)]}' { "log": [ { "commit": "70834d3070c3f3015ab5c05176d54bd4a0100546", "tree": "4dbcea84c4584de05f83aa911164902b3f00265f", "parents": [ "a02d6fd643cbd4c559113b35b31d3b04e4ec60c7" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Fri Mar 23 15:02:46 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Mar 23 16:58:41 2012 -0700" }, "message": "usermodehelper: use UMH_WAIT_PROC consistently\n\nA few call_usermodehelper() callers use the hardcoded constant instead of\nthe proper UMH_WAIT_PROC, fix them.\n\nReported-by: Tetsuo Handa \u003cpenguin-kernel@i-love.sakura.ne.jp\u003e\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Lars Ellenberg \u003cdrbd-dev@lists.linbit.com\u003e\nCc: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\nCc: Michal Januszewski \u003cspock@gentoo.org\u003e\nCc: Florian Tobias Schandinat \u003cFlorianSchandinat@gmx.de\u003e\nCc: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nCc: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3556485f1595e3964ba539e39ea682acbb835cee", "tree": "7f5ee254f425b1427ac0059b5f347a307f8538a1", "parents": [ "b8716614a7cc2fc15ea2a518edd04755fb08d922", "09f61cdbb32a9d812c618d3922db533542736bb0" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:25:04 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:25:04 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates for 3.4 from James Morris:\n \"The main addition here is the new Yama security module from Kees Cook,\n which was discussed at the Linux Security Summit last year. Its\n purpose is to collect miscellaneous DAC security enhancements in one\n place. This also marks a departure in policy for LSM modules, which\n were previously limited to being standalone access control systems.\n Chromium OS is using Yama, and I believe there are plans for Ubuntu,\n at least.\n\n This patchset also includes maintenance updates for AppArmor, TOMOYO\n and others.\"\n\nFix trivial conflict in \u003cnet/sock.h\u003e due to the jumo_label-\u003estatic_key\nrename.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits)\n AppArmor: Fix location of const qualifier on generated string tables\n TOMOYO: Return error if fails to delete a domain\n AppArmor: add const qualifiers to string arrays\n AppArmor: Add ability to load extended policy\n TOMOYO: Return appropriate value to poll().\n AppArmor: Move path failure information into aa_get_name and rename\n AppArmor: Update dfa matching routines.\n AppArmor: Minor cleanup of d_namespace_path to consolidate error handling\n AppArmor: Retrieve the dentry_path for error reporting when path lookup fails\n AppArmor: Add const qualifiers to generated string tables\n AppArmor: Fix oops in policy unpack auditing\n AppArmor: Fix error returned when a path lookup is disconnected\n KEYS: testing wrong bit for KEY_FLAG_REVOKED\n TOMOYO: Fix mount flags checking order.\n security: fix ima kconfig warning\n AppArmor: Fix the error case for chroot relative path name lookup\n AppArmor: fix mapping of META_READ to audit and quiet flags\n AppArmor: Fix underflow in xindex calculation\n AppArmor: Fix dropping of allowed operations that are force audited\n AppArmor: Add mising end of structure test to caps unpacking\n ...\n" }, { "commit": "c58e0377d61e209600def7d4d9ae535ea94bc210", "tree": "142d1ca23d06458c8b798174e01281ad67b2ab76", "parents": [ "b85417860172ff693dc115d7999805fc240cec1c" ], "author": { "name": "Cong Wang", "email": "amwang@redhat.com", "time": "Fri Nov 25 23:26:35 2011 +0800" }, "committer": { "name": "Cong Wang", "email": "xiyou.wangcong@gmail.com", "time": "Tue Mar 20 21:48:28 2012 +0800" }, "message": "tomoyo: remove the second argument of k[un]map_atomic()\n\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\n" }, { "commit": "7d7473dbdb9121dd1b5939566660d51130ecda3a", "tree": "057bf591dd896c01a2b35b31dc41996d3d9e51b8", "parents": [ "b01d3fb921df9baef1ecd13704f4b1e269b58b6b" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Mar 17 20:33:38 2012 +0900" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Mar 20 12:06:50 2012 +1100" }, "message": "TOMOYO: Return error if fails to delete a domain\n\nCall sequence:\ntomoyo_write_domain() --\u003e tomoyo_delete_domain()\n\nIn \u0027tomoyo_delete_domain\u0027, return -EINTR if locking attempt is\ninterrupted by signal.\n\nAt present it returns success to its caller \u0027tomoyo_write_domain()\u0027\neven though domain is not deleted. \u0027tomoyo_write_domain()\u0027 assumes\ndomain is deleted and returns success to its caller. This is wrong behaviour.\n\n\u0027tomoyo_write_domain\u0027 should return error from tomoyo_delete_domain() to its\ncaller.\n\nSigned-off-by: Santosh Nayak \u003csantoshprasadnayak@gmail.com\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "6041e8346f2165679c2184cab60db768d6a26a1d", "tree": "2c4eb032eb851f240c1b70d1afb214a2c661b886", "parents": [ "f67dabbdde1fe112dfff05d02890f1e0d54117a8" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Wed Mar 14 18:27:49 2012 +0900" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Mar 15 12:29:18 2012 +1100" }, "message": "TOMOYO: Return appropriate value to poll().\n\n\"struct file_operations\"-\u003epoll() expects \"unsigned int\" return value.\nAll files in /sys/kernel/security/tomoyo/ directory other than\n/sys/kernel/security/tomoyo/query and /sys/kernel/security/tomoyo/audit should\nreturn POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM rather than -ENOSYS.\nAlso, /sys/kernel/security/tomoyo/query and /sys/kernel/security/tomoyo/audit\nshould return POLLOUT | POLLWRNORM rather than 0 when there is no data to read.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "df91e49477a9be15921cb2854e1d12a3bdb5e425", "tree": "8408a7d2a432a206070ac01b2939fefcdce9ca13", "parents": [ "a69f15890292b5449f9056b4bb322b044e6ce0c6" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Feb 29 21:53:22 2012 +0900" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Mar 01 10:23:19 2012 +1100" }, "message": "TOMOYO: Fix mount flags checking order.\n\nUserspace can pass in arbitrary combinations of MS_* flags to mount().\n\nIf both MS_BIND and one of MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE are\npassed, device name which should be checked for MS_BIND was not checked because\nMS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE had higher priority than MS_BIND.\n\nIf both one of MS_BIND/MS_MOVE and MS_REMOUNT are passed, device name which\nshould not be checked for MS_REMOUNT was checked because MS_BIND/MS_MOVE had\nhigher priority than MS_REMOUNT.\n\nFix these bugs by changing priority to MS_REMOUNT -\u003e MS_BIND -\u003e\nMS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE -\u003e MS_MOVE as with do_mount() does.\n\nAlso, unconditionally return -EINVAL if more than one of\nMS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE is passed so that TOMOYO will not\ngenerate inaccurate audit logs, for commit 7a2e8a8f \"VFS: Sanity check mount\nflags passed to change_mnt_propagation()\" clarified that these flags must be\nexclusively passed.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "25add8cf99c9ec8b8dc0acd8b9241e963fc0d29c", "tree": "1fb0c0fadcf7544fee117f27ac667e4c444d634b", "parents": [ "89879a7eb81f69e6f63bdb2a442fb765c46482c0" ], "author": { "name": "Tetsuo Handa", "email": "from-tomoyo-users-en@I-love.SAKURA.ne.jp", "time": "Sun Jan 15 11:05:59 2012 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:40:59 2012 +1100" }, "message": "TOMOYO: Accept \\000 as a valid character.\n\nTOMOYO 2.5 in Linux 3.2 and later handles Unix domain socket\u0027s address.\nThus, tomoyo_correct_word2() needs to accept \\000 as a valid character, or\nTOMOYO 2.5 cannot handle Unix domain\u0027s abstract socket address.