)]}' { "log": [ { "commit": "a26d279ea87e9fef2cf8a44b371e48e6091975a6", "tree": "fe1a1a007c0fc1419e8f8e3e845ad18a377569bc", "parents": [ "246c3fb16b08193837a8009ff15ef6908534ba71" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Wed Nov 10 16:05:15 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Nov 11 07:36:22 2010 +1100" }, "message": "APPARMOR: Fix memory leak of apparmor_init()\n\nset_init_cxt() allocted sizeof(struct aa_task_cxt) bytes for cxt,\nif register_security() failed, it will cause memory leak.\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "246c3fb16b08193837a8009ff15ef6908534ba71", "tree": "47c8fb1d63c3f0cfd7c3e1507e6c1e16a6837264", "parents": [ "f6614b7bb405a9b35dd28baea989a749492c46b2" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Wed Nov 10 11:31:55 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Nov 11 07:36:18 2010 +1100" }, "message": "APPARMOR: Fix memory leak of alloc_namespace()\n\npolicy-\u003ename is a substring of policy-\u003ehname, if prefix is not NULL, it will\nallocted strlen(prefix) + strlen(name) + 3 bytes to policy-\u003ehname in policy_init().\nuse kzfree(ns-\u003ebase.name) will casue memory leak if alloc_namespace() failed.\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "be148247cfbe2422f5709e77d9c3e10b8a6394da", "tree": "f04605bb5ea21cefd455b6fd81c51d8bb02c1521", "parents": [ "85fe4025c616a7c0ed07bc2fc8c5371b07f3888c" ], "author": { "name": "Christoph Hellwig", "email": "hch@infradead.org", "time": "Sun Oct 10 05:36:21 2010 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Oct 25 21:26:12 2010 -0400" }, "message": "fs: take dcache_lock inside __d_path\n\nAll callers take dcache_lock just around the call to __d_path, so\ntake the lock into it in preparation of getting rid of dcache_lock.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "092e0e7e520a1fca03e13c9f2d157432a8657ff2", "tree": "451897252c4c08c4b5a8ef535da156f1e817e80b", "parents": [ "79f14b7c56d3b3ba58f8b43d1f70b9b71477a800", "776c163b1b93c8dfa5edba885bc2bfbc2d228a5f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Oct 22 10:52:56 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Oct 22 10:52:56 2010 -0700" }, "message": "Merge branch \u0027llseek\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl\n\n* \u0027llseek\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl:\n vfs: make no_llseek the default\n vfs: don\u0027t use BKL in default_llseek\n llseek: automatically add .llseek fop\n libfs: use generic_file_llseek for simple_attr\n mac80211: disallow seeks in minstrel debug code\n lirc: make chardev nonseekable\n viotape: use noop_llseek\n raw: use explicit llseek file operations\n ibmasmfs: use generic_file_llseek\n spufs: use llseek in all file operations\n arm/omap: use generic_file_llseek in iommu_debug\n lkdtm: use generic_file_llseek in debugfs\n net/wireless: use generic_file_llseek in debugfs\n drm: use noop_llseek\n" }, { "commit": "3ed02ada2a5e695e2fbb5e4a0008cfcb0f50feaa", "tree": "8b01e83cfa6b18fe8b83b342733931d5f98bc1b2", "parents": [ "9f1c1d426b0402b25cd0d7ca719ffc8e20e46d5f" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Sat Oct 09 00:47:53 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:46 2010 +1100" }, "message": "AppArmor: Ensure the size of the copy is \u003c the buffer allocated to hold it\n\nActually I think in this case the appropriate thing to do is to BUG as there\nis currently a case (remove) where the alloc_size needs to be larger than\nthe copy_size, and if copy_size is ever greater than alloc_size there is\na mistake in the caller code.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees.cook@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4b04a7cfc5ccb573ca3752429c81d37f8dd2f7c6", "tree": "d765918750208f7a99c714eddd398f4005051b6a", "parents": [ "065d78a0603cc6f8d288e96dbf761b96984b634f" ], "author": { "name": "Yong Zhang", "email": "yong.zhang@windriver.com", "time": "Sat Aug 28 10:25:09 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:35 2010 +1100" }, "message": ".gitignore: ignore apparmor/rlim_names.h\n\nSigned-off-by: Yong Zhang \u003cyong.zhang0@gmail.