)]}' { "log": [ { "commit": "8c8946f509a494769a8c602b5ed189df01917d39", "tree": "dfd96bd6ca5ea6803c6d77f65ba37e04f78b2d3b", "parents": [ "5f248c9c251c60af3403902b26e08de43964ea0b", "1968f5eed54ce47bde488fd9a450912e4a2d7138" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 10 11:39:13 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 10 11:39:13 2010 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.infradead.org/users/eparis/notify\n\n* \u0027for-linus\u0027 of git://git.infradead.org/users/eparis/notify: (132 commits)\n fanotify: use both marks when possible\n fsnotify: pass both the vfsmount mark and inode mark\n fsnotify: walk the inode and vfsmount lists simultaneously\n fsnotify: rework ignored mark flushing\n fsnotify: remove global fsnotify groups lists\n fsnotify: remove group-\u003emask\n fsnotify: remove the global masks\n fsnotify: cleanup should_send_event\n fanotify: use the mark in handler functions\n audit: use the mark in handler functions\n dnotify: use the mark in handler functions\n inotify: use the mark in handler functions\n fsnotify: send fsnotify_mark to groups in event handling functions\n fsnotify: Exchange list heads instead of moving elements\n fsnotify: srcu to protect read side of inode and vfsmount locks\n fsnotify: use an explicit flag to indicate fsnotify_destroy_mark has been called\n fsnotify: use _rcu functions for mark list traversal\n fsnotify: place marks on object in order of group memory address\n vfs/fsnotify: fsnotify_close can delay the final work in fput\n fsnotify: store struct file not struct path\n ...\n\nFix up trivial delete/modify conflict in fs/notify/inotify/inotify.c.\n" }, { "commit": "ae7b8f4108bcffb42173f867ce845268c7202d48", "tree": "049d357dcbffe597c77c534ea211c3efd26680e3", "parents": [ "b7ba83715317007962ee318587de92f14e9c3aaa" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Dec 17 20:12:04 2009 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jul 28 09:58:16 2010 -0400" }, "message": "Audit: clean up the audit_watch split\n\nNo real changes, just cleanup to the audit_watch split patch which we done\nwith minimal code changes for easy review. Now fix interfaces to make\nthings work better.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "70d4bf6d467a330ccc947df9b2608e329d9e7708", "tree": "477dff26ac865f785e9197065e4807daeb89958c", "parents": [ "4b706372f18de53970e4c6887a96459590fef80a" ], "author": { "name": "Neil Horman", "email": "nhorman@tuxdriver.com", "time": "Tue Jul 20 06:45:56 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Jul 20 13:28:05 2010 -0700" }, "message": "drop_monitor: convert some kfree_skb call sites to consume_skb\n\nConvert a few calls from kfree_skb to consume_skb\n\nNoticed while I was working on dropwatch that I was detecting lots of internal\nskb drops in several places. While some are legitimate, several were not,\nfreeing skbs that were at the end of their life, rather than being discarded due\nto an error. This patch converts those calls sites from using kfree_skb to\nconsume_skb, which quiets the in-kernel drop_monitor code from detecting them as\ndrops. Tested successfully by myself\n\nSigned-off-by: Neil Horman \u003cnhorman@tuxdriver.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5a0e3ad6af8660be21ca98a971cd00f331318c05", "tree": "5bfb7be11a03176a87296a43ac6647975c00a1d1", "parents": [ "ed391f4ebf8f701d3566423ce8f17e614cde9806" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 24 17:04:11 2010 +0900" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Mar 30 22:02:32 2010 +0900" }, "message": "include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h\n\npercpu.h is included by sched.h and module.h and thus ends up being\nincluded when building most .c files. percpu.h includes slab.h which\nin turn includes gfp.h making everything defined by the two files\nuniversally available and complicating inclusion dependencies.\n\npercpu.h -\u003e slab.h dependency is about to be removed. Prepare for\nthis change by updating users of gfp and slab facilities include those\nheaders directly instead of assuming availability. As this conversion\nneeds to touch large number of source files, the following script is\nused as the basis of conversion.\n\n http://userweb.kernel.org/~tj/misc/slabh-sweep.py\n\nThe script does the followings.\n\n* Scan files for gfp and slab usages and update includes such that\n only the necessary includes are there. ie. if only gfp is used,\n gfp.h, if slab is used, slab.h.\n\n* When the script inserts a new include, it looks at the include\n blocks and try to put the new include such that its order conforms\n to its surrounding. It\u0027s put in the include block which contains\n core kernel includes, in the same order that the rest are ordered -\n alphabetical, Christmas tree, rev-Xmas-tree or at the end if there\n doesn\u0027t seem to be any matching order.\n\n* If the script can\u0027t find a place to put a new include (mostly\n because the file doesn\u0027t have fitting include block), it prints out\n an error message indicating which .h file needs to be added to the\n file.\n\nThe conversion was done in the following steps.\n\n1. The initial automatic conversion of all .c files updated slightly\n over 4000 files, deleting around 700 includes and adding ~480 gfp.h\n and ~3000 slab.h inclusions. The script emitted errors for ~400\n files.\n\n2. Each error was manually checked. Some didn\u0027t need the inclusion,\n some needed manual addition while adding it to implementation .h or\n embedding .c file was more appropriate for others. This step added\n inclusions to around 150 files.\n\n3. The script was run again and the output was compared to the edits\n from #2 to make sure no file was left behind.\n\n4. Several build tests were done and a couple of problems were fixed.\n e.g. lib/decompress_*.c used malloc/free() wrappers around slab\n APIs requiring slab.h to be added manually.\n\n5. The script was run on all .h files but without automatically\n editing them as sprinkling gfp.h and slab.h inclusions around .h\n files could easily lead to inclusion dependency hell. Most gfp.h\n inclusion directives were ignored as stuff from gfp.h was usually\n wildly available and often used in preprocessor macros. Each\n slab.h inclusion directive was examined and added manually as\n necessary.\n\n6. percpu.h was updated not to include slab.h.\n\n7. Build test were done on the following configurations and failures\n were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my\n distributed build env didn\u0027t work with gcov compiles) and a few\n more options had to be turned off depending on archs to make things\n build (like ipr on powerpc/64 which failed due to missing writeq).\n\n * x86 and x86_64 UP and SMP allmodconfig and a custom test config.\n * powerpc and powerpc64 SMP allmodconfig\n * sparc and sparc64 SMP allmodconfig\n * ia64 SMP allmodconfig\n * s390 SMP allmodconfig\n * alpha SMP allmodconfig\n * um on x86_64 SMP allmodconfig\n\n8. percpu.h modifications were reverted so that it could be applied as\n a separate patch and serve as bisection point.\n\nGiven the fact that I had only a couple of failures from tests on step\n6, I\u0027m fairly confident about the coverage of this conversion patch.\nIf there is a breakage, it\u0027s likely to be something in one of the arch\nheaders which should be easily discoverable easily on most builds of\nthe specific arch.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nGuess-its-ok-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Lee Schermerhorn \u003cLee.Schermerhorn@hp.com\u003e\n" }, { "commit": "c9404c9c392d557a4687c4cbda022b03cb787ce9", "tree": "1633e9e8d6a3f955297affd2c3304bdbb670a73c", "parents": [ "634bad68bc25753816594ecd390dcea980528315" ], "author": { "name": "Adam Buchbinder", "email": "adam.buchbinder@gmail.com", "time": "Fri Dec 18 15:40:42 2009 -0500" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Fri Feb 05 12:22:30 2010 +0100" }, "message": "Fix misspelling of \"should\" and \"shouldn\u0027t\" in comments.\n\nSome comments misspell \"should\" or \"shouldn\u0027t\"; this fixes them. No code changes.\n\nSigned-off-by: Adam Buchbinder \u003cadam.buchbinder@gmail.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "939cbf260c1abce6cad4b95ea4ba9f5132b660b3", "tree": "598b4ec56e0bef7d76a8a32136c24348d387756d", "parents": [ "44e51a1b7852bd421ff5303c64dcc5c8524c21ef" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Sep 23 13:46:00 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Sep 24 03:50:26 2009 -0400" }, "message": "Audit: send signal info if selinux is disabled\n\nAudit will not respond to signal requests if selinux is disabled since it is\nunable to translate the 0 sid from the sending process to a context. This\npatch just doesn\u0027t send the context info if there isn\u0027t any.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "916d75761c971b6e630a26bd4ba472e90ac9a4b9", "tree": "3a4b18d0d29c1d12f64fefbb2bc5559813a686f7", "parents": [ "9d9609851003ebed15957f0f2ce18492739ee124" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jun 24 00:02:38 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jun 24 00:02:38 2009 -0400" }, "message": "Fix rule eviction order for AUDIT_DIR\n\nIf syscall removes the root of subtree being watched, we\ndefinitely do not want the rules refering that subtree\nto be destroyed without the syscall in question having\na chance to match them.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9d9609851003ebed15957f0f2ce18492739ee124", "tree": "2c116865d2f239b5596b22a3a79eecc82f5e1299", "parents": [ "35fe4d0b1b12286a81938e9c5fdfaf639ac0ce5b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:37 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jun 24 00:00:52 2009 -0400" }, "message": "Audit: clean up all op\u003d output to include string quoting\n\nA number of places in the audit system we send an op\u003d followed by a string\nthat includes spaces. Somehow this works but it\u0027s just wrong. This patch\nmoves all of those that I could find to be quoted.\n\nExample:\n\nChange From: type\u003dCONFIG_CHANGE msg\u003daudit(1244666690.117:31): auid\u003d0 ses\u003d1\nsubj\u003dunconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op\u003dremove rule\nkey\u003d\"number2\" list\u003d4 res\u003d0\n\nChange To: type\u003dCONFIG_CHANGE msg\u003daudit(1244666690.117:31): auid\u003d0 ses\u003d1\nsubj\u003dunconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op\u003d\"remove rule\"\nkey\u003d\"number2\" list\u003d4 res\u003d0\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "cfcad62c74abfef83762dc05a556d21bdf3980a2", "tree": "d253dbf8dfa4d31379dcd886cc1b41c69921acdd", "parents": [ "ea7ae60bfe39aeedfb29571c47280bf0067ee5f3" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:36 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 23 23:50:59 2009 -0400" }, "message": "audit: seperate audit inode watches into a subfile\n\nIn preparation for converting audit to use fsnotify instead of inotify we\nseperate the inode watching code into it\u0027s own file. This is similar to\nhow the audit tree watching code is already seperated into audit_tree.c\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "ea7ae60bfe39aeedfb29571c47280bf0067ee5f3", "tree": "dae18e879a4e6d5c2ae53cf89267a6045db49da7", "parents": [ "ee080e6ce93d5993390bccf68c1df5efd9351276" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:35 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 23 23:50:40 2009 -0400" }, "message": "Audit: clean up audit_receive_skb\n\naudit_receive_skb is hard to clearly parse what it is doing to the netlink\nmessage. Clean the function up so it is easy and clear to see what is going\non.