)]}' { "log": [ { "commit": "496ad9aa8ef448058e36ca7a787c61f2e63f0f54", "tree": "8f4abde793cd7db5bb8fde6d27ebcacd0e54379a", "parents": [ "57eccb830f1cc93d4b506ba306d8dfa685e0c88f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jan 23 17:07:38 2013 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 22 23:31:31 2013 -0500" }, "message": "new helper: file_inode(file)\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "2a74dbb9a86e8102dcd07d284135b4530a84826e", "tree": "a54403e312b6062dfb57bd904ba8b8ce3b11e720", "parents": [ "770b6cb4d21fb3e3df2a7a51e186a3c14db1ec30", "e93072374112db9dc86635934ee761249be28370" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Dec 16 15:40:50 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Dec 16 15:40:50 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"A quiet cycle for the security subsystem with just a few maintenance\n updates.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:\n Smack: create a sysfs mount point for smackfs\n Smack: use select not depends in Kconfig\n Yama: remove locking from delete path\n Yama: add RCU to drop read locking\n drivers/char/tpm: remove tasklet and cleanup\n KEYS: Use keyring_alloc() to create special keyrings\n KEYS: Reduce initial permissions on keys\n KEYS: Make the session and process keyrings per-thread\n seccomp: Make syscall skipping and nr changes more consistent\n key: Fix resource leak\n keys: Fix unreachable code\n KEYS: Add payload preparsing opportunity prior to key instantiate or update\n" }, { "commit": "e93072374112db9dc86635934ee761249be28370", "tree": "87abc5694cd43644e754f4a00a0b6a656eb5be19", "parents": [ "111fe8bd65e473d5fc6a0478cf1e2c8c6a77489a" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Nov 01 18:14:32 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Dec 14 10:57:23 2012 -0800" }, "message": "Smack: create a sysfs mount point for smackfs\n\nThere are a number of \"conventions\" for where to put LSM filesystems.\nSmack adheres to none of them. Create a mount point at /sys/fs/smackfs\nfor mounting smackfs so that Smack can be conventional.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "111fe8bd65e473d5fc6a0478cf1e2c8c6a77489a", "tree": "8629b99d4166e0b5dd730a6e1a187e4b319e82f3", "parents": [ "3f0cc6ae86627de825d2371b6d61643f2ce58908" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Nov 02 11:28:11 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Dec 14 10:57:10 2012 -0800" }, "message": "Smack: use select not depends in Kconfig\n\nThe components NETLABEL and SECURITY_NETWORK are required by\nSmack. Using \"depends\" in Kconfig hides the Smack option\nif the user hasn\u0027t figured out that they need to be enabled\nwhile using make menuconfig. Using select is a better choice.\nBecause select is not recursive depends on NET and SECURITY\nare added. The reflects similar usage in TOMOYO and AppArmor.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "808d4e3cfdcc52b19276175464f6dbca4df13b09", "tree": "11c319127e8c1314c1ed1a777e4284032ab5bd00", "parents": [ "4b2c551f77f5a0c496e2125b1d883f4b26aabf2c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 11 11:42:01 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 11 20:02:04 2012 -0400" }, "message": "consitify do_mount() arguments\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "46a2f3b9e99353cc63e15563e8abee71162330f7", "tree": "0d8857d5209990480975cc76379f6de1b4c0bf24", "parents": [ "449543b0436a9146b855aad39eab76ae4853e88d" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed Aug 22 11:44:03 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Sep 18 09:51:06 2012 -0700" }, "message": "Smack: setprocattr memory leak fix\n\nThe data structure allocations being done in prepare_creds\nare duplicated in smack_setprocattr. This results in the\nstructure allocated in prepare_creds being orphaned and\nnever freed. The duplicate code is removed from\nsmack_setprocattr.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "449543b0436a9146b855aad39eab76ae4853e88d", "tree": "1b430fec0506e78929cfd944972d7dd49d0f76fd", "parents": [ "c00bedb368ae02a066aed8a888afc286c1df2e60" ], "author": { "name": "Rafal Krypa", "email": "r.krypa@samsung.com", "time": "Wed Jul 11 17:49:30 2012 +0200" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Sep 18 09:50:52 2012 -0700" }, "message": "Smack: implement revoking all rules for a subject label\n\nAdd /smack/revoke-subject special file. Writing a SMACK label to this file will\nset the access to \u0027-\u0027 for all access rules with that subject label.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Rafal Krypa \u003cr.krypa@samsung.com\u003e\n" }, { "commit": "c00bedb368ae02a066aed8a888afc286c1df2e60", "tree": "9f72de8b17597cdedb755c553dafe992e2724b1b", "parents": [ "e7c568e0fd0cf6d9c8ab8ea537ba8f3a3ae7c3d8" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Aug 09 17:46:38 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Sep 18 09:50:37 2012 -0700" }, "message": "Smack: remove task_wait() hook.\n\nOn 12/20/2011 11:20 PM, Jarkko Sakkinen wrote:\n\u003e Allow SIGCHLD to be passed to child process without\n\u003e explicit policy. This will help to keep the access\n\u003e control policy simple and easily maintainable with\n\u003e complex applications that require use of multiple\n\u003e security contexts. It will also help to keep them\n\u003e as isolated as possible.\n\u003e\n\u003e Signed-off-by: Jarkko Sakkinen \u003cjarkko.sakkinen@intel.com\u003e\n\nI have a slightly different version that applies to the\ncurrent smack-next tree.\n\nAllow SIGCHLD to be passed to child process without\nexplicit policy. This will help to keep the access\ncontrol policy simple and easily maintainable with\ncomplex applications that require use of multiple\nsecurity contexts. It will also help to keep them\nas isolated as possible.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n\n security/smack/smack_lsm.c | 37 ++++++++-----------------------------\n 1 files changed, 8 insertions(+), 29 deletions(-)\n" }, { "commit": "3b9fc37280c521b086943f9aedda767f5bf3b2d3", "tree": "c76cc02753da4df5d11e516d8e9373e5f0426b24", "parents": [ "f7da9cdf45cbbad5029d4858dcbc0134e06084ed" ], "author": { "name": "Alan Cox", "email": "alan@linux.intel.com", "time": "Thu Jul 26 14:47:11 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Mon Jul 30 15:04:17 2012 +1000" }, "message": "smack: off by one error\n\nConsider the input case of a rule that consists entirely of non space\nsymbols followed by a \\0. Say 64 + \\0\n\nIn this case strlen(data) \u003d 64\nkzalloc of subject and object are 64 byte objects\nsscanfdata, \"%s %s %s\", subject, ...)\n\nwill put 65 bytes into subject.\n\nSigned-off-by: Alan Cox \u003calan@linux.intel.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: stable@vger.kernel.org\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "65ee7f45cf075adcdd6b6ef365f5a5507f1ea5c5", "tree": "f674119c2d4e6eb877bb283dce89bdafa0442fa4", "parents": [ "3518721a8932b2a243f415c374aef020380efc9d" ], "author": { "name": "Rafal Krypa", "email": "r.krypa@samsung.com", "time": "Mon Jul 09 19:36:34 2012 +0200" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Jul 13 15:49:24 2012 -0700" }, "message": "Smack: don\u0027t show empty rules when /smack/load or /smack/load2 is read\n\nThis patch removes empty rules (i.e. with access set to \u0027-\u0027) from the\nrule list presented to user space.\n\nSmack by design never removes labels nor rules from its lists. Access\nfor a rule may be set to \u0027-\u0027 to effectively disable it. Such rules would\nshow up in the listing generated when /smack/load or /smack/load2 is\nread. This may cause clutter if many rules were disabled.\n\nAs a rule with access set to \u0027-\u0027 is equivalent to no rule at all, they\nmay be safely hidden from the listing.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Rafal Krypa \u003cr.krypa@samsung.com\u003e\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "3518721a8932b2a243f415c374aef020380efc9d", "tree": "f16a039687aaf395e6751b7a9edda85e83b52502", "parents": [ "1880eff77e7a7cb46c68fae7cfa33f72f0a6e70e" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Jun 18 19:01:36 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Jul 13 15:49:24 2012 -0700" }, "message": "Smack: user access check bounds\n\nSome of the bounds checking used on the /smack/access\ninterface was lost when support for long labels was\nadded. No kernel access checks are affected, however\nthis is a case where /smack/access could be used\nincorrectly and fail to detect the error. This patch\nreintroduces the original checks.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "1880eff77e7a7cb46c68fae7cfa33f72f0a6e70e", "tree": "fc4b9a2ca7c643a30cbe2260886fdbd969bf2b50", "parents": [ "eb982cb4cf6405b97ea1f9e1d10864981f269d46" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Jun 05 15:28:30 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Jul 13 15:49:23 2012 -0700" }, "message": "Smack: onlycap limits on CAP_MAC_ADMIN\n\nSmack is integrated with the POSIX capabilities scheme,\nusing the capabilities CAP_MAC_OVERRIDE and CAP_MAC_ADMIN to\ndetermine if a process is allowed to ignore Smack checks or\nchange Smack related data respectively. Smack provides an\nadditional restriction that if an onlycap value is set\nby writing to /smack/onlycap only tasks with that Smack\nlabel are allowed to use CAP_MAC_OVERRIDE.\n\nThis change adds CAP_MAC_ADMIN as a capability that is affected\nby the onlycap mechanism.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "eb982cb4cf6405b97ea1f9e1d10864981f269d46", "tree": "8d89448e0ef96d587ea8052021a721e632b4b318", "parents": [ "417c6c8ee2eb6975f357d8975af94ba5fbeaf82d" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed May 23 17:46:58 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Jul 13 15:49:23 2012 -0700" }, "message": "Smack: fix smack_new_inode bogosities\n\nIn January of 2012 Al Viro pointed out three bits of code that\nhe titled \"new_inode_smack bogosities\". This patch repairs these\nerrors.\n\n1. smack_sb_kern_mount() included a NULL check that is impossible.\n The check and NULL case are removed.\n2. smack_kb_kern_mount() included pointless locking. The locking is\n removed. Since this is the only place that lock was used the lock\n is removed from the superblock_smack structure.\n3. smk_fill_super() incorrectly and unnecessarily set the Smack label\n for the smackfs root inode. The assignment has been removed.\n\nTargeted for git://gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "e5467859f7f79b69fc49004403009dfdba3bec53", "tree": "73b011daf79eeddd61bbcaf65cd197b5e5f6f149", "parents": [ "d007794a182bc072a7b7479909dbd0d67ba341be" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 30 13:30:51 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 31 13:11:54 2012 -0400" }, "message": "split -\u003efile_mmap() into -\u003emmap_addr()/-\u003emmap_file()\n\n... i.e. file-dependent and address-dependent checks.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d007794a182bc072a7b7479909dbd0d67ba341be", "tree": "75aa7ccd563a0fe8b60391824c92f64098674dda", "parents": [ "cf74d14c4fbce9bcc9eb62f52d721d3399a2b87f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 30 13:11:37 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 31 13:10:54 2012 -0400" }, "message": "split cap_mmap_addr() out of cap_file_mmap()\n\n... switch callers.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ff2bb047c4bce9742e94911eeb44b4d6ff4734ab", "tree": "9d9b1cfa3fc17f0cc13f34ca697306cb1f46b05f", "parents": [ "cffee16e8b997ab947de661e8820e486b0830c94", "c737f8284cac91428f8fcc8281e69117fa16e887" ], "author": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue May 22 11:21:06 2012 +1000" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue May 22 11:21:06 2012 +1000" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into next\n\nPer pull request, for 3.5.\n" }, { "commit": "f7112e6c9abf1c70f001dcf097c1d6e218a93f5c", "tree": "8ddcab31388e3f220f3ef911f4ec9dce8ac4be92", "parents": [ "ceffec5541cc22486d3ff492e3d76a33a68fbfa3" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Sun May 06 15:22:02 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@vaio-ubuntu.