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6038f373a3dc1f1c26496e60b6c40b164716f07e", "tree": "a0d3bbd026eea41b9fc36b8c722cbaf56cd9f825", "parents": [ "1ec5584e3edf9c4bf2c88c846534d19cf986ba11" ], "author": { "name": "Arnd Bergmann", "email": "arnd@arndb.de", "time": "Sun Aug 15 18:52:59 2010 +0200" }, "committer": { "name": "Arnd Bergmann", "email": "arnd@arndb.de", "time": "Fri Oct 15 15:53:27 2010 +0200" }, "message": "llseek: automatically add .llseek fop\n\nAll file_operations should get a .llseek operation so we can make\nnonseekable_open the default for future file operations without a\n.llseek pointer.\n\nThe three cases that we can automatically detect are no_llseek, seq_lseek\nand default_llseek. For cases where we can we can automatically prove that\nthe file offset is always ignored, we use noop_llseek, which maintains\nthe current behavior of not returning an error from a seek.\n\nNew drivers should normally not use noop_llseek but instead use no_llseek\nand call nonseekable_open at open time. Existing drivers can be converted\nto do the same when the maintainer knows for certain that no user code\nrelies on calling seek on the device file.\n\nThe generated code is often incorrectly indented and right now contains\ncomments that clarify for each added line why a specific variant was\nchosen. In the version that gets submitted upstream, the comments will\nbe gone and I will manually fix the indentation, because there does not\nseem to be a way to do that using coccinelle.\n\nSome amount of new code is currently sitting in linux-next that should get\nthe same modifications, which I will do at the end of the merge window.\n\nMany thanks to Julia Lawall for helping me learn to write a semantic\npatch that does all this.\n\n\u003d\u003d\u003d\u003d\u003d begin semantic patch \u003d\u003d\u003d\u003d\u003d\n// This adds an llseek\u003d method to all file operations,\n// as a preparation for making no_llseek the default.\n//\n// The rules are\n// - use no_llseek explicitly if we do nonseekable_open\n// - use seq_lseek for sequential files\n// - use default_llseek if we know we access f_pos\n// - use noop_llseek if we know we don\u0027t access f_pos,\n// but we still want to allow users to call lseek\n//\n@ open1 exists @\nidentifier nested_open;\n@@\nnested_open(...)\n{\n\u003c+...\nnonseekable_open(...)\n...+\u003e\n}\n\n@ open exists@\nidentifier open_f;\nidentifier i, f;\nidentifier open1.nested_open;\n@@\nint open_f(struct inode *i, struct file *f)\n{\n\u003c+...\n(\nnonseekable_open(...)\n|\nnested_open(...)\n)\n...+\u003e\n}\n\n@ read disable optional_qualifier exists @\nidentifier read_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\nexpression E;\nidentifier func;\n@@\nssize_t read_f(struct file *f, char *p, size_t s, loff_t *off)\n{\n\u003c+...\n(\n *off \u003d E\n|\n *off +\u003d E\n|\n func(..., off, ...)\n|\n E \u003d *off\n)\n...+\u003e\n}\n\n@ read_no_fpos disable optional_qualifier exists @\nidentifier read_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\n@@\nssize_t read_f(struct file *f, char *p, size_t s, loff_t *off)\n{\n... when !\u003d off\n}\n\n@ write @\nidentifier write_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\nexpression E;\nidentifier func;\n@@\nssize_t write_f(struct file *f, const char *p, size_t s, loff_t *off)\n{\n\u003c+...\n(\n *off \u003d E\n|\n *off +\u003d E\n|\n func(..., off, ...)\n|\n E \u003d *off\n)\n...+\u003e\n}\n\n@ write_no_fpos @\nidentifier write_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\n@@\nssize_t write_f(struct file *f, const char *p, size_t s, loff_t *off)\n{\n... when !\u003d off\n}\n\n@ fops0 @\nidentifier fops;\n@@\nstruct file_operations fops \u003d {\n ...\n};\n\n@ has_llseek depends on fops0 @\nidentifier fops0.fops;\nidentifier llseek_f;\n@@\nstruct file_operations fops \u003d {\n...\n .llseek \u003d llseek_f,\n...\n};\n\n@ has_read depends on fops0 @\nidentifier fops0.fops;\nidentifier read_f;\n@@\nstruct file_operations fops \u003d {\n...\n .read \u003d read_f,\n...\n};\n\n@ has_write depends on fops0 @\nidentifier fops0.fops;\nidentifier write_f;\n@@\nstruct file_operations fops \u003d {\n...\n .write \u003d write_f,\n...\n};\n\n@ has_open depends on fops0 @\nidentifier fops0.fops;\nidentifier open_f;\n@@\nstruct file_operations fops \u003d {\n...\n .open \u003d open_f,\n...\n};\n\n// use no_llseek if we call nonseekable_open\n////////////////////////////////////////////\n@ nonseekable1 depends on !has_llseek \u0026\u0026 has_open @\nidentifier fops0.fops;\nidentifier nso ~\u003d \"nonseekable_open\";\n@@\nstruct file_operations fops \u003d {\n... .open \u003d nso, ...