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "ee080e6ce93d5993390bccf68c1df5efd9351276", "tree": "6554d820c773f3ace97fdb1ae5defa43cbc83e05", "parents": [ "038cbcf65fd6a30c79e3917690b8c46321a27915" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:35 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 23 23:50:39 2009 -0400" }, "message": "Audit: cleanup netlink mesg handling\n\nThe audit handling of netlink messages is all over the place. Clean things\nup, use predetermined macros, generally make it more readable.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "038cbcf65fd6a30c79e3917690b8c46321a27915", "tree": "bc6fc5fbf9ac6dad6055aa77bb0b1eaf35fdaa37", "parents": [ "e85188f424c8eec7f311deed9a70bec57aeed741" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:35 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 23 23:50:37 2009 -0400" }, "message": "Audit: unify the printk of an skb when auditd not around\n\nRemove code duplication of skb printk when auditd is not around in userspace\nto deal with this message.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "def57543418a5f47debae28a0a9dea2effc11692", "tree": "9f27756c75502f6331c5c4260f36779a7b9555bc", "parents": [ "679173b724631f49e537a15fa48ea2000bdc1808" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Mar 10 18:00:14 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Apr 05 13:49:04 2009 -0400" }, "message": "Audit: remove spaces from audit_log_d_path\n\naudit_log_d_path had spaces in the strings which would be emitted on the\nerror paths. This patch simply replaces those spaces with an _ or removes\nthe needless spaces entirely.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "55ad2f8d340678397de5916b9cd960f17ebd7150", "tree": "6df2974acdd023948fda996119ff94a3eaf6ab5d", "parents": [ "b3897f567100d18e0597f638b911d23aa5e0dd23" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Thu Mar 19 09:52:47 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Apr 05 13:43:36 2009 -0400" }, "message": "audit: ignore terminating NUL in AUDIT_USER_TTY messages\n\nAUDIT_USER_TTY, like all other messages sent from user-space, is sent\nNUL-terminated. Unlike other user-space audit messages, which come only\nfrom trusted sources, AUDIT_USER_TTY messages are processed using\naudit_log_n_untrustedstring().\n\nThis patch modifies AUDIT_USER_TTY handling to ignore the trailing NUL\nand use the \"quoted_string\" representation of the message if possible.\n\nSigned-off-by: Miloslav Trmac \u003cmitr@redhat.com\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b3897f567100d18e0597f638b911d23aa5e0dd23", "tree": "32fa9d3d8faaae7a87de64163d450460b423fd87", "parents": [ "c28bb7da74ab74a2860d652493aaff7de104d79e" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Thu Mar 19 09:48:27 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Apr 05 13:43:24 2009 -0400" }, "message": "Audit: fix handling of \u0027strings\u0027 with NULL characters\n\ncurrently audit_log_n_untrustedstring() uses audit_string_contains_control()\nto check if the \u0027string\u0027 has any control characters. If the \u0027string\u0027 has an\nembedded NULL audit_string_contains_control() will return that the data has\nno control characters and will then pass the string to audit_log_n_string\nwith the total length, not the length up to the first NULL.\naudit_log_n_string() does a memcpy of the entire length and so the actual\naudit record emitted may then contain a NULL and then whatever random memory\nis after the NULL.\n\nSince we want to log the entire octet stream (if we can\u0027t trust the data\nto be a string we can\u0027t trust that a NULL isn\u0027t actually a part of it)\nwe should just consider NULL as a control character. If the caller is\ncertain they want to stop at the first NULL they should be using\naudit_log_untrustedstring.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "48887e63d6e057543067327da6b091297f7fe645", "tree": "f290af5a887bcf840a63043eb2df3a4c02ccaea3", "parents": [ "7f0ed77d241b60f70136f15b8eef30a3de1fa249" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Dec 06 01:05:50 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 09 02:27:41 2008 -0500" }, "message": "[PATCH] fix broken timestamps in AVC generated by kernel threads\n\nTimestamp in audit_context is valid only if -\u003ein_syscall is set.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a3f07114e3359fb98683069ae397220e8992a24a", "tree": "d5af821616dd749be416ccbbe3f25f6919ea0af9", "parents": [ "218d11a8b071b23b76c484fd5f72a4fe3306801e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Nov 05 12:47:09 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 09 02:27:37 2008 -0500" }, "message": "[PATCH] Audit: make audit\u003d0 actually turn off audit\n\nCurrently audit\u003d0 on the kernel command line does absolutely nothing.\nAudit always loads and always uses its resources such as creating the\nkernel netlink socket. This patch causes audit\u003d0 to actually disable\naudit. Audit will use no resources and starting the userspace auditd\ndaemon will not cause the kernel audit system to activate.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "20c6aaa39ab735c7ed78e4e5a214d250efae0a6e", "tree": "132164efa309d2df3daeb9fed80ee75da93672bc", "parents": [ "980dfb0db340b95094732d78b55311f2c539c1af" ], "author": { "name": "zhangxiliang", "email": "zhangxiliang@cn.fujitsu.com", "time": "Thu Jul 31 10:11:19 2008 +0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Aug 01 12:15:16 2008 -0400" }, "message": "[PATCH] Fix the bug of using AUDIT_STATUS_RATE_LIMIT when set fail, no error output.\n\nWhen the \"status_get-\u003emask\" is \"AUDIT_STATUS_RATE_LIMIT || AUDIT_STATUS_BACKLOG_LIMIT\".\nIf \"audit_set_rate_limit\" fails and \"audit_set_backlog_limit\" succeeds, the \"err\" value\nwill be greater than or equal to 0. It will miss the failure of rate set.\n\nSigned-off-by: Zhang Xiliang \u003czhangxiliang@cn.fujitsu.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1d6c9649e236caa2e93e3647256216e57172b011", "tree": "f2ddd51635a3aac71d11e6d6ae4d4dc698c120f5", "parents": [ "ee1d315663ee0b494898f813a266d6244b263b4f" ], "author": { "name": "Vesa-Matti J Kari", "email": "vmkari@cc.helsinki.fi", "time": "Wed Jul 23 00:06:13 2008 +0300" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Aug 01 12:05:35 2008 -0400" }, "message": "kernel/audit.c control character detection is off-by-one\n\nHello,\n\nAccording to my understanding there is an off-by-one bug in the\nfunction:\n\n audit_string_contains_control()\n\nin:\n\n kernel/audit.c\n\nPatch is included.\n\nI do not know from how many places the function is called from, but for\nexample, SELinux Access Vector Cache tries to log untrusted filenames via\ncall path:\n\navc_audit()\n audit_log_untrustedstring()\n audit_log_n_untrustedstring()\n audit_string_contains_control()\n\nIf audit_string_contains_control() detects control characters, then the\nstring is hex-encoded. But the hex\u003d0x7f dec\u003d127, DEL-character, is not\ndetected.\n\nI guess this could have at least some minor security implications, since a\nuser can create a filename with 0x7f in it, causing logged filename to\npossibly look different when someone reads it on the terminal.\n\nSigned-off-by: Vesa-Matti Kari \u003cvmkari@cc.helsinki.fi\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d8de72473effd674a3c1fe9621821f406f5587c9", "tree": "4b96ac9b82cc156f9ee01da00450f1a97222353f", "parents": [ "9f0aecdd1cd6aacee9aa8f08031f4f2e09e454dc" ], "author": { "name": "Peng Haitao", "email": "penght@cn.fujitsu.com", "time": "Tue May 20 09:13:02 2008 +0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 24 23:36:35 2008 -0400" }, "message": "[PATCH] remove useless argument type in audit_filter_user()\n\nThe second argument \"type\" is not used in audit_filter_user(), so I think that type can be removed. If I\u0027m wrong, please tell me.\n\nSigned-off-by: Peng Haitao \u003cpenght@cn.fujitsu.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "13d5ef97f0675d789f559cfebc1df9d5e2b1879c", "tree": "12202e8011e27501b47b0c008f20fd2fe875c29b", "parents": [ "481c5346d0981940ee63037eb53e4e37b0735c10" ], "author": { "name": "Peng Haitao", "email": "penght@cn.fujitsu.com", "time": "Fri May 16 10:15:04 2008 +0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 24 23:36:21 2008 -0400" }, "message": "[PATCH] kernel/audit.c: nlh-\u003enlmsg_type is gotten more than once\n\nThe first argument \"nlh-\u003enlmsg_type\" of audit_receive_filter() should be modified to \"msg_type\" in audit_receive_msg().\n\nSigned-off-by: Peng Haitao \u003cpenght@cn.fujitsu.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "fcaf1eb8685a00a99259e138e403841e984385b0", "tree": "01663c2345f200014f028b7cee2d3270e3100601", "parents": [ "6ee650467d5bf972d10441e99688e9b48171f99c" ], "author": { "name": "Andrew Morton", "email": "akpm@linux-foundation.org", "time": "Wed May 14 16:11:48 2008 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat May 17 03:30:22 2008 -0400" }, "message": "[patch 1/1] audit_send_reply(): fix error-path memory leak\n\nAddresses http://bugzilla.kernel.org/show_bug.cgi?id\u003d10663\n\nReporter: Daniel Marjamki \u003cdanielm77@spray.se\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4a761b8c1d7a3a4ee7ccf92ce255d986f601e067", "tree": "cb93a5cca0d3e29b79c4dd0bb27755f967c325af", "parents": [ "41126226e186d92a45ed664e546abb5204588359" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Fri Apr 18 13:30:15 2008 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:28:30 2008 -0400" }, "message": "[patch 2/2] Use find_task_by_vpid in audit code\n\nThe pid to lookup a task by is passed inside audit code via netlink message.\n\nThanks to Denis Lunev, netlink packets are now (since 2.6.24) _always_\nprocessed in the context of the sending task. So this is correct to lookup\nthe task with find_task_by_vpid() here.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7719e437fac119e57b17588bab3a8e39ff9d22eb", "tree": "56b08aec09225ac5587d9d8b7fee089181e26d25", "parents": [ "c782f242f0602edf848355d41e3676753c2280c8" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Sun Apr 27 02:39:56 2008 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:28:17 2008 -0400" }, "message": "[PATCH 2/2] audit: fix sparse shadowed variable warnings\n\nUse msglen as the identifier.\nkernel/audit.c:724:10: warning: symbol \u0027len\u0027 shadows an earlier one\nkernel/audit.c:575:8: originally declared here\n\nDon\u0027t use ino_f to check the inode field at the end of the functions.