(none)", "time": "Mon May 14 22:48:38 2012 -0700" }, "message": "Smack: allow for significantly longer Smack labels v4\n\nV4 updated to current linux-security#next\nTargeted for git://gitorious.org/smack-next/kernel.git\n\nModern application runtime environments like to use\nnaming schemes that are structured and generated without\nhuman intervention. Even though the Smack limit of 23\ncharacters for a label name is perfectly rational for\nhuman use there have been complaints that the limit is\na problem in environments where names are composed from\na set or sources, including vendor, author, distribution\nchannel and application name. Names like\n\n\tsoftwarehouse-pgwodehouse-coolappstore-mellowmuskrats\n\nare becoming harder to avoid. This patch introduces long\nlabel support in Smack. Labels are now limited to 255\ncharacters instead of the old 23.\n\nThe primary reason for limiting the labels to 23 characters\nwas so they could be directly contained in CIPSO category sets.\nThis is still done were possible, but for labels that are too\nlarge a mapping is required. This is perfectly safe for communication\nthat stays \"on the box\" and doesn\u0027t require much coordination\nbetween boxes beyond what would have been required to keep label\nnames consistent.\n\nThe bulk of this patch is in smackfs, adding and updating\nadministrative interfaces. Because existing APIs can\u0027t be\nchanged new ones that do much the same things as old ones\nhave been introduced.\n\nThe Smack specific CIPSO data representation has been removed\nand replaced with the data format used by netlabel. The CIPSO\nheader is now computed when a label is imported rather than\non use. This results in improved IP performance. The smack\nlabel is now allocated separately from the containing structure,\nallowing for larger strings.\n\nFour new /smack interfaces have been introduced as four\nof the old interfaces strictly required labels be specified\nin fixed length arrays.\n\nThe access interface is supplemented with the check interface:\n\taccess \"Subject Object rwxat\"\n\taccess2 \"Subject Object rwaxt\"\n\nThe load interface is supplemented with the rules interface:\n\tload \"Subject Object rwxat\"\n\tload2 \"Subject Object rwaxt\"\n\nThe load-self interface is supplemented with the self-rules interface:\n\tload-self \"Subject Object rwxat\"\n\tload-self2 \"Subject Object rwaxt\"\n\nThe cipso interface is supplemented with the wire interface:\n\tcipso \"Subject lvl cnt c1 c2 ...\"\n\tcipso2 \"Subject lvl cnt c1 c2 ...\"\n\nThe old interfaces are maintained for compatibility.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "ceffec5541cc22486d3ff492e3d76a33a68fbfa3", "tree": "d1eaebc1b1894ed9391959cc9f5846543a4b4e42", "parents": [ "2267b13a7cad1f9dfe0073c1f902d45953f9faff" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Mar 29 16:19:05 2012 +0900" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@vaio-ubuntu.(none)", "time": "Mon May 14 22:47:44 2012 -0700" }, "message": "gfp flags for security_inode_alloc()?\n\nDave Chinner wrote:\n\u003e Yes, because you have no idea what the calling context is except\n\u003e for the fact that is from somewhere inside filesystem code and the\n\u003e filesystem could be holding locks. Therefore, GFP_NOFS is really the\n\u003e only really safe way to allocate memory here.\n\nI see. Thank you.\n\nI\u0027m not sure, but can call trace happen where somewhere inside network\nfilesystem or stackable filesystem code with locks held invokes operations that\ninvolves GFP_KENREL memory allocation outside that filesystem?\n----------\n[PATCH] SMACK: Fix incorrect GFP_KERNEL usage.\n\nnew_inode_smack() which can be called from smack_inode_alloc_security() needs\nto use GFP_NOFS like SELinux\u0027s inode_alloc_security() does, for\nsecurity_inode_alloc() is called from inode_init_always() and\ninode_init_always() is called from xfs_inode_alloc() which is using GFP_NOFS.\n\nsmack_inode_init_security() needs to use GFP_NOFS like\nselinux_inode_init_security() does, for initxattrs() callback function (e.g.\nbtrfs_initxattrs()) which is called from security_inode_init_security() is\nusing GFP_NOFS.\n\nsmack_audit_rule_match() needs to use GFP_ATOMIC, for\nsecurity_audit_rule_match() can be called from audit_filter_user_rules() and\naudit_filter_user_rules() is called from audit_filter_user() with RCU read lock\nheld.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "2267b13a7cad1f9dfe0073c1f902d45953f9faff", "tree": "c0797ecce868fe590ac46a5d511a2f3812de15d1", "parents": [ "2cc8a71641b4460783ea3bd7a3476043fdf85397" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Mar 13 19:14:19 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@vaio-ubuntu.(none)", "time": "Mon May 14 22:45:17 2012 -0700" }, "message": "Smack: recursive tramsmute\n\nThe transmuting directory feature of Smack requires that\nthe transmuting attribute be explicitly set in all cases.\nIt seems the users of this facility would expect that the\ntransmuting attribute be inherited by subdirectories that\nare created in a transmuting directory. This does not seem\nto add any additional complexity to the understanding of\nhow the system works.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "86812bb0de1a3758dc6c7aa01a763158a7c0638a", "tree": "41cb41cd7fe52730a3fe8c88ca298c2494f9040a", "parents": [ "592fe8980688e7cba46897685d014c7fb3018a67" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Apr 17 18:55:46 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Apr 18 12:02:28 2012 +1000" }, "message": "Smack: move label list initialization\n\nA kernel with Smack enabled will fail if tmpfs has xattr support.\n\nMove the initialization of predefined Smack label\nlist entries to the LSM initialization from the\nsmackfs setup. This became an issue when tmpfs\nacquired xattr support, but was never correct.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "923e9a1399b620d063cd88537c64561bc3d5f905", "tree": "5d7aec3e06664c7f96726b9439a42a565bcc86ab", "parents": [ "94fb175c0414902ad9dbd956addf3a5feafbc85b" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Apr 10 13:26:44 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 10 16:14:40 2012 -0700" }, "message": "Smack: build when CONFIG_AUDIT not defined\n\nThis fixes builds where CONFIG_AUDIT is not defined and\nCONFIG_SECURITY_SMACK\u003dy.\n\nThis got introduced by the stack-usage reducation commit 48c62af68a40\n(\"LSM: shrink the common_audit_data data union\").\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "50c205f5e5c2e2af002fd4ef537ded79b90b1b56", "tree": "9965a7746aa8c5e982357d5b8c46850f3283206c", "parents": [ "07f62eb66c6626aa5653a0fcb34c9c040d0bd032" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:43 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:04 2012 -0400" }, "message": "LSM: do not initialize common_audit_data to 0\n\nIt isn\u0027t needed. If you don\u0027t set the type of the data associated with\nthat type it is a pretty obvious programming bug. So why waste the cycles?\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "83d498569e9a7a4b92c4c5d3566f2d6a604f28c9", "tree": "e0d77f21bda5bec5ace52b3fa557f87b1bb57631", "parents": [ "95dbf739313f09c8d859bde1373bc264ef979337" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:45:40 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:50 2012 -0400" }, "message": "SELinux: rename dentry_open to file_open\n\ndentry_open takes a file, rename it to file_open\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b61c37f57988567c84359645f8202a7c84bc798a", "tree": "a808c891711d060060a751f4119198dc06e2c847", "parents": [ "3f0882c48286e7bdb0bbdec9c4bfa934e0db8e09" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 02 15:48:12 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:59 2012 -0700" }, "message": "lsm_audit: don\u0027t specify the audit pre/post callbacks in \u0027struct common_audit_data\u0027\n\nIt just bloats the audit data structure for no good reason, since the\nonly time those fields are filled are just before calling the\ncommon_lsm_audit() function, which is also the only user of those\nfields.\n\nSo just make them be the arguments to common_lsm_audit(), rather than\nbloating that structure that is passed around everywhere, and is\ninitialized in hot paths.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "48c62af68a403ef1655546bd3e021070c8508573", "tree": "ba938e4fb45d5bdaad2dad44071d0625f8e36945", "parents": [ "3b3b0e4fc15efa507b902d90cea39e496a523c3b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 02 13:15:44 2012 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:10 2012 -0700" }, "message": "LSM: shrink the common_audit_data data union\n\nAfter shrinking the common_audit_data stack usage for private LSM data I\u0027m\nnot going to shrink the data union. To do this I\u0027m going to move anything\nlarger than 2 void * ptrs to it\u0027s own structure and require it to be declared\nseparately on the calling stack. Thus hot paths which don\u0027t need more than\na couple pointer don\u0027t have to declare space to hold large unneeded\nstructures. I could get this down to one void * by dealing with the key\nstruct and the struct path. We\u0027ll see if that is helpful after taking care of\nnetworking.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3b3b0e4fc15efa507b902d90cea39e496a523c3b", "tree": "d7b91c21ad6c6f4ac21dd51297b74eec47c61684", "parents": [ "95694129b43165911dc4e8a972f0d39ad98d86be" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 03 09:37:02 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:48:40 2012 -0700" }, "message": "LSM: shrink sizeof LSM specific portion of common_audit_data\n\nLinus found that the gigantic size of the common audit data caused a big\nperf hit on something as simple as running stat() in a loop. This patch\nrequires LSMs to declare the LSM specific portion separately rather than\ndoing it in a union. Thus each LSM can be responsible for shrinking their\nportion and don\u0027t have to pay a penalty just because other LSMs have a\nbigger space requirement.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4040153087478993cbf0809f444400a3c808074c", "tree": "2dc7af85b0cf930f1656553bd38410b8c16601a6", "parents": [ "191c542442fdf53cc3c496c00be13367fd9cd42d" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Mon Feb 13 03:58:52 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 14 10:45:42 2012 +1100" }, "message": "security: trim security.h\n\nTrim security.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d8c9584ea2a92879f471fd3a2be3af6c534fb035", "tree": "3541b9c6228f820bdc65e4875156eb27b1c91cb1", "parents": [ "ece2ccb668046610189d88d6aaf05aeb09c988a1" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 07 18:16:57 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:16:53 2012 -0500" }, "message": "vfs: prefer -\u003edentry-\u003ed_sb to -\u003emnt-\u003emnt_sb\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "40809565ca57a8e94bae20b22da014c44ec233f6", "tree": "6cad3fa8f6345934cf6c67552235869973524d21", "parents": [ "0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Nov 10 15:02:22 2011 -0800" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Fri Nov 11 11:07:21 2011 -0800" }, "message": "Smack: smackfs cipso seq read repair\n\nCommit 272cd7a8c67dd40a31ecff76a503bbb84707f757 introduced\na change to the way rule lists are handled and reported in\nthe smackfs filesystem. One of the issues addressed had to\ndo with the termination of read requests on /smack/load.\nThis change introduced a error in /smack/cipso, which shares\nsome of the same list processing code.\n\nThis patch updates all the file access list handling in\nsmackfs to use the code introduced for /smack/load.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d", "tree": "eac36ba696cf33bbbe3fcd490589ef453d9c8ef1", "parents": [ "d86b2b61d4dea614d6f319772a90a8f98b55ed67" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.j.sakkinen@gmail.com", "time": "Tue Oct 18 21:21:36 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Thu Oct 20 16:07:31 2011 -0700" }, "message": "Smack: allow to access /smack/access as normal user\n\nAllow query access as a normal user removing the need\nfor CAP_MAC_ADMIN. Give RW access to /smack/access\nfor UGO. Do not import smack labels in access check.