\n+.llseek \u003d no_llseek, /* nonseekable */\n};\n\n@ nonseekable2 depends on !has_llseek @\nidentifier fops0.fops;\nidentifier open.open_f;\n@@\nstruct file_operations fops \u003d {\n... .open \u003d open_f, ...\n+.llseek \u003d no_llseek, /* open uses nonseekable */\n};\n\n// use seq_lseek for sequential files\n/////////////////////////////////////\n@ seq depends on !has_llseek @\nidentifier fops0.fops;\nidentifier sr ~\u003d \"seq_read\";\n@@\nstruct file_operations fops \u003d {\n... .read \u003d sr, ...\n+.llseek \u003d seq_lseek, /* we have seq_read */\n};\n\n// use default_llseek if there is a readdir\n///////////////////////////////////////////\n@ fops1 depends on !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier readdir_e;\n@@\n// any other fop is used that changes pos\nstruct file_operations fops \u003d {\n... .readdir \u003d readdir_e, ...\n+.llseek \u003d default_llseek, /* readdir is present */\n};\n\n// use default_llseek if at least one of read/write touches f_pos\n/////////////////////////////////////////////////////////////////\n@ fops2 depends on !fops1 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier read.read_f;\n@@\n// read fops use offset\nstruct file_operations fops \u003d {\n... .read \u003d read_f, ...\n+.llseek \u003d default_llseek, /* read accesses f_pos */\n};\n\n@ fops3 depends on !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier write.write_f;\n@@\n// write fops use offset\nstruct file_operations fops \u003d {\n... .write \u003d write_f, ...\n+\t.llseek \u003d default_llseek, /* write accesses f_pos */\n};\n\n// Use noop_llseek if neither read nor write accesses f_pos\n///////////////////////////////////////////////////////////\n\n@ fops4 depends on !fops1 \u0026\u0026 !fops2 \u0026\u0026 !fops3 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier read_no_fpos.read_f;\nidentifier write_no_fpos.write_f;\n@@\n// write fops use offset\nstruct file_operations fops \u003d {\n...\n .write \u003d write_f,\n .read \u003d read_f,\n...\n+.llseek \u003d noop_llseek, /* read and write both use no f_pos */\n};\n\n@ depends on has_write \u0026\u0026 !has_read \u0026\u0026 !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier write_no_fpos.write_f;\n@@\nstruct file_operations fops \u003d {\n... .write \u003d write_f, ...\n+.llseek \u003d noop_llseek, /* write uses no f_pos */\n};\n\n@ depends on has_read \u0026\u0026 !has_write \u0026\u0026 !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier read_no_fpos.read_f;\n@@\nstruct file_operations fops \u003d {\n... .read \u003d read_f, ...\n+.llseek \u003d noop_llseek, /* read uses no f_pos */\n};\n\n@ depends on !has_read \u0026\u0026 !has_write \u0026\u0026 !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\n@@\nstruct file_operations fops \u003d {\n...\n+.llseek \u003d noop_llseek, /* no read or write fn */\n};\n\u003d\u003d\u003d\u003d\u003d End semantic patch \u003d\u003d\u003d\u003d\u003d\n\nSigned-off-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nCc: Julia Lawall \u003cjulia@diku.dk\u003e\nCc: Christoph Hellwig \u003chch@infradead.org\u003e\n" }, { "commit": "999b4f0aa2314b76857775334cb94bafa053db64", "tree": "0b2b9e6d54415d0d6f6ff59526c68108c09d1fd7", "parents": [ "04ccd53f09741c4bc54ab36db000bc1383e4812e" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri Aug 27 18:33:29 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 08 09:19:34 2010 +1000" }, "message": "AppArmor: Fix locking from removal of profile namespace\n\nThe locking for profile namespace removal is wrong, when removing a\nprofile namespace, it needs to be removed from its parent\u0027s list.\nLock the parent of namespace list instead of the namespace being removed.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "04ccd53f09741c4bc54ab36db000bc1383e4812e", "tree": "d8c6e27094cb3b042e852f01c09a3d21979150d2", "parents": [ "3a2dc8382a3e85a51ed9c6f57ea80665ea7a0c95" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri Aug 27 18:33:28 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 08 09:19:31 2010 +1000" }, "message": "AppArmor: Fix splitting an fqname into separate namespace and profile names\n\nAs per Dan Carpenter \u003cerror27@gmail.com\u003e\n If we have a ns name without a following profile then in the original\n code it did \"*ns_name \u003d \u0026name[1];\". \"name\" is NULL so \"*ns_name\" is\n 0x1. That isn\u0027t useful and could cause an oops when this function is\n called from aa_remove_profiles().