\nkernel/auditfilter.c:429:22: warning: symbol \u0027f\u0027 shadows an earlier one\nkernel/auditfilter.c:420:21: originally declared here\nkernel/auditfilter.c:542:22: warning: symbol \u0027f\u0027 shadows an earlier one\nkernel/auditfilter.c:529:21: originally declared here\n\ni always used as a counter for a for loop and initialized to zero before\nuse. Eliminate the inner i variables.\nkernel/auditsc.c:1295:8: warning: symbol \u0027i\u0027 shadows an earlier one\nkernel/auditsc.c:1152:6: originally declared here\nkernel/auditsc.c:1320:7: warning: symbol \u0027i\u0027 shadows an earlier one\nkernel/auditsc.c:1152:6: originally declared here\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b556f8ad58c6e9f8f485c8cef7546e3fc82c382a", "tree": "e7a1c5ce313b6dec9727d69b08b5005dc35709a3", "parents": [ "f09ac9db2aafe36fde9ebd63c8c5d776f6e7bd41" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:12:59 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:19:22 2008 -0400" }, "message": "Audit: standardize string audit interfaces\n\nThis patch standardized the string auditing interfaces. No userspace\nchanges will be visible and this is all just cleanup and consistancy\nwork. We have the following string audit interfaces to use:\n\nvoid audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len);\n\nvoid audit_log_n_string(struct audit_buffer *ab, const char *buf, size_t n);\nvoid audit_log_string(struct audit_buffer *ab, const char *buf);\n\nvoid audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string, size_t n);\nvoid audit_log_untrustedstring(struct audit_buffer *ab, const char *string);\n\nThis may be the first step to possibly fixing some of the issues that\npeople have with the string output from the kernel audit system. But we\nstill don\u0027t have an agreed upon solution to that problem.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f09ac9db2aafe36fde9ebd63c8c5d776f6e7bd41", "tree": "ae2123e2bd6c054d82d5d2a3b81fdfb30c53e46e", "parents": [ "f3d357b092956959563398b59ef2fdd10aea387d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:11:04 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:19:13 2008 -0400" }, "message": "Audit: stop deadlock from signals under load\n\nA deadlock is possible between kauditd and auditd under load if auditd\nreceives a signal. When auditd receives a signal it sends a netlink\nmessage to the kernel asking for information about the sender of the\nsignal. In that same context the audit system will attempt to send a\nnetlink message back to the userspace auditd. If kauditd has already\nfilled the socket buffer (see netlink_attachskb()) auditd will now put\nitself to sleep waiting for room to send the message. Since auditd is\nresponsible for draining that socket we have a deadlock. The fix, since\nthe response from the kernel does not need to be synchronous is to send\nthe signal information back to auditd in a separate thread. And thus\nauditd can continue to drain the audit queue normally.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f3d357b092956959563398b59ef2fdd10aea387d", "tree": "b797d759fb81aa461bf0d7734e2f5be7b5e75288", "parents": [ "2532386f480eefbdd67b48be55fb4fb3e5a6081c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:02:28 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:19:04 2008 -0400" }, "message": "Audit: save audit_backlog_limit audit messages in case auditd comes back\n\nThis patch causes the kernel audit subsystem to store up to\naudit_backlog_limit messages for use by auditd if it ever appears\nsometime in the future in userspace. This is useful to collect audit\nmessages during bootup and even when auditd is stopped. This is NOT a\nreliable mechanism, it does not ever call audit_panic, nor should it.\naudit_log_lost()/audit_panic() are called during the normal delivery\nmechanism. The messages are still sent to printk/syslog as usual and if\ntoo many messages appear to be queued they will be silently discarded.\n\nI liked doing it by default, but this patch only uses the queue in\nquestion if it was booted with audit\u003d1 or if the kernel was built\nenabling audit by default.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "2532386f480eefbdd67b48be55fb4fb3e5a6081c", "tree": "dd6a5a3c4116a67380a1336319c16632f04f80f9", "parents": [ "436c405c7d19455a71f42c9bec5fd5e028f1eb4e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:09:25 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:18:03 2008 -0400" }, "message": "Audit: collect sessionid in netlink messages\n\nPreviously I added sessionid output to all audit messages where it was\navailable but we still didn\u0027t know the sessionid of the sender of\nnetlink messages. This patch adds that information to netlink messages\nso we can audit who sent netlink messages.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d7a96f3a1ae279a2129653d6cb18d722f2f00f91", "tree": "fc38736f303133f80912f1640f2d4fac0027fe04", "parents": [ "03d37d25e0f91b28c4b6d002be6221f1af4b19d8" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 22:01:11 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:37 2008 +1000" }, "message": "Audit: internally use the new LSM audit hooks\n\nConvert Audit to use the new LSM Audit hooks instead of\nthe exported SELinux interface.\n\nBasically, use:\nsecurity_audit_rule_init\nsecuirty_audit_rule_free\nsecurity_audit_rule_known\nsecurity_audit_rule_match\n\ninstad of (respectively) :\nselinux_audit_rule_init\nselinux_audit_rule_free\naudit_rule_has_selinux\nselinux_audit_rule_match\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2a862b32f3da5a2120043921ad301322ad526084", "tree": "bb97054b2f648504f670e3eaed2626b547c4d081", "parents": [ "713a04aeaba35bb95d442cdeb52055498519be25" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 21:54:38 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:34 2008 +1000" }, "message": "Audit: use new LSM hooks instead of SELinux exports\n\nStop using the following exported SELinux interfaces:\nselinux_get_inode_sid(inode, sid)\nselinux_get_ipc_sid(ipcp, sid)\nselinux_get_task_sid(tsk, sid)\nselinux_sid_to_string(sid, ctx, len)\nkfree(ctx)\n\nand use following generic LSM equivalents respectively:\nsecurity_inode_getsecid(inode, secid)\nsecurity_ipc_getsecid*(ipcp, secid)\nsecurity_task_getsecid(tsk, secid)\nsecurity_sid_to_secctx(sid, ctx, len)\nsecurity_release_secctx(ctx, len)\n\nCall security_release_secctx only if security_secid_to_secctx\nsucceeded.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "f706d5d22c35e18ed13a4b2b4991aac75bf39df5", "tree": "89de67dd7ea1a72cbf6147bbb8a3b7cfb6e746ae", "parents": [ "5214b729e1c2dc3af8f55e6c4c548844c3bea0f5" ], "author": { "name": "Dave Jones", "email": "davej@codemonkey.org.uk", "time": "Fri Mar 28 14:15:56 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Mar 28 14:45:21 2008 -0700" }, "message": "audit: silence two kerneldoc warnings in kernel/audit.c\n\nSilence two kerneldoc warnings.\n\nWarning(kernel/audit.c:1276): No description found for parameter \u0027string\u0027\nWarning(kernel/audit.c:1276): No description found for parameter \u0027len\u0027\n\n[also fix a typo for bonus points]\n\nSigned-off-by: Dave Jones \u003cdavej@codemonkey.org.uk\u003e\nAcked-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "75c0371a2d385ecbd6e1f854d9dce20889f06736", "tree": "34a9988cfb3077c88a44b904f466d129b01caae9", "parents": [ "4f42c288e66a3395e94158badbd182b2dae8eccb" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Thu Mar 20 15:39:41 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Mar 20 15:39:41 2008 -0700" }, "message": "audit: netlink socket can be auto-bound to pid other than current-\u003epid (v2)\n\nFrom:\tPavel Emelyanov \u003cxemul@openvz.org\u003e\n\nThis patch is based on the one from Thomas.\n\nThe kauditd_thread() calls the netlink_unicast() and passes \nthe audit_pid to it. The audit_pid, in turn, is received from \nthe user space and the tool (I\u0027ve checked the audit v1.6.9) \nuses getpid() to pass one in the kernel. Besides, this tool \ndoesn\u0027t bind the netlink socket to this id, but simply creates \nit allowing the kernel to auto-bind one.\n\nThat\u0027s the preamble.\n\nThe problem is that netlink_autobind() _does_not_ guarantees\nthat the socket will be auto-bound to the current pid. Instead\nit uses the current pid as a hint to start looking for a free\nid. So, in case of conflict, the audit messages can be sent\nto a wrong socket. This can happen (it\u0027s unlikely, but can be)\nin case some task opens more than one netlink sockets and then\nthe audit one starts - in this case the audit\u0027s pid can be busy\nand its socket will be bound to another id.\n\nThe proposal is to introduce an audit_nlk_pid in audit subsys,\nthat will point to the netlink socket to send packets to. It\nwill most often be equal to audit_pid. The socket id can be \ngot from the skb\u0027s netlink CB right in the audit_receive_msg.\nThe audit_nlk_pid reset to 0 is not required, since all the\ndecisions are taken based on audit_pid value only.\n\nLater, if the audit tools will bind the socket themselves, the\nkernel will have to provide a way to setup the audit_nlk_pid\nas well.\n\nA good side effect of this patch is that audit_pid can later \nbe converted to struct pid, as it is not longer safe to use \npid_t-s in the presence of pid namespaces. But audit code still \nuses the tgid from task_struct in the audit_signal_info and in\nthe audit_filter_syscall.\n\nSigned-off-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8d07a67cface19ac07d7324f38bda7bbb06bbdb2", "tree": "4706fb5efe2ecdcfa9edac84f7a2682555808fff", "parents": [ "b29ee87e9b441e72454efd1be56aa1a05ffb2f58" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Thu Feb 21 16:59:22 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 01 07:16:06 2008 -0500" }, "message": "[PATCH] drop EOE records from printk\n\nHi,\n\nWhile we are looking at the printk issue, I see that its printk\u0027ing the EOE\n(end of event) records which is really not something that we need in syslog.\nIts really intended for the realtime audit event stream handled by the audit\ndaemon. So, lets avoid printk\u0027ing that record type.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b29ee87e9b441e72454efd1be56aa1a05ffb2f58", "tree": "03003a0f8cc126cd2ef3577f0db836e5d30ae22a", "parents": [ "422b03cf75e11dfdfb29b0f19709bac585335f86" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 21 15:53:05 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 01 07:16:06 2008 -0500" }, "message": "[RFC] AUDIT: do not panic when printk loses messages\n\nOn the latest kernels if one was to load about 15 rules, set the failure\nstate to panic, and then run service auditd stop the kernel will panic.\nThis is because auditd stops, then the script deletes all of the rules.\nThese deletions are sent as audit messages out of the printk kernel\ninterface which is already known to be lossy. These will overun the\ndefault kernel rate limiting (10 really fast messages) and will call\naudit_panic(). The same effect can happen if a slew of avc\u0027s come\nthrough while auditd is stopped.\n\nThis can be fixed a number of ways but this patch fixes the problem by\njust not panicing if auditd is not running. We know printk is lossy and\nif the user chooses to set the failure mode to panic and tries to use\nprintk we can\u0027t make any promises no matter how hard we try, so why try?