)]}' { "log": [ { "commit": "4ef58d4e2ad1fa2a3e5bbf41af2284671fca8cf8", "tree": "856ba96302a36014736747e8464f80eeb827bbdd", "parents": [ "f6c4c8195b5e7878823caa1181be404d9e86d369", "d014d043869cdc591f3a33243d3481fa4479c2d0" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 09 19:43:33 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 09 19:43:33 2009 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (42 commits)\n tree-wide: fix misspelling of \"definition\" in comments\n reiserfs: fix misspelling of \"journaled\"\n doc: Fix a typo in slub.txt.\n inotify: remove superfluous return code check\n hdlc: spelling fix in find_pvc() comment\n doc: fix regulator docs cut-and-pasteism\n mtd: Fix comment in Kconfig\n doc: Fix IRQ chip docs\n tree-wide: fix assorted typos all over the place\n drivers/ata/libata-sff.c: comment spelling fixes\n fix typos/grammos in Documentation/edac.txt\n sysctl: add missing comments\n fs/debugfs/inode.c: fix comment typos\n sgivwfb: Make use of ARRAY_SIZE.\n sky2: fix sky2_link_down copy/paste comment error\n tree-wide: fix typos \"couter\" -\u003e \"counter\"\n tree-wide: fix typos \"offest\" -\u003e \"offset\"\n fix kerneldoc for set_irq_msi()\n spidev: fix double \"of of\" in comment\n comment typo fix: sybsystem -\u003e subsystem\n ...\n" }, { "commit": "d7fc02c7bae7b1cf69269992cf880a43a350cdaa", "tree": "a43d56fa72913a1cc98a0bbebe054d08581b3a7c", "parents": [ "ee1262dbc65ce0b6234a915d8432171e8d77f518", "28b4d5cc17c20786848cdc07b7ea237a309776bb" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Dec 08 07:55:01 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Dec 08 07:55:01 2009 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1815 commits)\n mac80211: fix reorder buffer release\n iwmc3200wifi: Enable wimax core through module parameter\n iwmc3200wifi: Add wifi-wimax coexistence mode as a module parameter\n iwmc3200wifi: Coex table command does not expect a response\n iwmc3200wifi: Update wiwi priority table\n iwlwifi: driver version track kernel version\n iwlwifi: indicate uCode type when fail dump error/event log\n iwl3945: remove duplicated event logging code\n b43: fix two warnings\n ipw2100: fix rebooting hang with driver loaded\n cfg80211: indent regulatory messages with spaces\n iwmc3200wifi: fix NULL pointer dereference in pmkid update\n mac80211: Fix TX status reporting for injected data frames\n ath9k: enable 2GHz band only if the device supports it\n airo: Fix integer overflow warning\n rt2x00: Fix padding bug on L2PAD devices.\n WE: Fix set events not propagated\n b43legacy: avoid PPC fault during resume\n b43: avoid PPC fault during resume\n tcp: fix a timewait refcnt race\n ...\n\nFix up conflicts due to sysctl cleanups (dead sysctl_check code and\nCTL_UNNUMBERED removed) in\n\tkernel/sysctl_check.c\n\tnet/ipv4/sysctl_net_ipv4.c\n\tnet/ipv6/addrconf.c\n\tnet/sctp/sysctl.c\n" }, { "commit": "1557d33007f63dd96e5d15f33af389378e5f2e54", "tree": "06d05722b2ba5d2a67532f779fa8a88efe3c88f1", "parents": [ "6ec22f9b037fc0c2e00ddb7023fad279c365324d", "c656ae95d1c5c8ed5763356263ace2d03087efec" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Dec 08 07:38:50 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Dec 08 07:38:50 2009 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6: (43 commits)\n security/tomoyo: Remove now unnecessary handling of security_sysctl.\n security/tomoyo: Add a special case to handle accesses through the internal proc mount.\n sysctl: Drop \u0026 in front of every proc_handler.\n sysctl: Remove CTL_NONE and CTL_UNNUMBERED\n sysctl: kill dead ctl_handler definitions.\n sysctl: Remove the last of the generic binary sysctl support\n sysctl net: Remove unused binary sysctl code\n sysctl security/tomoyo: Don\u0027t look at ctl_name\n sysctl arm: Remove binary sysctl support\n sysctl x86: Remove dead binary sysctl support\n sysctl sh: Remove dead binary sysctl support\n sysctl powerpc: Remove dead binary sysctl support\n sysctl ia64: Remove dead binary sysctl support\n sysctl s390: Remove dead sysctl binary support\n sysctl frv: Remove dead binary sysctl support\n sysctl mips/lasat: Remove dead binary sysctl support\n sysctl drivers: Remove dead binary sysctl support\n sysctl crypto: Remove dead binary sysctl support\n sysctl security/keys: Remove dead binary sysctl support\n sysctl kernel: Remove binary sysctl logic\n ...\n" }, { "commit": "d014d043869cdc591f3a33243d3481fa4479c2d0", "tree": "63626829498e647ba058a1ce06419fe7e4d5f97d", "parents": [ "6ec22f9b037fc0c2e00ddb7023fad279c365324d", "6070d81eb5f2d4943223c96e7609a53cdc984364" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Dec 07 18:36:35 2009 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Dec 07 18:36:35 2009 +0100" }, "message": "Merge branch \u0027for-next\u0027 into for-linus\n\nConflicts:\n\n\tkernel/irq/chip.c\n" }, { "commit": "28b4d5cc17c20786848cdc07b7ea237a309776bb", "tree": "bae406a4b17229dcce7c11be5073f7a67665e477", "parents": [ "d29cecda036f251aee4947f47eea0fe9ed8cc931", "96fa2b508d2d3fe040cf4ef2fffb955f0a537ea1" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Dec 05 15:22:26 2009 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Dec 05 15:22:26 2009 -0800" }, "message": "Merge branch \u0027master\u0027 of /home/davem/src/GIT/linux-2.6/\n\nConflicts:\n\tdrivers/net/pcmcia/fmvj18x_cs.c\n\tdrivers/net/pcmcia/nmclan_cs.c\n\tdrivers/net/pcmcia/xirc2ps_cs.c\n\tdrivers/net/wireless/ray_cs.c\n" }, { "commit": "af901ca181d92aac3a7dc265144a9081a86d8f39", "tree": "380054af22521144fbe1364c3bcd55ad24c9bde4", "parents": [ "972b94ffb90ea6d20c589d9a47215df103388ddd" ], "author": { "name": "André Goddard Rosa", "email": "andre.goddard@gmail.com", "time": "Sat Nov 14 13:09:05 2009 -0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Fri Dec 04 15:39:55 2009 +0100" }, "message": "tree-wide: fix assorted typos all over the place\n\nThat is \"success\", \"unknown\", \"through\", \"performance\", \"[re|un]mapping\"\n, \"access\", \"default\", \"reasonable\", \"[con]currently\", \"temperature\"\n, \"channel\", \"[un]used\", \"application\", \"example\",\"hierarchy\", \"therefore\"\n, \"[over|under]flow\", \"contiguous\", \"threshold\", \"enough\" and others.\n\nSigned-off-by: André Goddard Rosa \u003candre.goddard@gmail.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "c84d6efd363a3948eb32ec40d46bab6338580454", "tree": "3ba7ac46e6626fe8ac843834588609eb6ccee5c6", "parents": [ "7539cf4b92be4aecc573ea962135f246a7a33401", "22763c5cf3690a681551162c15d34d935308c8d7" ], "author": { "name": "James Morris", "email": "jmorris@macbook.(none)", "time": "Thu Dec 03 12:03:40 2009 +0530" }, "committer": { "name": "James Morris", "email": "jmorris@macbook.(none)", "time": "Thu Dec 03 12:03:40 2009 +0530" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "7539cf4b92be4aecc573ea962135f246a7a33401", "tree": "6ed5ada6206e788e937ce1325a70a9d6fb0d3c2f", "parents": [ "b3a222e52e4d4be77cc4520a57af1a4a0d8222d1" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Nov 24 22:00:05 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 25 18:51:16 2009 +1100" }, "message": "TOMOYO: Add recursive directory matching operator support.\n\nTOMOYO 1.7.1 has recursive directory matching operator support.\nI want to add it to TOMOYO for Linux 2.6.33 .\n----------\n[PATCH] TOMOYO: Add recursive directory matching operator support.\n\nThis patch introduces new operator /\\{dir\\}/ which matches\n\u0027/\u0027 + \u0027One or more repetitions of dir/\u0027 (e.g. /dir/ /dir/dir/ /dir/dir/dir/ ).\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b3a222e52e4d4be77cc4520a57af1a4a0d8222d1", "tree": "1c3d5df529a404636b996ef39c991c9b8813aa12", "parents": [ "0bce95279909aa4cc401a2e3140b4295ca22e72a" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Nov 23 16:21:30 2009 -0600" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 24 15:06:47 2009 +1100" }, "message": "remove CONFIG_SECURITY_FILE_CAPABILITIES compile option\n\nAs far as I know, all distros currently ship kernels with default\nCONFIG_SECURITY_FILE_CAPABILITIES\u003dy. Since having the option on\nleaves a \u0027no_file_caps\u0027 option to boot without file capabilities,\nthe main reason to keep the option is that turning it off saves\nyou (on my s390x partition) 5k. In particular, vmlinux sizes\ncame to:\n\nwithout patch fscaps\u003dn:\t\t \t53598392\nwithout patch fscaps\u003dy:\t\t \t53603406\nwith this patch applied:\t\t53603342\n\nwith the security-next tree.\n\nAgainst this we must weigh the fact that there is no simple way for\nuserspace to figure out whether file capabilities are supported,\nwhile things like per-process securebits, capability bounding\nsets, and adding bits to pI if CAP_SETPCAP is in pE are not supported\nwith SECURITY_FILE_CAPABILITIES\u003dn, leaving a bit of a problem for\napplications wanting to know whether they can use them and/or why\nsomething failed.\n\nIt also adds another subtly different set of semantics which we must\nmaintain at the risk of severe security regressions.\n\nSo this patch removes the SECURITY_FILE_CAPABILITIES compile\noption. It drops the kernel size by about 50k over the stock\nSECURITY_FILE_CAPABILITIES\u003dy kernel, by removing the\ncap_limit_ptraced_target() function.\n\nChangelog:\n\tNov 20: remove cap_limit_ptraced_target() as it\u0027s logic\n\t\twas ifndef\u0027ed.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Andrew G. Morgan\" \u003cmorgan@kernel.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0bce95279909aa4cc401a2e3140b4295ca22e72a", "tree": "5b98e4ebe7ef30fa1edf627c79501c531b346a8b", "parents": [ "c4a5af54c8ef277a59189fc9358e190f3c1b8206" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 23 16:47:23 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 24 14:30:49 2009 +1100" }, "message": "SELinux: print denials for buggy kernel with unknown perms\n\nHistorically we\u0027ve seen cases where permissions are requested for classes\nwhere they do not exist. In particular we have seen CIFS forget to set\ni_mode to indicate it is a directory so when we later check something like\nremove_name we have problems since it wasn\u0027t defined in tclass file. This\nused to result in a avc which included the permission 0x2000 or something.\nCurrently the kernel will deny the operations (good thing) but will not\nprint ANY information (bad thing). First the auditdeny field is no\nextended to include unknown permissions. After that is fixed the logic in\navc_dump_query to output this information isn\u0027t right since it will remove\nthe permission from the av and print the phrase \"\u003cNULL\u003e\". This takes us\nback to the behavior before the classmap rewrite.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8964be4a9a5ca8cab1219bb046db2f6d1936227c", "tree": "8838c73a03cc69c010b55928fce3725d17bc26a9", "parents": [ "fa9a6fed87df1b50804405e700f8d30251d3aaf1" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Fri Nov 20 15:35:04 2009 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 20 15:35:04 2009 -0800" }, "message": "net: rename skb-\u003eiif to skb-\u003eskb_iif\n\nTo help grep games, rename iif to skb_iif\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c656ae95d1c5c8ed5763356263ace2d03087efec", "tree": "41409482c06e8d773a189dcfa8e3351f2a333e1f", "parents": [ "a4054b6b20e9c2cca63715a319759bf8d37d82fc" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Nov 20 09:24:19 2009 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Nov 20 09:37:51 2009 -0800" }, "message": "security/tomoyo: Remove now unnecessary handling of security_sysctl.\n\nNow that sys_sysctl is an emulation on top of proc sys all sysctl\noperations look like normal filesystem operations and we don\u0027t need\nto use the special sysctl hook to authenticate them.