\n\nReported-by: Steven Allen \u003csteven@stebalien.com\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCC: stable@vger.kernel.org [3.2+]\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e7691a1ce341c80ed9504244a36b31c025217391", "tree": "e9941bb350f64a726130e299c411821da6f41a53", "parents": [ "5cd9599bba428762025db6027764f1c59d0b1e1b", "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 10 21:51:23 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 10 21:51:23 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security: (32 commits)\n ima: fix invalid memory reference\n ima: free duplicate measurement memory\n security: update security_file_mmap() docs\n selinux: Casting (void *) value returned by kmalloc is useless\n apparmor: fix module parameter handling\n Security: tomoyo: add .gitignore file\n tomoyo: add missing rcu_dereference()\n apparmor: add missing rcu_dereference()\n evm: prevent racing during tfm allocation\n evm: key must be set once during initialization\n mpi/mpi-mpow: NULL dereference on allocation failure\n digsig: build dependency fix\n KEYS: Give key types their own lockdep class for key-\u003esem\n TPM: fix transmit_cmd error logic\n TPM: NSC and TIS drivers X86 dependency fix\n TPM: Export wait_for_stat for other vendor specific drivers\n TPM: Use vendor specific function for status probe\n tpm_tis: add delay after aborting command\n tpm_tis: Check return code from getting timeouts/durations\n tpm: Introduce function to poll for result of self test\n ...\n\nFix up trivial conflict in lib/Makefile due to addition of CONFIG_MPI\nand SIGSIG next to CONFIG_DQL addition.\n" }, { "commit": "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8", "tree": "a118eaef15d4ba22247f45ee01537ecc906cd161", "parents": [ "805a6af8dba5dfdd35ec35dc52ec0122400b2610", "7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n\nConflicts:\n\tsecurity/integrity/evm/evm_crypto.c\n\nResolved upstream fix vs. next conflict manually.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cdcf116d44e78c7216ba9f8be9af1cdfca7af728", "tree": "2417cfd3e06ac5e2468585e8f00d580242cb5571", "parents": [ "d8c9584ea2a92879f471fd3a2be3af6c534fb035" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Dec 08 10:51:53 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:16:53 2012 -0500" }, "message": "switch security_path_chmod() to struct path *\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ece2ccb668046610189d88d6aaf05aeb09c988a1", "tree": "a0349945f7537de2aca420b47ced23b6294f8b65", "parents": [ "d10577a8d86a0c735488d66d32289a6d66bcfa20", "a218d0fdc5f9004164ff151d274487f6799907d0", "ff01bb4832651c6d25ac509a06a10fcbd75c461c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:15:54 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:15:54 2012 -0500" }, "message": "Merge branches \u0027vfsmount-guts\u0027, \u0027umode_t\u0027 and \u0027partitions\u0027 into Z\n" }, { "commit": "d10577a8d86a0c735488d66d32289a6d66bcfa20", "tree": "a38b3606fb863064eb89166f6a3115f7c5eccfd7", "parents": [ "be08d6d260b6e7eb346162a1081cdf5f94fda569" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 07 13:06:11 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:57:13 2012 -0500" }, "message": "vfs: trim includes a bit\n\n[folded fix for missing magic.h from Tetsuo Handa]\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "04fc66e789a896e684bfdca30208e57eb832dd96", "tree": "37c26bff07e48c8c25d147850b7906d0d1c79a81", "parents": [ "4572befe248fd0d94aedc98775e3f0ddc8a26651" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Nov 21 14:58:38 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:19 2012 -0500" }, "message": "switch -\u003epath_mknod() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4572befe248fd0d94aedc98775e3f0ddc8a26651", "tree": "2f4c4dabaebadb2790c8266a0434c7030c5f7cc0", "parents": [ "d179333f37d33533f4c77118f757b9e7835ccb7c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Nov 21 14:56:21 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:18 2012 -0500" }, "message": "switch -\u003epath_mkdir() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d179333f37d33533f4c77118f757b9e7835ccb7c", "tree": "479ae66773eab3fd6aa1c843e753a02063c65d40", "parents": [ "84dfa9897ef913771af44484fefbe0de29fdce51" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Aug 26 23:03:17 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:18 2012 -0500" }, "message": "tomoyo_mini_stat: switch to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "52ef0c042bf06f6aef382fade175075627beebc1", "tree": "a1256aebfd835da4cb29a80f391112fea82bf38e", "parents": [ "910f4ecef3f67714ebff69d0bc34313e48afaed2" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 04:30:04 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:13 2012 -0500" }, "message": "switch securityfs_create_file() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "910f4ecef3f67714ebff69d0bc34313e48afaed2", "tree": "348fe3b5d8789a4c019a700da5501a4756f988de", "parents": [ "49f0a0767211d3076974e59a26f36b567cbe8621" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 04:25:58 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:13 2012 -0500" }, "message": "switch security_path_chmod() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c5dc332eb93881fc8234d652f6e91a2825b06503", "tree": "40327f76166c51e9109a6a1997566336529f6938", "parents": [ "aa0a4cf0ab4b03db21133a0ba62f558ed1bfcd1d" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Nov 24 20:08:53 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:52:38 2012 -0500" }, "message": "tomoyo: stop including hell knows what\n\ntomoyo/realpath.c needs exactly one include - that of common.h. It pulls\neverything the thing needs, without doing ridiculous garbage such as trying\nto include ../../fs/internal.h. If that alone doesn\u0027t scream \"layering\nviolation\", I don\u0027t know what does; and these days it\u0027s all for nothing,\nsince it fortunately does not use any symbols defined in there...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "735e93c70434614bffac4a914ca1da72e37d43c0", "tree": "45f922c538fcfba5fd17c6889e573135250bed12", "parents": [ "bb80d880ad2b11cd4ea5f28f815016b1548224a4" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Fri Dec 09 11:23:46 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Dec 12 17:23:18 2011 +1100" }, "message": "Security: tomoyo: add .gitignore file\n\nThis adds the .gitignore file for the autogenerated TOMOYO files to keep\ngit from complaining after building things.\n\nCc: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nCc: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bb80d880ad2b11cd4ea5f28f815016b1548224a4", "tree": "70ab38ab2d388f39efd9cd4f7f91859f0f3cf5e2", "parents": [ "2053c4727c5a891bf182397e425b6cb87b2ae613" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Thu Dec 08 16:30:42 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Dec 12 17:21:40 2011 +1100" }, "message": "tomoyo: add missing rcu_dereference()\n\nAdds a missed rcu_dereference() around real_parent.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1418a3e5ad4d01b1d4abf2c479c50b0cedd59e3f", "tree": "daec3f125671eeb36a55ca0d00c3473af2c8872c", "parents": [ "34a9d2c39afe74a941b9e88efe2762afc4d82443" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Dec 08 21:24:06 2011 +0900" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Dec 08 13:18:12 2011 -0800" }, "message": "TOMOYO: Fix pathname handling of disconnected paths.\n\nCurrent tomoyo_realpath_from_path() implementation returns strange pathname\nwhen calculating pathname of a file which belongs to lazy unmounted tree.\nUse local pathname rather than strange absolute pathname in that case.\n\nAlso, this patch fixes a regression by commit 02125a82 \"fix apparmor\ndereferencing potentially freed dentry, sanitize __d_path() API\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: stable@vger.kernel.org\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "02125a826459a6ad142f8d91c5b6357562f96615", "tree": "8c9d9860aef93917d9b8cc6d471fe68b58ce7a9d", "parents": [ "5611cc4572e889b62a7b4c72a413536bf6a9c416" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Dec 05 08:43:34 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 06 23:57:18 2011 -0500" }, "message": "fix apparmor dereferencing potentially freed dentry, sanitize __d_path() API\n\n__d_path() API is asking for trouble and in case of apparmor d_namespace_path()\ngetting just that. The root cause is that when __d_path() misses the root\nit had been told to look for, it stores the location of the most remote ancestor\nin *root. Without grabbing references. Sure, at the moment of call it had\nbeen pinned down by what we have in *path. And if we raced with umount -l, we\ncould have very well stopped at vfsmount/dentry that got freed as soon as\nprepend_path() dropped vfsmount_lock.\n\nIt is safe to compare these pointers with pre-existing (and known to be still\nalive) vfsmount and dentry, as long as all we are asking is \"is it the same\naddress?