\nAt least in this way we continue to get lost message accounting and will\neventually know that things went bad.\n\nThe other change is to add a new call to audit_log_lost() if auditd\ndisappears. We already pulled the skb off the queue and couldn\u0027t send\nit so that message is lost. At least this way we will account for the\nlast message and panic if the machine is configured to panic. This code\npath should only be run if auditd dies for unforeseen reasons. If\nauditd closes correctly audit_pid will get set to 0 and we won\u0027t walk\nthis code path.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cf28b4863f9ee8f122e8ff3ac0d403e07ba9c6d9", "tree": "65c91f6911b34c32e517938289621ce0e7baeaf3", "parents": [ "c32c2f63a9d6c953aaf168c0b2551da9734f76d2" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:38:44 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:17:09 2008 -0800" }, "message": "d_path: Make d_path() use a struct path\n\nd_path() is used on a \u003cdentry,vfsmount\u003e pair. Lets use a struct path to\nreflect this.\n\n[akpm@linux-foundation.org: fix build in mm/memory.c]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nAcked-by: Bryan Wu \u003cbryan.wu@analog.com\u003e\nAcked-by: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \"J. Bruce Fields\" \u003cbfields@fieldses.org\u003e\nCc: Neil Brown \u003cneilb@suse.de\u003e\nCc: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "44707fdf5938ad269ea5d6c5744d82f6a7328746", "tree": "7eb1704418eb41b859ad24bc48f6400135474d87", "parents": [ "a03a8a709a0c34b61b7aea1d54a0473a6b941fdb" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:38:33 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:17:08 2008 -0800" }, "message": "d_path: Use struct path in struct avc_audit_data\n\naudit_log_d_path() is a d_path() wrapper that is used by the audit code. To\nuse a struct path in audit_log_d_path() I need to embed it into struct\navc_audit_data.\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \"J. Bruce Fields\" \u003cbfields@fieldses.org\u003e\nCc: Neil Brown \u003cneilb@suse.de\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "320f1b1ed28c601cc152053a2f428a126cb608bc", "tree": "5865f2acf0d84b61fc81108f1bbb33896d11df84", "parents": [ "148b38dc9309044c8656aa36d5fd86069e2ea7cc" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jan 23 22:55:05 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:25:04 2008 -0500" }, "message": "[AUDIT] ratelimit printk messages audit\n\nsome printk messages from the audit system can become excessive. This\npatch ratelimits those messages. It was found that messages, such as\nthe audit backlog lost printk message could flood the logs to the point\nthat a machine could take an nmi watchdog hit or otherwise become\nunresponsive.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "148b38dc9309044c8656aa36d5fd86069e2ea7cc", "tree": "905eaa71e29c5d4f65ef8a74e225db68d31cd934", "parents": [ "ef00be0554f1af9f2b685e0e3bb9e2ec0181937e" ], "author": { "name": "Richard Knutsson", "email": "ricknu-0@student.ltu.se", "time": "Thu Jan 10 11:02:40 2008 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:24:57 2008 -0500" }, "message": "[patch 2/2] audit: complement va_copy with va_end()\n\nComplement va_copy() with va_end().\n\nSigned-off-by: Richard Knutsson \u003cricknu-0@student.ltu.se\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\n" }, { "commit": "ef00be0554f1af9f2b685e0e3bb9e2ec0181937e", "tree": "54827faae4e5bcd81fa6b4a17c80ed9990b69cf2", "parents": [ "b593d384efcff7bdf6beb1bc1bc69927977aee26" ], "author": { "name": "Andrew Morton", "email": "akpm@linux-foundation.org", "time": "Thu Jan 10 11:02:39 2008 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:24:51 2008 -0500" }, "message": "[patch 1/2] kernel/audit.c: warning fix\n\nkernel/audit.c: In function \u0027audit_log_start\u0027:\nkernel/audit.c:1133: warning: \u0027serial\u0027 may be used uninitialized in this function\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\n" }, { "commit": "b593d384efcff7bdf6beb1bc1bc69927977aee26", "tree": "9055ef0decc84dcbf0da67135535f0746e602e8e", "parents": [ "50397bd1e471391d27f64efad9271459c913de87" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 08 17:38:31 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:24:45 2008 -0500" }, "message": "[AUDIT] create context if auditing was ever enabled\n\nDisabling audit at runtime by auditctl doesn\u0027t mean that we can\nstop allocating contexts for new processes; we don\u0027t want to miss them\nwhen that sucker is reenabled.\n\n(based on work from Al Viro in the RHEL kernel series)\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "50397bd1e471391d27f64efad9271459c913de87", "tree": "2b23b983ebcb9085cbf38c1688ba0c0f28ccfd2f", "parents": [ "1a6b9f2317f18db768010252c957d99daf40678f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 18:14:19 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:24:39 2008 -0500" }, "message": "[AUDIT] clean up audit_receive_msg()\n\ngenerally clean up audit_receive_msg() don\u0027t free random memory if\nselinux_sid_to_string fails for some reason. Move generic auditing\nto a helper function\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "1a6b9f2317f18db768010252c957d99daf40678f", "tree": "e63199fab4ec31e05b22f3af10505bdcfcb57be8", "parents": [ "de6bbd1d30e5912620d25dd15e3f180ac7f9fcef" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 17:09:31 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:24:33 2008 -0500" }, "message": "[AUDIT] make audit\u003d0 really stop audit messages\n\nSome audit messages (namely configuration changes) are still emitted even if\nthe audit subsystem has been explicitly disabled. This patch turns those\nmessages off as well.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "de6bbd1d30e5912620d25dd15e3f180ac7f9fcef", "tree": "3807b13f8e2e490c258c5bb37915c95fc1bcfe20", "parents": [ "e445deb593d67c8ed13bd357c780a93d78bc84cf" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 14:31:58 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:23:55 2008 -0500" }, "message": "[AUDIT] break large execve argument logging into smaller messages\n\nexecve arguments can be quite large. There is no limit on the number of\narguments and a 4G limit on the size of an argument.\n\nthis patch prints those aruguments in bite sized pieces. a userspace size\nlimitation of 8k was discovered so this keeps messages around 7.5k\n\nsingle arguments larger than 7.5k in length are split into multiple records\nand can be identified as aX[Y]\u003d\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "e445deb593d67c8ed13bd357c780a93d78bc84cf", "tree": "b6c14711659e16f817a4cb9eaa1fd8dba0c7b162", "parents": [ "6246ccab99093a562044596dd868213caa0b2b4c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 14:19:15 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:08:14 2008 -0500" }, "message": "[AUDIT] include audit type in audit message when using printk\n\nCurrently audit drops the audit type when an audit message goes through\nprintk instead of the audit deamon. This is a minor annoyance in\nthat the audit type is no longer part of the message and the information\nthe audit type conveys needs to be carried in, or derived from the\nmessage data.\n\nThe attached patch includes the type number as part of the printk.\nAdmittedly it isn\u0027t the type name that the audit deamon provides but I\nthink this is better than dropping the type completely.\n\nSigned-pff-by: John Johansen \u003cjjohansen@suse.de\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "406a1d868001423c85a3165288e566e65f424fe6", "tree": "2663aa7139f884ba5ef0425911fc9a579fcb1c6f", "parents": [ "29ffe1a5c52dae13b6efead97aab9b058f38fce4" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Mon Jan 28 20:47:09 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Jan 31 19:27:08 2008 -0800" }, "message": "[AUDIT]: Increase skb-\u003etruesize in audit_expand\n\nThe recent UDP patch exposed this bug in the audit code. It\nwas calling pskb_expand_head without increasing skb-\u003etruesize.\nThe caller of pskb_expand_head needs to do so because that function\nis designed to be called in places where truesize is already fixed\nand therefore it doesn\u0027t update its value.\n\nBecause the audit system is using it in a place where the truesize\nhas not yet been fixed, it needs to update its value manually.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "74c3cbe33bc077ac1159cadfea608b501e100344", "tree": "4c4023caa4e15d19780255fa5880df3d36eb292c", "parents": [ "455434d450a358ac5bcf3fc58f8913d13c544622" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 08:04:18 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Oct 21 02:37:45 2007 -0400" }, "message": "[PATCH] audit: watching subtrees\n\nNew kind of audit rule predicates: \"object is visible in given subtree\".\nThe part that can be sanely implemented, that is. Limitations:\n\t* if you have hardlink from outside of tree, you\u0027d better watch\nit too (or just watch the object itself, obviously)\n\t* if you mount something under a watched tree, tell audit\nthat new chunk should be added to watched subtrees\n\t* if you umount something in a watched tree and it\u0027s still mounted\nelsewhere, you will get matches on events happening there. New command\ntells audit to recalculate the trees, trimming such sources of false\npositives.\n\nNote that it\u0027s _not_ about path - if something mounted in several places\n(multiple mount, bindings, different namespaces, etc.), the match does\n_not_ depend on which one we are using for access.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5600b892789c21749898e1ef815a2b9b152f51e0", "tree": "f06c729ce3d157a45f7d67f41d097249df9586b9", "parents": [ "bd3a8492baecde685a7568f9785651e9b11747f5" ], "author": { "name": "Daniel Walker", "email": "dwalker@mvista.com", "time": "Thu Oct 18 03:06:10 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Oct 18 14:37:25 2007 -0700" }, "message": "whitespace fixes: system auditing\n\nJust removing white space at the end of lines.\n\nSigned-off-by: Daniel Walker \u003cdwalker@mvista.com\u003e\nCc: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cd40b7d3983c708aabe3d3008ec64ffce56d33b0", "tree": "0d6fe9cfd2f03fdeee126e317d4bfb145afc458d", "parents": [ "aed815601f3f95281ab3a01f7e2cbe1bd54285a0" ], "author": { "name": "Denis V. Lunev", "email": "den@openvz.org", "time": "Wed Oct 10 21:15:29 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Oct 10 21:15:29 2007 -0700" }, "message": "[NET]: make netlink user -\u003e kernel interface synchronious\n\nThis patch make processing netlink user -\u003e kernel messages synchronious.\nThis change was inspired by the talk with Alexey Kuznetsov about current\nnetlink messages processing. He says that he was badly wrong when introduced \nasynchronious user -\u003e kernel communication.\n\nThe call netlink_unicast is the only path to send message to the kernel\nnetlink socket. But, unfortunately, it is also used to send data to the\nuser.