\n\nBeyond this the assignment of the namespace name was wrong in the case\nwhere the profile name was provided as it was being set to \u0026name[1]\nafter name \u003d skip_spaces(split + 1);\n\nMove the ns_name assignment before updating name for the split and\nalso add skip_spaces, making the interface more robust.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3a2dc8382a3e85a51ed9c6f57ea80665ea7a0c95", "tree": "05b289dc97bf08459911d0b5500896ed80af25c7", "parents": [ "e819ff519b2d74373eca4a9a2b417ebf4c1e1b29" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Sep 06 10:10:20 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 08 09:19:29 2010 +1000" }, "message": "AppArmor: Fix security_task_setrlimit logic for 2.6.36 changes\n\n2.6.36 introduced the abilitiy to specify the task that is having its\nrlimits set. Update mediation to ensure that confined tasks can only\nset their own group_leader as expected by current policy.\n\nAdd TODO note about extending policy to support setting other tasks\nrlimits.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e819ff519b2d74373eca4a9a2b417ebf4c1e1b29", "tree": "fe05eafda3b89816d9929f69e24433bf7879ad70", "parents": [ "98e52c373cdc1239a9ec6a2763f519cc1d99dcbc" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri Aug 27 18:33:26 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 08 09:19:24 2010 +1000" }, "message": "AppArmor: Drop hack to remove appended \" (deleted)\" string\n\nThe 2.6.36 kernel has refactored __d_path() so that it no longer appends\n\" (deleted)\" to unlinked paths. So drop the hack that was used to detect\nand remove the appended string.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "145c3ae46b37993b0debb0b3da6256daea4a6ec5", "tree": "0dbff382ce36b23b3d2dbff87d3eaab73a07a2a4", "parents": [ "81ca03a0e2ea0207b2df80e0edcf4c775c07a505", "99b7db7b8ffd6bb755eb0a175596421a0b581cb2" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 18 09:35:08 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 18 09:35:08 2010 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:\n fs: brlock vfsmount_lock\n fs: scale files_lock\n lglock: introduce special lglock and brlock spin locks\n tty: fix fu_list abuse\n fs: cleanup files_lock locking\n fs: remove extra lookup in __lookup_hash\n fs: fs_struct rwlock to spinlock\n apparmor: use task path helpers\n fs: dentry allocation consolidation\n fs: fix do_lookup false negative\n mbcache: Limit the maximum number of cache entries\n hostfs -\u003efollow_link() braino\n hostfs: dumb (and usually harmless) tpyo - strncpy instead of strlcpy\n remove SWRITE* I/O types\n kill BH_Ordered flag\n vfs: update ctime when changing the file\u0027s permission by setfacl\n cramfs: only unlock new inodes\n fix reiserfs_evict_inode end_writeback second call\n" }, { "commit": "44672e4fbd40e2dda8bbce7d0f71d24dbfc7e00e", "tree": "7d6251adb6eac69a0d0ba97e64dbf2c41c67928e", "parents": [ "baa0389073eb7beb9d36f6d13df97e16c1bfa626" ], "author": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Wed Aug 18 04:37:32 2010 +1000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Aug 18 08:35:46 2010 -0400" }, "message": "apparmor: use task path helpers\n\napparmor: use task path helpers\n\nSigned-off-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7cb4dc9fc95f89587f57f287b47e091d7806255e", "tree": "41f68ee728c0ab1b894e425933a166e990e1eb41", "parents": [ "da5cabf80e2433131bf0ed8993abc0f7ea618c73" ], "author": { "name": "Jiri Slaby", "email": "jslaby@suse.cz", "time": "Wed Aug 11 11:28:02 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 17 08:06:09 2010 +1000" }, "message": "AppArmor: fix task_setrlimit prototype\n\nAfter rlimits tree was merged we get the following errors:\nsecurity/apparmor/lsm.c:663:2: warning: initialization from incompatible pointer type\n\nIt is because AppArmor was merged in the meantime, but uses the old\nprototype. So fix it by adding struct task_struct as a first parameter\nof apparmor_task_setrlimit.\n\nNOTE that this is ONLY a compilation warning fix (and crashes caused\nby that). It needs proper handling in AppArmor depending on who is the\n\u0027task\u0027.