 07 15:05:59 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:17:15 2011 +1100" }, "message": "KEYS: Add a key type op to permit the key description to be vetted\n\nAdd a key type operation to permit the key type to vet the description of a new\nkey that key_alloc() is about to allocate. The operation may reject the\ndescription if it wishes with an error of its choosing. If it does this, the\nkey will not be allocated.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReviewed-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "633e804e89464d3875e59de1959a53f9041d3094", "tree": "0a2464267c5f7a4e8166771fdc88e181a5b6219a", "parents": [ "1cc26bada9f6807814806db2f0d78792eecdac71" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 07 15:05:51 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:17:11 2011 +1100" }, "message": "KEYS: Add an RCU payload dereference macro\n\nAdd an RCU payload dereference macro as this seems to be a common piece of code\namongst key types that use RCU referenced payloads.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1cc26bada9f6807814806db2f0d78792eecdac71", "tree": "5509b5139db04af6c13db0a580c84116a4a54039", "parents": [ "eae61f3c829439f8f9121b5cd48a14be04df451f", "214d93b02c4fe93638ad268613c9702a81ed9192" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 10:55:06 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 10:55:06 2011 +1100" }, "message": "Merge branch \u0027master\u0027; commit \u0027v2.6.38-rc7\u0027 into next\n" }, { "commit": "4fdef2183e6598cc977a9bb9321ef99a44125da3", "tree": "380a0f9424d068dc267936fc188ec6abb85df909", "parents": [ "eae61f3c829439f8f9121b5cd48a14be04df451f" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Sat Mar 05 02:18:02 2011 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Sat Mar 05 02:46:26 2011 -0800" }, "message": "AppArmor: Cleanup make file to remove cruft and make it easier to read\n\nCleanups based on comments from Sam Ravnborg,\n\n* remove references to the currently unused af_names.h\n* add rlim_names.h to clean-files:\n* rework cmd_make-XXX to make them more readable by adding comments,\n reworking the expressions to put logical components on individual lines,\n and keep lines \u003c 80 characters.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Sam Ravnborg \u003csam@ravnborg.org\u003e\n" }, { "commit": "01a16b21d6adf992aa863186c3c4e561a57c1714", "tree": "a3b1c81e5a5e6a0e9069e4d3a15576741ed34776", "parents": [ "63f97425166a1a16279c1a5720e9dfcb2c12ad1b" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Thu Mar 03 13:32:07 2011 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Mar 03 13:32:07 2011 -0800" }, "message": "netlink: kill eff_cap from struct netlink_skb_parms\n\nNetlink message processing in the kernel is synchronous these days,\ncapabilities can be checked directly in security_netlink_recv() from\nthe current process.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n[chrisw: update to include pohmelfs and uvesafb]\nSigned-off-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "026eb167ae77244458fa4b4b9fc171209c079ba7", "tree": "1e66fcfeb0b43a6fb764e1d07f8f0200d0c99094", "parents": [ "ff36fe2c845cab2102e4826c1ffa0a6ebf487c65" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 16:09:14 2011 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 16:12:28 2011 -0500" }, "message": "SELinux: implement the new sb_remount LSM hook\n\nFor SELinux we do not allow security information to change during a remount\noperation. Thus this hook simply strips the security module options from\nthe data and verifies that those are the same options as exist on the\ncurrent superblock.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ff36fe2c845cab2102e4826c1ffa0a6ebf487c65", "tree": "d61f4c65bc51e6455f0cb5a3d03fab41d0f83169", "parents": [ "2ad18bdf3b8f84c85c7da7e4de365f7c5701fb3f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 16:09:14 2011 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 16:12:27 2011 -0500" }, "message": "LSM: Pass -o remount options to the LSM\n\nThe VFS mount code passes the mount options to the LSM. The LSM will remove\noptions it understands from the data and the VFS will then pass the remaining\noptions onto the underlying filesystem. This is how options like the\nSELinux context\u003d work. The problem comes in that -o remount never calls\ninto LSM code. So if you include an LSM specific option it will get passed\nto the filesystem and will cause the remount to fail. An example of where\nthis is a problem is the \u0027seclabel\u0027 option. The SELinux LSM hook will\nprint this word in /proc/mounts if the filesystem is being labeled using\nxattrs. If you pass this word on mount it will be silently stripped and\nignored. But if you pass this word on remount the LSM never gets called\nand it will be passed to the FS. The FS doesn\u0027t know what seclabel means\nand thus should fail the mount. For example an ext3 fs mounted over loop\n\n# mount -o loop /tmp/fs /mnt/tmp\n# cat /proc/mounts | grep /mnt/tmp\n/dev/loop0 /mnt/tmp ext3 rw,seclabel,relatime,errors\u003dcontinue,barrier\u003d0,data\u003dordered 0 0\n# mount -o remount /mnt/tmp\nmount: /mnt/tmp not mounted already, or bad option\n# dmesg\nEXT3-fs (loop0): error: unrecognized mount option \"seclabel\" or missing value\n\nThis patch passes the remount mount options to an new LSM hook.