\n\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "a4054b6b20e9c2cca63715a319759bf8d37d82fc", "tree": "c7d17dda2b79fbc4faacd88514b01f49c3c05169", "parents": [ "6d4561110a3e9fa742aeec6717248a491dfb1878" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Nov 20 09:12:22 2009 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Nov 20 09:23:22 2009 -0800" }, "message": "security/tomoyo: Add a special case to handle accesses through the internal proc mount.\n\nWith the change of sys_sysctl going through the internal proc mount we no\nlonger need to handle security_sysctl in tomoyo as we have valid pathnames\nfor all sysctl accesses. There is one slight caveat to that in that\nall of the paths from the internal mount look like\n\"/sys/net/ipv4/ip_local_port_range\" instead of\n\"/proc/sys/net/ipv4/ip_local_port_range\" so tomoyo needs to add the\n\"/proc\" portion manually when resolving to full path names to get what it expects.\n\nThis change teaches tomoyo perform that modification.\n\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "3505d1a9fd65e2d3e00827857b6795d9d8983658", "tree": "941cfafdb57c427bb6b7ebf6354ee93b2a3693b5", "parents": [ "dfef948ed2ba69cf041840b5e860d6b4e16fa0b1", "66b00a7c93ec782d118d2c03bd599cfd041e80a1" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 18 22:19:03 2009 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 18 22:19:03 2009 -0800" }, "message": "Merge branch \u0027master\u0027 of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6\n\nConflicts:\n\tdrivers/net/sfc/sfe4001.c\n\tdrivers/net/wireless/libertas/cmd.c\n\tdrivers/staging/Kconfig\n\tdrivers/staging/Makefile\n\tdrivers/staging/rtl8187se/Kconfig\n\tdrivers/staging/rtl8192e/Kconfig\n" }, { "commit": "c09c59e6a070d6af05f238f255aea268185273ef", "tree": "80f4004f11896aa59cf100cf60a08f3af368fc7c", "parents": [ "ac50e950784cae1c26ad9e09ebd8f8c706131eb3" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Nov 18 16:16:06 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Nov 19 08:42:01 2009 +1100" }, "message": "ima: replace GFP_KERNEL with GFP_NOFS\n\nWhile running fsstress tests on the NFSv4 mounted ext3 and ext4\nfilesystem, the following call trace was generated on the nfs\nserver machine.\n\nReplace GFP_KERNEL with GFP_NOFS in ima_iint_insert() to avoid a\npotential deadlock.\n\n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n [ INFO: inconsistent lock state ]\n 2.6.31-31.el6.x86_64 #1\n ---------------------------------\n inconsistent {RECLAIM_FS-ON-W} -\u003e {IN-RECLAIM_FS-W} usage.\n kswapd2/75 [HC0[0]:SC0[0]:HE1:SE1] takes:\n (jbd2_handle){+.+.?.}, at: [\u003cffffffff811edd5e\u003e] jbd2_journal_start+0xfe/0x13f\n {RECLAIM_FS-ON-W} state was registered at:\n [\u003cffffffff81091e40\u003e] mark_held_locks+0x65/0x99\n [\u003cffffffff81091f31\u003e] lockdep_trace_alloc+0xbd/0xf5\n [\u003cffffffff81126fdd\u003e] kmem_cache_alloc+0x40/0x185\n [\u003cffffffff812344d7\u003e] ima_iint_insert+0x3d/0xf1\n [\u003cffffffff812345b0\u003e] ima_inode_alloc+0x25/0x44\n [\u003cffffffff811484ac\u003e] inode_init_always+0xec/0x271\n [\u003cffffffff81148682\u003e] alloc_inode+0x51/0xa1\n [\u003cffffffff81148700\u003e] new_inode+0x2e/0x94\n [\u003cffffffff811b2f08\u003e] ext4_new_inode+0xb8/0xdc9\n [\u003cffffffff811be611\u003e] ext4_create+0xcf/0x175\n [\u003cffffffff8113e2cd\u003e] vfs_create+0x82/0xb8\n [\u003cffffffff8113f337\u003e] do_filp_open+0x32c/0x9ee\n [\u003cffffffff811309b9\u003e] do_sys_open+0x6c/0x12c\n [\u003cffffffff81130adc\u003e] sys_open+0x2e/0x44\n [\u003cffffffff81011e42\u003e] system_call_fastpath+0x16/0x1b\n [\u003cffffffffffffffff\u003e] 0xffffffffffffffff\n irq event stamp: 90371\n hardirqs last enabled at (90371): [\u003cffffffff8112708d\u003e]\n kmem_cache_alloc+0xf0/0x185\n hardirqs last disabled at (90370): [\u003cffffffff81127026\u003e]\n kmem_cache_alloc+0x89/0x185\n softirqs last enabled at (89492): [\u003cffffffff81068ecf\u003e]\n __do_softirq+0x1bf/0x1eb\n softirqs last disabled at (89477): [\u003cffffffff8101312c\u003e] call_softirq+0x1c/0x30\n\n other info that might help us debug this:\n 2 locks held by kswapd2/75:\n #0: (shrinker_rwsem){++++..}, at: [\u003cffffffff810f98ba\u003e] shrink_slab+0x44/0x177\n #1: (\u0026type-\u003es_umount_key#25){++++..}, at: [\u003cffffffff811450ba\u003e]\n\nReported-by: Muni P. Beerakam \u003cmbeeraka@in.ibm.com\u003e\nReported-by: Amit K. Arora \u003camitarora@in.ibm.com\u003e\nCc: stable@kernel.org\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6d4561110a3e9fa742aeec6717248a491dfb1878", "tree": "689e2abf19940416ce597ba56ed31026ff59bd21", "parents": [ "86926d0096279b9739ceeff40f68d3c33b9119a9" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Nov 16 03:11:48 2009 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Nov 18 08:37:40 2009 -0800" }, "message": "sysctl: Drop \u0026 in front of every proc_handler.\n\nFor consistency drop \u0026 in front of every proc_handler. Explicity\ntaking the address is unnecessary and it prevents optimizations\nlike stubbing the proc_handlers to NULL.\n\nCc: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Joe Perches \u003cjoe@perches.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "86b1bc68e2f4244e4ea5db5458df9d19259fbb30", "tree": "a667f1fced80af12e75e28a8fd04f48ad3942ba7", "parents": [ "50469619999a0bc2ba8fa1365dc443b7aed190af" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Nov 09 09:12:15 2009 +0900" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Nov 12 02:05:05 2009 -0800" }, "message": "sysctl security/tomoyo: Don\u0027t look at ctl_name\n\nctl_name field was removed. Always use procname field.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "5cdb35557d022f8dc51b532b5cd1a8e9ed7bcdb7", "tree": "f2d947dd3d0302b23ef7dc515f0ff4841e5a5b87", "parents": [ "56992309ccbe71f4321ddd50ee2f76f91b412c1a" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Apr 03 05:08:03 2009 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Nov 12 02:04:56 2009 -0800" }, "message": "sysctl security/keys: Remove dead binary sysctl support\n\nNow that sys_sysctl is a generic wrapper around /proc/sys .ctl_name\nand .strategy members of sysctl tables are dead code. Remove them.\n\nCc: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "dd8dbf2e6880e30c00b18600c962d0cb5a03c555", "tree": "24835aaf40cec5ceb2aeecccde9240ee173f70f1", "parents": [ "6e65f92ff0d6f18580737321718d09035085a3fb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 03 16:35:32 2009 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 10 09:33:46 2009 +1100" }, "message": "security: report the module name to security_module_request\n\nFor SELinux to do better filtering in userspace we send the name of the\nmodule along with the AVC denial when a program is denied module_request.\n\nExample output:\n\ntype\u003dSYSCALL msg\u003daudit(11/03/2009 10:59:43.510:9) : arch\u003dx86_64 syscall\u003dwrite success\u003dyes exit\u003d2 a0\u003d3 a1\u003d7fc28c0d56c0 a2\u003d2 a3\u003d7fffca0d7440 items\u003d0 ppid\u003d1727 pid\u003d1729 auid\u003dunset uid\u003droot gid\u003droot euid\u003droot suid\u003droot fsuid\u003droot egid\u003droot sgid\u003droot fsgid\u003droot tty\u003d(none) ses\u003dunset comm\u003drpc.nfsd exe\u003d/usr/sbin/rpc.nfsd subj\u003dsystem_u:system_r:nfsd_t:s0 key\u003d(null)\ntype\u003dAVC msg\u003daudit(11/03/2009 10:59:43.510:9) : avc: denied { module_request } for pid\u003d1729 comm\u003drpc.nfsd kmod\u003d\"net-pf-10\" scontext\u003dsystem_u:system_r:nfsd_t:s0 tcontext\u003dsystem_u:system_r:kernel_t:s0 tclass\u003dsystem\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6e65f92ff0d6f18580737321718d09035085a3fb", "tree": "2edfad79128d1b48e0b4ad49abdfbfcf2a1a2a48", "parents": [ "0e1a6ef2dea88101b056b6d9984f3325c5efced3" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Nov 05 17:03:20 2009 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 09 08:40:07 2009 +1100" }, "message": "Config option to set a default LSM\n\nThe LSM currently requires setting a kernel parameter at boot to select\na specific LSM. This adds a config option that allows specifying a default\nLSM that is used unless overridden with the security\u003d kernel parameter.\nIf the the config option is not set the current behavior of first LSM\nto register is used.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0e1a6ef2dea88101b056b6d9984f3325c5efced3", "tree": "bef312c242dd472ca00f0dc8bcebee4f094a85e3", "parents": [ "31bde71c202722a76686c3cf69a254c8a912275a" ], "author": { "name": "Kees Cook", "email": "kees.cook@canonical.com", "time": "Sun Nov 08 09:37:00 2009 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 09 08:34:22 2009 +1100" }, "message": "sysctl: require CAP_SYS_RAWIO to set mmap_min_addr\n\nCurrently the mmap_min_addr value can only be bypassed during mmap when\nthe task has CAP_SYS_RAWIO. However, the mmap_min_addr sysctl value itself\ncan be adjusted to 0 if euid \u003d\u003d 0, allowing a bypass without CAP_SYS_RAWIO.\nThis patch adds a check for the capability before allowing mmap_min_addr to\nbe changed.\n\nSigned-off-by: Kees Cook \u003ckees.cook@canonical.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "024e1a49411a1a7363e65db48edf1b09e9ee68ad", "tree": "628fb392d0230f2e46753c04dded209ef27124d1", "parents": [ "d6ba452128178091dab7a04d54f7e66fdc32fb39" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@vyatta.com", "time": "Tue Oct 27 19:24:46 2009 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 29 11:17:33 2009 +1100" }, "message": "tomoyo: improve hash bucket dispersion\n\nWhen examining the network device name hash, it was discovered that\nthe low order bits of full_name_hash() are not very well dispersed\nacross the possible values. When used by filesystem code, this is handled\nby folding with the function hash_long().\n\nThe only other non-filesystem usage of full_name_hash() at this time\nappears to be in TOMOYO. This patch should fix that.\n\nI do not use TOMOYO at this time, so this patch is build tested only.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6c21a7fb492bf7e2c4985937082ce58ddeca84bd", "tree": "6cfe11ba4b8eee26ee8b02d2b4a5fcc6ea07e4bd", "parents": [ "6e8e16c7bc298d7887584c3d027e05db3e86eed9" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Oct 22 17:30:13 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sun Oct 25 12:22:48 2009 +0800" }, "message": "LSM: imbed ima calls in the security hooks\n\nBased on discussions on LKML and LSM, where there are consecutive\nsecurity_ and ima_ calls in the vfs layer, move the ima_ calls to\nthe existing security_ hooks.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6e8e16c7bc298d7887584c3d027e05db3e86eed9", "tree": "355403813b5945a5a5fdd24054a76a446d05b206", "parents": [ "3e1c2515acf70448cad1ae3ab835ca80be043d33" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Oct 22 15:38:26 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 24 09:42:27 2009 +0800" }, "message": "SELinux: add .gitignore files for dynamic classes\n\nThe SELinux dynamic class work in c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c\ncreates a number of dynamic header files and scripts. Add .gitignore files\nso git doesn\u0027t complain about these.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3e1c2515acf70448cad1ae3ab835ca80be043d33", "tree": "46034a30e83ba406479d9753acdbb0fd76180b2b", "parents": [ "b7f3008ad1d795935551e4dd810b0255a7bfa3c9" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Oct 20 13:48:33 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Oct 20 14:26:16 2009 +0900" }, "message": "security: remove root_plug\n\n Remove the root_plug example LSM code. It\u0027s unmaintained and\n increasingly broken in various ways.\n\n Made at the 2009 Kernel Summit in Tokyo!\n\n Acked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n Signed-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b7f3008ad1d795935551e4dd810b0255a7bfa3c9", "tree": "1933b20fd16d30f6f9b3043ee6a66f0ddedb4009", "parents": [ "825332e4ff1373c55d931b49408df7ec2298f71e" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Oct 19 10:08:50 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Oct 20 09:22:07 2009 +0900" }, "message": "SELinux: fix locking issue introduced with c6d3aaa4e35c71a3\n\nEnsure that we release the policy read lock on all exit paths from\nsecurity_compute_av.