\n\nBefore this change the user message has been attached to the socket queue\nand sk-\u003esk_data_ready was called. The process has been blocked until all\npending messages were processed. The bad thing is that this processing\nmay occur in the arbitrary process context.\n\nThis patch changes nlk-\u003edata_ready callback to get 1 skb and force packet\nprocessing right in the netlink_unicast.\n\nKernel -\u003e user path in netlink_unicast remains untouched.\n\nEINTR processing for in netlink_run_queue was changed. It forces rtnl_lock\ndrop, but the process remains in the cycle until the message will be fully\nprocessed. So, there is no need to use this kludges now.\n\nSigned-off-by: Denis V. Lunev \u003cden@openvz.org\u003e\nAcked-by: Alexey Kuznetsov \u003ckuznet@ms2.inr.ac.ru\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b4b510290b056b86611757ce1175a230f1080f53", "tree": "7bd1d45855ac7457be6d50338c60751f19e436d9", "parents": [ "e9dc86534051b78e41e5b746cccc291b57a3a311" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Sep 12 13:05:38 2007 +0200" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:49:09 2007 -0700" }, "message": "[NET]: Support multiple network namespaces with netlink\n\nEach netlink socket will live in exactly one network namespace,\nthis includes the controlling kernel sockets.\n\nThis patch updates all of the existing netlink protocols\nto only support the initial network namespace. Request\nby clients in other namespaces will get -ECONREFUSED.\nAs they would if the kernel did not have the support for\nthat netlink protocol compiled in.\n\nAs each netlink protocol is updated to be multiple network\nnamespace safe it can register multiple kernel sockets\nto acquire a presence in the rest of the network namespaces.\n\nThe implementation in af_netlink is a simple filter implementation\nat hash table insertion and hash table look up time.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "831441862956fffa17b9801db37e6ea1650b0f69", "tree": "b0334921341f8f1734bdd3243de76d676329d21c", "parents": [ "787d2214c19bcc9b6ac48af0ce098277a801eded" ], "author": { "name": "Rafael J. Wysocki", "email": "rjw@sisk.pl", "time": "Tue Jul 17 04:03:35 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Jul 17 10:23:02 2007 -0700" }, "message": "Freezer: make kernel threads nonfreezable by default\n\nCurrently, the freezer treats all tasks as freezable, except for the kernel\nthreads that explicitly set the PF_NOFREEZE flag for themselves. This\napproach is problematic, since it requires every kernel thread to either\nset PF_NOFREEZE explicitly, or call try_to_freeze(), even if it doesn\u0027t\ncare for the freezing of tasks at all.\n\nIt seems better to only require the kernel threads that want to or need to\nbe frozen to use some freezer-related code and to remove any\nfreezer-related code from the other (nonfreezable) kernel threads, which is\ndone in this patch.\n\nThe patch causes all kernel threads to be nonfreezable by default (ie. to\nhave PF_NOFREEZE set by default) and introduces the set_freezable()\nfunction that should be called by the freezable kernel threads in order to\nunset PF_NOFREEZE. It also makes all of the currently freezable kernel\nthreads call set_freezable(), so it shouldn\u0027t cause any (intentional)\nchange of behaviour to appear. Additionally, it updates documentation to\ndescribe the freezing of tasks more accurately.\n\n[akpm@linux-foundation.org: build fixes]\nSigned-off-by: Rafael J. Wysocki \u003crjw@sisk.pl\u003e\nAcked-by: Nigel Cunningham \u003cnigel@nigel.suspend2.net\u003e\nCc: Pavel Machek \u003cpavel@ucw.cz\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: Gautham R Shenoy \u003cego@in.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "522ed7767e800cff6c650ec64b0ee0677303119c", "tree": "f65ecb29f2cf885018d3557f840de3ef4be6ec64", "parents": [ "4f27c00bf80f122513d3a5be16ed851573164534" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Sun Jul 15 23:40:56 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "Audit: add TTY input auditing\n\nAdd TTY input auditing, used to audit system administrator\u0027s actions. This is\nrequired by various security standards such as DCID 6/3 and PCI to provide\nnon-repudiation of administrator\u0027s actions and to allow a review of past\nactions if the administrator seems to overstep their duties or if the system\nbecomes misconfigured for unknown reasons. These requirements do not make it\nnecessary to audit TTY output as well.\n\nCompared to an user-space keylogger, this approach records TTY input using the\naudit subsystem, correlated with other audit events, and it is completely\ntransparent to the user-space application (e.g. the console ioctls still\nwork).\n\nTTY input auditing works on a higher level than auditing all system calls\nwithin the session, which would produce an overwhelming amount of mostly\nuseless audit events.\n\nAdd an \"audit_tty\" attribute, inherited across fork (). Data read from TTYs\nby process with the attribute is sent to the audit subsystem by the kernel.\nThe audit netlink interface is extended to allow modifying the audit_tty\nattribute, and to allow sending explanatory audit events from user-space (for\nexample, a shell might send an event containing the final command, after the\ninteractive command-line editing and history expansion is performed, which\nmight be difficult to decipher from the TTY input alone).\n\nBecause the \"audit_tty\" attribute is inherited across fork (), it would be set\ne.g. for sshd restarted within an audited session. To prevent this, the\naudit_tty attribute is cleared when a process with no open TTY file\ndescriptors (e.g. after daemon startup) opens a TTY.\n\nSee https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a\nmore detailed rationale document for an older version of this patch.\n\n[akpm@linux-foundation.org: build fix]\nSigned-off-by: Miloslav Trmac \u003cmitr@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: Paul Fulghum \u003cpaulkf@microgate.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "039b6b3ed84e45a6f8316358dd2bfdc83d59fc45", "tree": "7d64edaeb2a67808742988dea3cccacecc1b17b8", "parents": [ "b2bbe383ef7e792e92a5f53be955e71bd253ab32" ], "author": { "name": "Robert P. J. Day", "email": "rpjday@mindspring.com", "time": "Tue May 08 00:29:20 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue May 08 11:15:09 2007 -0700" }, "message": "audit: add spaces on either side of case \"...\" operator.\n\nFollowing the programming advice laid down in the gcc manual, make\nsure the case \"...\" operator has spaces on either side.\n\nAccording to:\n\nhttp://gcc.gnu.org/onlinedocs/gcc-4.1.2/gcc/Case-Ranges.html#Case-Ranges:\n\n \"Be careful: Write spaces around the ..., for otherwise it may be\nparsed wrong when you use it with integer values.\"\n\nSigned-off-by: Robert P. J. Day \u003crpjday@mindspring.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "af65bdfce98d7965fbe93a48b8128444a2eea024", "tree": "e6ac5ff82a0d5067213135cdf049b912b02e824d", "parents": [ "b076deb8498e26c9aa2f44046fe5e9936ae2fb5a" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Fri Apr 20 14:14:21 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 25 22:29:03 2007 -0700" }, "message": "[NETLINK]: Switch cb_lock spinlock to mutex and allow to override it\n\nSwitch cb_lock to mutex and allow netlink kernel users to override it\nwith a subsystem specific mutex for consistent locking in dump callbacks.\nAll netlink_dump_start users have been audited not to rely on any\nside-effects of the previously used spinlock.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b529ccf2799c14346d1518e9bdf1f88f03643e99", "tree": "f899a5a5d66d2ca21724c1871ee3afeda6c4a670", "parents": [ "965ffea43d4ebe8cd7b9fee78d651268dd7d23c5" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@redhat.com", "time": "Wed Apr 25 19:08:35 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 25 22:26:34 2007 -0700" }, "message": "[NETLINK]: Introduce nlmsg_hdr() helper\n\nFor the common \"(struct nlmsghdr *)skb-\u003edata\" sequence, so that we reduce the\nnumber of direct accesses to skb-\u003edata and for consistency with all the other\ncast skb member helpers.\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "27a884dc3cb63b93c2b3b643f5b31eed5f8a4d26", "tree": "5a267e40f9b94014be38dad5de0a52b6628834e0", "parents": [ "be8bd86321fa7f06359d866ef61fb4d2f3e9dce9" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@redhat.com", "time": "Thu Apr 19 20:29:13 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 25 22:26:28 2007 -0700" }, "message": "[SK_BUFF]: Convert skb-\u003etail to sk_buff_data_t\n\nSo that it is also an offset from skb-\u003ehead, reduces its size from 8 to 4 bytes\non 64bit architectures, allowing us to combine the 4 bytes hole left by the\nlayer headers conversion, reducing struct sk_buff size to 256 bytes, i.e. 4\n64byte cachelines, and since the sk_buff slab cache is SLAB_HWCACHE_ALIGN...\n:-)\n\nMany calculations that previously required that skb-\u003e{transport,network,\nmac}_header be first converted to a pointer now can be done directly, being\nmeaningful as offsets or pointers.\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6a01b07fae482f9b34491b317056c89d3b96ca2e", "tree": "b3e80a8147101db29dcc18596ea20b1fcbeef6ad", "parents": [ "a17b4ad778e1857944f5a1df95fb7758cd5cc58d" ], "author": { "name": "Steve Grubb", "email": "sgrubb redhat com", "time": "Fri Jan 19 14:39:55 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Feb 17 21:30:12 2007 -0500" }, "message": "[PATCH] audit config lockdown\n\nThe following patch adds a new mode to the audit system. It uses the\naudit_enabled config option to introduce the idea of audit enabled, but\nconfiguration is immutable. Any attempt to change the configuration\nwhile in this mode is audited. To change the audit rules, you\u0027d need to\nreboot the machine.\n\nTo use this option, you\u0027d need a modified version of auditctl and use \"-e 2\".\nThis is intended to go at the end of the audit.rules file for people that\nwant an immutable configuration.\n\nThis patch also adds \"res\u003d\" to a number of configuration commands that did not\nhave it before.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7dfb71030f7636a0d65200158113c37764552f93", "tree": "276b812903d377b16d8828e888552fd256f48aab", "parents": [ "8a05aac2631aa0e6494d9dc990f8c68ed8b8fde7" ], "author": { "name": "Nigel Cunningham", "email": "ncunningham@linuxmail.org", "time": "Wed Dec 06 20:34:23 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:27 2006 -0800" }, "message": "[PATCH] Add include/linux/freezer.h and move definitions from sched.h\n\nMove process freezing functions from include/linux/sched.h to freezer.h, so\nthat modifications to the freezer or the kernel configuration don\u0027t require\nrecompiling just about everything.\n\n[akpm@osdl.org: fix ueagle driver]\nSigned-off-by: Nigel Cunningham \u003cnigel@suspend2.net\u003e\nCc: \"Rafael J. Wysocki\" \u003crjw@sisk.pl\u003e\nCc: Pavel Machek \u003cpavel@ucw.