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.j.sakkinen@gmail.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "d86b2b61d4dea614d6f319772a90a8f98b55ed67", "tree": "8d7647ea8d46630e3a09cd74210b9d4c94b86833", "parents": [ "16014d87509e26d6ed6935adbbf437a571fb5870" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.j.sakkinen@gmail.com", "time": "Tue Oct 18 14:34:28 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Tue Oct 18 09:02:57 2011 -0700" }, "message": "Smack: fix: invalid length set for the result of /smack/access\n\nForgot to update simple_transaction_set() to take terminator\ncharacter into account.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.j.sakkinen@gmail.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "16014d87509e26d6ed6935adbbf437a571fb5870", "tree": "bdf8641b1412d5e8cd1abe39eca5bc62caf99ad0", "parents": [ "f8859d98c1d1e73393285fb9dd57007839956247" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.j.sakkinen@gmail.com", "time": "Fri Oct 14 13:16:24 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Fri Oct 14 08:56:49 2011 -0700" }, "message": "Smack: compilation fix\n\nOn some build configurations PER_CLEAR_ON_SETID symbol was not\nfound when compiling smack_lsm.c. This patch fixes the issue by\nexplicitly doing #include \u003clinux/personality.h\u003e.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.j.sakkinen@gmail.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "f8859d98c1d1e73393285fb9dd57007839956247", "tree": "a6937380935074702febe48239bb891b4242752d", "parents": [ "84088ba239293abb24260c6c36d86e8775b6707f" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.sakkinen@intel.com", "time": "Mon Oct 10 14:29:28 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:30:07 2011 -0700" }, "message": "Smack: fix for /smack/access output, use string instead of byte\n\nSmall fix for the output of access SmackFS file. Use string\nis instead of byte. Makes it easier to extend API if it is\nneeded.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.sakkinen@intel.com\u003e\n" }, { "commit": "84088ba239293abb24260c6c36d86e8775b6707f", "tree": "7a8936d22156d108241725fae705979316fc6350", "parents": [ "975d5e55c2e78b755bd0b92b71db1c241c5a2665" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.sakkinen@intel.com", "time": "Fri Oct 07 09:27:53 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:28:15 2011 -0700" }, "message": "Smack: domain transition protections (v3)\n\nProtections for domain transition:\n\n- BPRM unsafe flags\n- Secureexec\n- Clear unsafe personality bits.\n- Clear parent death signal\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.sakkinen@intel.com\u003e\n" }, { "commit": "975d5e55c2e78b755bd0b92b71db1c241c5a2665", "tree": "7f39bc6c89720a5abdf617cd1e83c0904d04ec08", "parents": [ "ce8a432197d9892689eb4896f690b9fe6b3de598" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Sep 26 14:43:39 2011 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:27:05 2011 -0700" }, "message": "Smack: Provide information for UDS getsockopt(SO_PEERCRED)\n\nThis patch is targeted for the smack-next tree.\n\nThis patch takes advantage of the recent changes for performance\nand points the packet labels on UDS connect at the output label of\nthe far side. This makes getsockopt(...SO_PEERCRED...) function\nproperly. Without this change the getsockopt does not provide any\ninformation.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "ce8a432197d9892689eb4896f690b9fe6b3de598", "tree": "09dff875df15be3a36f3e0dcb760d0064d4da935", "parents": [ "531f1d453ed8a8acee4015bd64e7bcc2eab939e4" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Sep 29 18:21:01 2011 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:26:07 2011 -0700" }, "message": "Smack: Clean up comments\n\nThere are a number of comments in the Smack code that\nare either malformed or include code. This patch cleans\nthem up.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "531f1d453ed8a8acee4015bd64e7bcc2eab939e4", "tree": "0dd06c1ecc894444c42350c76c5712899d2ddb78", "parents": [ "272cd7a8c67dd40a31ecff76a503bbb84707f757" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Sep 19 12:41:42 2011 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:24:28 2011 -0700" }, "message": "Smack: Repair processing of fcntl\n\nAl Viro pointed out that the processing of fcntl done\nby Smack appeared poorly designed. He was right. There\nare three things that required change. Most obviously,\nthe list of commands that really imply writing is limited\nto those involving file locking and signal handling.\nThe initialization if the file security blob was\nincomplete, requiring use of a heretofore unused LSM hook.\nFinally, the audit information coming from a helper\nmasked the identity of the LSM hook. This patch corrects\nall three of these defects.\n\nThis is targeted for the smack-next tree pending comments.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "272cd7a8c67dd40a31ecff76a503bbb84707f757", "tree": "467f83c94eb14f8f34508efe891c0dcc62a7ac24", "parents": [ "828716c28fe4aa232ea280ea8ed6fb103eefb6ac" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Sep 20 12:24:36 2011 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:23:13 2011 -0700" }, "message": "Smack: Rule list lookup performance\n\nThis patch is targeted for the smack-next tree.\n\nSmack access checks suffer from two significant performance\nissues. In cases where there are large numbers of rules the\nsearch of the single list of rules is wasteful. Comparing the\nstring values of the smack labels is less efficient than a\nnumeric comparison would.\n\nThese changes take advantage of the Smack label list, which\nmaintains the mapping of Smack labels to secids and optional\nCIPSO labels. Because the labels are kept perpetually, an\naccess check can be done strictly based on the address of the\nlabel in the list without ever looking at the label itself.\nRather than keeping one global list of rules the rules with\na particular subject label can be based off of that label\nlist entry. The access check need never look at entries that\ndo not use the current subject label.\n\nThis requires that packets coming off the network with\nCIPSO direct Smack labels that have never been seen before\nbe treated carefully. The only case where they could be\ndelivered is where the receiving socket has an IPIN star\nlabel, so that case is explicitly addressed.\n\nOn a system with 39,800 rules (200 labels in all permutations)\na system with this patch runs an access speed test in 5% of\nthe time of the old version. That should be a best case\nimprovement. If all of the rules are associated with the\nsame subject label and all of the accesses are for processes\nwith that label (unlikely) the improvement is about 30%.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "828716c28fe4aa232ea280ea8ed6fb103eefb6ac", "tree": "f75377cf3e770a9a67feb64fb8bef867735a975b", "parents": [ "545a7260343bbaf11c7f1a4b8c3d9660bb9266e5" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.sakkinen@intel.com", "time": "Thu Sep 08 10:12:01 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:21:32 2011 -0700" }, "message": "Smack: check permissions from user space (v2)\n\nAdds a new file into SmackFS called \u0027access\u0027. Wanted\nSmack permission is written into /smack/access.\nAfter that result can be read from the opened file.\nIf access applies result contains 1 and otherwise\n0. File access is protected from race conditions\nby using simple_transaction_get()/set() API.\n\nFixes from the previous version:\n- Removed smack.h changes, refactoring left-over\nfrom previous version.\n- Removed #include \u003clinux/smack.h\u003e, refactoring\nleft-over from previous version.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.sakkinen@intel.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "82c21bfab41a77bc01affe21bea9727d776774a7", "tree": "b0c5850be07c7f6d747df389f8f15780887da630", "parents": [ "87a0874cf19f1bc9bd25bd7d053a0ea25ccf8373" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Aug 01 11:10:33 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Aug 01 17:58:33 2011 -0700" }, "message": "doc: Update the email address for Paul Moore in various source files\n\nMy @hp.com will no longer be valid starting August 5, 2011 so an update is\nnecessary. My new email address is employer independent so we don\u0027t have\nto worry about doing this again any time soon.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "e74f71eb78a4a8b9eaf1bc65f20f761648e85f76", "tree": "7bc7fc1344f5ed6e3ce8132b36125ef5cec6407c", "parents": [ "10556cb21a0d0b24d95f00ea6df16f599a3345b2" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jun 20 19:38:15 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jul 20 01:43:26 2011 -0400" }, "message": "-\u003epermission() sanitizing: don\u0027t pass flags to -\u003einode_permission()\n\npass that via mask instead.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b7b57551bbda1390959207f79f2038aa7adb72ae", "tree": "d591a08e7e45615b51d8b5ee1634a29920f62c3f", "parents": [ "434d42cfd05a7cc452457a81d2029540cba12150", "7a627e3b9a2bd0f06945bbe64bcf403e788ecf6e" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 24 23:20:19 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 24 23:20:19 2011 +1000" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into for-linus\n\nConflicts:\n\tlib/flex_array.c\n\tsecurity/selinux/avc.c\n\tsecurity/selinux/hooks.c\n\tsecurity/selinux/ss/policydb.c\n\tsecurity/smack/smack_lsm.c\n\nManually resolve conflicts.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "92f4250901476fcadc4f52ace36e453c61f5591d", "tree": "eadee3bbaa53226874d64dcb192699775fdf3792", "parents": [ "a269434d2fb48a4d66c1d7bf821b7874b59c5b41" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 13:15:55 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 18:14:45 2011 -0400" }, "message": "SMACK: smack_file_lock can use the struct path\n\nsmack_file_lock has a struct path, so use that instead of only the\ndentry.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "a269434d2fb48a4d66c1d7bf821b7874b59c5b41", "tree": "9c84b5f3e9f3adb3dd4a7e9da2b72dd7fe7eec49", "parents": [ "f48b7399840b453e7282b523f535561fe9638a2d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 13:10:27 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 18:14:07 2011 -0400" }, "message": "LSM: separate LSM_AUDIT_DATA_DENTRY from LSM_AUDIT_DATA_PATH\n\nThis patch separates and audit message that only contains a dentry from\none that contains a full path. This allows us to make it harder to\nmisuse the interfaces or for the interfaces to be implemented wrong.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "f48b7399840b453e7282b523f535561fe9638a2d", "tree": "29eed009469d35473367708ea60b9c5b01fc0c5f", "parents": [ "0dc1ba24f7fff659725eecbba2c9ad679a0954cd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 12:54:27 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 18:13:15 2011 -0400" }, "message": "LSM: split LSM_AUDIT_DATA_FS into _PATH and _INODE\n\nThe lsm common audit code has wacky contortions making sure which pieces\nof information are set based on if it was given a path, dentry, or\ninode. Split this into path and inode to get rid of some of the code\ncomplexity.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "1c9904297451f558191e211a48d8838b4bf792b0", "tree": "9c7cabec6ce3d6604147de73953cfaca672f1c0d", "parents": [ "6b697323a78bed254ee372f71b1a6a2901bb4b7a" ], "author": { "name": "Andi Kleen", "email": "ak@linux.intel.com", "time": "Thu Apr 21 17:23:19 2011 -0700" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 10:20:32 2011 -0400" }, "message": "SECURITY: Move exec_permission RCU checks into security modules\n\nRight now all RCU walks fall back to reference walk when CONFIG_SECURITY\nis enabled, even though just the standard capability module is active.\nThis is because security_inode_exec_permission unconditionally fails\nRCU walks.