\n\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c720c7e8383aff1cb219bddf474ed89d850336e3", "tree": "4f12337e6690fccced376db9f501eaf98614a65e", "parents": [ "988ade6b8e27e79311812f83a87b5cea11fabcd7" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Thu Oct 15 06:30:45 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Oct 18 18:52:53 2009 -0700" }, "message": "inet: rename some inet_sock fields\n\nIn order to have better cache layouts of struct sock (separate zones\nfor rx/tx paths), we need this preliminary patch.\n\nGoal is to transfert fields used at lookup time in the first\nread-mostly cache line (inside struct sock_common) and move sk_refcnt\nto a separate cache line (only written by rx path)\n\nThis patch adds inet_ prefix to daddr, rcv_saddr, dport, num, saddr,\nsport and id fields. This allows a future patch to define these\nfields as macros, like sk_refcnt, without name clashes.\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "21279cfa107af07ef985539ac0de2152b9cba5f5", "tree": "a31f1447e0246316c00b26fb599c1595301bb4b5", "parents": [ "37a08b13eba6ce3b42df30b2a5ca3a9845f429ec" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Oct 15 10:14:35 2009 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 15 15:19:58 2009 -0700" }, "message": "KEYS: get_instantiation_keyring() should inc the keyring refcount in all cases\n\nThe destination keyring specified to request_key() and co. is made available to\nthe process that instantiates the key (the slave process started by\n/sbin/request-key typically). This is passed in the request_key_auth struct as\nthe dest_keyring member.\n\nkeyctl_instantiate_key and keyctl_negate_key() call get_instantiation_keyring()\nto get the keyring to attach the newly constructed key to at the end of\ninstantiation. This may be given a specific keyring into which a link will be\nmade later, or it may be asked to find the keyring passed to request_key(). In\nthe former case, it returns a keyring with the refcount incremented by\nlookup_user_key(); in the latter case, it returns the keyring from the\nrequest_key_auth struct - and does _not_ increment the refcount.\n\nThe latter case will eventually result in an oops when the keyring prematurely\nruns out of references and gets destroyed. The effect may take some time to\nshow up as the key is destroyed lazily.\n\nTo fix this, the keyring returned by get_instantiation_keyring() must always\nhave its refcount incremented, no matter where it comes from.\n\nThis can be tested by setting /etc/request-key.conf to:\n\n#OP\tTYPE\tDESCRIPTION\tCALLOUT INFO\tPROGRAM ARG1 ARG2 ARG3 ...\n#\u003d\u003d\u003d\u003d\u003d\u003d\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\ncreate *\ttest:*\t\t*\t\t|/bin/false %u %g %d %{user:_display}\nnegate\t*\t*\t\t*\t\t/bin/keyctl negate %k 10 @u\n\nand then doing:\n\n\tkeyctl add user _display aaaaaaaa @u\n while keyctl request2 user test:x test:x @u \u0026\u0026\n keyctl list @u;\n do\n keyctl request2 user test:x test:x @u;\n sleep 31;\n keyctl list @u;\n done\n\nwhich will oops eventually. Changing the negate line to have @u rather than\n%S at the end is important as that forces the latter case by passing a special\nkeyring ID rather than an actual keyring ID.\n\nReported-by: Alexander Zangerl \u003caz@bond.edu.au\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nTested-by: Alexander Zangerl \u003caz@bond.edu.au\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8b8efb44033c7e86b3dc76f825c693ec92ae30e9", "tree": "8cf43afc59f88f36a86f3a8165770bccec28b3c3", "parents": [ "89eda06837094ce9f34fae269b8773fcfd70f046" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Oct 04 21:49:48 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Oct 12 10:56:02 2009 +1100" }, "message": "LSM: Add security_path_chroot().\n\nThis patch allows pathname based LSM modules to check chroot() operations.\n\nThis hook is used by TOMOYO.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "89eda06837094ce9f34fae269b8773fcfd70f046", "tree": "dc11701c68ebcc8346d7567cfb53b9c7327ef445", "parents": [ "941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Oct 04 21:49:47 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Oct 12 10:56:00 2009 +1100" }, "message": "LSM: Add security_path_chmod() and security_path_chown().\n\nThis patch allows pathname based LSM modules to check chmod()/chown()\noperations. Since notify_change() does not receive \"struct vfsmount *\",\nwe add security_path_chmod() and security_path_chown() to the caller of\nnotify_change().\n\nThese hooks are used by TOMOYO.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e", "tree": "c2f579e6fcc5bee6659527db7ccfb661acfe196c", "parents": [ "8753f6bec352392b52ed9b5e290afb34379f4612" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Oct 01 14:48:23 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 07 21:56:46 2009 +1100" }, "message": "selinux: drop remapping of netlink classes\n\nDrop remapping of netlink classes and bypass of permission checking\nbased on netlink message type for policy version \u003c 18. This removes\ncompatibility code introduced when the original single netlink\nsecurity class used for all netlink sockets was split into\nfiner-grained netlink classes based on netlink protocol and when\npermission checking was added based on netlink message type in Linux\n2.6.8. The only known distribution that shipped with SELinux and\npolicy \u003c 18 was Fedora Core 2, which was EOL\u0027d on 2005-04-11.\n\nGiven that the remapping code was never updated to address the\naddition of newer netlink classes, that the corresponding userland\nsupport was dropped in 2005, and that the assumptions made by the\nremapping code about the fixed ordering among netlink classes in the\npolicy may be violated in the future due to the dynamic class/perm\ndiscovery support, we should drop this compatibility code now.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8753f6bec352392b52ed9b5e290afb34379f4612", "tree": "b5f381be9f56125309bfbfcaa73d68e08c309747", "parents": [ "c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Sep 30 13:41:02 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 07 21:56:44 2009 +1100" }, "message": "selinux: generate flask headers during kernel build\n\nAdd a simple utility (scripts/selinux/genheaders) and invoke it to\ngenerate the kernel-private class and permission indices in flask.h\nand av_permissions.h automatically during the kernel build from the\nsecurity class mapping definitions in classmap.h. Adding new kernel\nclasses and permissions can then be done just by adding them to classmap.h.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c", "tree": "1a5475b4370655a22670fd6eb35e54d8b131b362", "parents": [ "23acb98de5a4109a60b5fe3f0439389218b039d7" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Sep 30 13:37:50 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 07 21:56:42 2009 +1100" }, "message": "selinux: dynamic class/perm discovery\n\nModify SELinux to dynamically discover class and permission values\nupon policy load, based on the dynamic object class/perm discovery\nlogic from libselinux. A mapping is created between kernel-private\nclass and permission indices used outside the security server and the\npolicy values used within the security server.\n\nThe mappings are only applied upon kernel-internal computations;\nsimilar mappings for the private indices of userspace object managers\nis handled on a per-object manager basis by the userspace AVC. The\ninterfaces for compute_av and transition_sid are split for kernel\nvs. userspace; the userspace functions are distinguished by a _user\nsuffix.\n\nThe kernel-private class indices are no longer tied to the policy\nvalues and thus do not need to skip indices for userspace classes;\nthus the kernel class index values are compressed. The flask.h\ndefinitions were regenerated by deleting the userspace classes from\nrefpolicy\u0027s definitions and then regenerating the headers. Going\nforward, we can just maintain the flask.h, av_permissions.h, and\nclassmap.h definitions separately from policy as they are no longer\ntied to the policy values. The next patch introduces a utility to\nautomate generation of flask.h and av_permissions.h from the\nclassmap.h definitions.\n\nThe older kernel class and permission string tables are removed and\nreplaced by a single security class mapping table that is walked at\npolicy load to generate the mapping. The old kernel class validation\nlogic is completely replaced by the mapping logic.\n\nThe handle unknown logic is reworked. reject_unknown\u003d1 is handled\nwhen the mappings are computed at policy load time, similar to the old\nhandling by the class validation logic. allow_unknown\u003d1 is handled\nwhen computing and mapping decisions - if the permission was not able\nto be mapped (i.e. undefined, mapped to zero), then it is\nautomatically added to the allowed vector. If the class was not able\nto be mapped (i.e. undefined, mapped to zero), then all permissions\nare allowed for it if allow_unknown\u003d1.\n\navc_audit leverages the new security class mapping table to lookup the\nclass and permission names from the kernel-private indices.\n\nThe mdp program is updated to use the new table when generating the\nclass definitions and allow rules for a minimal boot policy for the\nkernel. It should be noted that this policy will not include any\nuserspace classes, nor will its policy index values for the kernel\nclasses correspond with the ones in refpolicy (they will instead match\nthe kernel-private indices).\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "828c09509b9695271bcbdc53e9fc9a6a737148d2", "tree": "072ffad6f02db7bf4095e07e2b90247cfa042998", "parents": [ "1c4115e595dec42aa0e81ba47ef46e35b34ed428" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Thu Oct 01 15:43:56 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 01 16:11:11 2009 -0700" }, "message": "const: constify remaining file_operations\n\n[akpm@linux-foundation.org: fix KVM]\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nAcked-by: Mike Frysinger \u003cvapier@gentoo.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "af8ff04917169805b151280155bf772d3ca9bec0", "tree": "1a1ec17d0926b4bbe9f8b243231582dde02ef1f5", "parents": [ "1669b049db50fc7f1d4e694fb115a0f408c63fce" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Sun Sep 20 21:23:01 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 30 19:17:06 2009 +1000" }, "message": "SELinux: reset the security_ops before flushing the avc cache\n\nThis patch resets the security_ops to the secondary_ops before it flushes\nthe avc. It\u0027s still possible that a task on another processor could have\nalready passed the security_ops dereference and be executing an selinux hook\nfunction which would add a new avc entry. That entry would still not be\nfreed. This should however help to reduce the number of needless avcs the\nkernel has when selinux is disabled at run time. There is no wasted\nmemory if selinux is disabled on the command line or not compiled.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6d39b27f0ac7e805ae3bd9efa51d7da04bec0360", "tree": "21a9cd29a07dd1afe70fe88f1343a0fa0fb0ed26", "parents": [ "a487b6705a811087c182c8cab7e3b5845dfa6ccb", "d81165919ebf6e1cb9eeb612150f9287ad414659" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Sep 24 08:31:04 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Sep 24 08:31:04 2009 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:\n lsm: Use a compressed IPv6 string format in audit events\n Audit: send signal info if selinux is disabled\n Audit: rearrange audit_context to save 16 bytes per struct\n Audit: reorganize struct audit_watch to save 8 bytes\n" }, { "commit": "8d65af789f3e2cf4cfbdbf71a0f7a61ebcd41d38", "tree": "121df3bfffc7853ac6d2c514ad514d4a748a0933", "parents": [ "c0d0787b6d47d9f4d5e8bd321921104e854a9135" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Wed Sep 23 15:57:19 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Sep 24 07:21:04 2009 -0700" }, "message": "sysctl: remove \"struct file *\" argument of -\u003eproc_handler\n\nIt\u0027s unused.