\". Dereferencing is not safe and apparmor ended up stepping into\nthat. d_namespace_path() really wants to examine the place where we stopped,\neven if it\u0027s not connected to our namespace. As the result, it looked\nat -\u003ed_sb-\u003es_magic of a dentry that might\u0027ve been already freed by that point.\nAll other callers had been careful enough to avoid that, but it\u0027s really\na bad interface - it invites that kind of trouble.\n\nThe fix is fairly straightforward, even though it\u0027s bigger than I\u0027d like:\n\t* prepend_path() root argument becomes const.\n\t* __d_path() is never called with NULL/NULL root. It was a kludge\nto start with. Instead, we have an explicit function - d_absolute_root().\nSame as __d_path(), except that it doesn\u0027t get root passed and stops where\nit stops. apparmor and tomoyo are using it.\n\t* __d_path() returns NULL on path outside of root. The main\ncaller is show_mountinfo() and that\u0027s precisely what we pass root for - to\nskip those outside chroot jail. Those who don\u0027t want that can (and do)\nuse d_path().\n\t* __d_path() root argument becomes const. Everyone agrees, I hope.\n\t* apparmor does *NOT* try to use __d_path() or any of its variants\nwhen it sees that path-\u003emnt is an internal vfsmount. In that case it\u0027s\ndefinitely not mounted anywhere and dentry_path() is exactly what we want\nthere. Handling of sysctl()-triggered weirdness is moved to that place.\n\t* if apparmor is asked to do pathname relative to chroot jail\nand __d_path() tells it we it\u0027s not in that jail, the sucker just calls\nd_absolute_path() instead. That\u0027s the other remaining caller of __d_path(),\nBTW.\n * seq_path_root() does _NOT_ return -ENAMETOOLONG (it\u0027s stupid anyway -\nthe normal seq_file logics will take care of growing the buffer and redoing\nthe call of -\u003eshow() just fine). However, if it gets path not reachable\nfrom root, it returns SEQ_SKIP. The only caller adjusted (i.e. stopped\nignoring the return value as it used to do).\n\nReviewed-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nACKed-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: stable@vger.kernel.org\n" }, { "commit": "2380078cdb7e6d520e33dcf834e0be979d542e48", "tree": "105a729f483b77453ea7a570f39e9efe76e38aa0", "parents": [ "6681ba7ec480bc839584fd0817991d248b4b9e44", "59df3166ef293288d164ab3362a717743e62d20c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 02 17:01:01 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 02 17:01:01 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://git.selinuxproject.org/~jmorris/linux-security:\n TOMOYO: Fix interactive judgment functionality.\n" }, { "commit": "59df3166ef293288d164ab3362a717743e62d20c", "tree": "ee10bb9ae940bf59beaf05dd5925d03044eb6559", "parents": [ "c45ed235abf1b0b6666417e3c394f18717976acd" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Oct 20 06:48:57 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 29 08:34:41 2011 +1100" }, "message": "TOMOYO: Fix interactive judgment functionality.\n\nCommit 17fcfbd9 \"TOMOYO: Add interactive enforcing mode.\" introduced ability\nto query access decision using userspace programs. It was using global PID for\nreaching policy configuration of the process. However, use of PID returns stale\npolicy configuration when the process\u0027s subjective credentials and objective\ncredentials differ. Fix this problem by allowing reaching policy configuration\nvia query id.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "36b8d186e6cc8e32cb5227f5645a58e1bc0af190", "tree": "1000ad26e189e6ff2c53fb7eeff605f59c7ad94e", "parents": [ "cd85b557414fe4cd44ea6608825e96612a5fe2b2", "c45ed235abf1b0b6666417e3c394f18717976acd" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 25 09:45:31 2011 +0200" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 25 09:45:31 2011 +0200" }, "message": "Merge branch \u0027next\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027next\u0027 of git://selinuxproject.org/~jmorris/linux-security: (95 commits)\n TOMOYO: Fix incomplete read after seek.\n Smack: allow to access /smack/access as normal user\n TOMOYO: Fix unused kernel config option.\n Smack: fix: invalid length set for the result of /smack/access\n Smack: compilation fix\n Smack: fix for /smack/access output, use string instead of byte\n Smack: domain transition protections (v3)\n Smack: Provide information for UDS getsockopt(SO_PEERCRED)\n Smack: Clean up comments\n Smack: Repair processing of fcntl\n Smack: Rule list lookup performance\n Smack: check permissions from user space (v2)\n TOMOYO: Fix quota and garbage collector.\n TOMOYO: Remove redundant tasklist_lock.\n TOMOYO: Fix domain transition failure warning.\n TOMOYO: Remove tomoyo_policy_memory_lock spinlock.\n TOMOYO: Simplify garbage collector.\n TOMOYO: Fix make namespacecheck warnings.\n target: check hex2bin result\n encrypted-keys: check hex2bin result\n ...\n" }, { "commit": "e0b057b406a33501a656dc8d67ea945d7bcdad61", "tree": "16132a7c59322cb1d406a07b875518a3bbd3db39", "parents": [ "6afcb3b7393f5aa388a0d077c490ed411ab3cd27" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Oct 21 12:37:13 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 22 21:55:26 2011 +0200" }, "message": "TOMOYO: Fix incomplete read after seek.\n\nCommit f23571e8 \"TOMOYO: Copy directly to userspace buffer.\" introduced\ntomoyo_flush() that flushes data to be read as soon as possible.\ntomoyo_select_domain() (which is called by write()) enqueues data which meant\nto be read by next read(), but previous read()\u0027s read buffer\u0027s size was not\ncleared. As a result, since 2.6.36, sequence like\n\n char *cp \u003d \"select global-pid\u003d1\\n\";\n read(fd, buf1, sizeof(buf1));\n write(fd, cp, strlen(cp));\n read(fd, buf2, sizeof(buf2));\n\ncauses enqueued data to be flushed to buf1 rather than buf2.\nFix this bug by clearing read buffer\u0027s size upon write() request.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6afcb3b7393f5aa388a0d077c490ed411ab3cd27", "tree": "f2d0bca0df7ee7322dee3cfa914e8bb4febf434b", "parents": [ "16014d87509e26d6ed6935adbbf437a571fb5870" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Oct 16 09:43:46 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 19 16:58:59 2011 +0200" }, "message": "TOMOYO: Fix unused kernel config option.\n\nCONFIG_SECURITY_TOMOYO_MAX_{ACCEPT_ENTRY,AUDIT_LOG} introduced by commit\n0e4ae0e0 \"TOMOYO: Make several options configurable.\" were by error not used.\n\nReported-by: Paul Bolle \u003cpebolle@tiscali.nl\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "545a7260343bbaf11c7f1a4b8c3d9660bb9266e5", "tree": "47f07960ef637b6475061575e7ae2fa7a4732a78", "parents": [ "e2b8b25a6795488eba7bb757706b3ac725c31fac" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Oct 11 14:06:41 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 12 12:15:20 2011 +1100" }, "message": "TOMOYO: Fix quota and garbage collector.\n\nCommit 059d84db \"TOMOYO: Add socket operation restriction support\" and\ncommit 731d37aa \"TOMOYO: Allow domain transition without execve().\" forgot to\nupdate tomoyo_domain_quota_is_ok() and tomoyo_del_acl() which results in\nincorrect quota counting and memory leak.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e2b8b25a6795488eba7bb757706b3ac725c31fac", "tree": "f77e43a01891938e8c83b56d2c249a725923b9ec", "parents": [ "e00fb3f7af111d1b3252f7d622213d2e22be65f5" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Oct 11 14:05:08 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 12 12:15:18 2011 +1100" }, "message": "TOMOYO: Remove redundant tasklist_lock.\n\nrcu_read_lock() is sufficient for calling find_task_by_pid_ns()/find_task_by_vpid().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e00fb3f7af111d1b3252f7d622213d2e22be65f5", "tree": "387b90728d0a1657e94d530c81e69c9b197f1c1c", "parents": [ "c6cb56fc94f4efaec2d4ad74bed2be7883179ccd" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Sep 27 11:48:53 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 28 11:53:15 2011 +1000" }, "message": "TOMOYO: Fix domain transition failure warning.\n\nCommit bd03a3e4 \"TOMOYO: Add policy namespace support.\" introduced policy\nnamespace. But as of /sbin/modprobe is executed from initramfs/initrd, profiles\nfor target domain\u0027s namespace is not defined because /sbin/tomoyo-init is not\nyet called.