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "4899b8b16b302299cc91289f7b5bac295e9ab387", "tree": "e9bfd4f3a44f6a49e60f1b8930a015c6772524ef", "parents": [ "d195412c35fe777811bd58ad43fba3aacc67e15c" ], "author": { "name": "Andrew Morton", "email": "akpm@osdl.org", "time": "Fri Oct 06 00:43:48 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Oct 06 08:53:39 2006 -0700" }, "message": "[PATCH] kauditd_thread warning fix\n\nSquash this warning:\n\n kernel/audit.c: In function \u0027kauditd_thread\u0027:\n kernel/audit.c:367: warning: no return statement in function returning non-void\n\nWe might as test kthread_should_stop(), although it\u0027s not very pointful at\npresent.\n\nThe code which starts this thread looks racy - the kernel could start multiple\nthreads.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Jeff Garzik \u003cjeff@garzik.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1a70cd40cb291c25b67ec0da715a49d76719329d", "tree": "ffb4c6cd3f7ef1b92822ebbda11bd2b035c2bc86", "parents": [ "62bac0185ad3dfef11d9602980445c54d45199c6" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Sep 25 23:31:57 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:52 2006 -0700" }, "message": "[PATCH] selinux: rename selinux_ctxid_to_string\n\nRename selinux_ctxid_to_string to selinux_sid_to_string to be\nconsistent with other interfaces.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "8ef2d3040e5cf38f7d64a408038f576b4a5ec987", "tree": "def11d400d2262e104cb1c64a953276794d8c9a8", "parents": [ "3b33ac3182a4554742757a0c61ee1df162cf8225" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Sep 07 17:03:02 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Sep 11 13:32:17 2006 -0400" }, "message": "[PATCH] sanity check audit_buffer\n\nAdd sanity checks for NULL audit_buffer consistent with other\naudit_log* routines.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "6988434ee5f532c71be3131fba23283f5cf43847", "tree": "bdec2a0f267af6b3067dca31753565db25c28127", "parents": [ "73d3ec5abad3f1730ac8530899d2c14d92f3ad63" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Jul 13 13:17:12 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:50:39 2006 -0400" }, "message": "[PATCH] fix oops with CONFIG_AUDIT and !CONFIG_AUDITSYSCALL\n\nAlways initialize the audit_inode_hash[] so we don\u0027t oops on list rules.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c7bdb545d23026b18be53289fd866d1ac07f5f8c", "tree": "6d9a218871d88f7579dd53f14692df2529b6e712", "parents": [ "576a30eb6453439b3c37ba24455ac7090c247b5a" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@trustedcs.com", "time": "Tue Jun 27 13:26:11 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Thu Jun 29 16:57:55 2006 -0700" }, "message": "[NETLINK]: Encapsulate eff_cap usage within security framework.\n\nThis patch encapsulates the usage of eff_cap (in netlink_skb_params) within\nthe security framework by extending security_netlink_recv to include a required\ncapability parameter and converting all direct usage of eff_caps outside\nof the lsm modules to use the interface. It also updates the SELinux\nimplementation of the security_netlink_send and security_netlink_recv\nhooks to take advantage of the sid in the netlink_skb_params struct.\nThis also enables SELinux to perform auditing of netlink capability checks.\nPlease apply, for 2.6.18 if possible.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "34af946a22724c4e2b204957f2b24b22a0fb121c", "tree": "7881dcbd0a698257c126198cdb6d97d4e45ee51e", "parents": [ "b6cd0b772dcc5dc9b4c03d53946474dee399fa72" ], "author": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Tue Jun 27 02:53:55 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jun 27 17:32:39 2006 -0700" }, "message": "[PATCH] spin/rwlock init cleanups\n\nlocking init cleanups:\n\n - convert \" \u003d SPIN_LOCK_UNLOCKED\" to spin_lock_init() or DEFINE_SPINLOCK()\n - convert rwlocks in a similar manner\n\nthis patch was generated automatically.\n\nMotivation:\n\n - cleanliness\n - lockdep needs control of lock initialization, which the open-coded\n variants do not give\n - it\u0027s also useful for -rt and for lock debugging in general\n\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Arjan van de Ven \u003carjan@linux.intel.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9c937dcc71021f2dbf78f904f03d962dd9bcc130", "tree": "6ab53c1cf1235515307d521cecc4f76afa34e137", "parents": [ "6a2bceec0ea7fdc47aef9a3f2f771c201eaabe5d" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Jun 08 23:19:31 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:28 2006 -0400" }, "message": "[PATCH] log more info for directory entry change events\n\nWhen an audit event involves changes to a directory entry, include\na PATH record for the directory itself. A few other notable changes:\n\n - fixed audit_inode_child() hooks in fsnotify_move()\n - removed unused flags arg from audit_inode()\n - added audit log routines for logging a portion of a string\n\nHere\u0027s some sample output.\n\nbefore patch:\ntype\u003dSYSCALL msg\u003daudit(1149821605.320:26): arch\u003d40000003 syscall\u003d39 success\u003dyes exit\u003d0 a0\u003dbf8d3c7c a1\u003d1ff a2\u003d804e1b8 a3\u003dbf8d3c7c items\u003d1 ppid\u003d739 pid\u003d800 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dttyS0 comm\u003d\"mkdir\" exe\u003d\"/bin/mkdir\" subj\u003droot:system_r:unconfined_t:s0-s0:c0.c255\ntype\u003dCWD msg\u003daudit(1149821605.320:26): cwd\u003d\"/root\"\ntype\u003dPATH msg\u003daudit(1149821605.320:26): item\u003d0 name\u003d\"foo\" parent\u003d164068 inode\u003d164010 dev\u003d03:00 mode\u003d040755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_t:s0\n\nafter patch:\ntype\u003dSYSCALL msg\u003daudit(1149822032.332:24): arch\u003d40000003 syscall\u003d39 success\u003dyes exit\u003d0 a0\u003dbfdd9c7c a1\u003d1ff a2\u003d804e1b8 a3\u003dbfdd9c7c items\u003d2 ppid\u003d714 pid\u003d777 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dttyS0 comm\u003d\"mkdir\" exe\u003d\"/bin/mkdir\" subj\u003droot:system_r:unconfined_t:s0-s0:c0.c255\ntype\u003dCWD msg\u003daudit(1149822032.332:24): cwd\u003d\"/root\"\ntype\u003dPATH msg\u003daudit(1149822032.332:24): item\u003d0 name\u003d\"/root\" inode\u003d164068 dev\u003d03:00 mode\u003d040750 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_dir_t:s0\ntype\u003dPATH msg\u003daudit(1149822032.332:24): item\u003d1 name\u003d\"foo\" inode\u003d164010 dev\u003d03:00 mode\u003d040755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_t:s0\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f368c07d7214a7c41dfceb76c8db473b850f0229", "tree": "e3f1e2d1a6ffbe61bf99ece51b906654728db4c9", "parents": [ "20ca73bc792be9625af184cbec36e1372611d1c3" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Fri Apr 07 16:55:56 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:27 2006 -0400" }, "message": "[PATCH] audit: path-based rules\n\nIn this implementation, audit registers inotify watches on the parent\ndirectories of paths specified in audit rules. When audit\u0027s inotify\nevent handler is called, it updates any affected rules based on the\nfilesystem event. If the parent directory is renamed, removed, or its\nfilesystem is unmounted, audit removes all rules referencing that\ninotify watch.\n\nTo keep things simple, this implementation limits location-based\nauditing to the directory entries in an existing directory. Given\na path-based rule for /foo/bar/passwd, the following table applies:\n\n passwd modified -- audit event logged\n passwd replaced -- audit event logged, rules list updated\n bar renamed -- rule removed\n foo renamed -- untracked, meaning that the rule now applies to\n\t\t the new location\n\nAudit users typically want to have many rules referencing filesystem\nobjects, which can significantly impact filtering performance. This\npatch also adds an inode-number-based rule hash to mitigate this\nsituation.\n\nThe patch is relative to the audit git tree:\nhttp://kernel.org/git/?p\u003dlinux/kernel/git/viro/audit-current.git;a\u003dsummary\nand uses the inotify kernel API:\nhttp://lkml.org/lkml/2006/6/1/145\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5d136a010de3bc16fe595987feb9ef8868f064c2", "tree": "ce0dbf3d5da61bc9b69fa557f0f578cd980f3147", "parents": [ "0a3b483e83edb6aa6d3c49db70eeb6f1cd9f6c6b" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Thu Apr 27 16:45:14 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:23 2006 -0400" }, "message": "[PATCH] minor audit updates\n\nJust a few minor proposed updates. Only the last one will\nactually affect behavior. The rest are just misleading\ncode.\n\nSeveral AUDIT_SET functions return \u0027old\u0027 value, but only\nreturn value \u003c0 is checked for. So just return 0.\n\npropagate audit_set_rate_limit and audit_set_backlog_limit\nerror values\n\nIn audit_buffer_free, the audit_freelist_count was being\nincremented even when we discard the return buffer, so\naudit_freelist_count can end up wrong. This could cause\nthe actual freelist to shrink over time, eventually\nthreatening to degrate audit performance.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e1396065e0489f98b35021b97907ab4edbfb24e1", "tree": "a276ea0a2ece9132d435adf1a1f82d0ada1ae938", "parents": [ "473ae30bc7b1dda5c5791c773f95e9424ddfead9" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 25 10:19:47 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:21 2006 -0400" }, "message": "[PATCH] collect sid of those who send signals to auditd\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "473ae30bc7b1dda5c5791c773f95e9424ddfead9", "tree": "541f6f20b9131fcfb650ca491e291d3c6b148a1b", "parents": [ "9044e6bca5a4a575d3c068dfccb5651a2d6a13bc" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Apr 26 14:04:08 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:21 2006 -0400" }, "message": "[PATCH] execve argument logging\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9044e6bca5a4a575d3c068dfccb5651a2d6a13bc", "tree": "e0fa2beb83c3ef4e52cc6c6b28ce3173656f4276", "parents": [ "bc0f3b8ebba611291fdaa2864dbffd2d29336c64" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 22 01:09:24 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:20 2006 -0400" }, "message": "[PATCH] fix deadlocks in AUDIT_LIST/AUDIT_LIST_RULES\n\nWe should not send a pile of replies while holding audit_netlink_mutex\nsince we hold the same mutex when we receive commands. As the result,\nwe can get blocked while sending and sit there holding the mutex while\nauditctl is unable to send the next command and get around to receiving\nwhat we\u0027d sent.\n\nSolution: create skb and put them into a queue instead of sending;\nonce we are done, send what we\u0027ve got on the list. The former can\nbe done synchronously while we are handling AUDIT_LIST or AUDIT_LIST_RULES;\nwe are holding audit_netlink_mutex at that point. The latter is done\nasynchronously and without messing with audit_netlink_mutex.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ce29b682e228c70cdc91a1b2935c5adb2087bab8", "tree": "39e3e5b345748bec1c2d21962407689cdb1b7dab", "parents": [ "e7c3497013a7e5496ce3d5fd3c73b5cf5af7a56e" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Sat Apr 01 18:29:34 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:10:01 2006 -0400" }, "message": "[PATCH] More user space subject labels\n\nHi,\n\nThe patch below builds upon the patch sent earlier and adds subject label to\nall audit events generated via the netlink interface. It also cleans up a few\nother minor things.