\n\nSigned-off-by: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "101d6c826fa03266f8538ea4f6a459190e6863e8", "tree": "56254b27ac0352339777dcb9e654a4456ac3e244", "parents": [ "9bbb9e5a33109b2832e2e63dcc7a132924ab374b" ], "author": { "name": "Stephen Rothwell", "email": "sfr@canb.auug.org.au", "time": "Mon Aug 02 12:00:43 2010 +1000" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Wed Aug 11 23:04:14 2010 +0930" }, "message": "AppArmor: update for module_param_named API change\n\nFixes these build errors:\nsecurity/apparmor/lsm.c:701: error: \u0027param_ops_aabool\u0027 undeclared here (not in a function)\nsecurity/apparmor/lsm.c:721: error: \u0027param_ops_aalockpolicy\u0027 undeclared here (not in a function)\nsecurity/apparmor/lsm.c:729: error: \u0027param_ops_aauint\u0027 undeclared here (not in a function)\n\nSigned-off-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "06c22dadc6d3f9b65e55407a87faaf6a4a014112", "tree": "e310b20a17014b491d86818fd58878839a48dffc", "parents": [ "3cfc2c42c1cbc8e238bb9c0612c0df4565e3a8b4" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Mon Aug 02 10:52:18 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 05 07:36:51 2010 -0400" }, "message": "apparmor: depends on NET\n\nSECURITY_APPARMOR should depend on NET since AUDIT needs\n(depends on) NET.\n\nFixes 70-80 errors that occur when CONFIG_NET is not enabled,\nbut APPARMOR selects AUDIT without qualification. E.g.:\n\naudit.c:(.text+0x33361): undefined reference to `netlink_unicast\u0027\n(.text+0x333df): undefined reference to `netlink_unicast\u0027\naudit.c:(.text+0x3341d): undefined reference to `skb_queue_tail\u0027\naudit.c:(.text+0x33424): undefined reference to `kfree_skb\u0027\naudit.c:(.text+0x334cb): undefined reference to `kfree_skb\u0027\naudit.c:(.text+0x33597): undefined reference to `skb_put\u0027\naudit.c:(.text+0x3369b): undefined reference to `__alloc_skb\u0027\naudit.c:(.text+0x336d7): undefined reference to `kfree_skb\u0027\n(.text+0x3374c): undefined reference to `__alloc_skb\u0027\nauditfilter.c:(.text+0x35305): undefined reference to `skb_queue_tail\u0027\nlsm_audit.c:(.text+0x2873): undefined reference to `init_net\u0027\nlsm_audit.c:(.text+0x2878): undefined reference to `dev_get_by_index\u0027\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "77c80e6b2fd049848bfd1bdab67899ad3ac407a7", "tree": "672ccbe5316698e0ef4dae46ba0029fb234989bf", "parents": [ "6371dcd36f649d9d07823f31400618155a20dde1" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:49:00 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:49:00 2010 +1000" }, "message": "AppArmor: fix build warnings for non-const use of get_task_cred\n\nFix build warnings for non-const use of get_task_cred.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "016d825fe02cd20fd8803ca37a1e6d428fe878f6", "tree": "b36bafad46e09a1a62f3521536a703c58540f675", "parents": [ "484ca79c653121d3c79fffb86e1deea724f2e20b" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri Jul 30 13:46:33 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:39 2010 +1000" }, "message": "AppArmor: Enable configuring and building of the AppArmor security module\n\nKconfig and Makefiles to enable configuration and building of AppArmor.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4d6ec10bb4461fdc9a9ab94ef32934e13564e873", "tree": "b252da668c7485b864dd012b33f58d7c108d99a1", "parents": [ "c88d4c7b049e87998ac0a9f455aa545cc895ef92" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jul 30 09:02:04 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:37 2010 +1000" }, "message": "AppArmor: update path_truncate method to latest version\n\nRemove extraneous path_truncate arguments from the AppArmor hook,\nas they\u0027ve been removed from the LSM API.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c88d4c7b049e87998ac0a9f455aa545cc895ef92", "tree": "1859582b4afec1116b6831ea89ae27c35209991a", "parents": [ "736ec752d95e91e77cc0e8c97c057ab076ac2f51" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:00 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:37 2010 +1000" }, "message": "AppArmor: core policy routines\n\nThe basic routines and defines for AppArmor policy. AppArmor policy\nis defined by a few basic components.\n profiles - the basic unit of confinement contain all the information\n to enforce policy on a task\n\n Profiles tend to be named after an executable that they\n will attach to but this is not required.