\n\nReported-by: Jamie Nguyen \u003cjamie@tomoyolinux.co.uk\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a427fd14d3edf6396c4b9638dbc8e2972afaa05b", "tree": "2f8fdffa989f6e18f57bfb61f5ecfc4fdcf8d729", "parents": [ "f9732ea145886786a6f8b0493bc2239e70cbacdb" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Sep 25 17:51:06 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 26 10:46:22 2011 +1000" }, "message": "TOMOYO: Remove tomoyo_policy_memory_lock spinlock.\n\ntomoyo_policy_lock mutex already protects it.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f9732ea145886786a6f8b0493bc2239e70cbacdb", "tree": "e29b2441cc916a174d7cd0b03cd18986ae545250", "parents": [ "778c4a4d60d932c1df6d270dcbc88365823c3963" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Sep 25 17:50:23 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 26 10:46:20 2011 +1000" }, "message": "TOMOYO: Simplify garbage collector.\n\nWhen TOMOYO started using garbage collector at commit 847b173e \"TOMOYO: Add\ngarbage collector.\", we waited for close() before kfree(). Thus, elements to be\nkfree()d were queued up using tomoyo_gc_list list.\n\nBut it turned out that tomoyo_element_linked_by_gc() tends to choke garbage\ncollector when certain pattern of entries are queued.\n\nSince garbage collector is no longer waiting for close() since commit 2e503bbb\n\"TOMOYO: Fix lockdep warning.\", we can remove tomoyo_gc_list list and\ntomoyo_element_linked_by_gc() by doing sequential processing.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "778c4a4d60d932c1df6d270dcbc88365823c3963", "tree": "1c042bff1f11cf4e5d7267329091d878aba3d4d7", "parents": [ "6bce98edc3365a8f780ff3944ac7992544c194fe" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Sep 25 17:49:09 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 26 10:46:19 2011 +1000" }, "message": "TOMOYO: Fix make namespacecheck warnings.\n\nCommit efe836ab \"TOMOYO: Add built-in policy support.\" introduced\ntomoyo_load_builtin_policy() but was by error called from nowhere.\n\nCommit b22b8b9f \"TOMOYO: Rename meminfo to stat and show more statistics.\"\nintroduced tomoyo_update_stat() but was by error not called from\ntomoyo_assign_domain().\n\nAlso, mark tomoyo_io_printf() and tomoyo_path_permission() static functions,\nas reported by \"make namespacecheck\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6bce98edc3365a8f780ff3944ac7992544c194fe", "tree": "ee10abf2345f651d65d7f10fd385c01e0dc891b3", "parents": [ "cc100551b4d92f47abebfa7c7918b2be71263b4a" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Sep 16 22:54:25 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 19 10:09:59 2011 +1000" }, "message": "TOMOYO: Allow specifying domain transition preference.\n\nI got an opinion that it is difficult to use exception policy\u0027s domain\ntransition control directives because they need to match the pathname specified\nto \"file execute\" directives. For example, if \"file execute /bin/\\*\\-ls\\-cat\"\nis given, corresponding domain transition control directive needs to be like\n\"no_keep_domain /bin/\\*\\-ls\\-cat from any\".\n\nIf we can specify like below, it will become more convenient.\n\n file execute /bin/ls keep exec.realpath\u003d\"/bin/ls\" exec.argv[0]\u003d\"ls\"\n file execute /bin/cat keep exec.realpath\u003d\"/bin/cat\" exec.argv[0]\u003d\"cat\"\n file execute /bin/\\*\\-ls\\-cat child\n file execute /usr/sbin/httpd \u003capache\u003e exec.realpath\u003d\"/usr/sbin/httpd\" exec.argv[0]\u003d\"/usr/sbin/httpd\"\n\nIn above examples, \"keep\" works as if keep_domain is specified, \"child\" works\nas if \"no_reset_domain\" and \"no_initialize_domain\" and \"no_keep_domain\" are\nspecified, \"\u003capache\u003e\" causes domain transition to \u003capache\u003e domain upon\nsuccessful execve() operation.\n\nMoreover, we can also allow transition to different domains based on conditions\nlike below example.\n\n \u003ckernel\u003e /usr/sbin/sshd\n file execute /bin/bash \u003ckernel\u003e /usr/sbin/sshd //batch-session exec.argc\u003d2 exec.argv[1]\u003d\"-c\"\n file execute /bin/bash \u003ckernel\u003e /usr/sbin/sshd //root-session task.uid\u003d0\n file execute /bin/bash \u003ckernel\u003e /usr/sbin/sshd //nonroot-session task.uid!\u003d0\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "843d183cdd816549b73e6bd3ae07f64adddf714b", "tree": "3421638e9c9d44be37e539a4ffed6216bc1f7f3c", "parents": [ "a8f7640963ada66c412314c3559c11ff6946c1a5" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Sep 14 17:03:19 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 15 08:14:21 2011 +1000" }, "message": "TOMOYO: Bump version.\n\nTell userland tools that this is TOMOYO 2.5.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a8f7640963ada66c412314c3559c11ff6946c1a5", "tree": "23d9fb5fe64bb431b610deb6c1b696356106f94d", "parents": [ "731d37aa70c7b9de3be6bf2c8287366223bf5ce5" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:27:12 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:07 2011 +1000" }, "message": "TOMOYO: Avoid race when retrying \"file execute\" permission check.\n\nThere was a race window that the pathname which is subjected to \"file execute\"\npermission check when retrying via supervisor\u0027s decision because the pathname\nwas recalculated upon retry. Though, there is an inevitable race window even\nwithout supervisor, for we have to calculate the symbolic link\u0027s pathname from\n\"struct linux_binprm\"-\u003efilename rather than from \"struct linux_binprm\"-\u003efile\nbecause we cannot back calculate the symbolic link\u0027s pathname from the\ndereferenced pathname.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "731d37aa70c7b9de3be6bf2c8287366223bf5ce5", "tree": "8ac6028511485862572695eb91e2d461e0636182", "parents": [ "1f067a682a9bd252107ac6f6946b7332fde42344" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:25:58 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:06 2011 +1000" }, "message": "TOMOYO: Allow domain transition without execve().\n\nTo be able to split permissions for Apache\u0027s CGI programs which are executed\nwithout execve(), add special domain transition which is performed by writing\na TOMOYO\u0027s domainname to /sys/kernel/security/tomoyo/self_domain interface.\n\nThis is an API for TOMOYO-aware userland applications. However, since I expect\nTOMOYO and other LSM modules to run in parallel, this patch does not use\n/proc/self/attr/ interface in order to avoid conflicts with other LSM modules\nwhen it became possible to run multiple LSM modules in parallel.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1f067a682a9bd252107ac6f6946b7332fde42344", "tree": "379bbbf02f0a802453e585a2a482192409308fbb", "parents": [ "059d84dbb3897d4ee494a9c842c5dda54316cb47" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:24:56 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:06 2011 +1000" }, "message": "TOMOYO: Allow controlling generation of access granted logs for per an entry basis.\n\nAdd per-entry flag which controls generation of grant logs because Xen and KVM\nissues ioctl requests so frequently. For example,\n\n file ioctl /dev/null 0x5401 grant_log\u003dno\n\nwill suppress /sys/kernel/security/tomoyo/audit even if preference says\ngrant_log\u003dyes .\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "059d84dbb3897d4ee494a9c842c5dda54316cb47", "tree": "483ca0cb613b1304184b92f075b3f5283d36c723", "parents": [ "d58e0da854376841ac99defeb117a83f086715c6" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:23:54 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:05 2011 +1000" }, "message": "TOMOYO: Add socket operation restriction support.\n\nThis patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIX\nsocket\u0027s bind()/listen()/connect()/send() operations.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d58e0da854376841ac99defeb117a83f086715c6", "tree": "b6e37d1030180680a7801ecb295d8d3990930375", "parents": [ "5dbe3040c74eef18e66951347eda05b153e69328" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:22:48 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:05 2011 +1000" }, "message": "TOMOYO: Add environment variable name restriction support.\n\nThis patch adds support for checking environment variable\u0027s names.