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e7c3497013a7e5496ce3d5fd3c73b5cf5af7a56e", "tree": "2a57da5e958011b300256988e414387b1455660c", "parents": [ "9c7aa6aa74fa8a5cda36e54cbbe4fffe0214497d" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Mon Apr 03 09:08:13 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:09:58 2006 -0400" }, "message": "[PATCH] Reworked patch for labels on user space messages\n\nThe below patch should be applied after the inode and ipc sid patches.\nThis patch is a reworking of Tim\u0027s patch that has been updated to match\nthe inode and ipc patches since its similar.\n\n[updated:\n\u003e Stephen Smalley also wanted to change a variable from isec to tsec in the\n\u003e user sid patch. ]\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3dc7e3153eddfcf7ba8b50628775ba516e5f759f", "tree": "926957e904739fc6c29e5125b7c1635b9f77548c", "parents": [ "376bd9cb357ec945ac893feaeb63af7370a6e70b" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@trustedcs.com", "time": "Fri Mar 10 18:14:06 2006 -0600" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:09:36 2006 -0400" }, "message": "[PATCH] support for context based audit filtering, part 2\n\nThis patch provides the ability to filter audit messages based on the\nelements of the process\u0027 SELinux context (user, role, type, mls sensitivity,\nand mls clearance). It uses the new interfaces from selinux to opaquely\nstore information related to the selinux context and to filter based on that\ninformation. It also uses the callback mechanism provided by selinux to\nrefresh the information when a new policy is loaded.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9b41046cd0ee0a57f849d6e1363f7933e363cca9", "tree": "246820e9493770e071cb92a48e7f72d8b9c90a98", "parents": [ "68eef3b4791572ecb70249c7fb145bb3742dd899" ], "author": { "name": "OGAWA Hirofumi", "email": "hirofumi@mail.parknet.co.jp", "time": "Fri Mar 31 02:30:33 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Mar 31 12:18:53 2006 -0800" }, "message": "[PATCH] Don\u0027t pass boot parameters to argv_init[]\n\nThe boot cmdline is parsed in parse_early_param() and\nparse_args(,unknown_bootoption).\n\nAnd __setup() is used in obsolete_checksetup().\n\n\tstart_kernel()\n\t\t-\u003e parse_args()\n\t\t\t-\u003e unknown_bootoption()\n\t\t\t\t-\u003e obsolete_checksetup()\n\nIf __setup()\u0027s callback (-\u003esetup_func()) returns 1 in\nobsolete_checksetup(), obsolete_checksetup() thinks a parameter was\nhandled.\n\nIf -\u003esetup_func() returns 0, obsolete_checksetup() tries other\n-\u003esetup_func(). If all -\u003esetup_func() that matched a parameter returns 0,\na parameter is seted to argv_init[].\n\nThen, when runing /sbin/init or init\u003dapp, argv_init[] is passed to the app.\nIf the app doesn\u0027t ignore those arguments, it will warning and exit.\n\nThis patch fixes a wrong usage of it, however fixes obvious one only.\n\nSigned-off-by: OGAWA Hirofumi \u003chirofumi@mail.parknet.co.jp\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "71e1c784b24a026a490b3de01541fc5ee14ebc09", "tree": "7ee3aebf84b5bd1759b2b1925e09de37cb21d97f", "parents": [ "bf45da97a45f634422559ec61429dddf4d2fffb9" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Mon Mar 06 22:40:05 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:55 2006 -0500" }, "message": "[PATCH] fix audit_init failure path\n\nMake audit_init() failure path handle situations where the audit_panic()\naction is not AUDIT_FAIL_PANIC (default is AUDIT_FAIL_PRINTK). Other uses\nof audit_sock are not reached unless audit\u0027s netlink message handler is\nproperly registered. Bug noticed by Peter Staubach.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "bf45da97a45f634422559ec61429dddf4d2fffb9", "tree": "6900ee56333ec64b1398cdfea2af9d04a01e182d", "parents": [ "5a0bbce58bb25bd756f7ec437319d6ed2201a18b" ], "author": { "name": "lorenzo@gnu.org", "email": "lorenzo@gnu.org", "time": "Thu Mar 09 00:33:47 2006 +0100" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:55 2006 -0500" }, "message": "[PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format\n\nHi,\n\nThis is a trivial patch that enables the possibility of using some auditing\nfunctions within loadable kernel modules (ie. inside a Linux Security Module).\n\n_\n\nMake the audit_log_start, audit_log_end, audit_format and audit_log\ninterfaces available to Loadable Kernel Modules, thus making possible\nthe usage of the audit framework inside LSMs, etc.\n\nSigned-off-by: \u003cLorenzo Hernández García-Hierro \u003clorenzo@gnu.org\u003e\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5a0bbce58bb25bd756f7ec437319d6ed2201a18b", "tree": "d8b263248c3eaece9a1c906e02c0795794f480de", "parents": [ "4023e020807ea249ae83f0d1d851b4c7cf0afd8a" ], "author": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Tue Mar 07 23:51:38 2006 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:55 2006 -0500" }, "message": "[PATCH] sem2mutex: audit_netlink_sem\n\nSemaphore to mutex conversion.\n\nThe conversion was generated via scripts, and the result was validated\nautomatically via a script as well.\n\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "93315ed6dd12dacfc941f9eb8ca0293aadf99793", "tree": "4fc070c92a1de21d3befe4ce48c733c65d044bb3", "parents": [ "af601e4623d0303bfafa54ec728b7ae8493a8e1b" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Tue Feb 07 12:05:27 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] audit string fields interface + consumer\n\nUpdated patch to dynamically allocate audit rule fields in kernel\u0027s\ninternal representation. Added unlikely() calls for testing memory\nallocation result.\n\nAmy Griffis wrote: [Wed Jan 11 2006, 02:02:31PM EST]\n\u003e Modify audit\u0027s kernel-userspace interface to allow the specification\n\u003e of string fields in audit rules.\n\u003e\n\u003e Signed-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n(cherry picked from 5ffc4a863f92351b720fe3e9c5cd647accff9e03 commit)\n" }, { "commit": "fe7752bab26a9ac0651b695ad4f55659761f68f7", "tree": "b2e516a52232c978fc824b226418d8a28460b8a8", "parents": [ "ee436dc46a762f430e37952d375a23d87735f73f" ], "author": { "name": "David Woodhouse", "email": "dwmw2@infradead.org", "time": "Thu Dec 15 18:33:52 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL\n\nThis fixes the per-user and per-message-type filtering when syscall\nauditing isn\u0027t enabled.\n\n[AV: folded followup fix from the same author]\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "8c8570fb8feef2bc166bee75a85748b25cda22d9", "tree": "ed783d405ea9d5f3d3ccc57fb56c7b7cb2cdfb82", "parents": [ "c8edc80c8b8c397c53f4f659a05b9ea6208029bf" ], "author": { "name": "Dustin Kirkland", "email": "dustin.kirkland@us.ibm.com", "time": "Thu Nov 03 17:15:16 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Capture selinux subject/object context information.\n\nThis patch extends existing audit records with subject/object context\ninformation. Audit records associated with filesystem inodes, ipc, and\ntasks now contain SELinux label information in the field \"subj\" if the\nitem is performing the action, or in \"obj\" if the item is the receiver\nof an action.\n\nThese labels are collected via hooks in SELinux and appended to the\nappropriate record in the audit code.\n\nThis additional information is required for Common Criteria Labeled\nSecurity Protection Profile (LSPP).\n\n[AV: fixed kmalloc flags use]\n[folded leak fixes]\n[folded cleanup from akpm (kfree(NULL)]\n[folded audit_inode_context() leak fix]\n[folded akpm\u0027s fix for audit_ipc_perm() definition in case of !CONFIG_AUDIT]\n\nSigned-off-by: Dustin Kirkland \u003cdustin.kirkland@us.ibm.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c8edc80c8b8c397c53f4f659a05b9ea6208029bf", "tree": "0b09c0ff9ea28038b711d7368100302a1cc69b6d", "parents": [ "73241ccca0f7786933f1d31b3d86f2456549953a" ], "author": { "name": "Dustin Kirkland", "email": "dustin.kirkland@us.ibm.com", "time": "Thu Nov 03 16:12:36 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Exclude messages by message type\n\n - Add a new, 5th filter called \"exclude\".\n - And add a new field AUDIT_MSGTYPE.\n - Define a new function audit_filter_exclude() that takes a message type\n as input and examines all rules in the filter. It returns \u00271\u0027 if the\n message is to be excluded, and \u00270\u0027 otherwise.\n - Call the audit_filter_exclude() function near the top of\n audit_log_start() just after asserting audit_initialized. If the\n message type is not to be audited, return NULL very early, before\n doing a lot of work.\n[combined with followup fix for bug in original patch, Nov 4, same author]\n[combined with later renaming AUDIT_FILTER_EXCLUDE-\u003eAUDIT_FILTER_TYPE\nand audit_filter_exclude() -\u003e audit_filter_type()]\n\nSigned-off-by: Dustin Kirkland \u003cdustin.kirkland@us.ibm.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "90d526c074ae5db484388da56c399acf892b6c17", "tree": "edeb7c47d9144f3995846c5fc25db8e49ef12f5d", "parents": [ "b63862f46547487388e582e8ac9083830d34f058" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Thu Nov 03 15:48:08 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:53 2006 -0500" }, "message": "[PATCH] Define new range of userspace messages.\n\nThe attached patch updates various items for the new user space\nmessages. Please apply.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "b0dd25a8263dde3c30b0d7d72a8bd92d7ba0e3f5", "tree": "8eadfe525920c8256d755b084035a513e3dcab47", "parents": [ "7e7f8a036b8e2b2a300df016da5e7128c8a9192e" ], "author": { "name": "Randy Dunlap", "email": "rdunlap@xenotime.net", "time": "Tue Sep 13 12:47:11 2005 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:53 2006 -0500" }, "message": "[PATCH] AUDIT: kerneldoc for kernel/audit*.c\n\n- add kerneldoc for non-static functions;\n- don\u0027t init static data to 0;\n- limit lines to \u003c 80 columns;\n- fix long-format style;\n- delete whitespace at end of some lines;\n\n(chrisw: resend and update to current audit-2.6 tree)\n\nSigned-off-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: Chris Wright \u003cchrisw@osdl.org\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "715b49ef2de6fcead0776d9349071670282faf65", "tree": "d09b77c804aba3b191dc0ceb294387cf730ede4b", "parents": [ "3213e913b0d6baeb28aa1affbdd4bfa7efedc35f" ], "author": { "name": "Alan Cox", "email": "alan@lxorguk.ukuu.org.uk", "time": "Wed Jan 18 17:44:07 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Jan 18 19:20:30 2006 -0800" }, "message": "[PATCH] EDAC: atomic scrub operations\n\nEDAC requires a way to scrub memory if an ECC error is found and the chipset\ndoes not do the work automatically. That means rewriting memory locations\natomically with respect to all CPUs _and_ bus masters. That means we can\u0027t\nuse atomic_add(foo, 0) as it gets optimised for non-SMP\n\nThis adds a function to include/asm-foo/atomic.h for the platforms currently\nsupported which implements a scrub of a mapped block.