)]}' { "log": [ { "commit": "3925e6fc1f774048404fdd910b0345b06c699eb4", "tree": "c9a58417d9492f39f7fe81d4721d674c34dd8be2", "parents": [ "334d094504c2fe1c44211ecb49146ae6bca8c321", "7cea51be4e91edad05bd834f3235b45c57783f0d" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 18 18:18:30 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 18 18:18:30 2008 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:\n security: fix up documentation for security_module_enable\n Security: Introduce security\u003d boot parameter\n Audit: Final renamings and cleanup\n SELinux: use new audit hooks, remove redundant exports\n Audit: internally use the new LSM audit hooks\n LSM/Audit: Introduce generic Audit LSM hooks\n SELinux: remove redundant exports\n Netlink: Use generic LSM hook\n Audit: use new LSM hooks instead of SELinux exports\n SELinux: setup new inode/ipc getsecid hooks\n LSM: Introduce inode_getsecid and ipc_getsecid hooks\n" }, { "commit": "334d094504c2fe1c44211ecb49146ae6bca8c321", "tree": "d3c0f68e4b9f8e3d2ccc39e7dfe5de0534a5fad9", "parents": [ "d1a4be630fb068f251d64b62919f143c49ca8057", "d1643d24c61b725bef399cc1cf2944b4c9c23177" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 18 18:02:35 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 18 18:02:35 2008 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26: (1090 commits)\n [NET]: Fix and allocate less memory for -\u003epriv\u0027less netdevices\n [IPV6]: Fix dangling references on error in fib6_add().\n [NETLABEL]: Fix NULL deref in netlbl_unlabel_staticlist_gen() if ifindex not found\n [PKT_SCHED]: Fix datalen check in tcf_simp_init().\n [INET]: Uninline the __inet_inherit_port call.\n [INET]: Drop the inet_inherit_port() call.\n SCTP: Initialize partial_bytes_acked to 0, when all of the data is acked.\n [netdrvr] forcedeth: internal simplifications; changelog removal\n phylib: factor out get_phy_id from within get_phy_device\n PHY: add BCM5464 support to broadcom PHY driver\n cxgb3: Fix __must_check warning with dev_dbg.\n tc35815: Statistics cleanup\n natsemi: fix MMIO for PPC 44x platforms\n [TIPC]: Cleanup of TIPC reference table code\n [TIPC]: Optimized initialization of TIPC reference table\n [TIPC]: Remove inlining of reference table locking routines\n e1000: convert uint16_t style integers to u16\n ixgb: convert uint16_t style integers to u16\n sb1000.c: make const arrays static\n sb1000.c: stop inlining largish static functions\n ...\n" }, { "commit": "7cea51be4e91edad05bd834f3235b45c57783f0d", "tree": "55843bf8ab3afc3e33a99e86391668d48355d614", "parents": [ "076c54c5bcaed2081c0cba94a6f77c4d470236ad" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Mar 07 12:23:49 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 10:00:59 2008 +1000" }, "message": "security: fix up documentation for security_module_enable\n\nsecurity_module_enable() can only be called during kernel init.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "076c54c5bcaed2081c0cba94a6f77c4d470236ad", "tree": "5e8f05cab20a49922618bb3af697a6b46e610eee", "parents": [ "04305e4aff8b0533dc05f9f6f1a34d0796bd985f" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Thu Mar 06 18:09:10 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 10:00:51 2008 +1000" }, "message": "Security: Introduce security\u003d boot parameter\n\nAdd the security\u003d boot parameter. This is done to avoid LSM\nregistration clashes in case of more than one bult-in module.\n\nUser can choose a security module to enable at boot. If no\nsecurity\u003d boot parameter is specified, only the first LSM\nasking for registration will be loaded. An invalid security\nmodule name will be treated as if no module has been chosen.\n\nLSM modules must check now if they are allowed to register\nby calling security_module_enable(ops) first. Modify SELinux\nand SMACK to do so.\n\nDo not let SMACK register smackfs if it was not chosen on\nboot. Smackfs assumes that smack hooks are registered and\nthe initial task security setup (swapper-\u003esecurity) is done.\n\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "04305e4aff8b0533dc05f9f6f1a34d0796bd985f", "tree": "9938264917b4b9e6e147b883d88fca94c6788b76", "parents": [ "9d57a7f9e23dc30783d245280fc9907cf2c87837" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Apr 19 09:59:43 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:59:43 2008 +1000" }, "message": "Audit: Final renamings and cleanup\n\nRename the se_str and se_rule audit fields elements to\nlsm_str and lsm_rule to avoid confusion.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9d57a7f9e23dc30783d245280fc9907cf2c87837", "tree": "508b81e213f5dca1097ccf0ece8ba092b168607b", "parents": [ "d7a96f3a1ae279a2129653d6cb18d722f2f00f91" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 22:03:14 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:53:46 2008 +1000" }, "message": "SELinux: use new audit hooks, remove redundant exports\n\nSetup the new Audit LSM hooks for SELinux.\nRemove the now redundant exported SELinux Audit interface.\n\nAudit: Export \u0027audit_krule\u0027 and \u0027audit_field\u0027 to the public\nsince their internals are needed by the implementation of the\nnew LSM hook \u0027audit_rule_known\u0027.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "03d37d25e0f91b28c4b6d002be6221f1af4b19d8", "tree": "de56538f7b6e7623d7cee2b0fcdc8f9764957252", "parents": [ "6b89a74be0fbbc6cc639d5cf7dcf8e6ee0f120a7" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 22:00:05 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:36 2008 +1000" }, "message": "LSM/Audit: Introduce generic Audit LSM hooks\n\nIntroduce a generic Audit interface for security modules\nby adding the following new LSM hooks:\n\naudit_rule_init(field, op, rulestr, lsmrule)\naudit_rule_known(krule)\naudit_rule_match(secid, field, op, rule, actx)\naudit_rule_free(rule)\n\nThose hooks are only available if CONFIG_AUDIT is enabled.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "6b89a74be0fbbc6cc639d5cf7dcf8e6ee0f120a7", "tree": "c56574f86d518feb898e934e428dbae999236b5a", "parents": [ "0ce784ca729dce8c9076a6339a15530ca13212f2" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 21:58:32 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:36 2008 +1000" }, "message": "SELinux: remove redundant exports\n\nRemove the following exported SELinux interfaces:\nselinux_get_inode_sid(inode, sid)\nselinux_get_ipc_sid(ipcp, sid)\nselinux_get_task_sid(tsk, sid)\nselinux_sid_to_string(sid, ctx, len)\n\nThey can be substitued with the following generic equivalents\nrespectively:\nnew LSM hook, inode_getsecid(inode, secid)\nnew LSM hook, ipc_getsecid*(ipcp, secid)\nLSM hook, task_getsecid(tsk, secid)\nLSM hook, sid_to_secctx(sid, ctx, len)\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "713a04aeaba35bb95d442cdeb52055498519be25", "tree": "a9d995cdc850d159189886e29f44d4ee88516eba", "parents": [ "8a076191f373abaeb4aa5f6755d22e49db98940f" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 21:52:30 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:33 2008 +1000" }, "message": "SELinux: setup new inode/ipc getsecid hooks\n\nSetup the new inode_getsecid and ipc_getsecid() LSM hooks\nfor SELinux.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "8a076191f373abaeb4aa5f6755d22e49db98940f", "tree": "1311a11332abb0828999a7347a07509a68dffb5f", "parents": [ "d1a4be630fb068f251d64b62919f143c49ca8057" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 21:51:09 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:32 2008 +1000" }, "message": "LSM: Introduce inode_getsecid and ipc_getsecid hooks\n\nIntroduce inode_getsecid(inode, secid) and ipc_getsecid(ipcp, secid)\nLSM hooks. These hooks will be used instead of similar exported\nSELinux interfaces.\n\nLet {inode,ipc,task}_getsecid hooks set the secid to 0 by default\nif CONFIG_SECURITY is not defined or if the hook is set to\nNULL (dummy). This is done to notify the caller that no valid\nsecid exists.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "5f46ce14bd432cf52bf91079270af164ca48f821", "tree": "ae8129b0ba3743b67ba69af83c7c8aa6950e4f15", "parents": [ "27cc2a6e572e1a86a08a02918517558f175f6974" ], "author": { "name": "maximilian attems", "email": "max@stro.at", "time": "Wed Apr 16 19:36:36 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:18 2008 +1000" }, "message": "security: enhance DEFAULT_MMAP_MIN_ADDR description\n\nGot burned by setting the proposed default of 65536\nacross all Debian archs.\n\nThus proposing to be more specific on which archs you may\nset this. Also propose a value for arm and friends that\ndoesn\u0027t break sshd.\n\nReword to mention working archs ia64 and ppc64 too.\n\nSigned-off-by: maximilian attems \u003cmax@stro.at\u003e\nCc: Martin Michlmayr \u003ctbm@cyrius.com\u003e\nCc: Gordon Farquharson \u003cgordonfarquharson@gmail.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "27cc2a6e572e1a86a08a02918517558f175f6974", "tree": "fdd3d6cbea9807421527ffc4d6fa893f6a182c58", "parents": [ "3e11217263d0521e212cb8a017fbc2a1514db78f" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 14 15:09:53 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:17 2008 +1000" }, "message": "SELinux: add netport.[ch]\n\nThank you, git.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3e11217263d0521e212cb8a017fbc2a1514db78f", "tree": "d3b399c3d907cd90afd27003000fd9d99212f44b", "parents": [ "832cbd9aa1293cba57d06571f5fc8f0917c672af" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 10 10:48:14 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:16 2008 +1000" }, "message": "SELinux: Add network port SID cache\n\nMuch like we added a network node cache, this patch adds a network port\ncache. The design is taken almost completely from the network node cache\nwhich in turn was taken from the network interface cache. The basic idea is\nto cache entries in a hash table based on protocol/port information. The\nhash function only takes the port number into account since the number of\ndifferent protocols in use at any one time is expected to be relatively\nsmall.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "832cbd9aa1293cba57d06571f5fc8f0917c672af", "tree": "85b1b550c71acde04294b69c08176adbaaf8641b", "parents": [ "0e55a004b58847c53e48d846b9a4570b1587c382" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 01 13:24:09 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:13 2008 +1000" }, "message": "SELinux: turn mount options strings into defines\n\nConvert the strings used for mount options into #defines rather than\nretyping the string throughout the SELinux code.