\nAlthough TOMOYO already provides ability to check argv[]/envp[] passed to\nexecve() requests,\n\n file execute /bin/sh exec.envp[\"LD_LIBRARY_PATH\"]\u003d\"bar\"\n\nwill reject execution of /bin/sh if environment variable LD_LIBRARY_PATH is not\ndefined. To grant execution of /bin/sh if LD_LIBRARY_PATH is not defined,\nadministrators have to specify like\n\n file execute /bin/sh exec.envp[\"LD_LIBRARY_PATH\"]\u003d\"/system/lib\"\n file execute /bin/sh exec.envp[\"LD_LIBRARY_PATH\"]\u003dNULL\n\n. Since there are many environment variables whereas conditional checks are\napplied as \"\u0026\u0026\", it is difficult to cover all combinations. Therefore, this\npatch supports conditional checks that are applied as \"||\", by specifying like\n\n file execute /bin/sh\n misc env LD_LIBRARY_PATH exec.envp[\"LD_LIBRARY_PATH\"]\u003d\"/system/lib\"\n\nwhich means \"grant execution of /bin/sh if environment variable is not defined\nor is defined and its value is /system/lib\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "852584157c55c1689bcf3809ea44b79870c3e409", "tree": "9965e2ceb8fbb7ffaec131eb7c1963f9a32e1c0c", "parents": [ "403d1d0319ad73b5ccf251745af4c7000331a76b" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Aug 25 21:15:00 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:08:48 2011 -0700" }, "message": "TOMOYO: Fix incorrect enforce mode.\n\nIn tomoyo_get_mode() since 2.6.36, CONFIG::file::execute was by error used in\nplace of CONFIG::file if CONFIG::file::execute was set to other than default.\nAs a result, enforcing mode was not applied in a way documentation says.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "09f464bf0961aba3cd917d4939597bafb269fb95", "tree": "ffdbb860514012bc2c8fef75cff3aa77c94fb9fc", "parents": [ "1e39f384bb01b0395b69cb70c2cacae65012f203" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Tue Aug 16 20:34:05 2011 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 09:48:41 2011 +1000" }, "message": "tomoyo: remove tomoyo_gc_thread()-\u003edaemonize()\n\ndaemonize() is only needed when a user-space task does kernel_thread().\n\ntomoyo_gc_thread() is kthread_create()\u0027ed and thus it doesn\u0027t need\nthe soon-to-be-deprecated daemonize().\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Matt Fleming \u003cmatt.fleming@intel.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4d81897139ffb738ee14b6f84f63f93ecda1136b", "tree": "27bbf6c03ccc9087e6bdc73b7fed31b471eb8048", "parents": [ "322a8b034003c0d46d39af85bf24fee27b902f48" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Aug 06 23:38:30 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 08 13:13:45 2011 +1000" }, "message": "TOMOYO: Fix incomplete read of /sys/kernel/security/tomoyo/profile\n\nCommit bd03a3e4 \"TOMOYO: Add policy namespace support.\" forgot to set EOF flag\nand forgot to print namespace at PREFERENCE line.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0f2a55d5bb2372058275b0b343d90dd5d640d045", "tree": "0faaacea8061e5717efd50d24220d6976e6adba6", "parents": [ "c9206693457a946698e1d67db2b424e1d101493d" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jul 14 14:46:51 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jul 14 17:50:03 2011 +1000" }, "message": "TOMOYO: Update kernel-doc.\n\nUpdate comments for scripts/kernel-doc and fix some of errors reported by\nscripts/checkpatch.pl .\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "97fb35e413f256ded07b88c73b3d932ec31ea84e", "tree": "d16cb1dcb6d16938aa01c071fdcd1cbbf85b5153", "parents": [ "5b636857fee642694e287e3a181b523b16098c93" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Jul 08 13:25:53 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 11 11:05:34 2011 +1000" }, "message": "TOMOYO: Enable conditional ACL.\n\nEnable conditional ACL by passing object\u0027s pointers.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5b636857fee642694e287e3a181b523b16098c93", "tree": "24afcc11fc35350a29f5d6d73d376a551c5569b8", "parents": [ "2ca9bf453bdd478bcb6c01aa2d0bd4c2f4350563" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Jul 08 13:24:54 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 11 11:05:33 2011 +1000" }, "message": "TOMOYO: Allow using argv[]/envp[] of execve() as conditions.\n\nThis patch adds support for permission checks using argv[]/envp[] of execve()\nrequest. Hooks are in the last patch of this pathset.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2ca9bf453bdd478bcb6c01aa2d0bd4c2f4350563", "tree": "b9f6051059a2a90547a4501bf296b0cf3c9dbc76", "parents": [ "8761afd49ebff8ae04c1a7888af090177441d07d" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Jul 08 13:23:44 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 11 11:05:33 2011 +1000" }, "message": "TOMOYO: Allow using executable\u0027s realpath and symlink\u0027s target as conditions.\n\nThis patch adds support for permission checks using executable file\u0027s realpath\nupon execve() and symlink\u0027s target upon symlink(). Hooks are in the last patch\nof this pathset.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8761afd49ebff8ae04c1a7888af090177441d07d", "tree": "f43b52e1b8467eeea465762d2f9d0b81a336faa0", "parents": [ "2066a36125fcbf5220990173b9d8e8bc49ad7538" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Jul 08 13:22:41 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 11 11:05:32 2011 +1000" }, "message": "TOMOYO: Allow using owner/group etc. of file objects as conditions.\n\nThis patch adds support for permission checks using file object\u0027s DAC\nattributes (e.g. owner/group) when checking file\u0027s pathnames. Hooks for passing\nfile object\u0027s pointers are in the last patch of this pathset.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2066a36125fcbf5220990173b9d8e8bc49ad7538", "tree": "c8ea3a6d92a8b4b68cda986601336e8e8f58553e", "parents": [ "5c4274f13819b40e726f6ee4ef13b4952cff5010" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Jul 08 13:21:37 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 11 11:05:32 2011 +1000" }, "message": "TOMOYO: Allow using UID/GID etc. of current thread as conditions.\n\nThis patch adds support for permission checks using current thread\u0027s UID/GID\netc. in addition to pathnames.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5c4274f13819b40e726f6ee4ef13b4952cff5010", "tree": "c32b5d2932369f24fbfbeb62908b09c505a01186", "parents": [ "ea504819122a76a236f8b95d1556f807a0a41397" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jul 07 21:20:35 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jul 08 09:25:36 2011 +1000" }, "message": "TOMOYO: Remove /sys/kernel/security/tomoyo/.domain_status interface.\n\n/sys/kernel/security/tomoyo/.domain_status can be easily emulated using\n/sys/kernel/security/tomoyo/domain_policy . We can remove this interface by\nupdating /usr/sbin/tomoyo-setprofile utility.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ea504819122a76a236f8b95d1556f807a0a41397", "tree": "d741222691d3ab119a76a3ce816f4fd49ffdf872", "parents": [ "ad599f9cf0187e823bc92bc83f3867a38fa266b9" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 30 17:32:30 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jul 01 09:25:47 2011 +1000" }, "message": "TOMOYO: Fix wrong domainname in tomoyo_init_log().\n\nCommit eadd99cc \"TOMOYO: Add auditing interface.\" by error replaced\n\"struct tomoyo_request_info\"-\u003edomain with tomoyo_domain().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3ddf17f08cf2f0d7ff06858eb07d1cc3db8994de", "tree": "c992dea8b1aaddf5f406826b40d53eb5534d1044", "parents": [ "3a6297abf3b179ae19b849e429841a7646711b70" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 29 14:22:37 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 30 18:49:25 2011 +1000" }, "message": "TOMOYO: Cleanup header file.\n\nSort by alphabetic order.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7986cf28bc5050967a7056d6eadda7f16f84eaab", "tree": "7330d23c10e04c0c8319f37335e87e9fd0f22b4b", "parents": [ "da3f1c7b7d34e66cf571a613525ca0d23f92d42f" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 29 13:07:52 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 30 18:48:37 2011 +1000" }, "message": "TOMOYO: Fix build error with CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER\u003dy .\n\nI forgot to add #ifndef in commit 0e4ae0e0 \"TOMOYO: Make several options\nconfigurable.