)]}'
{
  "log": [
    {
      "commit": "f7112e6c9abf1c70f001dcf097c1d6e218a93f5c",
      "tree": "8ddcab31388e3f220f3ef911f4ec9dce8ac4be92",
      "parents": [
        "ceffec5541cc22486d3ff492e3d76a33a68fbfa3"
      ],
      "author": {
        "name": "Casey Schaufler",
        "email": "casey@schaufler-ca.com",
        "time": "Sun May 06 15:22:02 2012 -0700"
      },
      "committer": {
        "name": "Casey Schaufler",
        "email": "cschaufler@vaio-ubuntu.(none)",
        "time": "Mon May 14 22:48:38 2012 -0700"
      },
      "message": "Smack: allow for significantly longer Smack labels v4\n\nV4 updated to current linux-security#next\nTargeted for git://gitorious.org/smack-next/kernel.git\n\nModern application runtime environments like to use\nnaming schemes that are structured and generated without\nhuman intervention. Even though the Smack limit of 23\ncharacters for a label name is perfectly rational for\nhuman use there have been complaints that the limit is\na problem in environments where names are composed from\na set or sources, including vendor, author, distribution\nchannel and application name. Names like\n\n\tsoftwarehouse-pgwodehouse-coolappstore-mellowmuskrats\n\nare becoming harder to avoid. This patch introduces long\nlabel support in Smack. Labels are now limited to 255\ncharacters instead of the old 23.\n\nThe primary reason for limiting the labels to 23 characters\nwas so they could be directly contained in CIPSO category sets.\nThis is still done were possible, but for labels that are too\nlarge a mapping is required. This is perfectly safe for communication\nthat stays \"on the box\" and doesn\u0027t require much coordination\nbetween boxes beyond what would have been required to keep label\nnames consistent.\n\nThe bulk of this patch is in smackfs, adding and updating\nadministrative interfaces. Because existing APIs can\u0027t be\nchanged new ones that do much the same things as old ones\nhave been introduced.\n\nThe Smack specific CIPSO data representation has been removed\nand replaced with the data format used by netlabel. The CIPSO\nheader is now computed when a label is imported rather than\non use. This results in improved IP performance. The smack\nlabel is now allocated separately from the containing structure,\nallowing for larger strings.\n\nFour new /smack interfaces have been introduced as four\nof the old interfaces strictly required labels be specified\nin fixed length arrays.\n\nThe access interface is supplemented with the check interface:\n\taccess  \"Subject                 Object                  rwxat\"\n\taccess2 \"Subject Object rwaxt\"\n\nThe load interface is supplemented with the rules interface:\n\tload   \"Subject                 Object                  rwxat\"\n\tload2  \"Subject Object rwaxt\"\n\nThe load-self interface is supplemented with the self-rules interface:\n\tload-self   \"Subject                 Object                  rwxat\"\n\tload-self2  \"Subject Object rwaxt\"\n\nThe cipso interface is supplemented with the wire interface:\n\tcipso  \"Subject                  lvl cnt  c1  c2 ...\"\n\tcipso2 \"Subject lvl cnt  c1  c2 ...\"\n\nThe old interfaces are maintained for compatibility.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n"
    },
    {
      "commit": "40e47125e6c5110383b0176d7b9d530f2936b1ae",
      "tree": "9653ac1f586cbfe36286c2d987c9330078eb37ad",
      "parents": [
        "4e70daaf05a181b6968e29e72e9f1c16a183e92c"
      ],
      "author": {
        "name": "Masanari Iida",
        "email": "standby24x7@gmail.com",
        "time": "Sun Mar 04 23:16:11 2012 +0900"
      },
      "committer": {
        "name": "Jiri Kosina",
        "email": "jkosina@suse.cz",
        "time": "Wed Mar 07 16:08:24 2012 +0100"
      },
      "message": "Documentation: Fix multiple typo in Documentation\n\nSigned-off-by: Masanari Iida \u003cstandby24x7@gmail.com\u003e\nAcked-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n"
    },
    {
      "commit": "d410fa4ef99112386de5f218dd7df7b4fca910b4",
      "tree": "e29fbc3f6d27b20d73d8feb4ed73f6767f2e18fe",
      "parents": [
        "61c4f2c81c61f73549928dfd9f3e8f26aa36a8cf"
      ],
      "author": {
        "name": "Randy Dunlap",
        "email": "randy.dunlap@oracle.com",
        "time": "Thu May 19 15:59:38 2011 -0700"
      },
      "committer": {
        "name": "Randy Dunlap",
        "email": "randy.dunlap@oracle.com",