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0e55a004b58847c53e48d846b9a4570b1587c382", "tree": "1eb79c0a971ecd6db645aea3f2f9037ed7c49343", "parents": [ "64dbf07474d011540ca479a2e87fe998f570d6e3" ], "author": { "name": "Adrian Bunk", "email": "bunk@kernel.org", "time": "Mon Mar 31 01:54:02 2008 +0300" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:12 2008 +1000" }, "message": "selinux/ss/services.c should #include \u003clinux/selinux.h\u003e\n\nEvery file should include the headers containing the externs for its global\ncode.\n\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "64dbf07474d011540ca479a2e87fe998f570d6e3", "tree": "364ae3f3a29f06246dd2097674586fe508c4445f", "parents": [ "0356357c5158c71d4cbf20196b2f784435dd916c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Mar 31 12:17:33 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:11 2008 +1000" }, "message": "selinux: introduce permissive types\n\nIntroduce the concept of a permissive type. A new ebitmap is introduced to\nthe policy database which indicates if a given type has the permissive bit\nset or not. This bit is tested for the scontext of any denial. The bit is\nmeaningless on types which only appear as the target of a decision and never\nthe source. A domain running with a permissive type will be allowed to\nperform any action similarly to when the system is globally set permissive.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0356357c5158c71d4cbf20196b2f784435dd916c", "tree": "e680a4d0346286d2c318bb20914cceabc0596af1", "parents": [ "eda4f69ca5a532b425db5a6c2c6bc50717b9b5fe" ], "author": { "name": "Roland McGrath", "email": "roland@redhat.com", "time": "Wed Mar 26 15:46:39 2008 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:10 2008 +1000" }, "message": "selinux: remove ptrace_sid\n\nThis changes checks related to ptrace to get rid of the ptrace_sid tracking.\nIt\u0027s good to disentangle the security model from the ptrace implementation\ninternals. It\u0027s sufficient to check against the SID of the ptracer at the\ntime a tracee attempts a transition.\n\nSigned-off-by: Roland McGrath \u003croland@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "eda4f69ca5a532b425db5a6c2c6bc50717b9b5fe", "tree": "09b74e5637218c64588e523d6d264fae0b9cb771", "parents": [ "f0115e6c8980ea9125a17858291c90ecd990bc1c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Mar 11 14:19:34 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:09 2008 +1000" }, "message": "SELinux: requesting no permissions in avc_has_perm_noaudit is a BUG()\n\nThis patch turns the case where we have a call into avc_has_perm with no\nrequested permissions into a BUG_ON. All callers to this should be in\nthe kernel and thus should be a function we need to fix if we ever hit\nthis. The /selinux/access permission checking it done directly in the\nsecurity server and not through the avc, so those requests which we\ncannot control from userspace should not be able to trigger this BUG_ON.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f0115e6c8980ea9125a17858291c90ecd990bc1c", "tree": "f9b665c465b6813c421fc60660068197d178c53a", "parents": [ "dd6f953adb5c4deb9cd7b6a5054e7d5eafe4ed71" ], "author": { "name": "Andrew Morton", "email": "akpm@linux-foundation.org", "time": "Thu Mar 06 10:05:08 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:08 2008 +1000" }, "message": "security: code cleanup\n\nERROR: \"(foo*)\" should be \"(foo *)\"\n#168: FILE: security/selinux/hooks.c:2656:\n+\t\t \"%s, rc\u003d%d\\n\", __func__, (char*)value, -rc);\n\ntotal: 1 errors, 0 warnings, 195 lines checked\n\n./patches/security-replace-remaining-__function__-occurences.patch has style problems, please review. If any of these errors\nare false positives report them to the maintainer, see\nCHECKPATCH in MAINTAINERS.\n\nPlease run checkpatch prior to sending patches\n\nCc: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dd6f953adb5c4deb9cd7b6a5054e7d5eafe4ed71", "tree": "0ed459ca8da43b7e0486c8f0a840845a731920bf", "parents": [ "b0c636b99997c8594da6a46e166ce4fcf6956fda" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Thu Mar 06 10:03:59 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:07 2008 +1000" }, "message": "security: replace remaining __FUNCTION__ occurrences\n\n__FUNCTION__ is gcc-specific, use __func__\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b0c636b99997c8594da6a46e166ce4fcf6956fda", "tree": "16308f0324846cd8c19180b6a45793268dd16f50", "parents": [ "d4ee4231a3a8731576ef0e0a7e1225e4fde1e659" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 28 12:58:40 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:06 2008 +1000" }, "message": "SELinux: create new open permission\n\nAdds a new open permission inside SELinux when \u0027opening\u0027 a file. The idea\nis that opening a file and reading/writing to that file are not the same\nthing. Its different if a program had its stdout redirected to /tmp/output\nthan if the program tried to directly open /tmp/output. This should allow\npolicy writers to more liberally give read/write permissions across the\npolicy while still blocking many design and programing flaws SELinux is so\ngood at catching today.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d4ee4231a3a8731576ef0e0a7e1225e4fde1e659", "tree": "c7d265135f1cbfabf7eaa8bb31bcc56120d2e022", "parents": [ "454d972c24e6efce3d7b07a97f1ad18b14845de9" ], "author": { "name": "Adrian Bunk", "email": "bunk@kernel.org", "time": "Wed Feb 27 23:20:42 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:06 2008 +1000" }, "message": "selinux: selinux/netlabel.c should #include \"netlabel.h\"\n\nEvery file should include the headers containing the externs for its\nglobal code.\n\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "454d972c24e6efce3d7b07a97f1ad18b14845de9", "tree": "05cd06c8389ca0cdc2f493d7fb680678a0691d27", "parents": [ "98e9894650455426f67c2157db4f39bd14fac2f6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 26 20:42:02 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:05 2008 +1000" }, "message": "SELinux: unify printk messages\n\nReplace \"security:\" prefixes in printk messages with \"SELinux\"\nto help users identify the source of the messages. Also fix a\ncouple of minor formatting issues.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "98e9894650455426f67c2157db4f39bd14fac2f6", "tree": "bee5205f20c4d1faa6ec80f05d708eecad2959b3", "parents": [ "f74af6e816c940c678c235d49486fe40d7e49ce9" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 26 09:52:58 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:04 2008 +1000" }, "message": "SELinux: remove unused backpointers from security objects\n\nRemove unused backpoiters from security objects.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f74af6e816c940c678c235d49486fe40d7e49ce9", "tree": "06f2fa54bd7ceabac2ad29a6ab0aca1deb87c032", "parents": [ "4b119e21d0c66c22e8ca03df05d9de623d0eb50f" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Feb 25 11:40:33 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 18 20:26:03 2008 +1000" }, "message": "SELinux: Correct the NetLabel locking for the sk_security_struct\n\nThe RCU/spinlock locking approach for the nlbl_state in the sk_security_struct\nwas almost certainly overkill. This patch removes both the RCU and spinlock\nlocking, relying on the existing socket locks to handle the case of multiple\nwriters. This change also makes several code reductions possible.\n\nLess locking, less code - it\u0027s a Good Thing.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1e42198609d73ed1a9adcba2af275c24c2678420", "tree": "32fd4d9073bfc0f3909af8f9fb4bcff38951d01a", "parents": [ "794eb6bf20ebf992c040ea831cd3a9c64b0c1f7a", "4b119e21d0c66c22e8ca03df05d9de623d0eb50f" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 17 23:56:30 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 17 23:56:30 2008 -0700" }, "message": "Merge branch \u0027master\u0027 of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6\n" }, { "commit": "03e1ad7b5d871d4189b1da3125c2f12d1b5f7d0b", "tree": "1e7f291ac6bd0c1f3a95e8252c32fcce7ff47ea7", "parents": [ "00447872a643787411c2c0cb1df6169dda8b0c47" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Sat Apr 12 19:07:52 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Apr 12 19:07:52 2008 -0700" }, "message": "LSM: Make the Labeled IPsec hooks more stack friendly\n\nThe xfrm_get_policy() and xfrm_add_pol_expire() put some rather large structs\non the stack to work around the LSM API. This patch attempts to fix that\nproblem by changing the LSM API to require only the relevant \"security\"\npointers instead of the entire SPD entry; we do this for all of the\nsecurity_xfrm_policy*() functions to keep things consistent.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "00447872a643787411c2c0cb1df6169dda8b0c47", "tree": "ea4215f6f3040507b46bf90fe133ca73a59c9c0e", "parents": [ "b9f3124f08fffe2ad706fd164f6702fdca409a91" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Sat Apr 12 19:06:42 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Apr 12 19:06:42 2008 -0700" }, "message": "NetLabel: Allow passing the LSM domain as a shared pointer\n\nSmack doesn\u0027t have the need to create a private copy of the LSM \"domain\" when\nsetting NetLabel security attributes like SELinux, however, the current\nNetLabel code requires a private copy of the LSM \"domain\". This patches fixes\nthat by letting the LSM determine how it wants to pass the domain value.\n\n * NETLBL_SECATTR_DOMAIN_CPY\n The current behavior, NetLabel assumes that the domain value is a copy and\n frees it when done\n\n * NETLBL_SECATTR_DOMAIN\n New, Smack-friendly behavior, NetLabel assumes that the domain value is a\n reference to a string managed by the LSM and does not free it when done\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5a55261716e838f188598ab3d7a0abf9cf1338f8", "tree": "2acf7f919cb2edd77a4f9ed0a434b6dbec19708e", "parents": [ "7180c4c9e09888db0a188f729c96c6d7bd61fa83" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 09 14:08:35 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 10 08:51:01 2008 +1000" }, "message": "SELinux: don\u0027t BUG if fs reuses a superblock\n\nI (wrongly) assumed that nfs_xdev_get_sb() would not ever share a superblock\nand so cloning mount options would always be correct. Turns out that isn\u0027t\nthe case and we could fall over a BUG_ON() that wasn\u0027t a BUG at all. Since\nthere is little we can do to reconcile different mount options this patch\njust leaves the sb alone and the first set of options wins.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "869ab5147e1eead890245cfd4f652ba282b6ac26", "tree": "8334fe84734e14e247fb7b4ef78f9a43891249f0", "parents": [ "ff09e2afe742f3ff52a0c9a660e8a3fe30cf587c" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Apr 04 08:46:05 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 08 08:30:14 2008 +1000" }, "message": "SELinux: more GFP_NOFS fixups to prevent selinux from re-entering the fs code\n\nMore cases where SELinux must not re-enter the fs code. Called from the\nd_instantiate security hook.