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2ad18bdf3b8f84c85c7da7e4de365f7c5701fb3f", "tree": "7b45743dee9e9de69714da3801aa3f987a3db365", "parents": [ "6f5317e730505d5cbc851c435a2dfe3d5a21d343" ], "author": { "name": "Harry Ciao", "email": "qingtao.cao@windriver.com", "time": "Wed Mar 02 13:32:34 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 15:19:44 2011 -0500" }, "message": "SELinux: Compute SID for the newly created socket\n\nThe security context for the newly created socket shares the same\nuser, role and MLS attribute as its creator but may have a different\ntype, which could be specified by a type_transition rule in the relevant\npolicy package.\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\n[fix call to security_transition_sid to include qstr, Eric Paris]\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "6f5317e730505d5cbc851c435a2dfe3d5a21d343", "tree": "02088cf519a00db5c6fbdb2cc8776402413eb662", "parents": [ "4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad" ], "author": { "name": "Harry Ciao", "email": "qingtao.cao@windriver.com", "time": "Wed Mar 02 13:32:33 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 15:19:43 2011 -0500" }, "message": "SELinux: Socket retains creator role and MLS attribute\n\nThe socket SID would be computed on creation and no longer inherit\nits creator\u0027s SID by default. Socket may have a different type but\nneeds to retain the creator\u0027s role and MLS attribute in order not\nto break labeled networking and network access control.\n\nThe kernel value for a class would be used to determine if the class\nif one of socket classes. If security_compute_sid is called from\nuserspace the policy value for a class would be mapped to the relevant\nkernel value first.\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad", "tree": "9ed72f305050b876d846b44ccf13f63fcbab1ff4", "parents": [ "0b24dcb7f2f7a0ce9b762eef0362c21c88f47b32" ], "author": { "name": "Harry Ciao", "email": "qingtao.cao@windriver.com", "time": "Wed Mar 02 13:46:08 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 15:19:43 2011 -0500" }, "message": "SELinux: Auto-generate security_is_socket_class\n\nThe security_is_socket_class() is auto-generated by genheaders based\non classmap.h to reduce maintenance effort when a new class is defined\nin SELinux kernel. The name for any socket class should be suffixed by\n\"socket\" and doesn\u0027t contain more than one substr of \"socket\".\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "c53fa1ed92cd671a1dfb1e7569e9ab672612ddc6", "tree": "9bb539a7731af94cac0112b8f13771e4a33e0450", "parents": [ "06dc94b1ed05f91e246315afeb1c652d6d0dc9ab" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Thu Mar 03 10:55:40 2011 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Mar 03 10:55:40 2011 -0800" }, "message": "netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms\n\nNetlink message processing in the kernel is synchronous these days, the\nsession information can be collected when needed.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "eae61f3c829439f8f9121b5cd48a14be04df451f", "tree": "607f79bb57996e059c1da17a0411d5763c4748ca", "parents": [ "1adace9bb04a5f4a4dea9e642089102661bb0ceb" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Mar 02 16:54:24 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 03 10:13:26 2011 +1100" }, "message": "TOMOYO: Fix memory leak upon file open.\n\nIn tomoyo_check_open_permission() since 2.6.36, TOMOYO was by error\nrecalculating already calculated pathname when checking allow_rewrite\npermission. As a result, memory will leak whenever a file is opened for writing\nwithout O_APPEND flag. Also, performance will degrade because TOMOYO is\ncalculating pathname regardless of profile configuration.\nThis patch fixes the leak and performance degrade.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0b24dcb7f2f7a0ce9b762eef0362c21c88f47b32", "tree": "9c7dc83e169cd4a2e5fd248e4b940f82131627b6", "parents": [ "47ac19ea429aee561f66e9cd05b908e8ffbc498a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Feb 25 15:39:20 2011 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Feb 25 15:40:00 2011 -0500" }, "message": "Revert \"selinux: simplify ioctl checking\"\n\nThis reverts commit 242631c49d4cf39642741d6627750151b058233b.\n\nConflicts:\n\n\tsecurity/selinux/hooks.c\n\nSELinux used to recognize certain individual ioctls and check\npermissions based on the knowledge of the individual ioctl. In commit\n242631c49d4cf396 the SELinux code stopped trying to understand\nindividual ioctls and to instead looked at the ioctl access bits to\ndetermine in we should check read or write for that operation. This\nsame suggestion was made to SMACK (and I believe copied into TOMOYO).