\n\nMove this decision to the low level security module. This requires\npassing the RCU flags down the security hook. This way at least\nthe capability module and a few easy cases in selinux/smack work\nwith RCU walks with CONFIG_SECURITY\u003dy\n\nSigned-off-by: Andi Kleen \u003cak@linux.intel.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "8c9e80ed276fc4b9c9fadf29d8bf6b3576112f1a", "tree": "7595dd217545593675d40f85cfb11d69697a8300", "parents": [ "8d082f8f3fb89e8a1fcb5120ad98cd9860c8a3e8" ], "author": { "name": "Andi Kleen", "email": "ak@linux.intel.com", "time": "Thu Apr 21 17:23:19 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 22 16:17:29 2011 -0700" }, "message": "SECURITY: Move exec_permission RCU checks into security modules\n\nRight now all RCU walks fall back to reference walk when CONFIG_SECURITY\nis enabled, even though just the standard capability module is active.\nThis is because security_inode_exec_permission unconditionally fails\nRCU walks.\n\nMove this decision to the low level security module. This requires\npassing the RCU flags down the security hook. This way at least\nthe capability module and a few easy cases in selinux/smack work\nwith RCU walks with CONFIG_SECURITY\u003dy\n\nSigned-off-by: Andi Kleen \u003cak@linux.intel.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "25985edcedea6396277003854657b5f3cb31a628", "tree": "f026e810210a2ee7290caeb737c23cb6472b7c38", "parents": [ "6aba74f2791287ec407e0f92487a725a25908067" ], "author": { "name": "Lucas De Marchi", "email": "lucas.demarchi@profusion.mobi", "time": "Wed Mar 30 22:57:33 2011 -0300" }, "committer": { "name": "Lucas De Marchi", "email": "lucas.demarchi@profusion.mobi", "time": "Thu Mar 31 11:26:23 2011 -0300" }, "message": "Fix common misspellings\n\nFixes generated by \u0027codespell\u0027 and manually reviewed.\n\nSigned-off-by: Lucas De Marchi \u003clucas.demarchi@profusion.mobi\u003e\n" }, { "commit": "fe3fa43039d47ee4e22caf460b79b62a14937f79", "tree": "9eab8d00f1227b9fe0959f32a62d892ed35803ba", "parents": [ "ee009e4a0d4555ed522a631bae9896399674f064", "026eb167ae77244458fa4b4b9fc171209c079ba7" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:38:10 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:38:10 2011 +1100" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into next\n" }, { "commit": "75a25637bf8a1b8fbed2368c0a3ec15c66a534f1", "tree": "038d52827d9a285fed1bb384f06d7adabf4ef674", "parents": [ "db904aa8147440b750a35d58befed38155a1abb9" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed Feb 09 19:58:42 2011 -0800" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed Feb 09 19:58:42 2011 -0800" }, "message": "Smack: correct final mmap check comparison\n\nThe mmap policy enforcement checks the access of the\nSMACK64MMAP subject against the current subject incorrectly.\nThe check as written works correctly only if the access\nrules involved have the same access. This is the common\ncase, so initial testing did not find a problem.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "db904aa8147440b750a35d58befed38155a1abb9", "tree": "faaeea888a0ff5ca9c1e935bda15914a551458a2", "parents": [ "0e0a070d3a47d279de66e08244769556deae2eee" ], "author": { "name": "Shan Wei", "email": "shanwei@cn.fujitsu.com", "time": "Wed Feb 09 19:58:11 2011 -0800" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed Feb 09 19:58:11 2011 -0800" }, "message": "security:smack: kill unused SMACK_LIST_MAX, MAY_ANY and MAY_ANYWRITE\n\nKill unused macros of SMACK_LIST_MAX, MAY_ANY and MAY_ANYWRITE.\nv2: As Casey Schaufler\u0027s advice, also remove MAY_ANY.\n\nSigned-off-by: Shan Wei \u003cshanwei@cn.fujitsu.com\u003e\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "0e0a070d3a47d279de66e08244769556deae2eee", "tree": "8d9c07464833076a40c1d95dd2f8f33716509290", "parents": [ "821404434f3324bf23f545050ff64055a149766e" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Feb 08 16:36:24 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Feb 09 18:50:23 2011 +1100" }, "message": "Smack: correct behavior in the mmap hook\n\nThe mmap policy enforcement was not properly handling the\n interaction between the global and local rule lists.\n Instead of going through one and then the other, which\n missed the important case where a rule specified that\n there should be no access, combine the access limitations\n where there is a rule in each list.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2a7dba391e5628ad665ce84ef9a6648da541ebab", "tree": "ba0722bd74d2c883dbda7ff721850bab411cac04", "parents": [ "821404434f3324bf23f545050ff64055a149766e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 01 11:05:39 2011 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 01 11:12:29 2011 -0500" }, "message": "fs/vfs/security: pass last path component to LSM on inode creation\n\nSELinux would like to implement a new labeling behavior of newly created\ninodes. We currently label new inodes based on the parent and the creating\nprocess. This new behavior would also take into account the name of the\nnew object when deciding the new label. This is not the (supposed) full path,\njust the last component of the path.\n\nThis is very useful because creating /etc/shadow is different than creating\n/etc/passwd but the kernel hooks are unable to differentiate these\noperations. We currently require that userspace realize it is doing some\ndifficult operation like that and than userspace jumps through SELinux hoops\nto get things set up correctly. This patch does not implement new\nbehavior, that is obviously contained in a seperate SELinux patch, but it\ndoes pass the needed name down to the correct LSM hook. If no such name\nexists it is fine to pass NULL.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "7898e1f8e9eb1bee88c92d636e0ab93f2cbe31c6", "tree": "d4aaa367bb42d0ff9d1e4ba227f248b5b9cd7687", "parents": [ "aeda4ac3efc29e4d55989abd0a73530453aa69ba" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Jan 17 08:05:27 2011 -0800" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Jan 17 08:05:27 2011 -0800" }, "message": "Subject: [PATCH] Smack: mmap controls for library containment\n\n In the embedded world there are often situations\n where libraries are updated from a variety of sources,\n for a variety of reasons, and with any number of\n security characteristics. These differences\n might include privilege required for a given library\n provided interface to function properly, as occurs\n from time to time in graphics libraries. There are\n also cases where it is important to limit use of\n libraries based on the provider of the library and\n the security aware application may make choices\n based on that criteria.\n\n These issues are addressed by providing an additional\n Smack label that may optionally be assigned to an object,\n the SMACK64MMAP attribute. An mmap operation is allowed\n if there is no such attribute.\n\n If there is a SMACK64MMAP attribute the mmap is permitted\n only if a subject with that label has all of the access\n permitted a subject with the current task label.\n\n Security aware applications may from time to time\n wish to reduce their \"privilege\" to avoid accidental use\n of privilege. One case where this arises is the\n environment in which multiple sources provide libraries\n to perform the same functions. An application may know\n that it should eschew services made available from a\n particular vendor, or of a particular version.\n\n In support of this a secondary list of Smack rules has\n been added that is local to the task. This list is\n consulted only in the case where the global list has\n approved access. It can only further restrict access.\n Unlike the global last, if no entry is found on the\n local list access is granted. An application can add\n entries to its own list by writing to /smack/load-self.\n\n The changes appear large as they involve refactoring\n the list handling to accomodate there being more\n than one rule list.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "d2e7ad19229f982fc1eb731827d82ceac90abfb3", "tree": "98a3741b4d4b27a48b3c7ea9babe331e539416a8", "parents": [ "d03a5d888fb688c832d470b749acc5ed38e0bc1d", "0c21e3aaf6ae85bee804a325aa29c325209180fd" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 10 09:46:24 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 10 09:46:24 2011 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n\nConflicts:\n\tsecurity/smack/smack_lsm.c\n\nVerified and added fix by Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nOk\u0027d by Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3610cda53f247e176bcbb7a7cca64bc53b12acdb", "tree": "d780bc1e405116e75a194b2f4693a6f9bbe9f58f", "parents": [ "44b8288308ac9da27eab7d7bdbf1375a568805c3" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Jan 05 15:38:53 2011 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Jan 05 15:38:53 2011 -0800" }, "message": "af_unix: Avoid socket-\u003esk NULL OOPS in stream connect security hooks.\n\nunix_release() can asynchornously set socket-\u003esk to NULL, and\nit does so without holding the unix_state_lock() on \"other\"\nduring stream connects.\n\nHowever, the reverse mapping, sk-\u003esk_socket, is only transitioned\nto NULL under the unix_state_lock().\n\nTherefore make the security hooks follow the reverse mapping instead\nof the forward mapping.\n\nReported-by: Jeremy Fitzhardinge \u003cjeremy@goop.org\u003e\nReported-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5c6d1125f8dbd1bfef39e38fbc2837003be78a59", "tree": "368d34e800bc5478442679323270d776b79501e8", "parents": [ "fe27d4b012273640e033be80f143bdc54daa8e16" ], "author": { "name": "Jarkko Sakkinen", "email": "ext-jarkko.2.sakkinen@nokia.com", "time": "Tue Dec 07 13:34:01 2010 +0200" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Dec 07 14:04:02 2010 -0800" }, "message": "Smack: Transmute labels on specified directories\n\nIn a situation where Smack access rules allow processes\nwith multiple labels to write to a directory it is easy\nto get into a situation where the directory gets cluttered\nwith files that the owner can\u0027t deal with because while\nthey could be written to the directory a process at the\nlabel of the directory can\u0027t write them. This is generally\nthe desired behavior, but when it isn\u0027t it is a real\nissue.\n\nThis patch introduces a new attribute SMACK64TRANSMUTE that\ninstructs Smack to create the file with the label of the directory\nunder certain circumstances.\n\nA new access mode, \"t\" for transmute, is made available to\nSmack access rules, which are expanded from \"rwxa\" to \"rwxat\".\nIf a file is created in a directory marked as transmutable\nand if access was granted to perform the operation by a rule\nthat included the transmute mode, then the file gets the\nSmack label of the directory instead of the Smack label of the\ncreating process.\n\nNote that this is equivalent to creating an empty file at the\nlabel of the directory and then having the other process write\nto it. The transmute scheme requires that both the access rule\nallows transmutation and that the directory be explicitly marked.\n\nSigned-off-by: Jarkko Sakkinen \u003cext-jarkko.2.sakkinen@nokia.com\u003e\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "676dac4b1bee0469d6932f698aeb77e8489f5861", "tree": "196b4cb35cf8dfdff0698dc4368cfd00acc7391a", "parents": [ "93ae86e759299718c611bc543b9b1633bf32905a" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Dec 02 06:43:39 2010 -0800" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Dec 02 06:43:39 2010 -0800" }, "message": "This patch adds a new security attribute to Smack called\nSMACK64EXEC. It defines label that is used while task is\nrunning.\n\nException: in smack_task_wait() child task is checked\nfor write access to parent task using label inherited\nfrom the task that forked it.\n\nFixed issues from previous submit:\n- SMACK64EXEC was not read when SMACK64 was not set.\n- inode security blob was not updated after setting\n SMACK64EXEC\n- inode security blob was not updated when removing\n SMACK64EXEC\n" }, { "commit": "b4e0d5f0791bd6dd12a1c1edea0340969c7c1f90", "tree": "1ed1def6d5dea2cdae6b6e52571677fa7650edd5", "parents": [ "7e70cb4978507cf31d76b90e4cfb4c28cad87f0c" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed Nov 24 17:12:10 2010 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 29 09:04:35 2010 +1100" }, "message": "Smack: UDS revision\n\nThis patch addresses a number of long standing issues\n with the way Smack treats UNIX domain sockets.