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a02fe13297af26c13d004b1d44f391c077094ea0", "tree": "d75879f0da229eec87e3b4a95a4c28db2ea4d713", "parents": [ "9597362d354f8655ece324b01d0c640a0e99c077" ], "author": { "name": "Josef Bacik", "email": "jbacik@redhat.com", "time": "Fri Apr 04 09:35:05 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 04 09:35:05 2008 +1100" }, "message": "selinux: prevent rentry into the FS\n\nBUG fix. Keep us from re-entering the fs when we aren\u0027t supposed to.\n\nSee discussion at\nhttp://marc.info/?t\u003d120716967100004\u0026r\u003d1\u0026w\u003d2\n\nSigned-off-by: Josef Bacik \u003cjbacik@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3bb5da3837cc1aa17736b05139c9a22c3794851a", "tree": "c92d5684a866542b1cb20641607ac1643ce03a47", "parents": [ "7feb49c82a74bc7c091b8ab2a3f96baa33d08ece", "9597362d354f8655ece324b01d0c640a0e99c077" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 03 14:33:42 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 03 14:33:42 2008 -0700" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n" }, { "commit": "0794c66d49885a2f615618ce4940434b5b067d84", "tree": "b01be53c424c7d4793f5673539c11d09fbbe2b5a", "parents": [ "0e81a8ae37687845f7cdfa2adce14ea6a5f1dd34" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Mar 17 08:55:18 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 02 16:05:52 2008 +1100" }, "message": "selinux: handle files opened with flags 3 by checking ioctl permission\n\nHandle files opened with flags 3 by checking ioctl permission.\n\nDefault to returning FILE__IOCTL from file_to_av() if the f_mode has neither\nFMODE_READ nor FMODE_WRITE, and thus check ioctl permission on exec or\ntransfer, thereby validating such descriptors early as with normal r/w\ndescriptors and catching leaks of them prior to attempted usage.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c346dca10840a874240c78efe3f39acf4312a1f2", "tree": "c04cff20124eba5cc337cc5ec260ad2513eeb065", "parents": [ "7cbca67c073263c179f605bdbbdc565ab29d801d" ], "author": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Tue Mar 25 21:47:49 2008 +0900" }, "committer": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Wed Mar 26 04:39:53 2008 +0900" }, "message": "[NET] NETNS: Omit net_device-\u003end_net without CONFIG_NET_NS.\n\nIntroduce per-net_device inlines: dev_net(), dev_net_set().\nWithout CONFIG_NET_NS, no namespace other than \u0026init_net exists.\nLet\u0027s explicitly define them to help compiler optimizations.\n\nSigned-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\n" }, { "commit": "cb622bbb69e41f2746aadf5d7d527e77597abe2e", "tree": "537a1ce6f76bd915bf9acd197d6bf4d042063998", "parents": [ "58336114af4d2cce830201aae49e50b93ede6c5c" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Mon Mar 24 12:29:49 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Mar 24 19:22:19 2008 -0700" }, "message": "smackfs: remove redundant lock, fix open(,O_RDWR)\n\nOlder smackfs was parsing MAC rules by characters, thus a need of locking\nwrite sessions on open() was needed. This lock is no longer useful now since\neach rule is handled by a single write() call.\n\nThis is also a bugfix since seq_open() was not called if an open() O_RDWR flag\nwas given, leading to a seq_read() without an initialized seq_file, thus an\nOops.\n\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nReported-by: Jonathan Corbet \u003ccorbet@lwn.net\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "aedb60a67c10a0861af179725d060765262ba0fb", "tree": "4a4a316f9f7d1ab0bf4da2cdd5c802bfb05c947f", "parents": [ "457fb605834504af294916411be128a9b21fc3f6" ], "author": { "name": "Serge Hallyn", "email": "serge@hallyn.com", "time": "Fri Feb 29 15:14:57 2008 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 20 09:46:36 2008 -0700" }, "message": "file capabilities: remove cap_task_kill()\n\nThe original justification for cap_task_kill() was as follows:\n\n\tcheck_kill_permission() does appropriate uid equivalence checks.\n\tHowever with file capabilities it becomes possible for an\n\tunprivileged user to execute a file with file capabilities\n\tresulting in a more privileged task with the same uid.\n\nHowever now that cap_task_kill() always returns 0 (permission\ngranted) when p-\u003euid\u003d\u003dcurrent-\u003euid, the whole hook is worthless,\nand only likely to create more subtle problems in the corner cases\nwhere it might still be called but return -EPERM. Those cases\nare basically when uids are different but euid/suid is equivalent\nas per the check in check_kill_permission().\n\nOne example of a still-broken application is \u0027at\u0027 for non-root users.\n\nThis patch removes cap_task_kill().\n\nSigned-off-by: Serge Hallyn \u003cserge@hallyn.com\u003e\nAcked-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nEarlier-version-tested-by: Luiz Fernando N. Capitulino \u003clcapitulino@mandriva.com.br\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1d252fb870aa9cd227c4beb1a226ecd434f57f28", "tree": "4a7b956c01487454b139e1df271518f36ca32285", "parents": [ "4ebf89845bea44a164d1fbb8fa319379ec7132de" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Wed Mar 19 17:00:51 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 19 18:53:36 2008 -0700" }, "message": "smack: do not dereference NULL ipc object\n\nIn the SYSV ipc msgctl(),semctl(),shmctl() family, if the user passed *_INFO\nas the desired operation, no specific object is meant to be controlled and\nonly system-wide information is returned. This leads to a NULL IPC object in\nthe LSM hooks if the _INFO flag is given.\n\nAvoid dereferencing this NULL pointer in Smack ipc *ctl() methods.\n\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "2e1479d95d02b43660fe03ab2c595ec9751a6f97", "tree": "6e4ff5a6eeda225390a19287cd95617b6345df63", "parents": [ "bde4f8fa8db2abd5ac9c542d76012d0fedab050f" ], "author": { "name": "Adrian Bunk", "email": "bunk@kernel.org", "time": "Mon Mar 17 22:29:23 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 18 09:17:22 2008 +1100" }, "message": "make selinux_parse_opts_str() static\n\nThis patch makes the needlessly global selinux_parse_opts_str() static.\n\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b500ce8d24d1f14426643da5f6fada28c1f60533", "tree": "17b6084b29434a968f787e238548a843126e2ec3", "parents": [ "93d74463d018ddf05c169ad399e62e90e0f82fc0" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Thu Mar 13 12:32:34 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 13 13:11:43 2008 -0700" }, "message": "smackfs: do not trust `count\u0027 in inodes write()s\n\nSmackfs write() implementation does not put a higher bound on the number of\nbytes to copy from user-space. This may lead to a DOS attack if a malicious\n`count\u0027 field is given.\n\nAssure that given `count\u0027 is exactly the length needed for a /smack/load rule.\n In case of /smack/cipso where the length is relative, assure that `count\u0027\ndoes not exceed the size needed for a buffer representing maximum possible\nnumber of CIPSO 2.2 categories.\n\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e0007529893c1c064be90bd21422ca0da4a0198e", "tree": "c2334ba940e682183a18d18972cf95bd3a3da46a", "parents": [ "29e8c3c304b62f31b799565c9ee85d42bd163f80" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Mar 05 10:31:54 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 06 08:40:53 2008 +1100" }, "message": "LSM/SELinux: Interfaces to allow FS to control mount options\n\nIntroduce new LSM interfaces to allow an FS to deal with their own mount\noptions. This includes a new string parsing function exported from the\nLSM that an FS can use to get a security data blob and a new security\ndata blob. This is particularly useful for an FS which uses binary\nmount data, like NFS, which does not pass strings into the vfs to be\nhandled by the loaded LSM. Also fix a BUG() in both SELinux and SMACK\nwhen dealing with binary mount data. If the binary mount data is less\nthan one page the copy_page() in security_sb_copy_data() can cause an\nillegal page fault and boom. Remove all NFSisms from the SELinux code\nsince they were broken by past NFS changes.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bcdca225bfa016100985e5fc7e51cdc1d68beaa6", "tree": "4af588f69c754a6380dae17b00de20b0f2f3b149", "parents": [ "43627582799db317e966ecb0002c2c3c9805ec0f" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Sat Feb 23 15:24:04 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sat Feb 23 17:13:24 2008 -0800" }, "message": "Smack: update for file capabilities\n\nUpdate the Smack LSM to allow the registration of the capability \"module\"\nas a secondary LSM. Integrate the new hooks required for file based\ncapabilities.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "094972840f2e7c1c6fc9e1a97d817cc17085378e", "tree": "1fa2b8fb54b5d5d60318c8659d4574a81b953f88", "parents": [ "e5df70ab194543522397fa3da8c8f80564a0f7d3" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Sat Feb 23 15:23:33 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sat Feb 23 17:12:13 2008 -0800" }, "message": "file capabilities: simplify signal check\n\nSimplify the uid equivalence check in cap_task_kill(). Anyone can kill a\nprocess owned by the same uid.\n\nWithout this patch wireshark is reported to fail.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nCc: \u003cstable@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4bc87e62775052aac0be7574d5f84ff06f61c6b4", "tree": "23063e82de8f7b7506d795919d7d4c13725e74a0", "parents": [ "9a4c8546f3e7c893888bccc2b3416d6214f2664a" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Feb 15 15:24:25 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 19 07:51:00 2008 -0800" }, "message": "Smack: unlabeled outgoing ambient packets\n\nSmack uses CIPSO labeling, but allows for unlabeled packets by\nspecifying an \"ambient\" label that is applied to incoming unlabeled\npackets.\n\nBecause the other end of the connection may dislike IP options, and ssh\nis one know application that behaves thus, it is prudent to respond in\nkind.\n\nThis patch changes the network labeling behavior such that an outgoing\npacket that would be given a CIPSO label that matches the ambient label\nis left unlabeled. An \"unlbl\" domain is added and the netlabel\ndefaulting mechanism invoked rather than assuming that everything is\nCIPSO. Locking has been added around changes to the ambient label as\nthe mechanisms used to do so are more involved.