\n\nIt isn\u0027t needed -- read or write flag is already passed and sysctl\nshouldn\u0027t care about the rest.\n\nIt _was_ used in two places at arch/frv for some reason.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Ralf Baechle \u003cralf@linux-mips.org\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0b7570e77f7c3abd43107dabc47ea89daf9a1cba", "tree": "8dd93b4a189b4e98384d4470a289ecfb7818cc26", "parents": [ "a2322e1d272938d192d8c24cdacf57c0c7a2683f" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Wed Sep 23 15:56:46 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Sep 24 07:20:59 2009 -0700" }, "message": "do_wait() wakeup optimization: change __wake_up_parent() to use filtered wakeup\n\nRatan Nalumasu reported that in a process with many threads doing\nunnecessary wakeups. Every waiting thread in the process wakes up to loop\nthrough the children and see that the only ones it cares about are still\nnot ready.\n\nNow that we have struct wait_opts we can change do_wait/__wake_up_parent\nto use filtered wakeups.\n\nWe can make child_wait_callback() more clever later, right now it only\nchecks eligible_child().\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: Roland McGrath \u003croland@redhat.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Ratan Nalumasu \u003crnalumasu@gmail.com\u003e\nCc: Vitaly Mayatskikh \u003cvmayatsk@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nTested-by: Valdis Kletnieks \u003cvaldis.kletnieks@vt.edu\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "be367d09927023d081f9199665c8500f69f14d22", "tree": "f0c5b9da037506da3c5890cf11b51b39a7d3c427", "parents": [ "c378369d8b4fa516ff2b1e79c3eded4e0e955ebb" ], "author": { "name": "Ben Blum", "email": "bblum@google.com", "time": "Wed Sep 23 15:56:31 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Sep 24 07:20:58 2009 -0700" }, "message": "cgroups: let ss-\u003ecan_attach and ss-\u003eattach do whole threadgroups at a time\n\nAlter the ss-\u003ecan_attach and ss-\u003eattach functions to be able to deal with\na whole threadgroup at a time, for use in cgroup_attach_proc. (This is a\npre-patch to cgroup-procs-writable.patch.)\n\nCurrently, new mode of the attach function can only tell the subsystem\nabout the old cgroup of the threadgroup leader. No subsystem currently\nneeds that information for each thread that\u0027s being moved, but if one were\nto be added (for example, one that counts tasks within a group) this bit\nwould need to be reworked a bit to tell the subsystem the right\ninformation.\n\n[hidave.darkstar@gmail.com: fix build]\nSigned-off-by: Ben Blum \u003cbblum@google.com\u003e\nSigned-off-by: Paul Menage \u003cmenage@google.com\u003e\nAcked-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nReviewed-by: Matt Helsley \u003cmatthltc@us.ibm.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Dave Young \u003chidave.darkstar@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d81165919ebf6e1cb9eeb612150f9287ad414659", "tree": "25b205e22ec1182e6a92f77381b58a5b09972f7f", "parents": [ "939cbf260c1abce6cad4b95ea4ba9f5132b660b3" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Sep 23 13:46:00 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Sep 24 03:50:26 2009 -0400" }, "message": "lsm: Use a compressed IPv6 string format in audit events\n\nCurrently the audit subsystem prints uncompressed IPv6 addresses which not\nonly differs from common usage but also results in ridiculously large audit\nstrings which is not a good thing. This patch fixes this by simply converting\naudit to always print compressed IPv6 addresses.\n\nOld message example:\n\n audit(1253576792.161:30): avc: denied { ingress } for\n saddr\u003d0000:0000:0000:0000:0000:0000:0000:0001 src\u003d5000\n daddr\u003d0000:0000:0000:0000:0000:0000:0000:0001 dest\u003d35502 netif\u003dlo\n scontext\u003dsystem_u:object_r:unlabeled_t:s15:c0.c1023\n tcontext\u003dsystem_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass\u003dnetif\n\nNew message example:\n\n audit(1253576792.161:30): avc: denied { ingress } for\n saddr\u003d::1 src\u003d5000 daddr\u003d::1 dest\u003d35502 netif\u003dlo\n scontext\u003dsystem_u:object_r:unlabeled_t:s15:c0.c1023\n tcontext\u003dsystem_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass\u003dnetif\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c82ffab9a857f8286ed2b559624b7005a367b638", "tree": "a5d0895a0b55c2db1bf36f517ca273e7e0abdf71", "parents": [ "a724eada8c2a7b62463b73ccf73fd0bb6e928aeb", "5224ee086321fec78970e2f2805892d2b34e8957" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Sep 23 15:18:57 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Sep 23 15:18:57 2009 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:\n SELinux: do not destroy the avc_cache_nodep\n KEYS: Have the garbage collector set its timer for live expired keys\n tpm-fixup-pcrs-sysfs-file-update\n creds_are_invalid() needs to be exported for use by modules:\n include/linux/cred.h: fix build\n\nFix trivial BUILD_BUG_ON-induced conflicts in drivers/char/tpm/tpm.c\n" }, { "commit": "5224ee086321fec78970e2f2805892d2b34e8957", "tree": "3b7eef40c92b07ed75d8585c51333b8e87a33a2b", "parents": [ "606531c316d30e9639473a6da09ee917125ab467" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Sun Sep 20 21:21:10 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 23 11:16:20 2009 -0700" }, "message": "SELinux: do not destroy the avc_cache_nodep\n\nThe security_ops reset done when SELinux is disabled at run time is done\nafter the avc cache is freed and after the kmem_cache for the avc is also\nfreed. This means that between the time the selinux disable code destroys\nthe avc_node_cachep another process could make a security request and could\ntry to allocate from the cache. We are just going to leave the cachep around,\nlike we always have.\n\nSELinux: Disabled at runtime.\nBUG: unable to handle kernel NULL pointer dereference at (null)\nIP: [\u003cffffffff81122537\u003e] kmem_cache_alloc+0x9a/0x185\nPGD 0\nOops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC\nlast sysfs file:\nCPU 1\nModules linked in:\nPid: 12, comm: khelper Not tainted 2.6.31-tip-05525-g0eeacc6-dirty #14819\nSystem Product Name\nRIP: 0010:[\u003cffffffff81122537\u003e] [\u003cffffffff81122537\u003e]\nkmem_cache_alloc+0x9a/0x185\nRSP: 0018:ffff88003f9258b0 EFLAGS: 00010086\nRAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000078c0129e\nRDX: 0000000000000000 RSI: ffffffff8130b626 RDI: ffffffff81122528\nRBP: ffff88003f925900 R08: 0000000078c0129e R09: 0000000000000001\nR10: 0000000000000000 R11: 0000000078c0129e R12: 0000000000000246\nR13: 0000000000008020 R14: ffff88003f8586d8 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff880002b00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b\nCR2: 0000000000000000 CR3: 0000000001001000 CR4: 00000000000006e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: ffffffff827bd420 DR6: 00000000ffff0ff0 DR7: 0000000000000400\nProcess khelper (pid: 12, threadinfo ffff88003f924000, task\nffff88003f928000)\nStack:\n 0000000000000246 0000802000000246 ffffffff8130b626 0000000000000001\n\u003c0\u003e 0000000078c0129e 0000000000000000 ffff88003f925a70 0000000000000002\n\u003c0\u003e 0000000000000001 0000000000000001 ffff88003f925960 ffffffff8130b626\nCall Trace:\n [\u003cffffffff8130b626\u003e] ? avc_alloc_node+0x36/0x273\n [\u003cffffffff8130b626\u003e] avc_alloc_node+0x36/0x273\n [\u003cffffffff8130b545\u003e] ? avc_latest_notif_update+0x7d/0x9e\n [\u003cffffffff8130b8b4\u003e] avc_insert+0x51/0x18d\n [\u003cffffffff8130bcce\u003e] avc_has_perm_noaudit+0x9d/0x128\n [\u003cffffffff8130bf20\u003e] avc_has_perm+0x45/0x88\n [\u003cffffffff8130f99d\u003e] current_has_perm+0x52/0x6d\n [\u003cffffffff8130fbb2\u003e] selinux_task_create+0x2f/0x45\n [\u003cffffffff81303bf7\u003e] security_task_create+0x29/0x3f\n [\u003cffffffff8105c6ba\u003e] copy_process+0x82/0xdf0\n [\u003cffffffff81091578\u003e] ? register_lock_class+0x2f/0x36c\n [\u003cffffffff81091a13\u003e] ? mark_lock+0x2e/0x1e1\n [\u003cffffffff8105d596\u003e] do_fork+0x16e/0x382\n [\u003cffffffff81091578\u003e] ? register_lock_class+0x2f/0x36c\n [\u003cffffffff810d9166\u003e] ? probe_workqueue_execution+0x57/0xf9\n [\u003cffffffff81091a13\u003e] ? mark_lock+0x2e/0x1e1\n [\u003cffffffff810d9166\u003e] ? probe_workqueue_execution+0x57/0xf9\n [\u003cffffffff8100cdb2\u003e] kernel_thread+0x82/0xe0\n [\u003cffffffff81078b1f\u003e] ? ____call_usermodehelper+0x0/0x139\n [\u003cffffffff8100ce10\u003e] ? child_rip+0x0/0x20\n [\u003cffffffff81078aea\u003e] ? __call_usermodehelper+0x65/0x9a\n [\u003cffffffff8107a5c7\u003e] run_workqueue+0x171/0x27e\n [\u003cffffffff8107a573\u003e] ? run_workqueue+0x11d/0x27e\n [\u003cffffffff81078a85\u003e] ? __call_usermodehelper+0x0/0x9a\n [\u003cffffffff8107a7bc\u003e] worker_thread+0xe8/0x10f\n [\u003cffffffff810808e2\u003e] ? autoremove_wake_function+0x0/0x63\n [\u003cffffffff8107a6d4\u003e] ? worker_thread+0x0/0x10f\n [\u003cffffffff8108042e\u003e] kthread+0x91/0x99\n [\u003cffffffff8100ce1a\u003e] child_rip+0xa/0x20\n [\u003cffffffff8100c754\u003e] ? restore_args+0x0/0x30\n [\u003cffffffff8108039d\u003e] ? kthread+0x0/0x99\n [\u003cffffffff8100ce10\u003e] ? child_rip+0x0/0x20\nCode: 0f 85 99 00 00 00 9c 58 66 66 90 66 90 49 89 c4 fa 66 66 90 66 66 90\ne8 83 34 fb ff e8 d7 e9 26 00 48 98 49 8b 94 c6 10 01 00 00 \u003c48\u003e 8b 1a 44\n8b 7a 18 48 85 db 74 0f 8b 42 14 48 8b 04 c3 ff 42\nRIP [\u003cffffffff81122537\u003e] kmem_cache_alloc+0x9a/0x185\n RSP \u003cffff88003f9258b0\u003e\nCR2: 0000000000000000\n---[ end trace 42f41a982344e606 ]---\n\nReported-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "606531c316d30e9639473a6da09ee917125ab467", "tree": "b83f3d8d82597401bdee6a451facaa5c2de006d1", "parents": [ "0afd9056f1b43c9fcbfdf933b263d72023d382fe" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 16 15:54:14 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 23 11:03:47 2009 -0700" }, "message": "KEYS: Have the garbage collector set its timer for live expired keys\n\nThe key garbage collector sets a timer to start a new collection cycle at the\npoint the earliest key to expire should be considered garbage. However, it\ncurrently only does this if the key it is considering hasn\u0027t yet expired.\n\nIf the key being considering has expired, but hasn\u0027t yet reached the collection\ntime then it is ignored, and won\u0027t be collected until some other key provokes a\nround of collection.\n\nMake the garbage collector set the timer for the earliest key that hasn\u0027t yet\npassed its collection time, rather than the earliest key that hasn\u0027t yet\nexpired.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "88e9d34c727883d7d6f02cf1475b3ec98b8480c7", "tree": "475f544536d52739e0929e7727cab5124e855a06", "parents": [ "b7ed698cc9d556306a4088c238e2ea9311ea2cb3" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Sep 22 16:43:43 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Sep 23 07:39:29 2009 -0700" }, "message": "seq_file: constify seq_operations\n\nMake all seq_operations structs const, to help mitigate against\nrevectoring user-triggerable function pointers.\n\nThis is derived from the grsecurity patch, although generated from scratch\nbecause it\u0027s simpler than extracting the changes from there.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1fd7317d02ec03c6fdf072317841287933d06d24", "tree": "b7ac4d511896dbb21c1b76a27f6c4d5b4cb6c7bb", "parents": [ "af91322ef3f29ae4114e736e2a72e28b4d619cf9" ], "author": { "name": "Nick Black", "email": "dank@qemfd.net", "time": "Tue Sep 22 16:43:33 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Sep 23 07:39:28 2009 -0700" }, "message": "Move magic numbers into magic.h\n\nMove various magic-number definitions into magic.h.