\nBut this suggestion is total rubbish. The ioctl access bits are\nactually the access requirements for the structure being passed into the\nioctl, and are completely unrelated to the operation of the ioctl or the\nobject the ioctl is being performed upon.\n\nTake FS_IOC_FIEMAP as an example. FS_IOC_FIEMAP is defined as:\n\nFS_IOC_FIEMAP _IOWR(\u0027f\u0027, 11, struct fiemap)\n\nSo it has access bits R and W. What this really means is that the\nkernel is going to both read and write to the struct fiemap. It has\nnothing at all to do with the operations that this ioctl might perform\non the file itself!\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "47ac19ea429aee561f66e9cd05b908e8ffbc498a", "tree": "22a95f4b75ab4dd71949f8f337463638ff6711e3", "parents": [ "4a7ab3dcad0b66a486c468ccf0d6197c5dbe3326" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Feb 25 15:39:20 2011 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Feb 25 15:40:00 2011 -0500" }, "message": "selinux: drop unused packet flow permissions\n\nThese permissions are not used and can be dropped in the kernel\ndefinitions.\n\nSuggested-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "4a7ab3dcad0b66a486c468ccf0d6197c5dbe3326", "tree": "b88badda1de339ed01149caf05601400d2e2a9dd", "parents": [ "b9679a76187694138099e09d7f5091b73086e6d7" ], "author": { "name": "Steffen Klassert", "email": "steffen.klassert@secunet.com", "time": "Wed Feb 23 12:56:23 2011 +0100" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Feb 25 15:00:51 2011 -0500" }, "message": "selinux: Fix packet forwarding checks on postrouting\n\nThe IPSKB_FORWARDED and IP6SKB_FORWARDED flags are used only in the\nmulticast forwarding case to indicate that a packet looped back after\nforward. So these flags are not a good indicator for packet forwarding.\nA better indicator is the incoming interface. If we have no socket context,\nbut an incoming interface and we see the packet in the ip postroute hook,\nthe packet is going to be forwarded.\n\nWith this patch we use the incoming interface as an indicator on packet\nforwarding.\n\nSigned-off-by: Steffen Klassert \u003csteffen.klassert@secunet.com\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b9679a76187694138099e09d7f5091b73086e6d7", "tree": "224bfa579013b55ed6c459879ba0aab6d28e8ae2", "parents": [ "8f82a6880d8d03961181d973388e1df2772a8b24" ], "author": { "name": "Steffen Klassert", "email": "steffen.klassert@secunet.com", "time": "Wed Feb 23 12:55:21 2011 +0100" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Feb 25 15:00:47 2011 -0500" }, "message": "selinux: Fix wrong checks for selinux_policycap_netpeer\n\nselinux_sock_rcv_skb_compat and selinux_ip_postroute_compat are just\ncalled if selinux_policycap_netpeer is not set. However in these\nfunctions we check if selinux_policycap_netpeer is set. This leads\nto some dead code and to the fact that selinux_xfrm_postroute_last\nis never executed. This patch removes the dead code and the checks\nfor selinux_policycap_netpeer in the compatibility functions.\n\nSigned-off-by: Steffen Klassert \u003csteffen.klassert@secunet.com\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "8f82a6880d8d03961181d973388e1df2772a8b24", "tree": "b2eb1374f143610dbf06a686fcfee6b77bff110b", "parents": [ "4916ca401e3051dad326ddd69765bd0e3f32fb9b" ], "author": { "name": "Steffen Klassert", "email": "steffen.klassert@secunet.com", "time": "Wed Feb 23 12:54:33 2011 +0100" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Feb 25 15:00:44 2011 -0500" }, "message": "selinux: Fix check for xfrm selinux context algorithm\n\nselinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of\ninterpretation against the selinux context algorithm. This patch\nfixes this by checking ctx_alg against the selinux context algorithm.\n\nSigned-off-by: Steffen Klassert \u003csteffen.klassert@secunet.com\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "1adace9bb04a5f4a4dea9e642089102661bb0ceb", "tree": "2396099935c50d838899a01da1438b8a441619de", "parents": [ "854fdd55bfdd56cfc61bd30f2062a9268fcebba6" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Feb 22 10:19:43 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 23 16:38:52 2011 -0500" }, "message": "ima: remove unnecessary call to ima_must_measure\n\nThe original ima_must_measure() function based its results on cached\niint information, which required an iint be allocated for all files.\nCurrently, an iint is allocated only for files in policy. As a result,\nfor those files in policy, ima_must_measure() is now called twice: once\nto determine if the inode is in the measurement policy and, the second\ntime, to determine if it needs to be measured/re-measured.\n\nThe second call to ima_must_measure() unnecessarily checks to see if\nthe file is in policy. As we already know the file is in policy, this\npatch removes the second unnecessary call to ima_must_measure(), removes\nthe vestige iint parameter, and just checks the iint directly to determine\nif the inode has been measured or needs to be measured/re-measured.