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "44707fdf5938ad269ea5d6c5744d82f6a7328746", "tree": "7eb1704418eb41b859ad24bc48f6400135474d87", "parents": [ "a03a8a709a0c34b61b7aea1d54a0473a6b941fdb" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:38:33 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:17:08 2008 -0800" }, "message": "d_path: Use struct path in struct avc_audit_data\n\naudit_log_d_path() is a d_path() wrapper that is used by the audit code. To\nuse a struct path in audit_log_d_path() I need to embed it into struct\navc_audit_data.\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \"J. Bruce Fields\" \u003cbfields@fieldses.org\u003e\nCc: Neil Brown \u003cneilb@suse.de\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4ac9137858e08a19f29feac4e1f4df7c268b0ba5", "tree": "f5b5d84fd12fcc2b0ba0e7ce1a79ff381ad8f5dd", "parents": [ "c5e725f33b733a77de622e91b6ba5645fcf070be" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:34:32 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:13:33 2008 -0800" }, "message": "Embed a struct path into struct nameidata instead of nd-\u003e{dentry,mnt}\n\nThis is the central patch of a cleanup series. In most cases there is no good\nreason why someone would want to use a dentry for itself. This series reflects\nthat fact and embeds a struct path into nameidata.\n\nTogether with the other patches of this series\n- it enforced the correct order of getting/releasing the reference count on\n \u003cdentry,vfsmount\u003e pairs\n- it prepares the VFS for stacking support since it is essential to have a\n struct path in every place where the stack can be traversed\n- it reduces the overall code size:\n\nwithout patch series:\n text data bss dec hex filename\n5321639 858418 715768 6895825 6938d1 vmlinux\n\nwith patch series:\n text data bss dec hex filename\n5320026 858418 715768 6894212 693284 vmlinux\n\nThis patch:\n\nSwitch from nd-\u003e{dentry,mnt} to nd-\u003epath.{dentry,mnt} everywhere.\n\n[akpm@linux-foundation.org: coding-style fixes]\n[akpm@linux-foundation.org: fix cifs]\n[akpm@linux-foundation.org: fix smack]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nSigned-off-by: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "2e1d146a19f2941aec08f60ca67fb2763baad595", "tree": "14831c6332b2d4004a7551354be46526a0c6f426", "parents": [ "cba44359d15ac7a3bca2c9199b7ff403d7edc69e" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Wed Feb 13 15:03:34 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Feb 13 16:21:20 2008 -0800" }, "message": "Smack: check for \u0027struct socket\u0027 with NULL sk\n\nThere\u0027s a small problem with smack and NFS. A similar report was also\nsent here: http://lkml.org/lkml/2007/10/27/85\n\nI\u0027ve also added similar checks in inode_{get/set}security(). Cheating from\nSELinux post_create_socket(), it does the same.\n\n[akpm@linux-foundation.org: remove uneeded BUG_ON()]\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schuafler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b68e418c445e8a468634d0a7ca2fb63bbaa74028", "tree": "e49b4a94ef28a9288ed6735a994387205b7cc5bd", "parents": [ "19af35546de68c872dcb687613e0902a602cb20e" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Feb 07 11:21:04 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 11 20:30:02 2008 +1100" }, "message": "selinux: support 64-bit capabilities\n\nFix SELinux to handle 64-bit capabilities correctly, and to catch\nfuture extensions of capabilities beyond 64 bits to ensure that SELinux\nis properly updated.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e231c2ee64eb1c5cd3c63c31da9dac7d888dcf7f", "tree": "d4b17ef65960594681397a3acac02c2d248200b5", "parents": [ "d1bc8e95445224276d7896b8b08cbb0b28a0ca80" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Feb 07 00:15:26 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 07 08:42:26 2008 -0800" }, "message": "Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p)\n\nConvert instances of ERR_PTR(PTR_ERR(p)) to ERR_CAST(p) using:\n\nperl -spi -e \u0027s/ERR_PTR[(]PTR_ERR[(](.*)[)][)]/ERR_CAST(\\1)/\u0027 `grep -rl \u0027ERR_PTR[(]*PTR_ERR\u0027 fs crypto net security`\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "394c6753978a75cab7558a377f2551a3c1101027", "tree": "c2712cb2d52ecae5db1d9ae417241154fe7a0808", "parents": [ "a5ecbcb8c13ea8a822d243bf782d0dc9525b4f84" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Feb 05 07:31:00 2008 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@localhost.localdomain", "time": "Wed Feb 06 21:40:59 2008 +0800" }, "message": "SELinux: Remove security_get_policycaps()\n\nThe security_get_policycaps() functions has a couple of bugs in it and it\nisn\u0027t currently used by any in-tree code, so get rid of it and all of it\u0027s\nbugginess.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@localhost.localdomain\u003e\n" }, { "commit": "a5ecbcb8c13ea8a822d243bf782d0dc9525b4f84", "tree": "902df830bf581642a49bbb1e4f4de5b9f80eeaa1", "parents": [ "551e4fb2465b87de9d4aa1669b27d624435443bb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 31 15:11:22 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@localhost.localdomain", "time": "Wed Feb 06 21:39:46 2008 +0800" }, "message": "security: allow Kconfig to set default mmap_min_addr protection\n\nSince it was decided that low memory protection from userspace couldn\u0027t\nbe turned on by default add a Kconfig option to allow users/distros to\nset a default at compile time. This value is still tunable after boot\nin /proc/sys/vm/mmap_min_addr\n\nDiscussion:\nhttp://www.mail-archive.com/linux-security-module@vger.kernel.org/msg02543.html\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e114e473771c848c3cfec05f0123e70f1cdbdc99", "tree": "933b840f3ccac6860da56291c742094f9b5a20cb", "parents": [ "eda61d32e8ad1d9102872f9a0abf3344bf9c5e67" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Feb 04 22:29:50 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "Smack: Simplified Mandatory Access Control Kernel\n\nSmack is the Simplified Mandatory Access Control Kernel.\n\nSmack implements mandatory access control (MAC) using labels\nattached to tasks and data containers, including files, SVIPC,\nand other tasks. Smack is a kernel based scheme that requires\nan absolute minimum of application support and a very small\namount of configuration data.\n\nSmack uses extended attributes and\nprovides a set of general mount options, borrowing technics used\nelsewhere. Smack uses netlabel for CIPSO labeling. Smack provides\na pseudo-filesystem smackfs that is used for manipulation of\nsystem Smack attributes.\n\nThe patch, patches for ls and sshd, a README, a startup script,\nand x86 binaries for ls and sshd are also available on\n\n http://www.schaufler-ca.com\n\nDevelopment has been done using Fedora Core 7 in a virtual machine\nenvironment and on an old Sony laptop.\n\nSmack provides mandatory access controls based on the label attached\nto a task and the label attached to the object it is attempting to\naccess. Smack labels are deliberately short (1-23 characters) text\nstrings. Single character labels using special characters are reserved\nfor system use. The only operation applied to Smack labels is equality\ncomparison. No wildcards or expressions, regular or otherwise, are\nused. Smack labels are composed of printable characters and may not\ninclude \"/\".\n\nA file always gets the Smack label of the task that created it.\n\nSmack defines and uses these labels:\n\n \"*\" - pronounced \"star\"\n \"_\" - pronounced \"floor\"\n \"^\" - pronounced \"hat\"\n \"?\" - pronounced \"huh\"\n\nThe access rules enforced by Smack are, in order:\n\n1. Any access requested by a task labeled \"*\" is denied.\n2. A read or execute access requested by a task labeled \"^\"\n is permitted.\n3. A read or execute access requested on an object labeled \"_\"\n is permitted.\n4. Any access requested on an object labeled \"*\" is permitted.\n5. Any access requested by a task on an object with the same\n label is permitted.\n6. Any access requested that is explicitly defined in the loaded\n rule set is permitted.\n7. Any other access is denied.\n\nRules may be explicitly defined by writing subject,object,access\ntriples to /smack/load.\n\nSmack rule sets can be easily defined that describe Bell\u0026LaPadula\nsensitivity, Biba integrity, and a variety of interesting\nconfigurations. Smack rule sets can be modified on the fly to\naccommodate changes in the operating environment or even the time\nof day.\n\nSome practical use cases:\n\nHierarchical levels. The less common of the two usual uses\nfor MLS systems is to define hierarchical levels, often\nunclassified, confidential, secret, and so on. To set up smack\nto support this, these rules could be defined:\n\n C Unclass rx\n S C rx\n S Unclass rx\n TS S rx\n TS C rx\n TS Unclass rx\n\nA TS process can read S, C, and Unclass data, but cannot write it.\nAn S process can read C and Unclass. Note that specifying that\nTS can read S and S can read C does not imply TS can read C, it\nhas to be explicitly stated.\n\nNon-hierarchical categories. This is the more common of the\nusual uses for an MLS system. Since the default rule is that a\nsubject cannot access an object with a different label no\naccess rules are required to implement compartmentalization.\n\nA case that the Bell \u0026 LaPadula policy does not allow is demonstrated\nwith this Smack access rule:\n\nA case that Bell\u0026LaPadula does not allow that Smack does:\n\n ESPN ABC r\n ABC ESPN r\n\nOn my portable video device I have two applications, one that\nshows ABC programming and the other ESPN programming. ESPN wants\nto show me sport stories that show up as news, and ABC will\nonly provide minimal information about a sports story if ESPN\nis covering it. Each side can look at the other\u0027s info, neither\ncan change the other. Neither can see what FOX is up to, which\nis just as well all things considered.\n\nAnother case that I especially like:\n\n SatData Guard w\n Guard Publish w\n\nA program running with the Guard label opens a UDP socket and\naccepts messages sent by a program running with a SatData label.\nThe Guard program inspects the message to ensure it is wholesome\nand if it is sends it to a program running with the Publish label.\nThis program then puts the information passed in an appropriate\nplace. Note that the Guard program cannot write to a Publish\nfile system object because file system semanitic require read as\nwell as write.\n\nThe four cases (categories, levels, mutual read, guardbox) here\nare all quite real, and problems I\u0027ve been asked to solve over\nthe years. The first two are easy to do with traditonal MLS systems\nwhile the last two you can\u0027t without invoking privilege, at least\nfor a while.