\n\nSigned-off-by: Nick Black \u003cdank@qemfd.net\u003e\nAcked-by: Pekka Enberg \u003cpenberg@cs.helsinki.fi\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1aaf2e59135fd67321f47c11c64a54aac27014e9", "tree": "633ffa4db3ac6e8d566cba549510561ffd61d8f4", "parents": [ "66a4fe0cb80a9fde8cb173289afb863fd279466a", "936e894a976dd3b0f07f1f6f43c17b77b7e6146d" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Sep 15 09:19:20 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Sep 15 09:19:20 2009 -0700" }, "message": "Merge branch \u0027x86-txt-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip\n\n* \u0027x86-txt-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:\n x86, intel_txt: clean up the impact on generic code, unbreak non-x86\n x86, intel_txt: Handle ACPI_SLEEP without X86_TRAMPOLINE\n x86, intel_txt: Fix typos in Kconfig help\n x86, intel_txt: Factor out the code for S3 setup\n x86, intel_txt: tboot.c needs \u003casm/fixmap.h\u003e\n intel_txt: Force IOMMU on for Intel TXT launch\n x86, intel_txt: Intel TXT Sx shutdown support\n x86, intel_txt: Intel TXT reboot/halt shutdown support\n x86, intel_txt: Intel TXT boot support\n" }, { "commit": "c08ef808ef24df32e25fbd949fe5310172f3c408", "tree": "12bae6fd48e1cdcc1b792c221376c727d9472cc6", "parents": [ "5c84342a3e147a23752276650340801c237d0e56" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Sep 14 17:26:13 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Sep 15 09:11:02 2009 +1000" }, "message": "KEYS: Fix garbage collector\n\nFix a number of problems with the new key garbage collector:\n\n (1) A rogue semicolon in keyring_gc() was causing the initial count of dead\n keys to be miscalculated.\n\n (2) A missing return in keyring_gc() meant that under certain circumstances,\n the keyring semaphore would be unlocked twice.\n\n (3) The key serial tree iterator (key_garbage_collector()) part of the garbage\n collector has been modified to:\n\n (a) Complete each scan of the keyrings before setting the new timer.\n\n (b) Only set the new timer for keys that have yet to expire. This means\n that the new timer is now calculated correctly, and the gc doesn\u0027t\n get into a loop continually scanning for keys that have expired, and\n preventing other things from happening, like RCU cleaning up the old\n keyring contents.\n\n (c) Perform an extra scan if any keys were garbage collected in this one\n \t as a key might become garbage during a scan, and (b) could mean we\n \t don\u0027t set the timer again.\n\n (4) Made key_schedule_gc() take the time at which to do a collection run,\n rather than the time at which the key expires. This means the collection\n of dead keys (key type unregistered) can happen immediately.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5c84342a3e147a23752276650340801c237d0e56", "tree": "a57a81dd9b48f8bd837ab13e319375c248cc7b89", "parents": [ "4a5d6ba1914d1bf1fcfb5e15834c29d84a879219" ], "author": { "name": "Marc Dionne", "email": "marc.c.dionne@gmail.com", "time": "Mon Sep 14 12:46:23 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Sep 15 09:10:59 2009 +1000" }, "message": "KEYS: Unlock tasklist when exiting early from keyctl_session_to_parent\n\nWhen we exit early from keyctl_session_to_parent because of permissions or\nbecause the session keyring is the same as the parent, we need to unlock the\ntasklist.\n\nThe missing unlock causes the system to hang completely when using\nkeyctl(KEYCTL_SESSION_TO_PARENT) with a keyring shared with the parent.\n\nSigned-off-by: Marc Dionne \u003cmarc.c.dionne@gmail.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4e6d0bffd3d72a32b620525c9007d2482c731775", "tree": "f4a3ff34e800be74469bec99834780b4a0294dec", "parents": [ "008574b11171a1ee9583a00188e27ff9e0432061" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Sat Sep 12 22:54:23 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 14 12:34:11 2009 +1000" }, "message": "SELinux: flush the avc before disabling SELinux\n\nBefore SELinux is disabled at boot it can create AVC entries. This patch\nwill flush those entries before disabling SELinux.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "008574b11171a1ee9583a00188e27ff9e0432061", "tree": "bada4ddf3c79a6a274a80839acd75eb132c78b29", "parents": [ "ed868a56988464cd31de0302426a5e94d3127f10" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Sat Sep 12 22:54:17 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 14 12:34:09 2009 +1000" }, "message": "SELinux: seperate avc_cache flushing\n\nMove the avc_cache flushing into it\u0027s own function so it can be reused when\ndisabling SELinux.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ed868a56988464cd31de0302426a5e94d3127f10", "tree": "cdcd1715445aa19051b6a9a671b39250a449333a", "parents": [ "86d710146fb9975f04c505ec78caa43d227c1018" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Sat Sep 12 22:54:10 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 14 12:34:07 2009 +1000" }, "message": "Creds: creds-\u003esecurity can be NULL is selinux is disabled\n\n__validate_process_creds should check if selinux is actually enabled before\nrunning tests on the selinux portion of the credentials struct.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a3c8b97396ef42edfb845788ba6f53b2a93ce980", "tree": "530c5bdbc534618311dab3e0af245835af56db0f", "parents": [ "74fca6a42863ffacaf7ba6f1936a9f228950f657", "9f0ab4a3f0fdb1ff404d150618ace2fa069bb2e1" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 11 08:04:49 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 11 08:04:49 2009 +1000" }, "message": "Merge branch \u0027next\u0027 into for-linus\n" }, { "commit": "ddd29ec6597125c830f7badb608a86c98b936b64", "tree": "e6df1ef9a635179de78650d006ecb4cd1453ebb1", "parents": [ "1ee65e37e904b959c24404139f5752edc66319d5" ], "author": { "name": "David P. Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Wed Sep 09 14:25:37 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 10 10:11:29 2009 +1000" }, "message": "sysfs: Add labeling support for sysfs\n\nThis patch adds a setxattr handler to the file, directory, and symlink\ninode_operations structures for sysfs. The patch uses hooks introduced in the\nprevious patch to handle the getting and setting of security information for\nthe sysfs inodes. As was suggested by Eric Biederman the struct iattr in the\nsysfs_dirent structure has been replaced by a structure which contains the\niattr, secdata and secdata length to allow the changes to persist in the event\nthat the inode representing the sysfs_dirent is evicted. Because sysfs only\nstores this information when a change is made all the optional data is moved\ninto one dynamically allocated field.\n\nThis patch addresses an issue where SELinux was denying virtd access to the PCI\nconfiguration entries in sysfs. The lack of setxattr handlers for sysfs\nrequired that a single label be assigned to all entries in sysfs. Granting virtd\naccess to every entry in sysfs is not an acceptable solution so fine grained\nlabeling of sysfs is required such that individual entries can be labeled\nappropriately.\n\n[sds: Fixed compile-time warnings, coding style, and setting of inode security init flags.]\n\nSigned-off-by: David P. Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1ee65e37e904b959c24404139f5752edc66319d5", "tree": "587c1ef70ae7ee41a7b9b531161a4ef5689838f7", "parents": [ "b1ab7e4b2a88d3ac13771463be8f302ce1616cfc" ], "author": { "name": "David P. Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Thu Sep 03 14:25:57 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 10 10:11:24 2009 +1000" }, "message": "LSM/SELinux: inode_{get,set,notify}secctx hooks to access LSM security context information.\n\nThis patch introduces three new hooks. The inode_getsecctx hook is used to get\nall relevant information from an LSM about an inode. The inode_setsecctx is\nused to set both the in-core and on-disk state for the inode based on a context\nderived from inode_getsecctx.The final hook inode_notifysecctx will notify the\nLSM of a change for the in-core state of the inode in question. These hooks are\nfor use in the labeled NFS code and addresses concerns of how to set security\non an inode in a multi-xattr LSM. For historical reasons Stephen Smalley\u0027s\nexplanation of the reason for these hooks is pasted below.\n\nQuote Stephen Smalley\n\ninode_setsecctx: Change the security context of an inode. Updates the\nin core security context managed by the security module and invokes the\nfs code as needed (via __vfs_setxattr_noperm) to update any backing\nxattrs that represent the context. Example usage: NFS server invokes\nthis hook to change the security context in its incore inode and on the\nbacking file system to a value provided by the client on a SETATTR\noperation.\n\ninode_notifysecctx: Notify the security module of what the security\ncontext of an inode should be. Initializes the incore security context\nmanaged by the security module for this inode. Example usage: NFS\nclient invokes this hook to initialize the security context in its\nincore inode to the value provided by the server for the file when the\nserver returned the file\u0027s attributes to the client.\n\nSigned-off-by: David P. Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "acd0c935178649f72c44ec49ca83bee35ce1f79e", "tree": "c0cb2f8fbbaa54567785b5430e5be8c8b51f5724", "parents": [ "e07cccf4046978df10f2e13fe2b99b2f9b3a65db" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 04 13:08:46 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 07 11:54:58 2009 +1000" }, "message": "IMA: update ima_counts_put\n\n- As ima_counts_put() may be called after the inode has been freed,\nverify that the inode is not NULL, before dereferencing it.\n\n- Maintain the IMA file counters in may_open() properly, decrementing\nany counter increments on subsequent errors.\n\nReported-by: Ciprian Docan \u003cdocan@eden.rutgers.edu\u003e\nReported-by: J.R. Okajima \u003chooanon05@yahoo.co.jp\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ee18d64c1f632043a02e6f5ba5e045bb26a5465f", "tree": "80b5a4d530ec7d5fd69799920f0db7b78aba6b9d", "parents": [ "d0420c83f39f79afb82010c2d2cafd150eef651b" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 02 09:14:21 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 02 21:29:22 2009 +1000" }, "message": "KEYS: Add a keyctl to install a process\u0027s session keyring on its parent [try #6]\n\nAdd a keyctl to install a process\u0027s session keyring onto its parent. This\nreplaces the parent\u0027s session keyring. Because the COW credential code does\nnot permit one process to change another process\u0027s credentials directly, the\nchange is deferred until userspace next starts executing again. Normally this\nwill be after a wait*() syscall.\n\nTo support this, three new security hooks have been provided:\ncred_alloc_blank() to allocate unset security creds, cred_transfer() to fill in\nthe blank security creds and key_session_to_parent() - which asks the LSM if\nthe process may replace its parent\u0027s session keyring.\n\nThe replacement may only happen if the process has the same ownership details\nas its parent, and the process has LINK permission on the session keyring, and\nthe session keyring is owned by the process, and the LSM permits it.\n\nNote that this requires alteration to each architecture\u0027s notify_resume path.\nThis has been done for all arches barring blackfin, m68k* and xtensa, all of\nwhich need assembly alteration to support TIF_NOTIFY_RESUME. This allows the\nreplacement to be performed at the point the parent process resumes userspace\nexecution.\n\nThis allows the userspace AFS pioctl emulation to fully emulate newpag() and\nthe VIOCSETTOK and VIOCSETTOK2 pioctls, all of which require the ability to\nalter the parent process\u0027s PAG membership. However, since kAFS doesn\u0027t use\nPAGs per se, but rather dumps the keys into the session keyring, the session\nkeyring of the parent must be replaced if, for example, VIOCSETTOK is passed\nthe newpag flag.