        "time": "Thu May 19 15:59:38 2011 -0700"
      },
      "message": "Create Documentation/security/,\nmove LSM-, credentials-, and keys-related files from Documentation/\n  to Documentation/security/,\nadd Documentation/security/00-INDEX, and\nupdate all occurrences of Documentation/\u003cmoved_file\u003e\n  to Documentation/security/\u003cmoved_file\u003e.\n"
    },
    {
      "commit": "a33f32244d8550da8b4a26e277ce07d5c6d158b5",
      "tree": "2b24b891e48ae791446fef6d1b9e520190c03c62",
      "parents": [
        "6c9468e9eb1252eaefd94ce7f06e1be9b0b641b1"
      ],
      "author": {
        "name": "Francis Galiegue",
        "email": "fgaliegue@gmail.com",
        "time": "Fri Apr 23 00:08:02 2010 +0200"
      },
      "committer": {
        "name": "Jiri Kosina",
        "email": "jkosina@suse.cz",
        "time": "Fri Apr 23 02:09:52 2010 +0200"
      },
      "message": "Documentation/: it\u0027s -\u003e its where appropriate\n\nFix obvious cases of \"it\u0027s\" being used when \"its\" was meant.\n\nSigned-off-by: Francis Galiegue \u003cfgaliegue@gmail.com\u003e\nAcked-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n"
    },
    {
      "commit": "ecfcc53fef3c357574bb6143dce6631e6d56295c",
      "tree": "d7bee04b64c5ad2ba0ed273bff2c8c7c98b3eee5",
      "parents": [
        "6e837fb152410e571a81aaadbd9884f0bc46a55e"
      ],
      "author": {
        "name": "Etienne Basset",
        "email": "etienne.basset@numericable.fr",
        "time": "Wed Apr 08 20:40:06 2009 +0200"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Tue Apr 14 09:00:23 2009 +1000"
      },
      "message": "smack: implement logging V3\n\nthe following patch, add logging of Smack security decisions.\nThis is of course very useful to understand what your current smack policy does.\nAs suggested by Casey, it also now forbids labels with \u0027, \" or \\\n\nIt introduces a \u0027/smack/logging\u0027 switch :\n0: no logging\n1: log denied (default)\n2: log accepted\n3: log denied\u0026accepted\n\nSigned-off-by: Etienne Basset \u003cetienne.basset@numericable.fr\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "4303154e86597885bc3cbc178a48ccbc8213875f",
      "tree": "11989bcc2ec5d9cd5a1b7952f169ec5cbd8abb8e",
      "parents": [
        "07feee8f812f7327a46186f7604df312c8c81962"
      ],
      "author": {
        "name": "Etienne Basset",
        "email": "etienne.basset@numericable.fr",
        "time": "Fri Mar 27 17:11:01 2009 -0400"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Sat Mar 28 15:01:37 2009 +1100"
      },
      "message": "smack: Add a new \u0027-CIPSO\u0027 option to the network address label configuration\n\nThis patch adds a new special option \u0027-CIPSO\u0027 to the Smack subsystem. When used\nin the netlabel list, it means \"use CIPSO networking\". A use case is when your\nlocal network speaks CIPSO and you want also to connect to the unlabeled\nInternet. This patch also add some documentation describing that. The patch\nalso corrects an oops when setting a \u0027\u0027 SMACK64 xattr to a file.\n\nSigned-off-by: Etienne Basset \u003cetienne.basset@numericable.fr\u003e\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "e114e473771c848c3cfec05f0123e70f1cdbdc99",
      "tree": "933b840f3ccac6860da56291c742094f9b5a20cb",
      "parents": [
        "eda61d32e8ad1d9102872f9a0abf3344bf9c5e67"
      ],
      "author": {
        "name": "Casey Schaufler",
        "email": "casey@schaufler-ca.com",
        "time": "Mon Feb 04 22:29:50 2008 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@woody.linux-foundation.org",
        "time": "Tue Feb 05 09:44:20 2008 -0800"
      },
      "message": "Smack: Simplified Mandatory Access Control Kernel\n\nSmack is the Simplified Mandatory Access Control Kernel.\n\nSmack implements mandatory access control (MAC) using labels\nattached to tasks and data containers, including files, SVIPC,\nand other tasks. Smack is a kernel based scheme that requires\nan absolute minimum of application support and a very small\namount of configuration data.\n\nSmack uses extended attributes and\nprovides a set of general mount options, borrowing technics used\nelsewhere. Smack uses netlabel for CIPSO labeling. Smack provides\na pseudo-filesystem smackfs that is used for manipulation of\nsystem Smack attributes.\n\nThe patch, patches for ls and sshd, a README, a startup script,\nand x86 binaries for ls and sshd are also available on\n\n    http://www.schaufler-ca.com\n\nDevelopment has been done using Fedora Core 7 in a virtual machine\nenvironment and on an old Sony laptop.