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Joshua Brindle \u003cmethod@manicmethod.com\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: \"Ahmed S. Darwish\" \u003cdarwish.07@gmail.com\u003e\nCc: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3b7391de67da515c91f48aa371de77cb6cc5c07e", "tree": "22b9f5d9d1c36b374eb5765219aca3c7e1f23486", "parents": [ "46c383cc4530ccc438cb325e92e11eb21dd3d4fc" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Feb 04 22:29:45 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "capabilities: introduce per-process capability bounding set\n\nThe capability bounding set is a set beyond which capabilities cannot grow.\n Currently cap_bset is per-system. It can be manipulated through sysctl,\nbut only init can add capabilities. Root can remove capabilities. By\ndefault it includes all caps except CAP_SETPCAP.\n\nThis patch makes the bounding set per-process when file capabilities are\nenabled. It is inherited at fork from parent. Noone can add elements,\nCAP_SETPCAP is required to remove them.\n\nOne example use of this is to start a safer container. For instance, until\ndevice namespaces or per-container device whitelists are introduced, it is\nbest to take CAP_MKNOD away from a container.\n\nThe bounding set will not affect pP and pE immediately. It will only\naffect pP\u0027 and pE\u0027 after subsequent exec()s. It also does not affect pI,\nand exec() does not constrain pI\u0027. So to really start a shell with no way\nof regain CAP_MKNOD, you would do\n\n\tprctl(PR_CAPBSET_DROP, CAP_MKNOD);\n\tcap_t cap \u003d cap_get_proc();\n\tcap_value_t caparray[1];\n\tcaparray[0] \u003d CAP_MKNOD;\n\tcap_set_flag(cap, CAP_INHERITABLE, 1, caparray, CAP_DROP);\n\tcap_set_proc(cap);\n\tcap_free(cap);\n\nThe following test program will get and set the bounding\nset (but not pI). For instance\n\n\t./bset get\n\t\t(lists capabilities in bset)\n\t./bset drop cap_net_raw\n\t\t(starts shell with new bset)\n\t\t(use capset, setuid binary, or binary with\n\t\tfile capabilities to try to increase caps)\n\n************************************************************\ncap_bound.c\n************************************************************\n #include \u003csys/prctl.h\u003e\n #include \u003clinux/capability.h\u003e\n #include \u003csys/types.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003cstdio.h\u003e\n #include \u003cstdlib.h\u003e\n #include \u003cstring.h\u003e\n\n #ifndef PR_CAPBSET_READ\n #define PR_CAPBSET_READ 23\n #endif\n\n #ifndef PR_CAPBSET_DROP\n #define PR_CAPBSET_DROP 24\n #endif\n\nint usage(char *me)\n{\n\tprintf(\"Usage: %s get\\n\", me);\n\tprintf(\" %s drop \u003ccapability\u003e\\n\", me);\n\treturn 1;\n}\n\n #define numcaps 32\nchar *captable[numcaps] \u003d {\n\t\"cap_chown\",\n\t\"cap_dac_override\",\n\t\"cap_dac_read_search\",\n\t\"cap_fowner\",\n\t\"cap_fsetid\",\n\t\"cap_kill\",\n\t\"cap_setgid\",\n\t\"cap_setuid\",\n\t\"cap_setpcap\",\n\t\"cap_linux_immutable\",\n\t\"cap_net_bind_service\",\n\t\"cap_net_broadcast\",\n\t\"cap_net_admin\",\n\t\"cap_net_raw\",\n\t\"cap_ipc_lock\",\n\t\"cap_ipc_owner\",\n\t\"cap_sys_module\",\n\t\"cap_sys_rawio\",\n\t\"cap_sys_chroot\",\n\t\"cap_sys_ptrace\",\n\t\"cap_sys_pacct\",\n\t\"cap_sys_admin\",\n\t\"cap_sys_boot\",\n\t\"cap_sys_nice\",\n\t\"cap_sys_resource\",\n\t\"cap_sys_time\",\n\t\"cap_sys_tty_config\",\n\t\"cap_mknod\",\n\t\"cap_lease\",\n\t\"cap_audit_write\",\n\t\"cap_audit_control\",\n\t\"cap_setfcap\"\n};\n\nint getbcap(void)\n{\n\tint comma\u003d0;\n\tunsigned long i;\n\tint ret;\n\n\tprintf(\"i know of %d capabilities\\n\", numcaps);\n\tprintf(\"capability bounding set:\");\n\tfor (i\u003d0; i\u003cnumcaps; i++) {\n\t\tret \u003d prctl(PR_CAPBSET_READ, i);\n\t\tif (ret \u003c 0)\n\t\t\tperror(\"prctl\");\n\t\telse if (ret\u003d\u003d1)\n\t\t\tprintf(\"%s%s\", (comma++) ? \", \" : \" \", captable[i]);\n\t}\n\tprintf(\"\\n\");\n\treturn 0;\n}\n\nint capdrop(char *str)\n{\n\tunsigned long i;\n\n\tint found\u003d0;\n\tfor (i\u003d0; i\u003cnumcaps; i++) {\n\t\tif (strcmp(captable[i], str) \u003d\u003d 0) {\n\t\t\tfound\u003d1;\n\t\t\tbreak;\n\t\t}\n\t}\n\tif (!found)\n\t\treturn 1;\n\tif (prctl(PR_CAPBSET_DROP, i)) {\n\t\tperror(\"prctl\");\n\t\treturn 1;\n\t}\n\treturn 0;\n}\n\nint main(int argc, char *argv[])\n{\n\tif (argc\u003c2)\n\t\treturn usage(argv[0]);\n\tif (strcmp(argv[1], \"get\")\u003d\u003d0)\n\t\treturn getbcap();\n\tif (strcmp(argv[1], \"drop\")!\u003d0 || argc\u003c3)\n\t\treturn usage(argv[0]);\n\tif (capdrop(argv[2])) {\n\t\tprintf(\"unknown capability\\n\");\n\t\treturn 1;\n\t}\n\treturn execl(\"/bin/bash\", \"/bin/bash\", NULL);\n}\n************************************************************\n\n[serue@us.ibm.com: fix typo]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003ea\nSigned-off-by: \"Serge E. Hallyn\" \u003cserue@us.ibm.com\u003e\nTested-by: Jiri Slaby \u003cjirislaby@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e338d263a76af78fe8f38a72131188b58fceb591", "tree": "f3f046fc6fd66de43de7191830f0daf3bc4ec8eb", "parents": [ "8f6936f4d29aa14e54a2470b954a2e1f96322988" ], "author": { "name": "Andrew Morgan", "email": "morgan@kernel.org", "time": "Mon Feb 04 22:29:42 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "Add 64-bit capability support to the kernel\n\nThe patch supports legacy (32-bit) capability userspace, and where possible\ntranslates 32-bit capabilities to/from userspace and the VFS to 64-bit\nkernel space capabilities. If a capability set cannot be compressed into\n32-bits for consumption by user space, the system call fails, with -ERANGE.\n\nFWIW libcap-2.00 supports this change (and earlier capability formats)\n\n http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/\n\n[akpm@linux-foundation.org: coding-syle fixes]\n[akpm@linux-foundation.org: use get_task_comm()]\n[ezk@cs.sunysb.edu: build fix]\n[akpm@linux-foundation.org: do not initialise statics to 0 or NULL]\n[akpm@linux-foundation.org: unused var]\n[serue@us.ibm.com: export __cap_ symbols]\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Erez Zadok \u003cezk@cs.sunysb.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8f6936f4d29aa14e54a2470b954a2e1f96322988", "tree": "63e1bca33b783cf819b356f3ffd45cfe7b226654", "parents": [ "4bea58053f206be9a89ca35850f9ad295dac2042" ], "author": { "name": "Andrew Morton", "email": "akpm@linux-foundation.org", "time": "Mon Feb 04 22:29:41 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "revert \"capabilities: clean up file capability reading\"\n\nRevert b68680e4731abbd78863063aaa0dca2a6d8cc723 to make way for the next\npatch: \"Add 64-bit capability support to the kernel\".\n\nWe want to keep the vfs_cap_data.data[] structure, using two \u0027data\u0027s for\n64-bit caps (and later three for 96-bit caps), whereas\nb68680e4731abbd78863063aaa0dca2a6d8cc723 had gotten rid of the \u0027data\u0027 struct\nmade its members inline.\n\nThe 64-bit caps patch keeps the stack abuse fix at get_file_caps(), which was\nthe more important part of that patch.\n\n[akpm@linux-foundation.org: coding-style fixes]\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Andrew Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "42492594043d621a7910ff5877c3eb9202870b45", "tree": "9188d112c019a189606847dc1d90ccc63c1bacf2", "parents": [ "3729145821e3088a0c3c4183037fde356204bf97" ], "author": { "name": "David P. Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Mon Feb 04 22:29:39 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "VFS/Security: Rework inode_getsecurity and callers to return resulting buffer\n\nThis patch modifies the interface to inode_getsecurity to have the function\nreturn a buffer containing the security blob and its length via parameters\ninstead of relying on the calling function to give it an appropriately sized\nbuffer.\n\nSecurity blobs obtained with this function should be freed using the\nrelease_secctx LSM hook. This alleviates the problem of the caller having to\nguess a length and preallocate a buffer for this function allowing it to be\nused elsewhere for Labeled NFS.\n\nThe patch also removed the unused err parameter. The conversion is similar to\nthe one performed by Al Viro for the security_getprocattr hook.\n\nSigned-off-by: David P. Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4746ec5b01ed07205a91e4f7ed9de9d70f371407", "tree": "7a3a836b6178ccab24801e90b69c1159b2c23099", "parents": [ "c2a7780efe37d01bdb3facc85a94663e6d67d4a8" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 08 10:06:53 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:06:51 2008 -0500" }, "message": "[AUDIT] add session id to audit messages\n\nIn order to correlate audit records to an individual login add a session\nid. This is incremented every time a user logs in and is included in\nalmost all messages which currently output the auid. The field is\nlabeled ses\u003d or oses\u003d\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "0c11b9428f619ab377c92eff2f160a834a6585dd", "tree": "35b573715ad5730a77d067486838345132771a7a", "parents": [ "24e1c13c93cbdd05e4b7ea921c0050b036555adc" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jan 10 04:20:52 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:04:59 2008 -0500" }, "message": "[PATCH] switch audit_get_loginuid() to task_struct *\n\nall callers pass something-\u003eaudit_context\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e1770d97a730ff4c3aa1775d98f4d0558390607f", "tree": "64ad3c2d24b5506861aac9cef8f08c0e0fbd9959", "parents": [ "1a6509d991225ad210de54c63314fd9542922095" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Jan 28 19:49:00 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Jan 31 19:27:04 2008 -0800" }, "message": "[SELinux]: Fix double free in selinux_netlbl_sock_setsid()\n\nAs pointed out by Adrian Bunk, commit\n45c950e0f839fded922ebc0bfd59b1081cc71b70 (\"fix memory leak in netlabel\ncode\") caused a double-free when security_netlbl_sid_to_secattr()\nfails. This patch fixes this by removing the netlbl_secattr_destroy()\ncall from that function since we are already releasing the secattr\nmemory in selinux_netlbl_sock_setsid().\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f71ea9ddf0ff110f3fcbb89a46686bfba264014c", "tree": "db6843db55d5e1036248fc41782a891882b2cb54", "parents": [ "374ea019cacfa8b69ae49eea993b74cb5968970b" ], "author": { "name": "sergeh@us.ibm.com", "email": "sergeh@us.ibm.com", "time": "Tue Jan 29 05:04:43 2008 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:18:21 2008 +1100" }, "message": "security: compile capabilities by default\n\nCapabilities have long been the default when CONFIG_SECURITY\u003dn,\nand its help text suggests turning it on when CONFIG_SECURITY\u003dy.\nBut it is set to default n.\n\nDefault it to y instead.\n\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Matt LaPlante \u003ckernel1@cyberdogtech.