\n\nIt also adjusts a few other files include order where atomic.h is included\nbefore types.h as this now causes an error as atomic_scrub uses u32.\n\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "97a41e26124330e41aa10ef88cd1711bc3d17460", "tree": "1546db361efaf926c7a970e3ec6044ea8d4b6f4c", "parents": [ "b7b4d7a4666454b40b45a853bd1d296af37a85f0" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Sun Jan 08 01:02:17 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Jan 08 20:13:48 2006 -0800" }, "message": "[PATCH] kernel/: small cleanups\n\nThis patch contains the following cleanups:\n- make needlessly global functions static\n- every file should include the headers containing the prototypes for\n it\u0027s global functions\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nAcked-by: \"Paul E. McKenney\" \u003cpaulmck@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "7a4ae749a478f8bca73d4b5b8c1b8cbb178b2db5", "tree": "a8480cc6ab547c01818182112ce4bc8bdcc6f91f", "parents": [ "bf001b26793bd9f8a446577c361226fbcd617182" ], "author": { "name": "Pierre Ossman", "email": "drzeus@drzeus.cx", "time": "Mon Dec 12 00:37:22 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Dec 12 08:57:43 2005 -0800" }, "message": "[PATCH] Add try_to_freeze to kauditd\n\nkauditd was causing suspends to fail because it refused to freeze. Adding\na try_to_freeze() to its sleep loop solves the issue.\n\nSigned-off-by: Pierre Ossman \u003cdrzeus@drzeus.cx\u003e\nAcked-by: Pavel Machek \u003cpavel@suse.cz\u003e\nCc: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9796fdd829da626374458e8706daedcc0e432ddd", "tree": "a0b4af7f45267cdcdfb677c2167906c6ef981b76", "parents": [ "55016f10e31bb15b85d8c500f979dfdceb37d548" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 21 03:22:03 2005 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Oct 28 08:16:49 2005 -0700" }, "message": "[PATCH] gfp_t: kernel/*\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "dd0fc66fb33cd610bc1a5db8a5e232d34879b4d7", "tree": "51f96a9db96293b352e358f66032e1f4ff79fafb", "parents": [ "3b0e77bd144203a507eb191f7117d2c5004ea1de" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Fri Oct 07 07:46:04 2005 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Oct 08 15:00:57 2005 -0700" }, "message": "[PATCH] gfp flags annotations - part 1\n\n - added typedef unsigned int __nocast gfp_t;\n\n - replaced __nocast uses for gfp flags with gfp_t - it gives exactly\n the same warnings as far as sparse is concerned, doesn\u0027t change\n generated code (from gcc point of view we replaced unsigned int with\n typedef) and documents what\u0027s going on far better.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "5d54e69c68c05b162a56f9914cae72afd7e6f40a", "tree": "c5933858c4861bc3e358559f64ef459a1f56ab75", "parents": [ "63f3d1df1ad276a30b75339dd682a6e1f9d0c181", "b6ddc518520887a62728b0414efbf802a9dfdd55" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 09:47:30 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 09:47:30 2005 -0700" }, "message": "Merge master.kernel.org:/pub/scm/linux/kernel/git/dwmw2/audit-2.6 \n" }, { "commit": "066286071d3542243baa68166acb779187c848b3", "tree": "ef6604f16ceb13842a30311654e6a64aac716c48", "parents": [ "9a4595bc7e67962f13232ee55a64e063062c3a99" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Mon Aug 15 12:33:26 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 16:01:11 2005 -0700" }, "message": "[NETLINK]: Add \"groups\" argument to netlink_kernel_create\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4fdb3bb723db469717c6d38fda667d8b0fa86ebd", "tree": "43d82e717922e6319cf8a8f9dc5ee902c651b491", "parents": [ "020b4c12dbe3868d792a01d7c1470cd837abe10f" ], "author": { "name": "Harald Welte", "email": "laforge@netfilter.org", "time": "Tue Aug 09 19:40:55 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 15:35:08 2005 -0700" }, "message": "[NETLINK]: Add properly module refcounting for kernel netlink sockets.\n\n- Remove bogus code for compiling netlink as module\n- Add module refcounting support for modules implementing a netlink\n protocol\n- Add support for autoloading modules that implement a netlink protocol\n as soon as someone opens a socket for that protocol\n\nSigned-off-by: Harald Welte \u003claforge@netfilter.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3c789a19054034847afe80af2f23ebb0eebfbad6", "tree": "cc983b5fd132c329e16d61d408d8a26ca048cf6b", "parents": [ "c3896495942392f1a792da1cafba7a573cbf6fc2" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Wed Aug 17 16:05:35 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Aug 17 16:05:35 2005 +0100" }, "message": "AUDIT: Prevent duplicate syscall rules\n\nThe following patch against audit.81 prevents duplicate syscall rules in\na given filter list by walking the list on each rule add.\n\nI also removed the unused struct audit_entry in audit.c and made the\nstatic inlines in auditsc.c consistent.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "ce625a801664d8ed7344117bbb57510e4e0e872c", "tree": "50e6760a0b1b506b234700afddc7296b28918650", "parents": [ "d5b454f2c40c9efd0cc113bc3220ebcb66b7c022" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Mon Jul 18 14:24:46 2005 -0400" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Mon Jul 18 14:24:46 2005 -0400" }, "message": "AUDIT: Reduce contention in audit_serial()\n... by generating serial numbers only if an audit context is actually\n_used_, rather than doing so at syscall entry even when the context\nisn\u0027t necessarily marked auditable.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "d5b454f2c40c9efd0cc113bc3220ebcb66b7c022", "tree": "a8aaa30e003c9dcc07840c217760f92e4fab430a", "parents": [ "351bb722590b2329ac5e72c4b824b8b6ce6e3082" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Fri Jul 15 12:56:03 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Fri Jul 15 12:56:03 2005 +0100" }, "message": "AUDIT: Fix livelock in audit_serial().\n\nThe tricks with atomic_t were bizarre. Just do it sensibly instead.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "6c8c8ba5d7e31b37d0184c388183a6039a672417", "tree": "a655804389553060311bfae595be7ee7f97a1b31", "parents": [ "ad3f9a2238e401a1fc493b8c91341f9e57940eda" ], "author": { "name": "Victor Fusco", "email": "victor@cetuc.puc-rio.br", "time": "Wed Jul 13 22:26:57 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jul 13 22:26:57 2005 +0100" }, "message": "[AUDIT] Fix sparse warning about gfp_mask type\n\nFix the sparse warning \"implicit cast to nocast type\"\n\nSigned-off-by: Victor Fusco \u003cvictor@cetuc.puc-rio.br\u003e\nSigned-off-by: Domen Puncer \u003cdomen@coderock.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "ac4cec443a80bfde829516e7a7db10f7325aa528", "tree": "599801be12aa415d1c734cde37b1c2378fc6fe98", "parents": [ "7b430437c0de81681ecfa8efa8f55823df733529" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat Jul 02 14:08:48 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat Jul 02 14:08:48 2005 +0100" }, "message": "AUDIT: Stop waiting for backlog after audit_panic() happens\n\nWe force a rate-limit on auditable events by making them wait for space \non the backlog queue. However, if auditd really is AWOL then this could \npotentially bring the entire system to a halt, depending on the audit \nrules in effect.\n\nFirstly, make sure the wait time is honoured correctly -- it\u0027s the \nmaximum time the process should wait, rather than the time to wait \n_each_ time round the loop. We were getting re-woken _each_ time a \npacket was dequeued, and the timeout was being restarted each time.\n\nSecondly, reset the wait time after audit_panic() is called. In general \nthis will be reset to zero, to allow progress to be made. If the system\nis configured to _actually_ panic on audit_panic() then that will \nalready have happened; otherwise we know that audit records are being \nlost anyway. \n\nThese two tunables can\u0027t be exposed via AUDIT_GET and AUDIT_SET because \nthose aren\u0027t particularly well-designed. It probably should have been \ndone by sysctls or sysfs anyway -- one for a later patch.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "e1b09eba2686eca94a3a188042b518df6044a3c1", "tree": "e528e42fde80c61b21e35266584ca73b32c0a962", "parents": [ "5bb289b5a0becb53ac3e1d60815ff8b779296b73" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Fri Jun 24 17:24:11 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Fri Jun 24 17:24:11 2005 +0100" }, "message": "AUDIT: Use KERN_NOTICE for printk of audit records\n\nThey aren\u0027t errors.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "5bb289b5a0becb53ac3e1d60815ff8b779296b73", "tree": "0db75422d66eec857e0c05cd4cf4d014e7c0e264", "parents": [ "993e2d4106e94dae6e8cfbeb32073bd12cdee203" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Fri Jun 24 14:14:05 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Fri Jun 24 14:14:05 2005 +0100" }, "message": "AUDIT: Clean up user message filtering\n\nDon\u0027t look up the task by its pid and then use the syscall filtering\nhelper. Just implement our own filter helper which operates solely on\nthe information in the netlink_skb_parms. \n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "9470178e620fe8f512928eed34994572c1c44be4", "tree": "99b6d171a827cbea045119f90b62de25ff92a70f", "parents": [ "9ad9ad385be27fcc7c16d290d972c6173e780a61" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 15:40:55 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 15:40:55 2005 +0100" }, "message": "AUDIT: Remove stray declaration of tsk from audit_receive_msg().\n\nIt\u0027s not used any more.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "9ad9ad385be27fcc7c16d290d972c6173e780a61", "tree": "bbca700c2d88ba421a6c9c348de367eaf4de0e2c", "parents": [ "177bbc733a1d9c935bc3d6efd776a6699b29b1ca" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 15:04:33 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 15:04:33 2005 +0100" }, "message": "AUDIT: Wait for backlog to clear when generating messages.\n\nAdd a gfp_mask to audit_log_start() and audit_log(), to reduce the\namount of GFP_ATOMIC allocation -- most of it doesn\u0027t need to be \nGFP_ATOMIC. Also if the mask includes __GFP_WAIT, then wait up to\n60 seconds for the auditd backlog to clear instead of immediately \nabandoning the message. \n\nThe timeout should probably be made configurable, but for now it\u0027ll \nsuffice that it only happens if auditd is actually running.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "4a4cd633b575609b741a1de7837223a2d9e1c34c", "tree": "f4c3a6beb6a587598193053240f3e3f82885f1e3", "parents": [ "f6a789d19858a951e7ff9e297a44b377c21b6c33" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 14:56:47 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 14:56:47 2005 +0100" }, "message": "AUDIT: Optimise the audit-disabled case for discarding user messages\n\nAlso exempt USER_AVC message from being discarded to preserve \nexisting behaviour for SE Linux.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" } ], "next": "f6a789d19858a951e7ff9e297a44b377c21b6c33" }