\n namespaces - a container for a set of profiles that will be used\n during attachment and transitions between profiles.\n sids - which provide a unique id for each profile\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "736ec752d95e91e77cc0e8c97c057ab076ac2f51", "tree": "128d330ecff67c5d83862062825b7975c92fee96", "parents": [ "0ed3b28ab8bf460a3a026f3f1782bf4c53840184" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:02 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:36 2010 +1000" }, "message": "AppArmor: policy routines for loading and unpacking policy\n\nAppArmor policy is loaded in a platform independent flattened binary\nstream. Verify and unpack the data converting it to the internal\nformat needed for enforcement.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0ed3b28ab8bf460a3a026f3f1782bf4c53840184", "tree": "9da3a2c6d9f55d3166726fe7c51671a6029c1269", "parents": [ "b5e95b48685e3481139a5634d14d630d12c7d5ce" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:05 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:35 2010 +1000" }, "message": "AppArmor: mediation of non file objects\n\nipc:\nAppArmor ipc is currently limited to mediation done by file mediation\nand basic ptrace tests. Improved mediation is a wip.\n\nrlimits:\nAppArmor provides basic abilities to set and control rlimits at\na per profile level. Only resources specified in a profile are controled\nor set. AppArmor rules set the hard limit to a value \u003c\u003d to the current\nhard limit (ie. they can not currently raise hard limits), and if\nnecessary will lower the soft limit to the new hard limit value.\n\nAppArmor does not track resource limits to reset them when a profile\nis left so that children processes inherit the limits set by the\nparent even if they are not confined by the same profile.\n\nCapabilities: AppArmor provides a per profile mask of capabilities,\nthat will further restrict.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b5e95b48685e3481139a5634d14d630d12c7d5ce", "tree": "1468141db6ff1a291bde0b6a960c2af7e520b52b", "parents": [ "f9ad1af53d5232a89a1ff1827102843999975dfa" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:07 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:35 2010 +1000" }, "message": "AppArmor: LSM interface, and security module initialization\n\nAppArmor hooks to interface with the LSM, module parameters and module\ninitialization.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "898127c34ec03291c86f4ff3856d79e9e18952bc", "tree": "c8845bd204b1c4b120f1be1cceea4ff96f749e53", "parents": [ "6380bd8ddf613b29f478396308b591867d401de4" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:06 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:14 2010 +1000" }, "message": "AppArmor: functions for domain transitions\n\nAppArmor routines for controling domain transitions, which can occur at\nexec or through self directed change_profile/change_hat calls.\n\nUnconfined tasks are checked at exec against the profiles in the confining\nprofile namespace to determine if a profile should be attached to the task.\n\nConfined tasks execs are controlled by the profile which provides rules\ndetermining which execs are allowed and if so which profiles should be\ntransitioned to.\n\nSelf directed domain transitions allow a task to request transition\nto a given profile. If the transition is allowed then the profile will\nbe applied, either immeditately or at exec time depending on the request.\nImmeditate self directed transitions have several security limitations\nbut have uses in setting up stub transition profiles and other limited\ncases.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6380bd8ddf613b29f478396308b591867d401de4", "tree": "6d8fc9356a652f8452ccf49e7f79cc700cc2768d", "parents": [ "63e2b423771ab0bc7ad4d407f3f6517c6d05cdc0" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:04 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:14 2010 +1000" }, "message": "AppArmor: file enforcement routines\n\nAppArmor does files enforcement via pathname matching. Matching is done\nat file open using a dfa match engine. Permission is against the final\nfile object not parent directories, ie. the traversal of directories\nas part of the file match is implicitly allowed. In the case of nonexistant\nfiles (creation) permissions are checked against the target file not the\ndirectory. eg. In case of creating the file /dir/new, permissions are\nchecked against the match /dir/new not against /dir/.