\n\nThis can be tested with the following program:\n\n\t#include \u003cstdio.h\u003e\n\t#include \u003cstdlib.h\u003e\n\t#include \u003ckeyutils.h\u003e\n\n\t#define KEYCTL_SESSION_TO_PARENT\t18\n\n\t#define OSERROR(X, S) do { if ((long)(X) \u003d\u003d -1) { perror(S); exit(1); } } while(0)\n\n\tint main(int argc, char **argv)\n\t{\n\t\tkey_serial_t keyring, key;\n\t\tlong ret;\n\n\t\tkeyring \u003d keyctl_join_session_keyring(argv[1]);\n\t\tOSERROR(keyring, \"keyctl_join_session_keyring\");\n\n\t\tkey \u003d add_key(\"user\", \"a\", \"b\", 1, keyring);\n\t\tOSERROR(key, \"add_key\");\n\n\t\tret \u003d keyctl(KEYCTL_SESSION_TO_PARENT);\n\t\tOSERROR(ret, \"KEYCTL_SESSION_TO_PARENT\");\n\n\t\treturn 0;\n\t}\n\nCompiled and linked with -lkeyutils, you should see something like:\n\n\t[dhowells@andromeda ~]$ keyctl show\n\tSession Keyring\n\t -3 --alswrv 4043 4043 keyring: _ses\n\t355907932 --alswrv 4043 -1 \\_ keyring: _uid.4043\n\t[dhowells@andromeda ~]$ /tmp/newpag\n\t[dhowells@andromeda ~]$ keyctl show\n\tSession Keyring\n\t -3 --alswrv 4043 4043 keyring: _ses\n\t1055658746 --alswrv 4043 4043 \\_ user: a\n\t[dhowells@andromeda ~]$ /tmp/newpag hello\n\t[dhowells@andromeda ~]$ keyctl show\n\tSession Keyring\n\t -3 --alswrv 4043 4043 keyring: hello\n\t340417692 --alswrv 4043 4043 \\_ user: a\n\nWhere the test program creates a new session keyring, sticks a user key named\n\u0027a\u0027 into it and then installs it on its parent.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7b1b9164598286fe93927ff41eed2a2609fd9056", "tree": "b37a8f4991c5aa6416e269f4edd7317dacc2c67c", "parents": [ "ad73a717e0fc6949c44e587ca5d63c273a30e6f5" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 02 09:14:11 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 02 21:29:16 2009 +1000" }, "message": "KEYS: Do some whitespace cleanups [try #6]\n\nDo some whitespace cleanups in the key management code.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ad73a717e0fc6949c44e587ca5d63c273a30e6f5", "tree": "28aa8de2eb924a60713abd01bbc790879da5b70c", "parents": [ "5d135440faf7db8d566de0c6fab36b16cf9cfc3b" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Wed Sep 02 09:14:05 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 02 21:29:14 2009 +1000" }, "message": "KEYS: Make /proc/keys use keyid not numread as file position [try #6]\n\nMake the file position maintained by /proc/keys represent the ID of the key\njust read rather than the number of keys read. This should make it faster to\nperform a lookup as we don\u0027t have to scan the key ID tree from the beginning to\nfind the current position.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5d135440faf7db8d566de0c6fab36b16cf9cfc3b", "tree": "d9c022e73ed51dfe5729fde9a97150cb64b68196", "parents": [ "f041ae2f99d49adc914153a34a2d0e14e4389d90" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 02 09:14:00 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 02 21:29:11 2009 +1000" }, "message": "KEYS: Add garbage collection for dead, revoked and expired keys. [try #6]\n\nAdd garbage collection for dead, revoked and expired keys. This involved\nerasing all links to such keys from keyrings that point to them. At that\npoint, the key will be deleted in the normal manner.\n\nKeyrings from which garbage collection occurs are shrunk and their quota\nconsumption reduced as appropriate.\n\nDead keys (for which the key type has been removed) will be garbage collected\nimmediately.\n\nRevoked and expired keys will hang around for a number of seconds, as set in\n/proc/sys/kernel/keys/gc_delay before being automatically removed. The default\nis 5 minutes.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f041ae2f99d49adc914153a34a2d0e14e4389d90", "tree": "02cf0a1e85920122e1059496942b979e5832ff1b", "parents": [ "0c2c9a3fc77e8b60d43d9bd2ca46eb4dddb0ff76" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 02 09:13:55 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 02 21:29:09 2009 +1000" }, "message": "KEYS: Flag dead keys to induce EKEYREVOKED [try #6]\n\nSet the KEY_FLAG_DEAD flag on keys for which the type has been removed. This\ncauses the key_permission() function to return EKEYREVOKED in response to\nvarious commands. It does not, however, prevent unlinking or clearing of\nkeyrings from detaching the key.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0c2c9a3fc77e8b60d43d9bd2ca46eb4dddb0ff76", "tree": "e718aa64ab3b5d4fd73f7a837ee9ea0debfcc773", "parents": [ "5593122eec26b061cc0b6fbff32118f1aadf4a27" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 02 09:13:50 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 02 21:29:06 2009 +1000" }, "message": "KEYS: Allow keyctl_revoke() on keys that have SETATTR but not WRITE perm [try #6]\n\nAllow keyctl_revoke() to operate on keys that have SETATTR but not WRITE\npermission, rather than only on keys that have WRITE permission.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5593122eec26b061cc0b6fbff32118f1aadf4a27", "tree": "f148b182ada54b722962607567bd5b1ace06640a", "parents": [ "e0e817392b9acf2c98d3be80c233dddb1b52003d" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 02 09:13:45 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 02 21:29:04 2009 +1000" }, "message": "KEYS: Deal with dead-type keys appropriately [try #6]\n\nAllow keys for which the key type has been removed to be unlinked. Currently\ndead-type keys can only be disposed of by completely clearing the keyrings\nthat point to them.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e0e817392b9acf2c98d3be80c233dddb1b52003d", "tree": "ee680c020039313c9f9c40ab3542bb30a7363381", "parents": [ "ed6d76e4c32de0c2ad5f1d572b948ef49e465176" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 02 09:13:40 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 02 21:29:01 2009 +1000" }, "message": "CRED: Add some configurable debugging [try #6]\n\nAdd a config option (CONFIG_DEBUG_CREDENTIALS) to turn on some debug checking\nfor credential management. The additional code keeps track of the number of\npointers from task_structs to any given cred struct, and checks to see that\nthis number never exceeds the usage count of the cred struct (which includes\nall references, not just those from task_structs).\n\nFurthermore, if SELinux is enabled, the code also checks that the security\npointer in the cred struct is never seen to be invalid.\n\nThis attempts to catch the bug whereby inode_has_perm() faults in an nfsd\nkernel thread on seeing cred-\u003esecurity be a NULL pointer (it appears that the\ncredential struct has been previously released):\n\n\thttp://www.kerneloops.org/oops.php?number\u003d252883\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "936e894a976dd3b0f07f1f6f43c17b77b7e6146d", "tree": "5ed5c1f6735dcd26550594df23c8f7fe2aa21a15", "parents": [ "69575d388603365f2afbf4166df93152df59b165", "326ba5010a5429a5a528b268b36a5900d4ab0eba" ], "author": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Wed Sep 02 08:17:56 2009 +0200" }, "committer": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Wed Sep 02 08:17:56 2009 +0200" }, "message": "Merge commit \u0027v2.6.31-rc8\u0027 into x86/txt\n\nConflicts:\n\tarch/x86/kernel/reboot.c\n\tsecurity/Kconfig\n\nMerge reason: resolve the conflicts, bump up from rc3 to rc8.\n\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\n" }, { "commit": "69575d388603365f2afbf4166df93152df59b165", "tree": "ca3d66668c8ec47befc0adbfa62cf135229bda59", "parents": [ "62a3207b8cf3de35368cdc3822b30b82d59eea95" ], "author": { "name": "Shane Wang", "email": "shane.wang@intel.com", "time": "Tue Sep 01 18:25:07 2009 -0700" }, "committer": { "name": "H. Peter Anvin", "email": "hpa@zytor.com", "time": "Tue Sep 01 18:25:07 2009 -0700" }, "message": "x86, intel_txt: clean up the impact on generic code, unbreak non-x86\n\nMove tboot.h from asm to linux to fix the build errors of intel_txt\npatch on non-X86 platforms. Remove the tboot code from generic code\ninit/main.c and kernel/cpu.c.\n\nSigned-off-by: Shane Wang \u003cshane.wang@intel.com\u003e\nSigned-off-by: H. Peter Anvin \u003chpa@zytor.com\u003e\n" }, { "commit": "ed6d76e4c32de0c2ad5f1d572b948ef49e465176", "tree": "893914916ad849fefed72df48bca0bf9c78e392d", "parents": [ "2b980dbd77d229eb60588802162c9659726b11f4" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Aug 28 18:12:49 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Sep 01 08:29:52 2009 +1000" }, "message": "selinux: Support for the new TUN LSM hooks\n\nAdd support for the new TUN LSM hooks: security_tun_dev_create(),\nsecurity_tun_dev_post_create() and security_tun_dev_attach(). This includes\nthe addition of a new object class, tun_socket, which represents the socks\nassociated with TUN devices. The _tun_dev_create() and _tun_dev_post_create()\nhooks are fairly similar to the standard socket functions but _tun_dev_attach()\nis a bit special. The _tun_dev_attach() is unique because it involves a\ndomain attaching to an existing TUN device and its associated tun_socket\nobject, an operation which does not exist with standard sockets and most\nclosely resembles a relabel operation.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2b980dbd77d229eb60588802162c9659726b11f4", "tree": "78a7f734d0721029e4b4c961ca61d35abe9e6dbc", "parents": [ "d8e180dcd5bbbab9cd3ff2e779efcf70692ef541" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Aug 28 18:12:43 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Sep 01 08:29:48 2009 +1000" }, "message": "lsm: Add hooks to the TUN driver\n\nThe TUN driver lacks any LSM hooks which makes it difficult for LSM modules,\nsuch as SELinux, to enforce access controls on network traffic generated by\nTUN users; this is particularly problematic for virtualization apps such as\nQEMU and KVM. This patch adds three new LSM hooks designed to control the\ncreation and attachment of TUN devices, the hooks are:\n\n * security_tun_dev_create()\n Provides access control for the creation of new TUN devices\n\n * security_tun_dev_post_create()\n Provides the ability to create the necessary socket LSM state for newly\n created TUN devices\n\n * security_tun_dev_attach()\n Provides access control for attaching to existing, persistent TUN devices\n and the ability to update the TUN device\u0027s socket LSM state as necessary\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5311034ddda7aad48934520d3536b9d0e4502672", "tree": "1c4f522322883ccf8e253c95343abc74344bfab8", "parents": [ "533995ed85730a1f5f385b9ecb2d2b4b731d27b4", "53a7197aff20e341487fca8575275056fe1c63e5" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 26 20:17:07 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 26 20:17:07 2009 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:\n IMA: iint put in ima_counts_get and put\n" }, { "commit": "53a7197aff20e341487fca8575275056fe1c63e5", "tree": "db302fc811fb6debaa7015abd908c053a59d084f", "parents": [ "3edf2fb9d80a46d6c32ba12547a42419845b4b76" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Aug 26 14:56:48 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 27 11:01:03 2009 +1000" }, "message": "IMA: iint put in ima_counts_get and put\n\nima_counts_get() calls ima_iint_find_insert_get() which takes a reference\nto the iint in question, but does not put that reference at the end of the\nfunction. This can lead to a nasty memory leak. Easy enough to reproduce:\n\n#include \u003csys/mman.h\u003e\n#include \u003cstdio.h\u003e\n\nint main (void)\n{\n\tint i;\n\tvoid *ptr;\n\n\tfor (i\u003d0; i \u003c 100000; i++) {\n\t\tptr \u003d mmap(NULL, 4096, PROT_READ|PROT_WRITE,\n\t\t\t MAP_SHARED|MAP_ANONYMOUS, -1, 0);\n\t\tif (ptr \u003d\u003d MAP_FAILED)\n\t\t\treturn 2;\n\t\tmunmap(ptr, 4096);\n\t}\n\n\treturn 0;\n}\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "16bfa38b1936212428cb38fbfbbb8f6c62b8d81f", "tree": "bf7f3722ebfddf3d3fee3d0f9c704e0c1c794b90", "parents": [ "6777d773a463ac045d333b989d4e44660f8d92ad" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Aug 21 14:32:49 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 24 14:58:29 2009 +1000" }, "message": "ima: hashing large files bug fix\n\nHashing files larger than INT_MAX causes process to loop.