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "374ea019cacfa8b69ae49eea993b74cb5968970b", "tree": "822718af14d91f3beabbde3e9d5758c055e3bef8", "parents": [ "71f1cb05f773661b6fa98c7a635d7a395cd9c55d" ], "author": { "name": "Adrian Bunk", "email": "bunk@kernel.org", "time": "Tue Jan 29 00:11:52 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:44 2008 +1100" }, "message": "selinux: make selinux_set_mnt_opts() static\n\nselinux_set_mnt_opts() can become static.\n\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "71f1cb05f773661b6fa98c7a635d7a395cd9c55d", "tree": "a540f89c5d1d081ea2c09105f264adce44d92fa9", "parents": [ "effad8df44261031a882e1a895415f7186a5098e" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:51:16 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:30 2008 +1100" }, "message": "SELinux: Add warning messages on network denial due to error\n\nCurrently network traffic can be sliently dropped due to non-avc errors which\ncan lead to much confusion when trying to debug the problem. This patch adds\nwarning messages so that when these events occur there is a user visible\nnotification.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "effad8df44261031a882e1a895415f7186a5098e", "tree": "42c04b3247ede13077546e13f82fe3da83ce7b90", "parents": [ "13541b3adad2dc2f56761c5193c2b88db3597f0e" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:49:27 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:30 2008 +1100" }, "message": "SELinux: Add network ingress and egress control permission checks\n\nThis patch implements packet ingress/egress controls for SELinux which allow\nSELinux security policy to control the flow of all IPv4 and IPv6 packets into\nand out of the system. Currently SELinux does not have proper control over\nforwarded packets and this patch corrects this problem.\n\nSpecial thanks to Venkat Yekkirala \u003cvyekkirala@trustedcs.com\u003e whose earlier\nwork on this topic eventually led to this patch.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5dbe1eb0cfc144a2b0cb1466e22bcb6fc34229a8", "tree": "e1e028acaf0dd08cbcacd2c125f60230f820b442", "parents": [ "d621d35e576aa20a0ddae8022c3810f38357c8ff" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:44:18 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:27 2008 +1100" }, "message": "SELinux: Allow NetLabel to directly cache SIDs\n\nNow that the SELinux NetLabel \"base SID\" is always the netmsg initial SID we\ncan do a big optimization - caching the SID and not just the MLS attributes.\nThis not only saves a lot of per-packet memory allocations and copies but it\nhas a nice side effect of removing a chunk of code.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d621d35e576aa20a0ddae8022c3810f38357c8ff", "tree": "318e8aa890dbe715b901b11b019ebac3badb693d", "parents": [ "220deb966ea51e0dedb6a187c0763120809f3e64" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:43:36 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:26 2008 +1100" }, "message": "SELinux: Enable dynamic enable/disable of the network access checks\n\nThis patch introduces a mechanism for checking when labeled IPsec or SECMARK\nare in use by keeping introducing a configuration reference counter for each\nsubsystem. In the case of labeled IPsec, whenever a labeled SA or SPD entry\nis created the labeled IPsec/XFRM reference count is increased and when the\nentry is removed it is decreased. In the case of SECMARK, when a SECMARK\ntarget is created the reference count is increased and later decreased when the\ntarget is removed. These reference counters allow SELinux to quickly determine\nif either of these subsystems are enabled.\n\nNetLabel already has a similar mechanism which provides the netlbl_enabled()\nfunction.\n\nThis patch also renames the selinux_relabel_packet_permission() function to\nselinux_secmark_relabel_packet_permission() as the original name and\ndescription were misleading in that they referenced a single packet label which\nis not the case.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "220deb966ea51e0dedb6a187c0763120809f3e64", "tree": "7d0e5dd8048907c364b4eeff294991937b466c7e", "parents": [ "f67f4f315f31e7907779adb3296fb6682e755342" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:23 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:25 2008 +1100" }, "message": "SELinux: Better integration between peer labeling subsystems\n\nRework the handling of network peer labels so that the different peer labeling\nsubsystems work better together. This includes moving both subsystems to a\nsingle \"peer\" object class which involves not only changes to the permission\nchecks but an improved method of consolidating multiple packet peer labels.\nAs part of this work the inbound packet permission check code has been heavily\nmodified to handle both the old and new behavior in as sane a fashion as\npossible.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f67f4f315f31e7907779adb3296fb6682e755342", "tree": "237a41ae93b73bf4e98761a4b6d30d7a5a54b896", "parents": [ "3bb56b25dbe0a4b44bd2ebceab6736d068e85068" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:21 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:24 2008 +1100" }, "message": "SELinux: Add a new peer class and permissions to the Flask definitions\n\nAdd additional Flask definitions to support the new \"peer\" object class and\nadditional permissions to the netif, node, and packet object classes. Also,\nbring the kernel Flask definitions up to date with the Fedora SELinux policies\nby adding the \"flow_in\" and \"flow_out\" permissions to the \"packet\" class.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3bb56b25dbe0a4b44bd2ebceab6736d068e85068", "tree": "2285d831352b8580d401730eee98820ed54a81a0", "parents": [ "224dfbd81e1ff672eb46e7695469c395bd531083" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:19 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:23 2008 +1100" }, "message": "SELinux: Add a capabilities bitmap to SELinux policy version 22\n\nAdd a new policy capabilities bitmap to SELinux policy version 22. This bitmap\nwill enable the security server to query the policy to determine which features\nit supports.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "224dfbd81e1ff672eb46e7695469c395bd531083", "tree": "c89c3ab606634a7174db8807b2633df8bb024b8c", "parents": [ "da5645a28a15aed2e541a814ecf9f7ffcd4c4673" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:13 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:23 2008 +1100" }, "message": "SELinux: Add a network node caching mechanism similar to the sel_netif_*() functions\n\nThis patch adds a SELinux IP address/node SID caching mechanism similar to the\nsel_netif_*() functions. The node SID queries in the SELinux hooks files are\nalso modified to take advantage of this new functionality. In addition, remove\nthe address length information from the sk_buff parsing routines as it is\nredundant since we already have the address family.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "da5645a28a15aed2e541a814ecf9f7ffcd4c4673", "tree": "8cedccebd0e12308de30573ad593d703943e3cbb", "parents": [ "e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:10 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:22 2008 +1100" }, "message": "SELinux: Only store the network interface\u0027s ifindex\n\nInstead of storing the packet\u0027s network interface name store the ifindex. This\nallows us to defer the need to lookup the net_device structure until the audit\nrecord is generated meaning that in the majority of cases we never need to\nbother with this at all.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6", "tree": "0d786c0ad972e43d1128296b8e7ae47275ab3ebd", "parents": [ "75e22910cf0c26802b09dac2e34c13e648d3ed02" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:08 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:21 2008 +1100" }, "message": "SELinux: Convert the netif code to use ifindex values\n\nThe current SELinux netif code requires the caller have a valid net_device\nstruct pointer to lookup network interface information. However, we don\u0027t\nalways have a valid net_device pointer so convert the netif code to use\nthe ifindex values we always have as part of the sk_buff. This patch also\nremoves the default message SID from the network interface record, it is\nnot being used and therefore is \"dead code\".\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "75e22910cf0c26802b09dac2e34c13e648d3ed02", "tree": "bf5f5c62f6db8a3057a0265dc7748bf310d26d4a", "parents": [ "16efd45435fa695b501b7f73c3259bd7c77cc12c" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:04 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:20 2008 +1100" }, "message": "NetLabel: Add IP address family information to the netlbl_skbuff_getattr() function\n\nIn order to do any sort of IP header inspection of incoming packets we need to\nknow which address family, AF_INET/AF_INET6/etc., it belongs to and since the\nsk_buff structure does not store this information we need to pass along the\naddress family separate from the packet itself.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "16efd45435fa695b501b7f73c3259bd7c77cc12c", "tree": "f26eb84f65192eb0a17aca399fd405100e4be974", "parents": [ "1c3fad936acaf87b75055b95be781437e97d787f" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:37:59 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:19 2008 +1100" }, "message": "NetLabel: Add secid token support to the NetLabel secattr struct\n\nThis patch adds support to the NetLabel LSM secattr struct for a secid token\nand a type field, paving the way for full LSM/SELinux context support and\n\"static\" or \"fallback\" labels. In addition, this patch adds a fair amount\nof documentation to the core NetLabel structures used as part of the\nNetLabel kernel API.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6e23ae2a48750bda407a4a58f52a4865d7308bf5", "tree": "633fd60b2a42bf6fdb86564f0c05a6d52d8dc92b", "parents": [ "1bf06cd2e338fd6fc29169d30eaf0df982338285" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Mon Nov 19 18:53:30 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jan 28 14:53:55 2008 -0800" }, "message": "[NETFILTER]: Introduce NF_INET_ hook values\n\nThe IPv4 and IPv6 hook values are identical, yet some code tries to figure\nout the \"correct\" value by looking at the address family. Introduce NF_INET_*\nvalues for both IPv4 and IPv6. The old values are kept in a #ifndef __KERNEL__\nsection for userspace compatibility.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nAcked-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b1aa5301b9f88a4891061650c591fb8fe1c1d1da", "tree": "701ee5bf6cefbf7545c91ebab614fda7d6fd6a27", "parents": [ "99f1c97dbdb30e958edfd1ced0ae43df62504e07" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Jan 25 13:03:42 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Jan 26 12:16:16 2008 +1100" }, "message": "selinux: fix labeling of /proc/net inodes\n\nThe proc net rewrite had a side effect on selinux, leading it to mislabel\nthe /proc/net inodes, thereby leading to incorrect denials. Fix\nsecurity_genfs_sid to ignore extra leading / characters in the path supplied\nby selinux_proc_get_sid since we now get \"//net/...