\", resulting\n\n security/built-in.o: In function `tomoyo_bprm_set_creds\u0027:\n tomoyo.c:(.text+0x4698e): undefined reference to `tomoyo_load_policy\u0027\n\nerror.\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5b944a71a192977c1c018bbcfa0c52dca48e2368", "tree": "9f234c4a93bb28890ad086c846d2bf0b35f7f7ae", "parents": [ "0e4ae0e0dec634b2ae53ac57d14141b140467dbe", "c017d0d1351f916c0ced3f358afc491fdcf490b4" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 30 18:43:56 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 30 18:43:56 2011 +1000" }, "message": "Merge branch \u0027linus\u0027 into next\n" }, { "commit": "0e4ae0e0dec634b2ae53ac57d14141b140467dbe", "tree": "9a3b46dd03ea21422359d3948514771d0cc9d72d", "parents": [ "efe836ab2b514ae7b59528af36d452978b42d266" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:22:59 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:22 2011 +1000" }, "message": "TOMOYO: Make several options configurable.\n\nTo be able to start using enforcing mode from the early stage of boot sequence,\nthis patch adds support for activating access control without calling external\npolicy loader program. This will be useful for systems where operations which\ncan lead to the hijacking of the boot sequence are needed before loading the\npolicy. For example, you can activate immediately after loading the fixed part\nof policy which will allow only operations needed for mounting a partition\nwhich contains the variant part of policy and verifying (e.g. running GPG\ncheck) and loading the variant part of policy. Since you can start using\nenforcing mode from the beginning, you can reduce the possibility of hijacking\nthe boot sequence.\n\nThis patch makes several variables configurable on build time. This patch also\nadds TOMOYO_loader\u003d and TOMOYO_trigger\u003d kernel command line option to boot the\nsame kernel in two different init systems (BSD-style init and systemd).\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "efe836ab2b514ae7b59528af36d452978b42d266", "tree": "5e2434b25b0d53c4852fad7c9c07db9e99a38b07", "parents": [ "b22b8b9fd90eecfb7133e56b4e113595f09f4492" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:22:18 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:22 2011 +1000" }, "message": "TOMOYO: Add built-in policy support.\n\nTo be able to start using enforcing mode from the early stage of boot sequence,\nthis patch adds support for built-in policy configuration (and next patch adds\nsupport for activating access control without calling external policy loader\nprogram).\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b22b8b9fd90eecfb7133e56b4e113595f09f4492", "tree": "6e15e497a05aa219c598b8b8690fbdb5ae5f0b0a", "parents": [ "2c47ab9353242b0f061959318f83c55360b88fa4" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:21:50 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:22 2011 +1000" }, "message": "TOMOYO: Rename meminfo to stat and show more statistics.\n\nShow statistics such as last policy update time and last policy violation time\nin addition to memory usage.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2c47ab9353242b0f061959318f83c55360b88fa4", "tree": "03693079bf04572d30ef0ca37f717ae8acc29863", "parents": [ "2e503bbb435ae418aebbe4aeede1c6f2a33d6f74" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:21:19 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:21 2011 +1000" }, "message": "TOMOYO: Cleanup part 4.\n\nGather string constants to one file in order to make the object size smaller.\nUse unsigned type where appropriate.\nread()/write() returns ssize_t.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2e503bbb435ae418aebbe4aeede1c6f2a33d6f74", "tree": "c6b783c245716cf87b337b2a855e742133afb7ac", "parents": [ "5625f2e3266319fd29fe4f1c76ccd3f550c79ac4" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:20:55 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:21 2011 +1000" }, "message": "TOMOYO: Fix lockdep warning.\n\nCurrently TOMOYO holds SRCU lock upon open() and releases it upon close()\nbecause list elements stored in the \"struct tomoyo_io_buffer\" instances are\naccessed until close() is called. However, such SRCU usage causes lockdep to\ncomplain about leaving the kernel with SRCU lock held.\n\nThis patch solves the warning by holding/releasing SRCU upon each\nread()/write(). This patch is doing something similar to calling kfree()\nwithout calling synchronize_srcu(), by selectively deferring kfree() by keeping\ntrack of the \"struct tomoyo_io_buffer\" instances.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5625f2e3266319fd29fe4f1c76ccd3f550c79ac4", "tree": "190e96d956213b22da705872094ebdf5272af972", "parents": [ "bd03a3e4c9a9df0c6b007045fa7fc8889111a478" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:20:23 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:21 2011 +1000" }, "message": "TOMOYO: Change pathname for non-rename()able filesystems.\n\nTOMOYO wants to use /proc/self/ rather than /proc/$PID/ if $PID matches current\nthread\u0027s process ID in order to prevent current thread from accessing other\nprocess\u0027s information unless needed.\n\nBut since procfs can be mounted on various locations (e.g. /proc/ /proc2/ /p/\n/tmp/foo/100/p/ ), TOMOYO cannot tell that whether the numeric part in the\nstring returned by __d_path() represents process ID or not.\n\nTherefore, to be able to convert from $PID to self no matter where procfs is\nmounted, this patch changes pathname representations for filesystems which do\nnot support rename() operation (e.g. proc, sysfs, securityfs).\n\nExamples:\n /proc/self/mounts \u003d\u003e proc:/self/mounts\n /sys/kernel/security/ \u003d\u003e sys:/kernel/security/\n /dev/pts/0 \u003d\u003e devpts:/0\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bd03a3e4c9a9df0c6b007045fa7fc8889111a478", "tree": "9d78290c878e6466fe3e0bda7ee5989c0dc39e40", "parents": [ "32997144fd9925fc4d506a16990a0c405f766526" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:19:52 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:21 2011 +1000" }, "message": "TOMOYO: Add policy namespace support.\n\nMauras Olivier reported that it is difficult to use TOMOYO in LXC environments,\nfor TOMOYO cannot distinguish between environments outside the container and\nenvironments inside the container since LXC environments are created using\npivot_root(). To address this problem, this patch introduces policy namespace.\n\nEach policy namespace has its own set of domain policy, exception policy and\nprofiles, which are all independent of other namespaces. This independency\nallows users to develop policy without worrying interference among namespaces.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "32997144fd9925fc4d506a16990a0c405f766526", "tree": "52332d25e9317250a1af1b06008d7eae18717c70", "parents": [ "eadd99cc85347b4f9eb10122ac90032eb4971b02" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:19:28 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:20 2011 +1000" }, "message": "TOMOYO: Add ACL group support.\n\nACL group allows administrator to globally grant not only \"file read\"\npermission but also other permissions.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "eadd99cc85347b4f9eb10122ac90032eb4971b02", "tree": "fa6075ad4917422288222ee52bfcb66b7ed30a0e", "parents": [ "d5ca1725ac9ba876c2dd614bb9826d0c4e13d818" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:18:58 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:20 2011 +1000" }, "message": "TOMOYO: Add auditing interface.\n\nAdd /sys/kernel/security/tomoyo/audit interface. This interface generates audit\nlogs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse\naudit logs for appending to /sys/kernel/security/tomoyo/domain_policy\ninterface.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d5ca1725ac9ba876c2dd614bb9826d0c4e13d818", "tree": "fbff7fe1e39597c5bac981f63a2be659f4ec84e7", "parents": [ "0d2171d711cbfca84cc0001121be8a6cc8e4d148" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:18:21 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:20 2011 +1000" }, "message": "TOMOYO: Simplify profile structure.\n\nRemove global preference from profile structure in order to make code simpler.\n\nDue to this structure change, printk() warnings upon policy violation are\ntemporarily disabled. They will be replaced by\n/sys/kernel/security/tomoyo/audit by next patch.