\n\n All access control was being done based on the label of\n the file system object. This is inconsistant with the\n internet domain, in which access is done based on the\n IPIN and IPOUT attributes of the socket. As a result\n of the inode label policy it was not possible to use\n a UDS socket for label cognizant services, including\n dbus and the X11 server.\n\n Support for SCM_PEERSEC on UDS sockets is also provided.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "12b3052c3ee8f508b2c7ee4ddd63ed03423409d8", "tree": "b97d0f209f363cfad94ce9d075312274e349da89", "parents": [ "6800e4c0ea3e96cf78953b8b5743381cb1bb9e37" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 15 18:36:29 2010 -0500" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Nov 15 15:40:01 2010 -0800" }, "message": "capabilities/syslog: open code cap_syslog logic to fix build failure\n\nThe addition of CONFIG_SECURITY_DMESG_RESTRICT resulted in a build\nfailure when CONFIG_PRINTK\u003dn. This is because the capabilities code\nwhich used the new option was built even though the variable in question\ndidn\u0027t exist.\n\nThe patch here fixes this by moving the capabilities checks out of the\nLSM and into the caller. All (known) LSMs should have been calling the\ncapabilities hook already so it actually makes the code organization\nbetter to eliminate the hook altogether.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "fc14f2fef682df677d64a145256dbd263df2aa7b", "tree": "74f6b939fbad959a43c04ec646cd0adc8af5f53a", "parents": [ "848b83a59b772b8f102bc5e3f1187c2fa5676959" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 25 01:48:30 2010 +0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 29 04:16:28 2010 -0400" }, "message": "convert get_sb_single() users\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "092e0e7e520a1fca03e13c9f2d157432a8657ff2", "tree": "451897252c4c08c4b5a8ef535da156f1e817e80b", "parents": [ "79f14b7c56d3b3ba58f8b43d1f70b9b71477a800", "776c163b1b93c8dfa5edba885bc2bfbc2d228a5f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Oct 22 10:52:56 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Oct 22 10:52:56 2010 -0700" }, "message": "Merge branch \u0027llseek\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl\n\n* \u0027llseek\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl:\n vfs: make no_llseek the default\n vfs: don\u0027t use BKL in default_llseek\n llseek: automatically add .llseek fop\n libfs: use generic_file_llseek for simple_attr\n mac80211: disallow seeks in minstrel debug code\n lirc: make chardev nonseekable\n viotape: use noop_llseek\n raw: use explicit llseek file operations\n ibmasmfs: use generic_file_llseek\n spufs: use llseek in all file operations\n arm/omap: use generic_file_llseek in iommu_debug\n lkdtm: use generic_file_llseek in debugfs\n net/wireless: use generic_file_llseek in debugfs\n drm: use noop_llseek\n" }, { "commit": "d5630b9d276bd389299ffea620b7c340ab19bcf5", "tree": "4e97cadf12518fb107f9e7140fa94343bd6643f5", "parents": [ "2606fd1fa5710205b23ee859563502aa18362447" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Oct 13 16:24:48 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:50 2010 +1100" }, "message": "security: secid_to_secctx returns len when data is NULL\n\nWith the (long ago) interface change to have the secid_to_secctx functions\ndo the string allocation instead of having the caller do the allocation we\nlost the ability to query the security server for the length of the\nupcoming string. The SECMARK code would like to allocate a netlink skb\nwith enough length to hold the string but it is just too unclean to do the\nstring allocation twice or to do the allocation the first time and hold\nonto the string and slen. This patch adds the ability to call\nsecurity_secid_to_secctx() with a NULL data pointer and it will just set\nthe slen pointer.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b0ae19811375031ae3b3fecc65b702a9c6e5cc28", "tree": "a765b71155fbed1ed3a3cff35c1044ad49a002ae", "parents": [ "9b3056cca09529d34af2d81305b2a9c6b622ca1b" ], "author": { "name": "KOSAKI Motohiro", "email": "kosaki.motohiro@jp.fujitsu.com", "time": "Fri Oct 15 04:21:18 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:44 2010 +1100" }, "message": "security: remove unused parameter from security_task_setscheduler()\n\nAll security modules shouldn\u0027t change sched_param parameter of\nsecurity_task_setscheduler(). This is not only meaningless, but also\nmake a harmful result if caller pass a static variable.\n\nThis patch remove policy and sched_param parameter from\nsecurity_task_setscheduler() becuase none of security module is\nusing it.\n\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: KOSAKI Motohiro \u003ckosaki.motohiro@jp.fujitsu.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6038f373a3dc1f1c26496e60b6c40b164716f07e", "tree": "a0d3bbd026eea41b9fc36b8c722cbaf56cd9f825", "parents": [ "1ec5584e3edf9c4bf2c88c846534d19cf986ba11" ], "author": { "name": "Arnd Bergmann", "email": "arnd@arndb.de", "time": "Sun Aug 15 18:52:59 2010 +0200" }, "committer": { "name": "Arnd Bergmann", "email": "arnd@arndb.de", "time": "Fri Oct 15 15:53:27 2010 +0200" }, "message": "llseek: automatically add .llseek fop\n\nAll file_operations should get a .llseek operation so we can make\nnonseekable_open the default for future file operations without a\n.llseek pointer.\n\nThe three cases that we can automatically detect are no_llseek, seq_lseek\nand default_llseek. For cases where we can we can automatically prove that\nthe file offset is always ignored, we use noop_llseek, which maintains\nthe current behavior of not returning an error from a seek.\n\nNew drivers should normally not use noop_llseek but instead use no_llseek\nand call nonseekable_open at open time. Existing drivers can be converted\nto do the same when the maintainer knows for certain that no user code\nrelies on calling seek on the device file.\n\nThe generated code is often incorrectly indented and right now contains\ncomments that clarify for each added line why a specific variant was\nchosen. In the version that gets submitted upstream, the comments will\nbe gone and I will manually fix the indentation, because there does not\nseem to be a way to do that using coccinelle.\n\nSome amount of new code is currently sitting in linux-next that should get\nthe same modifications, which I will do at the end of the merge window.\n\nMany thanks to Julia Lawall for helping me learn to write a semantic\npatch that does all this.\n\n\u003d\u003d\u003d\u003d\u003d begin semantic patch \u003d\u003d\u003d\u003d\u003d\n// This adds an llseek\u003d method to all file operations,\n// as a preparation for making no_llseek the default.\n//\n// The rules are\n// - use no_llseek explicitly if we do nonseekable_open\n// - use seq_lseek for sequential files\n// - use default_llseek if we know we access f_pos\n// - use noop_llseek if we know we don\u0027t access f_pos,\n// but we still want to allow users to call lseek\n//\n@ open1 exists @\nidentifier nested_open;\n@@\nnested_open(...)\n{\n\u003c+...\nnonseekable_open(...)\n...+\u003e\n}\n\n@ open exists@\nidentifier open_f;\nidentifier i, f;\nidentifier open1.nested_open;\n@@\nint open_f(struct inode *i, struct file *f)\n{\n\u003c+...\n(\nnonseekable_open(...)\n|\nnested_open(...)\n)\n...+\u003e\n}\n\n@ read disable optional_qualifier exists @\nidentifier read_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\nexpression E;\nidentifier func;\n@@\nssize_t read_f(struct file *f, char *p, size_t s, loff_t *off)\n{\n\u003c+...\n(\n *off \u003d E\n|\n *off +\u003d E\n|\n func(..., off, ...)\n|\n E \u003d *off\n)\n...+\u003e\n}\n\n@ read_no_fpos disable optional_qualifier exists @\nidentifier read_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\n@@\nssize_t read_f(struct file *f, char *p, size_t s, loff_t *off)\n{\n... when !\u003d off\n}\n\n@ write @\nidentifier write_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\nexpression E;\nidentifier func;\n@@\nssize_t write_f(struct file *f, const char *p, size_t s, loff_t *off)\n{\n\u003c+...\n(\n *off \u003d E\n|\n *off +\u003d E\n|\n func(..., off, ...)\n|\n E \u003d *off\n)\n...+\u003e\n}\n\n@ write_no_fpos @\nidentifier write_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\n@@\nssize_t write_f(struct file *f, const char *p, size_t s, loff_t *off)\n{\n... when !\u003d off\n}\n\n@ fops0 @\nidentifier fops;\n@@\nstruct file_operations fops \u003d {\n ...\n};\n\n@ has_llseek depends on fops0 @\nidentifier fops0.fops;\nidentifier llseek_f;\n@@\nstruct file_operations fops \u003d {\n...\n .llseek \u003d llseek_f,\n...\n};\n\n@ has_read depends on fops0 @\nidentifier fops0.fops;\nidentifier read_f;\n@@\nstruct file_operations fops \u003d {\n...\n .read \u003d read_f,\n...\n};\n\n@ has_write depends on fops0 @\nidentifier fops0.fops;\nidentifier write_f;\n@@\nstruct file_operations fops \u003d {\n...\n .write \u003d write_f,\n...\n};\n\n@ has_open depends on fops0 @\nidentifier fops0.fops;\nidentifier open_f;\n@@\nstruct file_operations fops \u003d {\n...\n .open \u003d open_f,\n...\n};\n\n// use no_llseek if we call nonseekable_open\n////////////////////////////////////////////\n@ nonseekable1 depends on !has_llseek \u0026\u0026 has_open @\nidentifier fops0.fops;\nidentifier nso ~\u003d \"nonseekable_open\";\n@@\nstruct file_operations fops \u003d {\n... .open \u003d nso, ...\n+.llseek \u003d no_llseek, /* nonseekable */\n};\n\n@ nonseekable2 depends on !has_llseek @\nidentifier fops0.fops;\nidentifier open.open_f;\n@@\nstruct file_operations fops \u003d {\n... .open \u003d open_f, ...\n+.llseek \u003d no_llseek, /* open uses nonseekable */\n};\n\n// use seq_lseek for sequential files\n/////////////////////////////////////\n@ seq depends on !has_llseek @\nidentifier fops0.fops;\nidentifier sr ~\u003d \"seq_read\";\n@@\nstruct file_operations fops \u003d {\n... .read \u003d sr, ...\n+.llseek \u003d seq_lseek, /* we have seq_read */\n};\n\n// use default_llseek if there is a readdir\n///////////////////////////////////////////\n@ fops1 depends on !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier readdir_e;\n@@\n// any other fop is used that changes pos\nstruct file_operations fops \u003d {\n... .readdir \u003d readdir_e, ...\n+.llseek \u003d default_llseek, /* readdir is present */\n};\n\n// use default_llseek if at least one of read/write touches f_pos\n/////////////////////////////////////////////////////////////////\n@ fops2 depends on !fops1 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier read.read_f;\n@@\n// read fops use offset\nstruct file_operations fops \u003d {\n... .read \u003d read_f, ...\n+.llseek \u003d default_llseek, /* read accesses f_pos */\n};\n\n@ fops3 depends on !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier write.write_f;\n@@\n// write fops use offset\nstruct file_operations fops \u003d {\n... .write \u003d write_f, ...\n+\t.llseek \u003d default_llseek, /* write accesses f_pos */\n};\n\n// Use noop_llseek if neither read nor write accesses f_pos\n///////////////////////////////////////////////////////////\n\n@ fops4 depends on !fops1 \u0026\u0026 !fops2 \u0026\u0026 !fops3 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier read_no_fpos.read_f;\nidentifier write_no_fpos.write_f;\n@@\n// write fops use offset\nstruct file_operations fops \u003d {\n...\n .write \u003d write_f,\n .read \u003d read_f,\n...\n+.llseek \u003d noop_llseek, /* read and write both use no f_pos */\n};\n\n@ depends on has_write \u0026\u0026 !has_read \u0026\u0026 !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier write_no_fpos.write_f;\n@@\nstruct file_operations fops \u003d {\n... .write \u003d write_f, ...\n+.llseek \u003d noop_llseek, /* write uses no f_pos */\n};\n\n@ depends on has_read \u0026\u0026 !has_write \u0026\u0026 !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier read_no_fpos.read_f;\n@@\nstruct file_operations fops \u003d {\n... .read \u003d read_f, ...