\n\nThe permissions for matches are currently stored in the dfa accept table,\nbut this will change to allow for dfa reuse and also to allow for sharing\nof wider accept states.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "63e2b423771ab0bc7ad4d407f3f6517c6d05cdc0", "tree": "e50efc9593c7558d3700ec55869f9ddbac283a1d", "parents": [ "e06f75a6a2b43bd3a7a197bd21466f9da130e4af" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:03 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:13 2010 +1000" }, "message": "AppArmor: userspace interfaces\n\nThe /proc/\u003cpid\u003e/attr/* interface is used for process introspection and\ncommands. While the apparmorfs interface is used for global introspection\nand loading and removing policy.\n\nThe interface currently only contains the files necessary for loading\npolicy, and will be extended in the future to include sysfs style\nsingle per file introspection inteface.\n\nThe old AppArmor 2.4 interface files have been removed into a compatibility\npatch, that distros can use to maintain backwards compatibility.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e06f75a6a2b43bd3a7a197bd21466f9da130e4af", "tree": "bf5aabceae66c62e317a0403b05ffb320aef54d2", "parents": [ "c75afcd153f6147d3b094f45a1d87e5df7f4f053" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:01 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:13 2010 +1000" }, "message": "AppArmor: dfa match engine\n\nA basic dfa matching engine based off the dfa engine in the Dragon\nBook. It uses simple row comb compression with a check field.\n\nThis allows AppArmor to do pattern matching in linear time, and also\navoids stack issues that an nfa based engine may have. The dfa\nengine uses a byte based comparison, with all values being valid.\nAny potential character encoding are handled user side when the dfa\ntables are created. By convention AppArmor uses \\0 to separate two\ndependent path matches since \\0 is not a valid path character\n(this is done in the link permission check).\n\nThe dfa tables are generated in user space and are verified at load\ntime to be internally consistent.\n\nThere are several future improvements planned for the dfa engine:\n* The dfa engine may be converted to a hybrid nfa-dfa engine, with\n a fixed size limited stack. This would allow for size time\n tradeoffs, by inserting limited nfa states to help control\n state explosion that can occur with dfas.\n* The dfa engine may pickup the ability to do limited dynamic\n variable matching, instead of fixing all variables at policy\n load time.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c75afcd153f6147d3b094f45a1d87e5df7f4f053", "tree": "4d072c7b76a1e198427716f66a46712e508d4597", "parents": [ "67012e8209df95a8290d135753ff5145431a666e" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:47:59 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:12 2010 +1000" }, "message": "AppArmor: contexts used in attaching policy to system objects\n\nAppArmor contexts attach profiles and state to tasks, files, etc. when\na direct profile reference is not sufficient.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "67012e8209df95a8290d135753ff5145431a666e", "tree": "fc95b2c33d2e2d206500d7ec7e78dd855d4b3d2c", "parents": [ "cdff264264254e0fabc8107a33f3bb75a95e981f" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:47:58 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:11 2010 +1000" }, "message": "AppArmor: basic auditing infrastructure.\n\nUpdate lsm_audit for AppArmor specific data, and add the core routines for\nAppArmor uses for auditing.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cdff264264254e0fabc8107a33f3bb75a95e981f", "tree": "a20956e2a7a38e195071ded57fca02e1d1b1314c", "parents": [ "e6f6a4cc955d626ed26562d98de5766bf1f73526" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:47:57 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:11 2010 +1000" }, "message": "AppArmor: misc. base functions and defines\n\nMiscellaneous functions and defines needed by AppArmor, including\nthe base path resolution routines.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ] }