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0d2171d711cbfca84cc0001121be8a6cc8e4d148", "tree": "998c6fb0c61e15686a7b70276e17ad9e396741f4", "parents": [ "a238cf5b89ed5285be8de56335665d023972f7d5" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:17:46 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:20 2011 +1000" }, "message": "TOMOYO: Rename directives.\n\nConvert \"allow_...\" style directives to \"file ...\" style directives.\nBy converting to the latter style, we can pack policy like\n\"file read/write/execute /path/to/file\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a238cf5b89ed5285be8de56335665d023972f7d5", "tree": "cd2594f5c80345b5f880a3ccd445d15fb6b7d6cd", "parents": [ "0df7e8b8f1c25c10820bdc679555f2fbfb897ca0" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:17:10 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:20 2011 +1000" }, "message": "TOMOYO: Use struct for passing ACL line.\n\nUse structure for passing ACL line, in preparation for supporting policy\nnamespace and conditional parameters.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0df7e8b8f1c25c10820bdc679555f2fbfb897ca0", "tree": "626a0304fceec0bbee93e43a24bc0f813fe230b7", "parents": [ "b5bc60b4ce313b6dbb42e7d32915dcf0a07c2a68" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:16:36 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:19 2011 +1000" }, "message": "TOMOYO: Cleanup part 3.\n\nUse common structure for ACL with \"struct list_head\" + \"atomic_t\".\nUse array/struct where possible.\nRemove is_group from \"struct tomoyo_name_union\"/\"struct tomoyo_number_union\".\nPass \"struct file\"-\u003eprivate_data rather than \"struct file\".\nUpdate some of comments.\nBring tomoyo_same_acl_head() from common.h to domain.c .\nBring tomoyo_invalid()/tomoyo_valid() from common.h to util.c .\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b5bc60b4ce313b6dbb42e7d32915dcf0a07c2a68", "tree": "4a6a4f4cf1b6d0e5fa22c974fb4cf87d59a88e21", "parents": [ "7c75964f432d14062d8eccfc916aa290f56b5aab" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:16:03 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:19 2011 +1000" }, "message": "TOMOYO: Cleanup part 2.\n\nUpdate (or temporarily remove) comments.\nRemove or replace some of #define lines.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7c75964f432d14062d8eccfc916aa290f56b5aab", "tree": "8aecdb96f9f079dd36735c3acccb79f3d10d6559", "parents": [ "1252cc3b232e582e887623dc5f70979418caaaa2" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Jun 26 23:15:31 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 29 09:31:19 2011 +1000" }, "message": "TOMOYO: Cleanup part 1.\n\nIn order to synchronize with TOMOYO 1.8\u0027s syntax,\n\n(1) Remove special handling for allow_read/write permission.\n(2) Replace deny_rewrite/allow_rewrite permission with allow_append permission.\n(3) Remove file_pattern keyword.\n(4) Remove allow_read permission from exception policy.\n(5) Allow creating domains in enforcing mode without calling supervisor.\n(6) Add permission check for opening directory for reading.\n(7) Add permission check for stat() operation.\n(8) Make \"cat \u003c /sys/kernel/security/tomoyo/self_domain\" behave as if\n \"cat /sys/kernel/security/tomoyo/self_domain\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4e78c724d47e2342aa8fde61f6b8536f662f795f", "tree": "9256c52a1e40b593601647bcc1d8d8e588188f77", "parents": [ "2c53b436a30867eb6b47dd7bab23ba638d1fb0d2" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Jun 13 13:49:11 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jun 14 15:18:42 2011 +1000" }, "message": "TOMOYO: Fix oops in tomoyo_mount_acl().\n\nIn tomoyo_mount_acl() since 2.6.36, kern_path() was called without checking\ndev_name !\u003d NULL. As a result, an unprivileged user can trigger oops by issuing\nmount(NULL, \"/\", \"ext3\", 0, NULL) request.\nFix this by checking dev_name !\u003d NULL before calling kern_path(dev_name).\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCc: stable@kernel.org\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e77dc3460fa59be5759e9327ad882868eee9d61b", "tree": "dc342433cce9dbdaa3ad36f250d21d575d1c8775", "parents": [ "3a852d3bd53e718206a18b015909c4b575952692" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu May 12 06:40:51 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 12 11:07:21 2011 +1000" }, "message": "TOMOYO: Fix wrong domainname validation.\n\nIn tomoyo_correct_domain() since 2.6.36, TOMOYO was by error validating\n\"\u003ckernel\u003e\" + \"/foo/\\\" + \"/bar\" when \"\u003ckernel\u003e /foo/\\* /bar\" was given.\nAs a result, legal domainnames like \"\u003ckernel\u003e /foo/\\* /bar\" are rejected.\n\nReported-by: Hayama Yossihiro \u003cyossi@yedo.src.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "db5ca356d8af8e43832c185ceec90850ff2ebb45", "tree": "f079addde0b6a8e5a883b5d2f1363496f6511f32", "parents": [ "d4ab4e6a23f805abb8fc3cc34525eec3788aeca1" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Apr 20 06:49:15 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 20 10:16:21 2011 +1000" }, "message": "TOMOYO: Fix refcount leak in tomoyo_mount_acl().\n\nIn tomoyo_mount_acl() since 2.6.36, reference to device file (e.g. /dev/sda1)\nwas leaking.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d4ab4e6a23f805abb8fc3cc34525eec3788aeca1", "tree": "eefd82c155bc27469a85667d759cd90facf4a6e3", "parents": [ "c0fa797ae6cd02ff87c0bfe0d509368a3b45640e", "96fd2d57b8252e16dfacf8941f7a74a6119197f5" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 19 21:32:41 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 19 21:32:41 2011 +1000" }, "message": "Merge branch \u0027master\u0027; commit \u0027v2.6.39-rc3\u0027 into next\n" }, { "commit": "c0fa797ae6cd02ff87c0bfe0d509368a3b45640e", "tree": "4f484333268919be0487ff5fdf9dd380d8bf6ed2", "parents": [ "e4f5f26d8336318a5aa0858223c81cf29fcf5f68" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Apr 03 00:12:54 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 19 09:37:12 2011 +1000" }, "message": "TOMOYO: Fix infinite loop bug when reading /sys/kernel/security/tomoyo/audit\n\nIn tomoyo_flush(), head-\u003er.w[0] holds pointer to string data to be printed.\nBut head-\u003er.w[0] was updated only when the string data was partially\nprinted (because head-\u003er.w[0] will be updated by head-\u003er.w[1] later if\ncompletely printed). However, regarding /sys/kernel/security/tomoyo/query ,\nan additional \u0027\\0\u0027 is printed after the string data was completely printed.\nBut if free space for read buffer became 0 before printing the additional \u0027\\0\u0027,\ntomoyo_flush() was returning without updating head-\u003er.w[0]. As a result,\ntomoyo_flush() forever reprints already printed string data.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e4f5f26d8336318a5aa0858223c81cf29fcf5f68", "tree": "8d28363c736c363d05f31e8417f11a2b5cce67a0", "parents": [ "2a086e5d3a23570735f75b784d29b93068070833" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Apr 03 00:11:50 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 19 09:37:09 2011 +1000" }, "message": "TOMOYO: Don\u0027t add / for allow_unmount permission check.\n\n\"mount --bind /path/to/file1 /path/to/file2\" is legal. Therefore,\n\"umount /path/to/file2\" is also legal. Do not automatically append trailing \u0027/\u0027\nif pathname to be unmounted does not end with \u0027/\u0027.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2a086e5d3a23570735f75b784d29b93068070833", "tree": "43949632ba2e1c8ed4a8169d64c406d66ce36f23", "parents": [ "a3232d2fa2e3cbab3e76d91cdae5890fee8a4034" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Apr 03 00:09:26 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 19 09:37:06 2011 +1000" }, "message": "TOMOYO: Fix race on updating profile\u0027s comment line.\n\nIn tomoyo_write_profile() since 2.6.34, a lock was by error missing when\nreplacing profile\u0027s comment line. If multiple threads attempted\n\n echo \u00270-COMMENT\u003dcomment\u0027 \u003e /sys/kernel/security/tomoyo/profile\n\nin parallel, garbage collector will fail to kfree() the old value.\nProtect the replacement using a lock. Also, keep the old value rather than\nreplace with empty string when out of memory error has occurred.