\n+.llseek \u003d noop_llseek, /* read uses no f_pos */\n};\n\n@ depends on !has_read \u0026\u0026 !has_write \u0026\u0026 !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\n@@\nstruct file_operations fops \u003d {\n...\n+.llseek \u003d noop_llseek, /* no read or write fn */\n};\n\u003d\u003d\u003d\u003d\u003d End semantic patch \u003d\u003d\u003d\u003d\u003d\n\nSigned-off-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nCc: Julia Lawall \u003cjulia@diku.dk\u003e\nCc: Christoph Hellwig \u003chch@infradead.org\u003e\n" }, { "commit": "3cfc2c42c1cbc8e238bb9c0612c0df4565e3a8b4", "tree": "5adc1ff2eaf64d450bf28bb6b2ce890db2567288", "parents": [ "5cf65713f87775c548e3eb48dbafa32e12f28000", "0ea6e61122196509af82cc4f36cbdaacbefb8227" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 04 15:31:02 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 04 15:31:02 2010 -0700" }, "message": "Merge branch \u0027for-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\n* \u0027for-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (48 commits)\n Documentation: update broken web addresses.\n fix comment typo \"choosed\" -\u003e \"chosen\"\n hostap:hostap_hw.c Fix typo in comment\n Fix spelling contorller -\u003e controller in comments\n Kconfig.debug: FAIL_IO_TIMEOUT: typo Faul -\u003e Fault\n fs/Kconfig: Fix typo Userpace -\u003e Userspace\n Removing dead MACH_U300_BS26\n drivers/infiniband: Remove unnecessary casts of private_data\n fs/ocfs2: Remove unnecessary casts of private_data\n libfc: use ARRAY_SIZE\n scsi: bfa: use ARRAY_SIZE\n drm: i915: use ARRAY_SIZE\n drm: drm_edid: use ARRAY_SIZE\n synclink: use ARRAY_SIZE\n block: cciss: use ARRAY_SIZE\n comment typo fixes: charater \u003d\u003e character\n fix comment typos concerning \"challenge\"\n arm: plat-spear: fix typo in kerneldoc\n reiserfs: typo comment fix\n update email address\n ...\n" }, { "commit": "d09ca73979460b96d5d4684d588b188be9a1f57d", "tree": "217543affc5c1c76181ffca00c23cfa69f1dd4f6", "parents": [ "9cfcac810e8993fa7a5bfd24b1a21f1dbbb03a7b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 23 11:43:57 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:07 2010 +1000" }, "message": "security: make LSMs explicitly mask off permissions\n\nSELinux needs to pass the MAY_ACCESS flag so it can handle auditting\ncorrectly. Presently the masking of MAY_* flags is done in the VFS. In\norder to allow LSMs to decide what flags they care about and what flags\nthey don\u0027t just pass them all and the each LSM mask off what they don\u0027t\nneed. This patch should contain no functional changes to either the VFS or\nany LSM.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "af4f136056c984b0aa67feed7d3170b958370b2f", "tree": "30b62cd9174044cbdfdddc1fe5e0f21e7ddde85c", "parents": [ "5ad18a0d59ba9e65b3c8b2b489fd23bc6b3daf94" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jul 01 15:07:43 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:57 2010 +1000" }, "message": "security: move LSM xattrnames to xattr.h\n\nMake the security extended attributes names global. Updated to move\nthe remaining Smack xattrs.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3e62cbb8436f6c0cb799c8b7f106de7f662a7b8d", "tree": "d36565a4a6f7e0372a1fd9a8750b005635c9c335", "parents": [ "c3ef1500ec833890275172c7d063333404b64d60" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Tue Jun 01 09:14:04 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:39 2010 +1000" }, "message": "smack: opt_dentry is never null in in smack_d_instantiate()\n\nThis patch removes some unneeded code for if opt_dentry is null because\nthat can never happen.\n\nThe function dereferences \"opt_dentry\" earlier when it checks\n\"if (opt_dentry-\u003ed_parent \u003d\u003d opt_dentry) {\". That code was added in\n2008.\n\nThis function called from security_d_instantiate(). I checked all the\nplaces which call security_d_instantiate() and dentry is always non-null.\nI also checked the selinux version of this hook and there is a comment\nwhich says that dentry should be non-null if called from\nd_instantiate().\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "421f91d21ad6f799dc7b489bb33cc560ccc56f98", "tree": "aaf9f6385233fdf9277e634603156c89ede7f770", "parents": [ "65155b3708137fabee865dc4da822763c0c41208" ], "author": { "name": "Uwe Kleine-König", "email": "u.kleine-koenig@pengutronix.de", "time": "Fri Jun 11 12:17:00 2010 +0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Jun 16 18:05:05 2010 +0200" }, "message": "fix typos concerning \"initiali[zs]e\"\n\nSigned-off-by: Uwe Kleine-König \u003cu.kleine-koenig@pengutronix.de\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "0ffbe2699cda6afbe08501098dff8a8c2fe6ae09", "tree": "81b1a2305d16c873371b65c5a863c0268036cefe", "parents": [ "4e5d6f7ec3833c0da9cf34fa5c53c6058c5908b6", "7ebd467551ed6ae200d7835a84bbda0dcadaa511" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 10:56:07 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 10:56:07 2010 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "98ec4373bab1d839f794e9a4edc29f77eb9d897e", "tree": "d1ad9adfa7551e7bbbe4d631162c66ae2804b89d", "parents": [ "c5b60b5e67af8be4c58d3ffcc36894f69c4fbdc1" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Apr 23 12:48:12 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 27 08:46:00 2010 +1000" }, "message": "SMACK: Don\u0027t #include Ext2 headers\n\nDon\u0027t #include Ext2 headers into Smack unnecessarily.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e2902eb79fdea3c3bf679a8f15f3432b393cb2c0", "tree": "ce72f1fa2838313fb724ac3b9aa98e553f1fffd0", "parents": [ "dd3e7836bfe093fc611f715c323cf53be9252b27" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:10:35 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 08 09:20:21 2010 +1000" }, "message": "SMACK: remove dead cred_commit hook\n\nThis is an unused hook in SMACK so remove it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5a0e3ad6af8660be21ca98a971cd00f331318c05", "tree": "5bfb7be11a03176a87296a43ac6647975c00a1d1", "parents": [ "ed391f4ebf8f701d3566423ce8f17e614cde9806" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 24 17:04:11 2010 +0900" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Mar 30 22:02:32 2010 +0900" }, "message": "include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h\n\npercpu.h is included by sched.h and module.h and thus ends up being\nincluded when building most .c files. percpu.h includes slab.h which\nin turn includes gfp.h making everything defined by the two files\nuniversally available and complicating inclusion dependencies.\n\npercpu.h -\u003e slab.h dependency is about to be removed. Prepare for\nthis change by updating users of gfp and slab facilities include those\nheaders directly instead of assuming availability. As this conversion\nneeds to touch large number of source files, the following script is\nused as the basis of conversion.\n\n http://userweb.kernel.org/~tj/misc/slabh-sweep.py\n\nThe script does the followings.\n\n* Scan files for gfp and slab usages and update includes such that\n only the necessary includes are there. ie. if only gfp is used,\n gfp.h, if slab is used, slab.h.\n\n* When the script inserts a new include, it looks at the include\n blocks and try to put the new include such that its order conforms\n to its surrounding. It\u0027s put in the include block which contains\n core kernel includes, in the same order that the rest are ordered -\n alphabetical, Christmas tree, rev-Xmas-tree or at the end if there\n doesn\u0027t seem to be any matching order.\n\n* If the script can\u0027t find a place to put a new include (mostly\n because the file doesn\u0027t have fitting include block), it prints out\n an error message indicating which .h file needs to be added to the\n file.\n\nThe conversion was done in the following steps.\n\n1. The initial automatic conversion of all .c files updated slightly\n over 4000 files, deleting around 700 includes and adding ~480 gfp.h\n and ~3000 slab.h inclusions. The script emitted errors for ~400\n files.\n\n2. Each error was manually checked. Some didn\u0027t need the inclusion,\n some needed manual addition while adding it to implementation .h or\n embedding .c file was more appropriate for others. This step added\n inclusions to around 150 files.\n\n3. The script was run again and the output was compared to the edits\n from #2 to make sure no file was left behind.\n\n4. Several build tests were done and a couple of problems were fixed.\n e.g. lib/decompress_*.c used malloc/free() wrappers around slab\n APIs requiring slab.h to be added manually.\n\n5. The script was run on all .h files but without automatically\n editing them as sprinkling gfp.h and slab.h inclusions around .h\n files could easily lead to inclusion dependency hell. Most gfp.h\n inclusion directives were ignored as stuff from gfp.h was usually\n wildly available and often used in preprocessor macros. Each\n slab.h inclusion directive was examined and added manually as\n necessary.\n\n6. percpu.h was updated not to include slab.h.\n\n7. Build test were done on the following configurations and failures\n were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my\n distributed build env didn\u0027t work with gcov compiles) and a few\n more options had to be turned off depending on archs to make things\n build (like ipr on powerpc/64 which failed due to missing writeq).\n\n * x86 and x86_64 UP and SMP allmodconfig and a custom test config.\n * powerpc and powerpc64 SMP allmodconfig\n * sparc and sparc64 SMP allmodconfig\n * ia64 SMP allmodconfig\n * s390 SMP allmodconfig\n * alpha SMP allmodconfig\n * um on x86_64 SMP allmodconfig\n\n8. percpu.h modifications were reverted so that it could be applied as\n a separate patch and serve as bisection point.\n\nGiven the fact that I had only a couple of failures from tests on step\n6, I\u0027m fairly confident about the coverage of this conversion patch.\nIf there is a breakage, it\u0027s likely to be something in one of the arch\nheaders which should be easily discoverable easily on most builds of\nthe specific arch.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nGuess-its-ok-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Lee Schermerhorn \u003cLee.Schermerhorn@hp.com\u003e\n" }, { "commit": "0f2cc4ecd81dc1917a041dc93db0ada28f8356fa", "tree": "f128b50f48f50f0cda6d2b20b53e9ad6e2dfded3", "parents": [ "1fae4cfb97302289bb5df6a8195eb28385d0b002", "9643f5d94aadd47a5fa9754fb60f2c957de05903" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 04 08:15:33 2010 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 04 08:15:33 2010 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: (52 commits)\n init: Open /dev/console from rootfs\n mqueue: fix typo \"failues\" -\u003e \"failures\"\n mqueue: only set error codes if they are really necessary\n mqueue: simplify do_open() error handling\n mqueue: apply mathematics distributivity on mq_bytes calculation\n mqueue: remove unneeded info-\u003emessages initialization\n mqueue: fix mq_open() file descriptor leak on user-space processes\n fix race in d_splice_alias()\n set S_DEAD on unlink() and non-directory rename() victims\n vfs: add NOFOLLOW flag to umount(2)\n get rid of -\u003emnt_parent in tomoyo/realpath\n hppfs can use existing proc_mnt, no need for do_kern_mount() in there\n Mirror MS_KERNMOUNT in -\u003emnt_flags\n get rid of useless vfsmount_lock use in put_mnt_ns()\n Take vfsmount_lock to fs/internal.h\n get rid of insanity with namespace roots in tomoyo\n take check for new events in namespace (guts of mounts_poll()) to namespace.c\n Don\u0027t mess with generic_permission() under -\u003ed_lock in hpfs\n sanitize const/signedness for udf\n nilfs: sanitize const/signedness in dealing with -\u003ed_name.name\n ...