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "e33f770426674a565a188042caf3f974f8b3722d", "tree": "6ee309a1cbccec1cef9972fc6c8f8d9b280978f5", "parents": [ "e1ad2ab2cf0cabcd81861e2c61870fc27bb27ded" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 22 18:13:15 2011 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 22 18:13:15 2011 -0800" }, "message": "xfrm: Mark flowi arg to security_xfrm_state_pol_flow_match() const.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6037b715d6fab139742c3df8851db4c823081561", "tree": "aba9e9427debd4fa5b904daefa8e71a6320f4b93", "parents": [ "deabb19ba4bd8c06ae69bc262e3594b515e3a459" ], "author": { "name": "Chris Wright", "email": "chrisw@sous-sol.org", "time": "Wed Feb 09 22:11:51 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 11 17:41:58 2011 +1100" }, "message": "security: add cred argument to security_capable()\n\nExpand security_capable() to include cred, so that it can be usable in a\nwider range of call sites.\n\nSigned-off-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "854fdd55bfdd56cfc61bd30f2062a9268fcebba6", "tree": "139af793bf7395002e6e68978b603d47f28f7dc2", "parents": [ "890275b5eb79e9933d12290473eab9ac38da0051" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 02 10:14:22 2010 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Feb 10 07:51:44 2011 -0500" }, "message": "IMA: remove IMA imbalance checking\n\nNow that i_readcount is maintained by the VFS layer, remove the\nimbalance checking in IMA. Cleans up the IMA code nicely.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "890275b5eb79e9933d12290473eab9ac38da0051", "tree": "8fa529a6fdfa7647ed4e14287658b71df8636ddd", "parents": [ "a5c96ebf1d71df0c5fb77ab58c9aeb307cf02372" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 02 10:13:07 2010 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Feb 10 07:51:44 2011 -0500" }, "message": "IMA: maintain i_readcount in the VFS layer\n\nima_counts_get() updated the readcount and invalidated the PCR,\nas necessary. Only update the i_readcount in the VFS layer.\nMove the PCR invalidation checks to ima_file_check(), where it\nbelongs.\n\nMaintaining the i_readcount in the VFS layer, will allow other\nsubsystems to use i_readcount.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "a68a27b6f2354273bacc39c3dd06456edb202230", "tree": "d73396dab134842ecd1e86d665718e75012e7e78", "parents": [ "75a25637bf8a1b8fbed2368c0a3ec15c66a534f1" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 02 10:10:56 2010 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Feb 10 07:51:43 2011 -0500" }, "message": "IMA: convert i_readcount to atomic\n\nConvert the inode\u0027s i_readcount from an unsigned int to atomic.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "75a25637bf8a1b8fbed2368c0a3ec15c66a534f1", "tree": "038d52827d9a285fed1bb384f06d7adabf4ef674", "parents": [ "db904aa8147440b750a35d58befed38155a1abb9" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed Feb 09 19:58:42 2011 -0800" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed Feb 09 19:58:42 2011 -0800" }, "message": "Smack: correct final mmap check comparison\n\nThe mmap policy enforcement checks the access of the\nSMACK64MMAP subject against the current subject incorrectly.\nThe check as written works correctly only if the access\nrules involved have the same access. This is the common\ncase, so initial testing did not find a problem.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "db904aa8147440b750a35d58befed38155a1abb9", "tree": "faaeea888a0ff5ca9c1e935bda15914a551458a2", "parents": [ "0e0a070d3a47d279de66e08244769556deae2eee" ], "author": { "name": "Shan Wei", "email": "shanwei@cn.fujitsu.com", "time": "Wed Feb 09 19:58:11 2011 -0800" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed Feb 09 19:58:11 2011 -0800" }, "message": "security:smack: kill unused SMACK_LIST_MAX, MAY_ANY and MAY_ANYWRITE\n\nKill unused macros of SMACK_LIST_MAX, MAY_ANY and MAY_ANYWRITE.\nv2: As Casey Schaufler\u0027s advice, also remove MAY_ANY.\n\nSigned-off-by: Shan Wei \u003cshanwei@cn.fujitsu.com\u003e\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "0e0a070d3a47d279de66e08244769556deae2eee", "tree": "8d9c07464833076a40c1d95dd2f8f33716509290", "parents": [ "821404434f3324bf23f545050ff64055a149766e" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Feb 08 16:36:24 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Feb 09 18:50:23 2011 +1100" }, "message": "Smack: correct behavior in the mmap hook\n\nThe mmap policy enforcement was not properly handling the\n interaction between the global and local rule lists.\n Instead of going through one and then the other, which\n missed the important case where a rule specified that\n there should be no access, combine the access limitations\n where there is a rule in each list.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "2edeaa34a6e3f2c43b667f6c4f7b27944b811695" }