\" rather than \"/net/...\".\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b47711bfbcd4eb77ca61ef0162487b20e023ae55", "tree": "b2a695dbd40f7ca2333664cf946ef34eda7b7dba", "parents": [ "7556afa0e0e436cad4f560ee83e5fbd5dac9359a", "2e08c0c1c3977a5ddc88887dd3af1b26c433e9d0" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 25 08:44:29 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 25 08:44:29 2008 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n selinux: make mls_compute_sid always polyinstantiate\n security/selinux: constify function pointer tables and fields\n security: add a secctx_to_secid() hook\n security: call security_file_permission from rw_verify_area\n security: remove security_sb_post_mountroot hook\n Security: remove security.h include from mm.h\n Security: remove security_file_mmap hook sparse-warnings (NULL as 0).\n Security: add get, set, and cloning of superblock security information\n security/selinux: Add missing \"space\"\n" }, { "commit": "78a2d906b40fe530ea800c1e873bfe8f02326f1e", "tree": "ebeef35150816fa807f71e596a9aaf711ad10a90", "parents": [ "197b12d6796a3bca187f22a8978a33d51e2bcd79" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Thu Dec 20 08:13:05 2007 -0800" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Thu Jan 24 20:40:40 2008 -0800" }, "message": "Kobject: convert remaining kobject_unregister() to kobject_put()\n\nThere is no need for kobject_unregister() anymore, thanks to Kay\u0027s\nkobject cleanup changes, so replace all instances of it with\nkobject_put().\n\n\nCc: Kay Sievers \u003ckay.sievers@vrfy.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n\n" }, { "commit": "0ff21e46630abce11fdaaffabd72bbd4eed5ac2c", "tree": "cc49671622ef90775bf12a91d20b8286aa346e6f", "parents": [ "5c03c7ab886859eb195440dbb6ccb8c30c4e84cc" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Tue Nov 06 10:36:58 2007 -0800" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Thu Jan 24 20:40:24 2008 -0800" }, "message": "kobject: convert kernel_kset to be a kobject\n\nkernel_kset does not need to be a kset, but a much simpler kobject now\nthat we have kobj_attributes.\n\nWe also rename kernel_kset to kernel_kobj to catch all users of this\nsymbol with a build error instead of an easy-to-ignore build warning.\n\nCc: Kay Sievers \u003ckay.sievers@vrfy.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n\n" }, { "commit": "bd35b93d8049ab47b5bfaf6b10ba39badf21d1c3", "tree": "bac82e14d960b2c7011b7f660a93f07e922f8a97", "parents": [ "e5e38a86c0bbe8475543f10f0a48393a45df5182" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Mon Oct 29 20:13:17 2007 +0100" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Thu Jan 24 20:40:14 2008 -0800" }, "message": "kset: convert kernel_subsys to use kset_create\n\nDynamically create the kset instead of declaring it statically. We also\nrename kernel_subsys to kernel_kset to catch all users of this symbol\nwith a build error instead of an easy-to-ignore build warning.\n\nCc: Kay Sievers \u003ckay.sievers@vrfy.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n\n" }, { "commit": "69d8e1389551b107b1a8ec70c280cb7a56096666", "tree": "d487b8ce9435c4b225beb52e41eabc5ce68862e6", "parents": [ "5c89e17e9c2bc03ed16320967832b33b174e6234" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Mon Oct 29 20:13:17 2007 +0100" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Thu Jan 24 20:40:11 2008 -0800" }, "message": "kobject: convert securityfs to use kobject_create\n\nWe don\u0027t need a kset here, a simple kobject will do just fine, so\ndynamically create the kobject and use it.\n\nCc: Kay Sievers \u003ckay.sievers@vrfy.org\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n\n" }, { "commit": "3514faca19a6fdc209734431c509631ea92b094e", "tree": "f6d102e6dec276f8e8d1044b47c74a02b901554f", "parents": [ "c11c4154e7ff4cebfadad849b1e22689d759c3f4" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Tue Oct 16 10:11:44 2007 -0600" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Thu Jan 24 20:40:10 2008 -0800" }, "message": "kobject: remove struct kobj_type from struct kset\n\nWe don\u0027t need a \"default\" ktype for a kset. We should set this\nexplicitly every time for each kset. This change is needed so that we\ncan make ksets dynamic, and cleans up one of the odd, undocumented\nassumption that the kset/kobject/ktype model has.\n\nThis patch is based on a lot of help from Kay Sievers.\n\nNasty bug in the block code was found by Dave Young\n\u003chidave.darkstar@gmail.com\u003e\n\nCc: Kay Sievers \u003ckay.sievers@vrfy.org\u003e\nCc: Dave Young \u003chidave.darkstar@gmail.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n\n" }, { "commit": "2e08c0c1c3977a5ddc88887dd3af1b26c433e9d0", "tree": "2487c7d7bf54a5a26c53416ee4f1f14886121e15", "parents": [ "1996a10948e50e546dc2b64276723c0b64d3173b" ], "author": { "name": "Eamon Walsh", "email": "ewalsh@tycho.nsa.gov", "time": "Thu Jan 24 15:30:52 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jan 25 11:29:56 2008 +1100" }, "message": "selinux: make mls_compute_sid always polyinstantiate\n\nThis patch removes the requirement that the new and related object types\ndiffer in order to polyinstantiate by MLS level. This allows MLS\npolyinstantiation to occur in the absence of explicit type_member rules or\nwhen the type has not changed.\n\nPotential users of this support include pam_namespace.so (directory\npolyinstantiation) and the SELinux X support (property polyinstantiation).\n\nSigned-off-by: Eamon Walsh \u003cewalsh@tycho.nsa.gov\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1996a10948e50e546dc2b64276723c0b64d3173b", "tree": "971b235907b7c6911c21c9139e0ba85c5b84ef80", "parents": [ "63cb34492351078479b2d4bae6a881806a396286" ], "author": { "name": "Jan Engelhardt", "email": "jengelh@computergmbh.de", "time": "Wed Jan 23 00:02:58 2008 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jan 25 11:29:54 2008 +1100" }, "message": "security/selinux: constify function pointer tables and fields\n\nConstify function pointer tables and fields.\n\nSigned-off-by: Jan Engelhardt \u003cjengelh@computergmbh.de\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "63cb34492351078479b2d4bae6a881806a396286", "tree": "d33ab15eda40c5195c4a723d9e49591a9b4950f9", "parents": [ "c43e259cc756ece387faae849af0058b56d78466" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Jan 15 23:47:35 2008 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jan 25 11:29:53 2008 +1100" }, "message": "security: add a secctx_to_secid() hook\n\nAdd a secctx_to_secid() LSM hook to go along with the existing\nsecid_to_secctx() LSM hook. This patch also includes the SELinux\nimplementation for this hook.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bced95283e9434611cbad8f2ff903cd396eaea72", "tree": "5d56afc7a5f239ebc53a1800a508f16b8d8701b0", "parents": [ "42d7896ebc5f7268b1fe6bbd20f2282e20ae7895" ], "author": { "name": "H. Peter Anvin", "email": "hpa@zytor.com", "time": "Sat Dec 29 16:20:25 2007 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jan 25 11:29:50 2008 +1100" }, "message": "security: remove security_sb_post_mountroot hook\n\nThe security_sb_post_mountroot() hook is long-since obsolete, and is\nfundamentally broken: it is never invoked if someone uses initramfs.\nThis is particularly damaging, because the existence of this hook has\nbeen used as motivation for not using initramfs.\n\nStephen Smalley confirmed on 2007-07-19 that this hook was originally\nused by SELinux but can now be safely removed:\n\n http://marc.info/?l\u003dlinux-kernel\u0026m\u003d118485683612916\u0026w\u003d2\n\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: H. Peter Anvin \u003chpa@zytor.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c9180a57a9ab2d5525faf8815a332364ee9e89b7", "tree": "c677ec33735f3529d478a2b71fcc732d4fe59adf", "parents": [ "19c5fc198c369bb00f3ed9716ef40648865d8d94" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Nov 30 13:00:35 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jan 25 11:29:46 2008 +1100" }, "message": "Security: add get, set, and cloning of superblock security information\n\nAdds security_get_sb_mnt_opts, security_set_sb_mnt_opts, and\nsecurity_clont_sb_mnt_opts to the LSM and to SELinux. This will allow\nfilesystems to directly own and control all of their mount options if they\nso choose. This interface deals only with option identifiers and strings so\nit should generic enough for any LSM which may come in the future.\n\nFilesystems which pass text mount data around in the kernel (almost all of\nthem) need not currently make use of this interface when dealing with\nSELinux since it will still parse those strings as it always has. I assume\nfuture LSM\u0027s would do the same. NFS is the primary FS which does not use\ntext mount data and thus must make use of this interface.\n\nAn LSM would need to implement these functions only if they had mount time\noptions, such as selinux has context\u003d or fscontext\u003d. If the LSM has no\nmount time options they could simply not implement and let the dummy ops\ntake care of things.\n\nAn LSM other than SELinux would need to define new option numbers in\nsecurity.h and any FS which decides to own there own security options would\nneed to be patched to use this new interface for every possible LSM. This\nis because it was stated to me very clearly that LSM\u0027s should not attempt to\nunderstand FS mount data and the burdon to understand security should be in\nthe FS which owns the options.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "19c5fc198c369bb00f3ed9716ef40648865d8d94", "tree": "20c6e68e469f509dd80c41736628a6322704f2ed", "parents": [ "49914084e797530d9baaf51df9eda77babc98fa8" ], "author": { "name": "Joe Perches", "email": "joe@perches.com", "time": "Mon Nov 19 17:53:44 2007 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jan 25 11:29:44 2008 +1100" }, "message": "security/selinux: Add missing \"space\"\n\nAdd missing space.\n\nSigned-off-by: Joe Perches \u003cjoe@perches.