\n\nFix up fairly trivial (famous last words...) conflicts in\ndrivers/infiniband/core/uverbs_main.c and security/tomoyo/realpath.c\n" }, { "commit": "de27a5bf9caef3f1fca1f315aa58eee54fbf929a", "tree": "807ac88de94235afb40117b27d4400bd32573cea", "parents": [ "f694869709cc39a5fbde21aa40f22999ddad0e6e" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jan 30 15:27:27 2010 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 03 14:07:56 2010 -0500" }, "message": "fix mnt_mountpoint abuse in smack\n\n(mnt,mnt_mountpoint) pair is conceptually wrong; if you want\nto use it for generating pathname and for nothing else *and*\nif you know that vfsmount tree is unchanging, you can get\naway with that, but the right solution for that is (mnt,mnt_root).\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "002345925e6c45861f60db6f4fc6236713fd8847", "tree": "d7849eafe1755116597166bbebf43e2bee86cb76", "parents": [ "0719aaf5ead7555b7b7a4a080ebf2826a871384e" ], "author": { "name": "Kees Cook", "email": "kees.cook@canonical.com", "time": "Wed Feb 03 15:36:43 2010 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 04 14:20:12 2010 +1100" }, "message": "syslog: distinguish between /proc/kmsg and syscalls\n\nThis allows the LSM to distinguish between syslog functions originating\nfrom /proc/kmsg access and direct syscalls. By default, the commoncaps\nwill now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg\nfile descriptor. For example the kernel syslog reader can now drop\nprivileges after opening /proc/kmsg, instead of staying privileged with\nCAP_SYS_ADMIN. MAC systems that implement security_syslog have unchanged\nbehavior.\n\nSigned-off-by: Kees Cook \u003ckees.cook@canonical.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8964be4a9a5ca8cab1219bb046db2f6d1936227c", "tree": "8838c73a03cc69c010b55928fce3725d17bc26a9", "parents": [ "fa9a6fed87df1b50804405e700f8d30251d3aaf1" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Fri Nov 20 15:35:04 2009 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 20 15:35:04 2009 -0800" }, "message": "net: rename skb-\u003eiif to skb-\u003eskb_iif\n\nTo help grep games, rename iif to skb_iif\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "88e9d34c727883d7d6f02cf1475b3ec98b8480c7", "tree": "475f544536d52739e0929e7727cab5124e855a06", "parents": [ "b7ed698cc9d556306a4088c238e2ea9311ea2cb3" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Sep 22 16:43:43 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Sep 23 07:39:29 2009 -0700" }, "message": "seq_file: constify seq_operations\n\nMake all seq_operations structs const, to help mitigate against\nrevectoring user-triggerable function pointers.\n\nThis is derived from the grsecurity patch, although generated from scratch\nbecause it\u0027s simpler than extracting the changes from there.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1fd7317d02ec03c6fdf072317841287933d06d24", "tree": "b7ac4d511896dbb21c1b76a27f6c4d5b4cb6c7bb", "parents": [ "af91322ef3f29ae4114e736e2a72e28b4d619cf9" ], "author": { "name": "Nick Black", "email": "dank@qemfd.net", "time": "Tue Sep 22 16:43:33 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Sep 23 07:39:28 2009 -0700" }, "message": "Move magic numbers into magic.h\n\nMove various magic-number definitions into magic.h.\n\nSigned-off-by: Nick Black \u003cdank@qemfd.net\u003e\nAcked-by: Pekka Enberg \u003cpenberg@cs.helsinki.fi\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "ddd29ec6597125c830f7badb608a86c98b936b64", "tree": "e6df1ef9a635179de78650d006ecb4cd1453ebb1", "parents": [ "1ee65e37e904b959c24404139f5752edc66319d5" ], "author": { "name": "David P. Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Wed Sep 09 14:25:37 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 10 10:11:29 2009 +1000" }, "message": "sysfs: Add labeling support for sysfs\n\nThis patch adds a setxattr handler to the file, directory, and symlink\ninode_operations structures for sysfs. The patch uses hooks introduced in the\nprevious patch to handle the getting and setting of security information for\nthe sysfs inodes. As was suggested by Eric Biederman the struct iattr in the\nsysfs_dirent structure has been replaced by a structure which contains the\niattr, secdata and secdata length to allow the changes to persist in the event\nthat the inode representing the sysfs_dirent is evicted. Because sysfs only\nstores this information when a change is made all the optional data is moved\ninto one dynamically allocated field.\n\nThis patch addresses an issue where SELinux was denying virtd access to the PCI\nconfiguration entries in sysfs. The lack of setxattr handlers for sysfs\nrequired that a single label be assigned to all entries in sysfs. Granting virtd\naccess to every entry in sysfs is not an acceptable solution so fine grained\nlabeling of sysfs is required such that individual entries can be labeled\nappropriately.\n\n[sds: Fixed compile-time warnings, coding style, and setting of inode security init flags.]\n\nSigned-off-by: David P. Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1ee65e37e904b959c24404139f5752edc66319d5", "tree": "587c1ef70ae7ee41a7b9b531161a4ef5689838f7", "parents": [ "b1ab7e4b2a88d3ac13771463be8f302ce1616cfc" ], "author": { "name": "David P. Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Thu Sep 03 14:25:57 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 10 10:11:24 2009 +1000" }, "message": "LSM/SELinux: inode_{get,set,notify}secctx hooks to access LSM security context information.\n\nThis patch introduces three new hooks. The inode_getsecctx hook is used to get\nall relevant information from an LSM about an inode. The inode_setsecctx is\nused to set both the in-core and on-disk state for the inode based on a context\nderived from inode_getsecctx.The final hook inode_notifysecctx will notify the\nLSM of a change for the in-core state of the inode in question. These hooks are\nfor use in the labeled NFS code and addresses concerns of how to set security\non an inode in a multi-xattr LSM. For historical reasons Stephen Smalley\u0027s\nexplanation of the reason for these hooks is pasted below.\n\nQuote Stephen Smalley\n\ninode_setsecctx: Change the security context of an inode. Updates the\nin core security context managed by the security module and invokes the\nfs code as needed (via __vfs_setxattr_noperm) to update any backing\nxattrs that represent the context. Example usage: NFS server invokes\nthis hook to change the security context in its incore inode and on the\nbacking file system to a value provided by the client on a SETATTR\noperation.\n\ninode_notifysecctx: Notify the security module of what the security\ncontext of an inode should be. Initializes the incore security context\nmanaged by the security module for this inode. Example usage: NFS\nclient invokes this hook to initialize the security context in its\nincore inode to the value provided by the server for the file when the\nserver returned the file\u0027s attributes to the client.\n\nSigned-off-by: David P. Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ee18d64c1f632043a02e6f5ba5e045bb26a5465f", "tree": "80b5a4d530ec7d5fd69799920f0db7b78aba6b9d", "parents": [ "d0420c83f39f79afb82010c2d2cafd150eef651b" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 02 09:14:21 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 02 21:29:22 2009 +1000" }, "message": "KEYS: Add a keyctl to install a process\u0027s session keyring on its parent [try #6]\n\nAdd a keyctl to install a process\u0027s session keyring onto its parent. This\nreplaces the parent\u0027s session keyring. Because the COW credential code does\nnot permit one process to change another process\u0027s credentials directly, the\nchange is deferred until userspace next starts executing again. Normally this\nwill be after a wait*() syscall.\n\nTo support this, three new security hooks have been provided:\ncred_alloc_blank() to allocate unset security creds, cred_transfer() to fill in\nthe blank security creds and key_session_to_parent() - which asks the LSM if\nthe process may replace its parent\u0027s session keyring.\n\nThe replacement may only happen if the process has the same ownership details\nas its parent, and the process has LINK permission on the session keyring, and\nthe session keyring is owned by the process, and the LSM permits it.\n\nNote that this requires alteration to each architecture\u0027s notify_resume path.\nThis has been done for all arches barring blackfin, m68k* and xtensa, all of\nwhich need assembly alteration to support TIF_NOTIFY_RESUME. This allows the\nreplacement to be performed at the point the parent process resumes userspace\nexecution.\n\nThis allows the userspace AFS pioctl emulation to fully emulate newpag() and\nthe VIOCSETTOK and VIOCSETTOK2 pioctls, all of which require the ability to\nalter the parent process\u0027s PAG membership. However, since kAFS doesn\u0027t use\nPAGs per se, but rather dumps the keys into the session keyring, the session\nkeyring of the parent must be replaced if, for example, VIOCSETTOK is passed\nthe newpag flag.\n\nThis can be tested with the following program:\n\n\t#include \u003cstdio.h\u003e\n\t#include \u003cstdlib.h\u003e\n\t#include \u003ckeyutils.h\u003e\n\n\t#define KEYCTL_SESSION_TO_PARENT\t18\n\n\t#define OSERROR(X, S) do { if ((long)(X) \u003d\u003d -1) { perror(S); exit(1); } } while(0)\n\n\tint main(int argc, char **argv)\n\t{\n\t\tkey_serial_t keyring, key;\n\t\tlong ret;\n\n\t\tkeyring \u003d keyctl_join_session_keyring(argv[1]);\n\t\tOSERROR(keyring, \"keyctl_join_session_keyring\");\n\n\t\tkey \u003d add_key(\"user\", \"a\", \"b\", 1, keyring);\n\t\tOSERROR(key, \"add_key\");\n\n\t\tret \u003d keyctl(KEYCTL_SESSION_TO_PARENT);\n\t\tOSERROR(ret, \"KEYCTL_SESSION_TO_PARENT\");\n\n\t\treturn 0;\n\t}\n\nCompiled and linked with -lkeyutils, you should see something like:\n\n\t[dhowells@andromeda ~]$ keyctl show\n\tSession Keyring\n\t -3 --alswrv 4043 4043 keyring: _ses\n\t355907932 --alswrv 4043 -1 \\_ keyring: _uid.4043\n\t[dhowells@andromeda ~]$ /tmp/newpag\n\t[dhowells@andromeda ~]$ keyctl show\n\tSession Keyring\n\t -3 --alswrv 4043 4043 keyring: _ses\n\t1055658746 --alswrv 4043 4043 \\_ user: a\n\t[dhowells@andromeda ~]$ /tmp/newpag hello\n\t[dhowells@andromeda ~]$ keyctl show\n\tSession Keyring\n\t -3 --alswrv 4043 4043 keyring: hello\n\t340417692 --alswrv 4043 4043 \\_ user: a\n\nWhere the test program creates a new session keyring, sticks a user key named\n\u0027a\u0027 into it and then installs it on its parent.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "da34d4248bd2013ee64ce51e63ec0ebd1f32b46c", "tree": "3934c6582b73fb3411799050ea5268daf2b2b814", "parents": [ "1c388ad054fb1ead3dc354b1719570b99e464135" ], "author": { "name": "Julia Lawall", "email": "julia@diku.dk", "time": "Wed Aug 05 14:34:55 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 06 08:46:15 2009 +1000" }, "message": "security/smack: Use AF_INET for sin_family field\n\nElsewhere the sin_family field holds a value with a name of the form\nAF_..., so it seems reasonable to do so here as well. Also the values of\nPF_INET and AF_INET are the same.\n\nThe semantic patch that makes this change is as follows:\n(http://coccinelle.lip6.fr/)\n\n// \u003csmpl\u003e\n@@\nstruct sockaddr_in sip;\n@@\n\n(\nsip.sin_family \u003d\u003d\n- PF_INET\n+ AF_INET\n|\nsip.sin_family !\u003d\n- PF_INET\n+ AF_INET\n|\nsip.sin_family \u003d\n- PF_INET\n+ AF_INET\n)\n// \u003c/smpl\u003e\n\nSigned-off-by: Julia Lawall \u003cjulia@diku.dk\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d4131ded4d4c1a5c1363ddd93ca104ed97dd0458", "tree": "137da0f52d5928eeb461218ac8109d22e65d579b", "parents": [ "ed5215a21460f63d6bdc118cb55a9e6d1b433f35" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Thu Jul 09 10:00:30 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jul 10 08:58:39 2009 +1000" }, "message": "security: Make lsm_priv union in lsm_audit.h anonymous\n\nMade the lsm_priv union in include/linux/lsm_audit.h\nanonymous.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ed5215a21460f63d6bdc118cb55a9e6d1b433f35", "tree": "8134723eb6a5d73162a7e5d9c11ac66440f11b82", "parents": [ "ac7242142b03421c96b0a2f8d99f146d075614c2" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Thu Jul 09 10:00:29 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jul 10 08:54:14 2009 +1000" }, "message": "Move variable function in lsm_audit.h into SMACK private space\n\nMoved variable function in include/linux/lsm_audit.h into the\nsmack_audit_data struct since it is never used outside of it.