\nDependent on redefining kernel_read() offset type to loff_t.\n\n(http://bugzilla.kernel.org/show_bug.cgi?id\u003d13909)\n\nCc: stable@kernel.org\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bc6a6008e5e3c7a30191a7f19ab19e85b14b1705", "tree": "46504659c2303224cb3c8ad13e1d1b580351b41b", "parents": [ "ece13879e74313e62109e0755dd3d4f172df89e2" ], "author": { "name": "Amerigo Wang", "email": "amwang@redhat.com", "time": "Thu Aug 20 19:29:02 2009 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Aug 21 14:25:30 2009 +1000" }, "message": "selinux: adjust rules for ATTR_FORCE\n\nAs suggested by OGAWA Hirofumi in thread:\nhttp://lkml.org/lkml/2009/8/7/132, we should let selinux_inode_setattr()\nto match our ATTR_* rules. ATTR_FORCE should not force things like\nATTR_SIZE.\n\n[hirofumi@mail.parknet.co.jp: tweaks]\nSigned-off-by: WANG Cong \u003camwang@redhat.com\u003e\nSigned-off-by: OGAWA Hirofumi \u003chirofumi@mail.parknet.co.jp\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Eugene Teo \u003ceteo@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ece13879e74313e62109e0755dd3d4f172df89e2", "tree": "1fe96ab392c1ff203a6fb3f67ed0ed577056572e", "parents": [ "b08dc3eba0c34027010caeda258f495074ae3a54", "6c30c53fd5ae6a99a23ad78e90c428d2c8ffb07f" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 20 09:18:42 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 20 09:18:42 2009 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n\nConflicts:\n\tsecurity/Kconfig\n\nManual fix.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "024e6cb408307de41cbfcb1e5a170d9af60ab2a9", "tree": "a292ba561abe291f906cde4907e5956b0a5a5f5a", "parents": [ "a58578e47f004017cf47803ad372490806630e58" ], "author": { "name": "Andreas Schwab", "email": "schwab@linux-m68k.org", "time": "Tue Aug 18 22:14:29 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 19 08:42:56 2009 +1000" }, "message": "security: Fix prompt for LSM_MMAP_MIN_ADDR\n\nFix prompt for LSM_MMAP_MIN_ADDR.\n\n(Verbs are cool!)\n\nSigned-off-by: Andreas Schwab \u003cschwab@linux-m68k.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a58578e47f004017cf47803ad372490806630e58", "tree": "f815076f1956aa50d0eea5d0323eaae9c27b3424", "parents": [ "df4ecf1524c7793de3121b2d4e5fc6bcc0da3bfb" ], "author": { "name": "Dave Jones", "email": "davej@redhat.com", "time": "Tue Aug 18 13:47:37 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 19 08:38:29 2009 +1000" }, "message": "security: Make LSM_MMAP_MIN_ADDR default match its help text.\n\nCommit 788084aba2ab7348257597496befcbccabdc98a3 added the LSM_MMAP_MIN_ADDR\noption, whose help text states \"For most ia64, ppc64 and x86 users with lots\nof address space a value of 65536 is reasonable and should cause no problems.\"\nWhich implies that it\u0027s default setting was typoed.\n\nSigned-off-by: Dave Jones \u003cdavej@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "788084aba2ab7348257597496befcbccabdc98a3", "tree": "2da42d746d67b16ef705229a1b5a3528ec19c725", "parents": [ "8cf948e744e0218af604c32edecde10006dc8e9e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:54:11 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 17 15:09:11 2009 +1000" }, "message": "Security/SELinux: seperate lsm specific mmap_min_addr\n\nCurrently SELinux enforcement of controls on the ability to map low memory\nis determined by the mmap_min_addr tunable. This patch causes SELinux to\nignore the tunable and instead use a seperate Kconfig option specific to how\nmuch space the LSM should protect.\n\nThe tunable will now only control the need for CAP_SYS_RAWIO and SELinux\npermissions will always protect the amount of low memory designated by\nCONFIG_LSM_MMAP_MIN_ADDR.\n\nThis allows users who need to disable the mmap_min_addr controls (usual reason\nbeing they run WINE as a non-root user) to do so and still have SELinux\ncontrols preventing confined domains (like a web server) from being able to\nmap some area of low memory.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8cf948e744e0218af604c32edecde10006dc8e9e", "tree": "c5d48e9210976e28e5ce07d69ca9b87d4c437389", "parents": [ "9c0d90103c7e0eb6e638e5b649e9f6d8d9c1b4b3" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:54:05 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 17 15:08:48 2009 +1000" }, "message": "SELinux: call cap_file_mmap in selinux_file_mmap\n\nCurrently SELinux does not check CAP_SYS_RAWIO in the file_mmap hook. This\nmeans there is no DAC check on the ability to mmap low addresses in the\nmemory space. This function adds the DAC check for CAP_SYS_RAWIO while\nmaintaining the selinux check on mmap_zero. This means that processes\nwhich need to mmap low memory will need CAP_SYS_RAWIO and mmap_zero but will\nNOT need the SELinux sys_rawio capability.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9c0d90103c7e0eb6e638e5b649e9f6d8d9c1b4b3", "tree": "ba7c5fbed87e6ad6c395f4ca560e2e85d153a5dc", "parents": [ "894ef820b10d77e2d6d717342fc408bdd9825139" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:53:58 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 17 15:08:35 2009 +1000" }, "message": "Capabilities: move cap_file_mmap to commoncap.c\n\nCurrently we duplicate the mmap_min_addr test in cap_file_mmap and in\nsecurity_file_mmap if !CONFIG_SECURITY. This patch moves cap_file_mmap\ninto commoncap.c and then calls that function directly from\nsecurity_file_mmap ifndef CONFIG_SECURITY like all of the other capability\nchecks are done.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2bf49690325b62480a42f7afed5e9f164173c570", "tree": "bc8525f6a45ea3ffaed9449084df7644bcd4e3c2", "parents": [ "f322abf83feddc3c37c3a91794e0c5aece4af18e" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Tue Jul 14 12:14:09 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 17 08:37:18 2009 +1000" }, "message": "SELinux: Convert avc_audit to use lsm_audit.h\n\nConvert avc_audit in security/selinux/avc.c to use lsm_audit.h,\nfor better maintainability.\n\n - changed selinux to use common_audit_data instead of\n avc_audit_data\n - eliminated code in avc.c and used code from lsm_audit.h instead.\n\nHad to add a LSM_AUDIT_NO_AUDIT to lsm_audit.h so that avc_audit\ncan call common_lsm_audit and do the pre and post callbacks without\ndoing the actual dump. This makes it so that the patched version\nbehaves the same way as the unpatched version.\n\nAlso added a denied field to the selinux_audit_data private space,\nonce again to make it so that the patched version behaves like the\nunpatched.\n\nI\u0027ve tested and confirmed that AVCs look the same before and after\nthis patch.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3c556e4198926b284ff5ff6756111a64e1e98cb0", "tree": "0f9c37081267980305e279ce7f3f53dfbeb6a5c6", "parents": [ "58c41d28259c246dbc11358d85d332dc20ccd57b" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@redhat.com", "time": "Wed Aug 12 12:00:40 2009 -0300" }, "committer": { "name": "H. Peter Anvin", "email": "hpa@zytor.com", "time": "Fri Aug 14 16:43:15 2009 -0700" }, "message": "x86, intel_txt: Fix typos in Kconfig help\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@redhat.com\u003e\nSigned-off-by: H. Peter Anvin \u003chpa@zytor.com\u003e\n" }, { "commit": "25354c4fee169710fd9da15f3bb2abaa24dcf933", "tree": "7fb462945c15ce09392ae858c8ae757290b5ed2d", "parents": [ "9188499cdb117d86a1ea6b04374095b098d56936" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Aug 13 09:45:03 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Aug 14 11:18:40 2009 +1000" }, "message": "SELinux: add selinux_kernel_module_request\n\nThis patch adds a new selinux hook so SELinux can arbitrate if a given\nprocess should be allowed to trigger a request for the kernel to try to\nload a module. This is a different operation than a process trying to load\na module itself, which is already protected by CAP_SYS_MODULE.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9188499cdb117d86a1ea6b04374095b098d56936", "tree": "7c0dd23f2c98630c426cbd0bfbf5e46cc689091e", "parents": [ "a8f80e8ff94ecba629542d9b4b5f5a8ee3eb565c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Aug 13 09:44:57 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Aug 14 11:18:37 2009 +1000" }, "message": "security: introducing security_request_module\n\nCalling request_module() will trigger a userspace upcall which will load a\nnew module into the kernel. This can be a dangerous event if the process\nable to trigger request_module() is able to control either the modprobe\nbinary or the module binary. This patch adds a new security hook to\nrequest_module() which can be used by an LSM to control a processes ability\nto call request_module().\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "314dabb83a547ec4da819e8cbc78fac9cec605cd", "tree": "8e32efc47c52a218bfb4eb517ae2ba14d496adcc", "parents": [ "85dfd81dc57e8183a277ddd7a56aa65c96f3f487" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 10 22:00:13 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 11 08:37:13 2009 +1000" }, "message": "SELinux: fix memory leakage in /security/selinux/hooks.c\n\nFix memory leakage in /security/selinux/hooks.c\n\nThe buffer always needs to be freed here; we either error\nout or allocate more memory.\n\nReported-by: iceberg \u003cstrakh@ispras.ru\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "a2551df7ec568d87793d2eea4ca744e86318f205", "tree": "3bdd4257bf757d9d1d64d9d7aa10cd144cd3a657", "parents": [ "84336d1a77ccd2c06a730ddd38e695c2324a7386" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:54:11 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 06 09:02:23 2009 +1000" }, "message": "Security/SELinux: seperate lsm specific mmap_min_addr\n\nCurrently SELinux enforcement of controls on the ability to map low memory\nis determined by the mmap_min_addr tunable. This patch causes SELinux to\nignore the tunable and instead use a seperate Kconfig option specific to how\nmuch space the LSM should protect.\n\nThe tunable will now only control the need for CAP_SYS_RAWIO and SELinux\npermissions will always protect the amount of low memory designated by\nCONFIG_LSM_MMAP_MIN_ADDR.\n\nThis allows users who need to disable the mmap_min_addr controls (usual reason\nbeing they run WINE as a non-root user) to do so and still have SELinux\ncontrols preventing confined domains (like a web server) from being able to\nmap some area of low memory.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "84336d1a77ccd2c06a730ddd38e695c2324a7386", "tree": "9eeb414eff58e5b7165daa36c2ce3c2e7422632b", "parents": [ "7c73875e7dda627040b12c19b01db634fa7f0fd1" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:54:05 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 06 09:02:21 2009 +1000" }, "message": "SELinux: call cap_file_mmap in selinux_file_mmap\n\nCurrently SELinux does not check CAP_SYS_RAWIO in the file_mmap hook. This\nmeans there is no DAC check on the ability to mmap low addresses in the\nmemory space. This function adds the DAC check for CAP_SYS_RAWIO while\nmaintaining the selinux check on mmap_zero. This means that processes\nwhich need to mmap low memory will need CAP_SYS_RAWIO and mmap_zero but will\nNOT need the SELinux sys_rawio capability.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7c73875e7dda627040b12c19b01db634fa7f0fd1", "tree": "f8f4df20bdcafb1bd981c8a7b0797d13b2625b27", "parents": [ "012a5299a29672039f42944a37984558393ef769" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:53:58 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 06 09:02:17 2009 +1000" }, "message": "Capabilities: move cap_file_mmap to commoncap.c\n\nCurrently we duplicate the mmap_min_addr test in cap_file_mmap and in\nsecurity_file_mmap if !CONFIG_SECURITY. This patch moves cap_file_mmap\ninto commoncap.c and then calls that function directly from\nsecurity_file_mmap ifndef CONFIG_SECURITY like all of the other capability\nchecks are done.