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8b85eaadd5b8d3786996bd74c73aff54a92ec456", "tree": "7ef6ed3e5955a45d54b1d223e3ebf7749aa3b918", "parents": [ "f290fc3669d659a915e29b6bdb82d454b437cf93", "45c950e0f839fded922ebc0bfd59b1081cc71b70" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jan 21 19:45:49 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jan 21 19:45:49 2008 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n selinux: fix memory leak in netlabel code\n" }, { "commit": "a6dbb1ef2fc8d73578eacd02ac701f4233175c9f", "tree": "eb2efa0193cdc7ab6b1f30068571194d0dabf230", "parents": [ "a10336043b8193ec603ad54bb79cdcd26bbf94b3" ], "author": { "name": "Andrew G. Morgan", "email": "morgan@kernel.org", "time": "Mon Jan 21 17:18:30 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jan 21 19:39:41 2008 -0800" }, "message": "Fix filesystem capability support\n\nIn linux-2.6.24-rc1, security/commoncap.c:cap_inh_is_capped() was\nintroduced. It has the exact reverse of its intended behavior. This\nled to an unintended privilege esculation involving a process\u0027\ninheritable capability set.\n\nTo be exposed to this bug, you need to have Filesystem Capabilities\nenabled and in use. That is:\n\n- CONFIG_SECURITY_FILE_CAPABILITIES must be defined for the buggy code\n to be compiled in.\n\n- You also need to have files on your system marked with fI bits raised.\n\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\n\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@akpm@linux-foundation.org\u003e\n" }, { "commit": "45c950e0f839fded922ebc0bfd59b1081cc71b70", "tree": "97ca2840c63c0c646daf6b13420157237a3fcbec", "parents": [ "a7da60f41551abb3c520b03d42ec05dd7decfc7f" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 22 09:31:00 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jan 22 09:31:00 2008 +1100" }, "message": "selinux: fix memory leak in netlabel code\n\nFix a memory leak in security_netlbl_sid_to_secattr() as reported here:\n * https://bugzilla.redhat.com/show_bug.cgi?id\u003d352281\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ab5a91a8364c3d6fc617abc47cc81d162c01d90a", "tree": "0b7f4ef877f56be57f75b8b455b9f694f19da633", "parents": [ "d313f948309ab22797316e789a7ff8fa358176b6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 26 18:47:46 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 06 00:24:30 2007 +1100" }, "message": "Security: allow capable check to permit mmap or low vm space\n\nOn a kernel with CONFIG_SECURITY but without an LSM which implements\nsecurity_file_mmap it is impossible for an application to mmap addresses\nlower than mmap_min_addr. Based on a suggestion from a developer in the\nopenwall community this patch adds a check for CAP_SYS_RAWIO. It is\nassumed that any process with this capability can harm the system a lot\nmore easily than writing some stuff on the zero page and then trying to\nget the kernel to trip over itself. It also means that programs like X\non i686 which use vm86 emulation can work even with mmap_min_addr set.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d313f948309ab22797316e789a7ff8fa358176b6", "tree": "7a6d4a54ea7448ce53cf23349eb8a64d7fd93151", "parents": [ "0955dc03aedfb6a5565445b3f2176255b784cc6a" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Nov 26 11:12:53 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 06 00:24:09 2007 +1100" }, "message": "SELinux: detect dead booleans\n\nInstead of using f_op to detect dead booleans, check the inode index\nagainst the number of booleans and check the dentry name against the\nboolean name for that index on reads and writes. This prevents\nincorrect use of a boolean file opened prior to a policy reload while\nallowing valid use of it as long as it still corresponds to the same\nboolean in the policy.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0955dc03aedfb6a5565445b3f2176255b784cc6a", "tree": "34ec01676c33f5627b8a5c02ca68b8757da3308c", "parents": [ "e3c0ac04f980750a368f7cd5f1b8d1d2cdc1f735" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Nov 21 09:01:36 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 06 00:23:46 2007 +1100" }, "message": "SELinux: do not clear f_op when removing entries\n\nDo not clear f_op when removing entries since it isn\u0027t safe to do.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8ec2328f1138a58eaea55ec6150985a1623b01c5", "tree": "ebaecf41dd8c8789f0c49ee9c0f30c0ce40e3e39", "parents": [ "d0eec99ce50baa5cc2ac02363cdb2a771ed4e1e2" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Wed Nov 28 16:21:47 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Nov 29 09:24:53 2007 -0800" }, "message": "file capabilities: don\u0027t prevent signaling setuid root programs\n\nAn unprivileged process must be able to kill a setuid root program started\nby the same user. This is legacy behavior needed for instance for xinit to\nkill X when the window manager exits.\n\nWhen an unprivileged user runs a setuid root program in !SECURE_NOROOT\nmode, fP, fI, and fE are set full on, so pP\u0027 and pE\u0027 are full on. Then\ncap_task_kill() prevents the user from signaling the setuid root task.\nThis is a change in behavior compared to when\n!CONFIG_SECURITY_FILE_CAPABILITIES.\n\nThis patch introduces a special check into cap_task_kill() just to check\nwhether a non-root user is signaling a setuid root program started by the\nsame user. If so, then signal is allowed.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Andrew Morgan \u003cmorgan@kernel.org\u003e\nCc: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "91ad997a34d7abca1f04e819e31eb9f3d4e20585", "tree": "d39e72f2e2ab69ccb6c69acf46173ccd8803fcc4", "parents": [ "20a1022d4ac5c53f0956006fd9e30cf4846d5e58" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Wed Nov 14 17:00:34 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Nov 14 18:45:44 2007 -0800" }, "message": "file capabilities: allow sigcont within session\n\nFix http://bugzilla.kernel.org/show_bug.cgi?id\u003d9247\n\nAllow sigcont to be sent to a process with greater capabilities if it is in\nthe same session. Otherwise, a shell from which I\u0027ve started a root shell\nand done \u0027suspend\u0027 can\u0027t be restarted by the parent shell.\n\nAlso don\u0027t do file-capabilities signaling checks when uids for the\nprocesses don\u0027t match, since the standard check_kill_permission will have\ndone those checks.\n\n[akpm@linux-foundation.org: coding-style cleanups]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Andrew Morgan \u003cmorgan@kernel.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nTested-by: \"Theodore Ts\u0027o\" \u003ctytso@mit.edu\u003e\nCc: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nCc: \"Rafael J. Wysocki\" \u003crjw@sisk.pl\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "45e5421eb5bbcd9efa037d682dd357284e3ef982", "tree": "ceb24143024fe335d08ac30fb4da9ca25fbeb6e6", "parents": [ "6d2b685564ba417f4c6d80c3661f0dfee13fff85" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Nov 07 10:08:00 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Nov 08 08:56:23 2007 +1100" }, "message": "SELinux: add more validity checks on policy load\n\nAdd more validity checks at policy load time to reject malformed\npolicies and prevent subsequent out-of-range indexing when in permissive\nmode. Resolves the NULL pointer dereference reported in\nhttps://bugzilla.redhat.com/show_bug.cgi?id\u003d357541.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6d2b685564ba417f4c6d80c3661f0dfee13fff85", "tree": "a4e098a0eaa0f59b84f167e875a987779a6cba5f", "parents": [ "57002bfb31283e84f694763ed4db0fb761b7d6a9" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@kaigai.gr.jp", "time": "Wed Nov 07 01:17:16 2007 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@sdv.(none)", "time": "Thu Nov 08 08:55:10 2007 +1100" }, "message": "SELinux: fix bug in new ebitmap code.\n\nThe \"e_iter \u003d e_iter-\u003enext;\" statement in the inner for loop is primally\nbug. It should be moved to outside of the for loop.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@kaigai.gr.jp\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "57002bfb31283e84f694763ed4db0fb761b7d6a9", "tree": "7788e55754cbe3a86fdd7e73a1e5e15e2cb8ff1a", "parents": [ "dbeeb816e805091e7cfc03baf36dc40b4adb2bbd" ], "author": { "name": "Stephen Rothwell", "email": "sfr@canb.auug.org.au", "time": "Wed Oct 31 16:47:19 2007 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@sdv.(none)", "time": "Thu Nov 08 08:55:04 2007 +1100" }, "message": "SELinux: suppress a warning for 64k pages.\n\nOn PowerPC allmodconfig build we get this:\n\nsecurity/selinux/xfrm.c:214: warning: comparison is always false due to limited range of data type\n\nSigned-off-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "48d2268473a66fe3aa78fb13b09ee59d6ee95073", "tree": "20d55db1f93294f006ce79156a05652dfa7a8048", "parents": [ "e5eca6aef6a2a57e433db1eac247d2d1c213ce08", "8a53514043e380aa573baa805298a7727c993985" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Oct 23 08:59:46 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Oct 23 08:59:46 2007 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n SELinux: always check SIGCHLD in selinux_task_wait\n" }, { "commit": "8a53514043e380aa573baa805298a7727c993985", "tree": "869d2c0f90390814430fc6639914dc8ea4c0c9c6", "parents": [ "55b70a0300b873c0ec7ea6e33752af56f41250ce" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Oct 22 16:10:31 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Oct 23 08:47:48 2007 +1000" }, "message": "SELinux: always check SIGCHLD in selinux_task_wait\n\nWhen checking if we can wait on a child we were looking at\np-\u003eexit_signal and trying to make the decision based on if the signal\nwould eventually be allowed. One big flaw is that p-\u003eexit_signal is -1\nfor NPTL threads and so aignal_to_av was not actually checking SIGCHLD\nwhich is what would have been sent. Even is exit_signal was set to\nsomething strange it wouldn\u0027t change the fact that the child was there\nand needed to be waited on. This patch just assumes wait is based on\nSIGCHLD. Specific permission checks are made when the child actually\nattempts to send a signal.\n\nThis resolves the problem of things like using GDB on confined domains\nsuch as in RH BZ 232371. The confined domain did not have permission to\nsend a generic signal (exit_signal \u003d\u003d -1) back to the unconfined GDB.\nWith this patch the GDB wait works and since the actual signal sent is\nallowed everything functions as it should.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b68680e4731abbd78863063aaa0dca2a6d8cc723", "tree": "6c546575432b34abb27a54b51f549071d2819282", "parents": [ "b9049e234401e1fad8459d69a952b174d76c399d" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Sun Oct 21 16:41:38 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Oct 22 08:13:18 2007 -0700" }, "message": "capabilities: clean up file capability reading\n\nSimplify the vfs_cap_data structure.\n\nAlso fix get_file_caps which was declaring\n__le32 v1caps[XATTR_CAPS_SZ] on the stack, but\nXATTR_CAPS_SZ is already * sizeof(__le32).\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Andrew Morgan \u003cmorgan@kernel.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" } ], "next": "b460cbc581a53cc088ceba80608021dd49c63c43" }