\n\nSmack provides mandatory access controls based on the label attached\nto a task and the label attached to the object it is attempting to\naccess. Smack labels are deliberately short (1-23 characters) text\nstrings. Single character labels using special characters are reserved\nfor system use. The only operation applied to Smack labels is equality\ncomparison. No wildcards or expressions, regular or otherwise, are\nused. Smack labels are composed of printable characters and may not\ninclude \"/\".\n\nA file always gets the Smack label of the task that created it.\n\nSmack defines and uses these labels:\n\n    \"*\" - pronounced \"star\"\n    \"_\" - pronounced \"floor\"\n    \"^\" - pronounced \"hat\"\n    \"?\" - pronounced \"huh\"\n\nThe access rules enforced by Smack are, in order:\n\n1. Any access requested by a task labeled \"*\" is denied.\n2. A read or execute access requested by a task labeled \"^\"\n   is permitted.\n3. A read or execute access requested on an object labeled \"_\"\n   is permitted.\n4. Any access requested on an object labeled \"*\" is permitted.\n5. Any access requested by a task on an object with the same\n   label is permitted.\n6. Any access requested that is explicitly defined in the loaded\n   rule set is permitted.\n7. Any other access is denied.\n\nRules may be explicitly defined by writing subject,object,access\ntriples to /smack/load.\n\nSmack rule sets can be easily defined that describe Bell\u0026LaPadula\nsensitivity, Biba integrity, and a variety of interesting\nconfigurations. Smack rule sets can be modified on the fly to\naccommodate changes in the operating environment or even the time\nof day.\n\nSome practical use cases:\n\nHierarchical levels. The less common of the two usual uses\nfor MLS systems is to define hierarchical levels, often\nunclassified, confidential, secret, and so on. To set up smack\nto support this, these rules could be defined:\n\n   C        Unclass rx\n   S        C       rx\n   S        Unclass rx\n   TS       S       rx\n   TS       C       rx\n   TS       Unclass rx\n\nA TS process can read S, C, and Unclass data, but cannot write it.\nAn S process can read C and Unclass. Note that specifying that\nTS can read S and S can read C does not imply TS can read C, it\nhas to be explicitly stated.\n\nNon-hierarchical categories. This is the more common of the\nusual uses for an MLS system. Since the default rule is that a\nsubject cannot access an object with a different label no\naccess rules are required to implement compartmentalization.\n\nA case that the Bell \u0026 LaPadula policy does not allow is demonstrated\nwith this Smack access rule:\n\nA case that Bell\u0026LaPadula does not allow that Smack does:\n\n    ESPN    ABC   r\n    ABC     ESPN  r\n\nOn my portable video device I have two applications, one that\nshows ABC programming and the other ESPN programming. ESPN wants\nto show me sport stories that show up as news, and ABC will\nonly provide minimal information about a sports story if ESPN\nis covering it. Each side can look at the other\u0027s info, neither\ncan change the other. Neither can see what FOX is up to, which\nis just as well all things considered.\n\nAnother case that I especially like:\n\n    SatData Guard   w\n    Guard   Publish w\n\nA program running with the Guard label opens a UDP socket and\naccepts messages sent by a program running with a SatData label.\nThe Guard program inspects the message to ensure it is wholesome\nand if it is sends it to a program running with the Publish label.\nThis program then puts the information passed in an appropriate\nplace. Note that the Guard program cannot write to a Publish\nfile system object because file system semanitic require read as\nwell as write.\n\nThe four cases (categories, levels, mutual read, guardbox) here\nare all quite real, and problems I\u0027ve been asked to solve over\nthe years. The first two are easy to do with traditonal MLS systems\nwhile the last two you can\u0027t without invoking privilege, at least\nfor a while.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Joshua Brindle \u003cmethod@manicmethod.com\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: \"Ahmed S. Darwish\" \u003cdarwish.07@gmail.com\u003e\nCc: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    }
  ]
}