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "da34d4248bd2013ee64ce51e63ec0ebd1f32b46c", "tree": "3934c6582b73fb3411799050ea5268daf2b2b814", "parents": [ "1c388ad054fb1ead3dc354b1719570b99e464135" ], "author": { "name": "Julia Lawall", "email": "julia@diku.dk", "time": "Wed Aug 05 14:34:55 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 06 08:46:15 2009 +1000" }, "message": "security/smack: Use AF_INET for sin_family field\n\nElsewhere the sin_family field holds a value with a name of the form\nAF_..., so it seems reasonable to do so here as well. Also the values of\nPF_INET and AF_INET are the same.\n\nThe semantic patch that makes this change is as follows:\n(http://coccinelle.lip6.fr/)\n\n// \u003csmpl\u003e\n@@\nstruct sockaddr_in sip;\n@@\n\n(\nsip.sin_family \u003d\u003d\n- PF_INET\n+ AF_INET\n|\nsip.sin_family !\u003d\n- PF_INET\n+ AF_INET\n|\nsip.sin_family \u003d\n- PF_INET\n+ AF_INET\n)\n// \u003c/smpl\u003e\n\nSigned-off-by: Julia Lawall \u003cjulia@diku.dk\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3162534069597e34dd0ac9eb711be8dc23835ae7", "tree": "a8cddd3899917784ebac2cdf6c75d2c8b50d04af", "parents": [ "aea1f7964ae6cba5eb419a958956deb9016b3341" ], "author": { "name": "Joseph Cihula", "email": "joseph.cihula@intel.com", "time": "Tue Jun 30 19:30:59 2009 -0700" }, "committer": { "name": "H. Peter Anvin", "email": "hpa@zytor.com", "time": "Tue Jul 21 11:49:06 2009 -0700" }, "message": "x86, intel_txt: Intel TXT boot support\n\nThis patch adds kernel configuration and boot support for Intel Trusted\nExecution Technology (Intel TXT).\n\nIntel\u0027s technology for safer computing, Intel Trusted Execution\nTechnology (Intel TXT), defines platform-level enhancements that\nprovide the building blocks for creating trusted platforms.\n\nIntel TXT was formerly known by the code name LaGrande Technology (LT).\n\nIntel TXT in Brief:\no Provides dynamic root of trust for measurement (DRTM)\no Data protection in case of improper shutdown\no Measurement and verification of launched environment\n\nIntel TXT is part of the vPro(TM) brand and is also available some\nnon-vPro systems. It is currently available on desktop systems based on\nthe Q35, X38, Q45, and Q43 Express chipsets (e.g. Dell Optiplex 755, HP\ndc7800, etc.) and mobile systems based on the GM45, PM45, and GS45\nExpress chipsets.\n\nFor more information, see http://www.intel.com/technology/security/.\nThis site also has a link to the Intel TXT MLE Developers Manual, which\nhas been updated for the new released platforms.\n\nA much more complete description of how these patches support TXT, how to\nconfigure a system for it, etc. is in the Documentation/intel_txt.txt file\nin this patch.\n\nThis patch provides the TXT support routines for complete functionality,\ndocumentation for TXT support and for the changes to the boot_params structure,\nand boot detection of a TXT launch. Attempts to shutdown (reboot, Sx) the system\nwill result in platform resets; subsequent patches will support these shutdown modes\nproperly.\n\n Documentation/intel_txt.txt | 210 +++++++++++++++++++++\n Documentation/x86/zero-page.txt | 1\n arch/x86/include/asm/bootparam.h | 3\n arch/x86/include/asm/fixmap.h | 3\n arch/x86/include/asm/tboot.h | 197 ++++++++++++++++++++\n arch/x86/kernel/Makefile | 1\n arch/x86/kernel/setup.c | 4\n arch/x86/kernel/tboot.c | 379 +++++++++++++++++++++++++++++++++++++++\n security/Kconfig | 30 +++\n 9 files changed, 827 insertions(+), 1 deletion(-)\n\nSigned-off-by: Joseph Cihula \u003cjoseph.cihula@intel.com\u003e\nSigned-off-by: Shane Wang \u003cshane.wang@intel.com\u003e\nSigned-off-by: Gang Wei \u003cgang.wei@intel.com\u003e\nSigned-off-by: H. Peter Anvin \u003chpa@zytor.com\u003e\n" }, { "commit": "5bb459bb45d1ad3c177485dcf0af01580aa31125", "tree": "fd6d11d424d222b97f56d8b870bdecbacaab8a17", "parents": [ "d2e3ee9b29f5de5b01e611b04e6fb29760589b01" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Fri Jul 10 03:48:23 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jul 17 09:10:42 2009 +1000" }, "message": "kernel: rename is_single_threaded(task) to current_is_single_threaded(void)\n\n- is_single_threaded(task) is not safe unless task \u003d\u003d current,\n we can\u0027t use task-\u003esignal or task-\u003emm.\n\n- it doesn\u0027t make sense unless task \u003d\u003d current, the task can\n fork right after the check.\n\nRename it to current_is_single_threaded() and kill the argument.\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "be940d6279c30a2d7c4e8d1d5435f957f594d66d", "tree": "965805d563cb756879fd3595230c3ca205da76d1", "parents": [ "b3a633c8527ef155b1a4e22e8f5abc58f7af54c9" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 13 10:39:36 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 13 10:39:36 2009 +1000" }, "message": "Revert \"SELinux: Convert avc_audit to use lsm_audit.h\"\n\nThis reverts commit 8113a8d80f4c6a3dc3724b39b470f3fee9c426b6.\n\nThe patch causes a stack overflow on my system during boot.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8113a8d80f4c6a3dc3724b39b470f3fee9c426b6", "tree": "27eb775108daaff8390ad564010a9f2fbd5187a2", "parents": [ "65c3f0a2d0f72d210c879e4974c2d222b7951321" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Fri Jul 10 10:31:04 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 13 07:54:48 2009 +1000" }, "message": "SELinux: Convert avc_audit to use lsm_audit.h\n\nConvert avc_audit in security/selinux/avc.c to use lsm_audit.h,\nfor better maintainability and for less code duplication.\n\n - changed selinux to use common_audit_data instead of\n avc_audit_data\n - eliminated code in avc.c and used code from lsm_audit.h instead.\n\nI have tested to make sure that the avcs look the same before and\nafter this patch.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d4131ded4d4c1a5c1363ddd93ca104ed97dd0458", "tree": "137da0f52d5928eeb461218ac8109d22e65d579b", "parents": [ "ed5215a21460f63d6bdc118cb55a9e6d1b433f35" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Thu Jul 09 10:00:30 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jul 10 08:58:39 2009 +1000" }, "message": "security: Make lsm_priv union in lsm_audit.h anonymous\n\nMade the lsm_priv union in include/linux/lsm_audit.h\nanonymous.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ed5215a21460f63d6bdc118cb55a9e6d1b433f35", "tree": "8134723eb6a5d73162a7e5d9c11ac66440f11b82", "parents": [ "ac7242142b03421c96b0a2f8d99f146d075614c2" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Thu Jul 09 10:00:29 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jul 10 08:54:14 2009 +1000" }, "message": "Move variable function in lsm_audit.h into SMACK private space\n\nMoved variable function in include/linux/lsm_audit.h into the\nsmack_audit_data struct since it is never used outside of it.\n\nAlso removed setting of function in the COMMON_AUDIT_DATA_INIT\nmacro because that variable is now private to SMACK.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nI-dont-see-any-problems-with-it: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ac7242142b03421c96b0a2f8d99f146d075614c2", "tree": "b0b2ead65858c7a343d38affed86fe815e37e7e9", "parents": [ "89c86576ecde504da1eeb4f4882b2189ac2f9c4a", "2bfdd79eaa0043346e773ba5f6cfd811ea31b73d" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jun 30 09:10:35 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jun 30 09:10:35 2009 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "94e5d714f604d4cb4cb13163f01ede278e69258b", "tree": "1f7f50f5eddf74e6930eaf0384538549f263b8fe", "parents": [ "79b854c549c62c54fa27f87e04465c01db889f8d" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Jun 26 14:05:27 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jun 29 08:59:10 2009 +1000" }, "message": "integrity: add ima_counts_put (updated)\n\nThis patch fixes an imbalance message as reported by J.R. Okajima.\nThe IMA file counters are incremented in ima_path_check. If the\nactual open fails, such as ETXTBSY, decrement the counters to\nprevent unnecessary imbalance messages.\n\nReported-by: J.R. Okajima \u003chooanon05@yahoo.co.jp\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "79b854c549c62c54fa27f87e04465c01db889f8d", "tree": "5b49ad5ce83888a476fff7f1aa0d6ac82566f7f5", "parents": [ "46690f3718d95e9bb712b6f2b5c869f8494521de" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Jun 26 11:25:00 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jun 29 08:57:49 2009 +1000" }, "message": "integrity: ima audit hash_exists fix\n\nAudit the file name, not the template name.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "89c86576ecde504da1eeb4f4882b2189ac2f9c4a", "tree": "94674a48becd9cfde298e9fe6b58db8da28fe238", "parents": [ "a893a84e8799270fbec5c3708d001650aab47138" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Wed Jun 24 17:58:05 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 25 08:29:16 2009 +1000" }, "message": "selinux: clean up avc node cache when disabling selinux\n\nAdded a call to free the avc_node_cache when inside selinux_disable because\nit should not waste resources allocated during avc_init if SELinux is disabled\nand the cache will never be used.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9e48858f7d36a6a3849f1d1b40c3bf5624b4ee7c", "tree": "5d8fe586c5b1bbab36acc3b76b2b4dd1bc538968", "parents": [ "86abcf9cebf7b5ceb33facde297face5ec4d2260" ], "author": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Thu May 07 19:26:19 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 25 00:18:05 2009 +1000" }, "message": "security: rename ptrace_may_access \u003d\u003e ptrace_access_check\n\nThe -\u003eptrace_may_access() methods are named confusingly - the real\nptrace_may_access() returns a bool, while these security checks have\na retval convention.\n\nRename it to ptrace_access_check, to reduce the confusion factor.\n\n[ Impact: cleanup, no code changed ]\n\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "86abcf9cebf7b5ceb33facde297face5ec4d2260", "tree": "1b71608a4c025882f82a952d56d0f546d461736b", "parents": [ "20dda18be9035c487c2e9534e4d18d2a1e1deade" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 18 22:00:05 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 25 00:09:12 2009 +1000" }, "message": "keys: annotate seqfile ops with __releases and __acquires\n\nAnnotate seqfile ops with __releases and __acquires to stop sparse\ncomplaining about unbalanced locking.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\n" }, { "commit": "20dda18be9035c487c2e9534e4d18d2a1e1deade", "tree": "5d50d2727e1495ccd8fa2a2340332f25c290670c", "parents": [ "56f8c9bc410deb55f21698e6a0d59f559ae1d794" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Jun 22 14:54:53 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jun 23 08:19:58 2009 +1000" }, "message": "selinux: restore optimization to selinux_file_permission\n\nRestore the optimization to skip revalidation in selinux_file_permission\nif nothing has changed since the dentry_open checks, accidentally removed by\n389fb800. Also remove redundant test from selinux_revalidate_file_permission.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "56f8c9bc410deb55f21698e6a0d59f559ae1d794", "tree": "57536190ade898da7449eb8c369c32c80019cef5", "parents": [ "ccf135f509abdbf607e9a68f08ddeee2c66dc36e" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Fri Jun 19 14:13:27 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 19 18:48:18 2009 +1000" }, "message": "TOMOYO: Remove next_domain from tomoyo_find_next_domain().\n\nWe can update bprm-\u003ecred-\u003esecurity inside tomoyo_find_next_domain().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "ccf135f509abdbf607e9a68f08ddeee2c66dc36e" }