\n\nAlso removed setting of function in the COMMON_AUDIT_DATA_INIT\nmacro because that variable is now private to SMACK.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nI-dont-see-any-problems-with-it: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9e48858f7d36a6a3849f1d1b40c3bf5624b4ee7c", "tree": "5d8fe586c5b1bbab36acc3b76b2b4dd1bc538968", "parents": [ "86abcf9cebf7b5ceb33facde297face5ec4d2260" ], "author": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Thu May 07 19:26:19 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 25 00:18:05 2009 +1000" }, "message": "security: rename ptrace_may_access \u003d\u003e ptrace_access_check\n\nThe -\u003eptrace_may_access() methods are named confusingly - the real\nptrace_may_access() returns a bool, while these security checks have\na retval convention.\n\nRename it to ptrace_access_check, to reduce the confusion factor.\n\n[ Impact: cleanup, no code changed ]\n\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3296ca27f50ecbd71db1d808c7a72d311027f919", "tree": "833eaa58b2013bda86d4bd95faf6efad7a2d5ca4", "parents": [ "e893123c7378192c094747dadec326b7c000c190", "73fbad283cfbbcf02939bdbda31fc4a30e729cca" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jun 11 10:01:41 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jun 11 10:01:41 2009 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (44 commits)\n nommu: Provide mmap_min_addr definition.\n TOMOYO: Add description of lists and structures.\n TOMOYO: Remove unused field.\n integrity: ima audit dentry_open failure\n TOMOYO: Remove unused parameter.\n security: use mmap_min_addr indepedently of security models\n TOMOYO: Simplify policy reader.\n TOMOYO: Remove redundant markers.\n SELinux: define audit permissions for audit tree netlink messages\n TOMOYO: Remove unused mutex.\n tomoyo: avoid get+put of task_struct\n smack: Remove redundant initialization.\n integrity: nfsd imbalance bug fix\n rootplug: Remove redundant initialization.\n smack: do not beyond ARRAY_SIZE of data\n integrity: move ima_counts_get\n integrity: path_check update\n IMA: Add __init notation to ima functions\n IMA: Minimal IMA policy and boot param for TCB IMA policy\n selinux: remove obsolete read buffer limit from sel_read_bool\n ...\n" }, { "commit": "20f3f3ca499d2c211771ba552685398b65d83859", "tree": "41b460196a0860e11d12e33e3172463973cb0078", "parents": [ "769f3e8c384795cc350e2aae27de2a12374d19d4", "41c51c98f588edcdf6141cff1895df738e03ddd4" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jun 10 19:50:03 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jun 10 19:50:03 2009 -0700" }, "message": "Merge branch \u0027rcu-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip\n\n* \u0027rcu-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:\n rcu: rcu_sched_grace_period(): kill the bogus flush_signals()\n rculist: use list_entry_rcu in places where it\u0027s appropriate\n rculist.h: introduce list_entry_rcu() and list_first_entry_rcu()\n rcu: Update RCU tracing documentation for __rcu_pending\n rcu: Add __rcu_pending tracing to hierarchical RCU\n RCU: make treercu be default\n" }, { "commit": "13b297d943828c4594527a2bd9c30ecd04e37886", "tree": "9a4e7ea9e0f161f5a3edecfa8300d2677b24cfd9", "parents": [ "14dba5331b90c20588ae6504fea8049c7283028d" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Tue May 26 14:18:07 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 28 11:57:09 2009 +1000" }, "message": "smack: Remove redundant initialization.\n\nWe don\u0027t need to explicitly initialize to cap_* because\nit will be filled by security_fixup_ops().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6470c077cae12227318f40f3e6d756caadcce4b0", "tree": "c8a543bccd29dfcf7d4bbb104a4786da0c93cf56", "parents": [ "c9d9ac525a0285a5b5ad9c3f9aa8b7c1753e6121" ], "author": { "name": "Roel Kluin", "email": "roel.kluin@gmail.com", "time": "Thu May 21 18:42:54 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 22 12:34:48 2009 +1000" }, "message": "smack: do not beyond ARRAY_SIZE of data\n\nDo not go beyond ARRAY_SIZE of data\n\nSigned-off-by: Roel Kluin \u003croel.kluin@gmail.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d254117099d711f215e62427f55dfb8ebd5ad011", "tree": "0848ff8dd74314fec14a86497f8d288c86ba7c65", "parents": [ "07ff7a0b187f3951788f64ae1f30e8109bc8e9eb", "8c9ed899b44c19e81859fbb0e9d659fe2f8630fc" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 08 17:56:47 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 08 17:56:47 2009 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "defc433ba3bc587826bb467ce0e63452deafa65d", "tree": "fb11744178f227598b1b26e1c6f24041261c3b98", "parents": [ "aefe6475720bd5eb8aacbc881488f3aa65618562" ], "author": { "name": "Etienne Basset", "email": "etienne.basset@numericable.fr", "time": "Thu Apr 16 23:58:42 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 18 12:58:25 2009 +1000" }, "message": "Smack: check for SMACK xattr validity in smack_inode_setxattr\n\nthe following patch moves checks for SMACK xattr validity\nfrom smack_inode_post_setxattr (which cannot return an error to the user)\nto smack_inode_setxattr (which can return an error).\n\nSigned-off-by: Etienne Basset \u003cetienne.basset@numericable.fr\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "05725f7eb4b8acb147c5fc7b91397b1f6bcab00d", "tree": "1f22c6bec3429f7ec9ebb8acd25672249e39b380", "parents": [ "72c6a9870f901045f2464c3dc6ee8914bfdc07aa" ], "author": { "name": "Jiri Pirko", "email": "jpirko@redhat.com", "time": "Tue Apr 14 20:17:16 2009 +0200" }, "committer": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Wed Apr 15 12:05:25 2009 +0200" }, "message": "rculist: use list_entry_rcu in places where it\u0027s appropriate\n\nUse previously introduced list_entry_rcu instead of an open-coded\nlist_entry + rcu_dereference combination.\n\nSigned-off-by: Jiri Pirko \u003cjpirko@redhat.com\u003e\nReviewed-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: dipankar@in.ibm.com\nLKML-Reference: \u003c20090414181715.GA3634@psychotron.englab.brq.redhat.com\u003e\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\n" }, { "commit": "ecfcc53fef3c357574bb6143dce6631e6d56295c", "tree": "d7bee04b64c5ad2ba0ed273bff2c8c7c98b3eee5", "parents": [ "6e837fb152410e571a81aaadbd9884f0bc46a55e" ], "author": { "name": "Etienne Basset", "email": "etienne.basset@numericable.fr", "time": "Wed Apr 08 20:40:06 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 14 09:00:23 2009 +1000" }, "message": "smack: implement logging V3\n\nthe following patch, add logging of Smack security decisions.\nThis is of course very useful to understand what your current smack policy does.\nAs suggested by Casey, it also now forbids labels with \u0027, \" or \\\n\nIt introduces a \u0027/smack/logging\u0027 switch :\n0: no logging\n1: log denied (default)\n2: log accepted\n3: log denied\u0026accepted\n\nSigned-off-by: Etienne Basset \u003cetienne.basset@numericable.fr\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4303154e86597885bc3cbc178a48ccbc8213875f", "tree": "11989bcc2ec5d9cd5a1b7952f169ec5cbd8abb8e", "parents": [ "07feee8f812f7327a46186f7604df312c8c81962" ], "author": { "name": "Etienne Basset", "email": "etienne.basset@numericable.fr", "time": "Fri Mar 27 17:11:01 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Mar 28 15:01:37 2009 +1100" }, "message": "smack: Add a new \u0027-CIPSO\u0027 option to the network address label configuration\n\nThis patch adds a new special option \u0027-CIPSO\u0027 to the Smack subsystem. When used\nin the netlabel list, it means \"use CIPSO networking\". A use case is when your\nlocal network speaks CIPSO and you want also to connect to the unlabeled\nInternet. This patch also add some documentation describing that. The patch\nalso corrects an oops when setting a \u0027\u0027 SMACK64 xattr to a file.\n\nSigned-off-by: Etienne Basset \u003cetienne.basset@numericable.fr\u003e\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "07feee8f812f7327a46186f7604df312c8c81962", "tree": "73eac643b60532aa82d7680a7de193ba2b62eddd", "parents": [ "8651d5c0b1f874c5b8307ae2b858bc40f9f02482" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Mar 27 17:10:54 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Mar 28 15:01:37 2009 +1100" }, "message": "netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections\n\nThis patch cleans up a lot of the Smack network access control code. The\nlargest changes are to fix the labeling of incoming TCP connections in a\nmanner similar to the recent SELinux changes which use the\nsecurity_inet_conn_request() hook to label the request_sock and let the label\nmove to the child socket via the normal network stack mechanisms. In addition\nto the incoming TCP connection fixes this patch also removes the smk_labled\nfield from the socket_smack struct as the minor optimization advantage was\noutweighed by the difficulty in maintaining it\u0027s proper state.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "389fb800ac8be2832efedd19978a2b8ced37eb61", "tree": "fa0bc16050dfb491aa05f76b54fa4c167de96376", "parents": [ "284904aa79466a4736f4c775fdbe5c7407fa136c" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Mar 27 17:10:34 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Mar 28 15:01:36 2009 +1100" }, "message": "netlabel: Label incoming TCP connections correctly in SELinux\n\nThe current NetLabel/SELinux behavior for incoming TCP connections works but\nonly through a series of happy coincidences that rely on the limited nature of\nstandard CIPSO (only able to convey MLS attributes) and the write equality\nimposed by the SELinux MLS constraints. The problem is that network sockets\ncreated as the result of an incoming TCP connection were not on-the-wire\nlabeled based on the security attributes of the parent socket but rather based\non the wire label of the remote peer. The issue had to do with how IP options\nwere managed as part of the network stack and where the LSM hooks were in\nrelation to the code which set the IP options on these newly created child\nsockets. While NetLabel/SELinux did correctly set the socket\u0027s on-the-wire\nlabel it was promptly cleared by the network stack and reset based on the IP\noptions of the remote peer.\n\nThis patch, in conjunction with a prior patch that adjusted the LSM hook\nlocations, works to set the correct on-the-wire label format for new incoming\nconnections through the security_inet_conn_request() hook. Besides the\ncorrect behavior there are many advantages to this change, the most significant\nis that all of the NetLabel socket labeling code in SELinux now lives in hooks\nwhich can return error codes to the core stack which allows us to finally get\nride of the selinux_netlbl_inode_permission() logic which greatly simplfies\nthe NetLabel/SELinux glue code. In the process of developing this patch I\nalso ran into a small handful of AF_INET6 cleanliness issues that have been\nfixed which should make the code safer and easier to extend in the future.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7198e2eeb44b3fe7cc97f997824002da47a9c644", "tree": "4989ad0f9727ac4b861189217760517aa8beea43", "parents": [ "703a3cd72817e99201cef84a8a7aecc60b2b3581" ], "author": { "name": "Etienne Basset", "email": "etienne.basset@numericable.fr", "time": "Tue Mar 24 20:53:24 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 26 09:17:04 2009 +1100" }, "message": "smack: convert smack to standard linux lists\n\nthe following patch (on top of 2.6.29) converts Smack lists to standard linux lists\nPlease review and consider for inclusion in 2.6.30-rc\n\nregards,\nEtienne\n\nSigned-off-by: Etienne Basset \u003cetienne.basset@numericable.fr\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "703a3cd72817e99201cef84a8a7aecc60b2b3581", "tree": "3e943755178ff410694722bb031f523136fbc432", "parents": [ "df7f54c012b92ec93d56b68547351dcdf8a163d3", "8e0ee43bc2c3e19db56a4adaa9a9b04ce885cd84" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 24 10:52:46 2009 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 24 10:52:46 2009 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n" } ], "next": "211a40c0870457b29100cffea0180fa5083caf96" }