\n\nSigned-off-by: Xiaochen Wang \u003cwangxiaochen0@gmail.com\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "25985edcedea6396277003854657b5f3cb31a628", "tree": "f026e810210a2ee7290caeb737c23cb6472b7c38", "parents": [ "6aba74f2791287ec407e0f92487a725a25908067" ], "author": { "name": "Lucas De Marchi", "email": "lucas.demarchi@profusion.mobi", "time": "Wed Mar 30 22:57:33 2011 -0300" }, "committer": { "name": "Lucas De Marchi", "email": "lucas.demarchi@profusion.mobi", "time": "Thu Mar 31 11:26:23 2011 -0300" }, "message": "Fix common misspellings\n\nFixes generated by \u0027codespell\u0027 and manually reviewed.\n\nSigned-off-by: Lucas De Marchi \u003clucas.demarchi@profusion.mobi\u003e\n" }, { "commit": "cfc64fd91fabed099a4c3df58559f4b7efe9bcce", "tree": "6ecc7efb4d61ba9e1ae21a11e50f175961f76cf8", "parents": [ "93b9c98b3498db5842e2812b32cff4c1ae947eb1" ], "author": { "name": "Xiaochen Wang", "email": "wangxiaochen0@gmail.com", "time": "Thu Mar 31 00:27:32 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 31 10:25:06 2011 +1100" }, "message": "tomoyo: fix memory leak in tomoyo_commit_ok()\n\nWhen memory used for policy exceeds the quota, tomoyo_memory_ok() return false.\nIn this case, tomoyo_commit_ok() must call kfree() before returning NULL.\nThis bug exists since 2.6.35.\n\nSigned-off-by: Xiaochen Wang \u003cwangxiaochen0@gmail.com\u003e\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "eae61f3c829439f8f9121b5cd48a14be04df451f", "tree": "607f79bb57996e059c1da17a0411d5763c4748ca", "parents": [ "1adace9bb04a5f4a4dea9e642089102661bb0ceb" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Mar 02 16:54:24 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Mar 03 10:13:26 2011 +1100" }, "message": "TOMOYO: Fix memory leak upon file open.\n\nIn tomoyo_check_open_permission() since 2.6.36, TOMOYO was by error\nrecalculating already calculated pathname when checking allow_rewrite\npermission. As a result, memory will leak whenever a file is opened for writing\nwithout O_APPEND flag. Also, performance will degrade because TOMOYO is\ncalculating pathname regardless of profile configuration.\nThis patch fixes the leak and performance degrade.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "da5029563a0a026c64821b09e8e7b4fd81d3fe1b", "tree": "5d5618e0cb382390073377b1be7d0aa76879ac54", "parents": [ "b7ab39f631f505edc2bbdb86620d5493f995c9da" ], "author": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Fri Jan 07 17:49:33 2011 +1100" }, "committer": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Fri Jan 07 17:50:21 2011 +1100" }, "message": "fs: dcache scale d_unhashed\n\nProtect d_unhashed(dentry) condition with d_lock. This means keeping\nDCACHE_UNHASHED bit in synch with hash manipulations.\n\nSigned-off-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\n" }, { "commit": "be148247cfbe2422f5709e77d9c3e10b8a6394da", "tree": "f04605bb5ea21cefd455b6fd81c51d8bb02c1521", "parents": [ "85fe4025c616a7c0ed07bc2fc8c5371b07f3888c" ], "author": { "name": "Christoph Hellwig", "email": "hch@infradead.org", "time": "Sun Oct 10 05:36:21 2010 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Oct 25 21:26:12 2010 -0400" }, "message": "fs: take dcache_lock inside __d_path\n\nAll callers take dcache_lock just around the call to __d_path, so\ntake the lock into it in preparation of getting rid of dcache_lock.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9f1c1d426b0402b25cd0d7ca719ffc8e20e46d5f", "tree": "5d31ff027688a90cef5ccea5bee1cb3e65639b37", "parents": [ "b0ae19811375031ae3b3fecc65b702a9c6e5cc28" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Oct 08 14:43:22 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:45 2010 +1100" }, "message": "TOMOYO: Print URL information before panic().\n\nConfiguration files for TOMOYO 2.3 are not compatible with TOMOYO 2.2.\nBut current panic() message is too unfriendly and is confusing users.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nReviewed-by: KOSAKI Motohiro \u003ckosaki.motohiro@jp.fujitsu.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "68eda8f59081c74a51d037cc29893bd7c9b3c2d8", "tree": "5970a384719568f6f36ee07efe72adb8cfab39f1", "parents": [ "f6f94e2ab1b33f0082ac22d71f66385a60d8157f" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sun Aug 08 00:17:51 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:32 2010 +1100" }, "message": "tomoyo: cleanup. don\u0027t store bogus pointer\n\nIf domain is NULL then \u0026domain-\u003elist is a bogus address. Let\u0027s leave\nhead-\u003er.domain NULL instead of saving an unusable pointer.\n\nThis is just a cleanup. The current code always checks head-\u003er.eof\nbefore dereferencing head-\u003er.domain.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\n" }, { "commit": "c8da96e87d349e9035345293093ecc74792fb96a", "tree": "738b017e4fa8547feb2741969decd749ea6e98e1", "parents": [ "91e71c12c506e15028c252a5a097723f41c518dd" ], "author": { "name": "Ben Hutchings", "email": "ben@decadent.org.uk", "time": "Sun Sep 26 05:55:13 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 27 10:53:18 2010 +1000" }, "message": "TOMOYO: Don\u0027t abuse sys_getpid(), sys_getppid()\n\nSystem call entry functions sys_*() are never to be called from\ngeneral kernel code. The fact that they aren\u0027t declared in header\nfiles should have been a clue. These functions also don\u0027t exist on\nAlpha since it has sys_getxpid() instead.\n\nSigned-off-by: Ben Hutchings \u003cben@decadent.org.uk\u003e\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "484ca79c653121d3c79fffb86e1deea724f2e20b", "tree": "457aa73e37c9b5e5b4306430f40d1985b59ca226", "parents": [ "4d6ec10bb4461fdc9a9ab94ef32934e13564e873" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jul 29 14:29:55 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:38 2010 +1000" }, "message": "TOMOYO: Use pathname specified by policy rather than execve()\n\nCommit c9e69318 \"TOMOYO: Allow wildcard for execute permission.\" changed execute\npermission and domainname to accept wildcards. But tomoyo_find_next_domain()\nwas using pathname passed to execve() rather than pathname specified by the\nexecute permission. As a result, processes were not able to transit to domains\nwhich contain wildcards in their domainnames.\n\nThis patch passes pathname specified by the execute permission back to\ntomoyo_find_next_domain() so that processes can transit to domains which\ncontain wildcards in their domainnames.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e6f6a4cc955d626ed26562d98de5766bf1f73526", "tree": "308ef4b42db0e3ebc0078550c7b9cca59f117cd6", "parents": [ "7e3d199a4009a4094a955282daf5ecd43f2c8152" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jul 27 17:17:06 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:10 2010 +1000" }, "message": "TOMOYO: Update version to 2.3.0\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7e3d199a4009a4094a955282daf5ecd43f2c8152", "tree": "ea65ba1835bc1465ab07d94e0f8c7e9a2e060b5f", "parents": [ "b424485abe2b16580a178b469917a7b6ee0c152a" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Jul 27 10:08:29 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:09 2010 +1000" }, "message": "TOMOYO: Fix quota check.\n\nCommit d74725b9 \"TOMOYO: Use callback for updating entries.\" broke\ntomoyo_domain_quota_is_ok() by counting deleted entries. It needs to\ncount non-deleted entries.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7e2deb7ce8f662bce877dbfd3b0053e9559c25a3", "tree": "525c2a048a361bda568ff19bf422430999b64984", "parents": [ "af4f136056c984b0aa67feed7d3170b958370b2f" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jul 08 21:57:41 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:57 2010 +1000" }, "message": "TOMOYO: Explicitly set file_operations-\u003ellseek pointer.\n\nTOMOYO does not deal offset pointer. Thus seek operation makes\nno sense. Changing default seek operation from default_llseek()\nto no_llseek() might break some applications. Thus, explicitly\nset noop_llseek().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0849e3ba53c3ef603dffa9758a73e07ed186a937", "tree": "5aaaa02db9be90287bfcc6e00e48d0b50c18d6cd", "parents": [ "e2bf69077acefee5247bb661faac2552d29ba7ba" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Jun 25 12:22:09 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:55 2010 +1000" }, "message": "TOMOYO: Add missing poll() hook.\n\nCommit 1dae08c \"TOMOYO: Add interactive enforcing mode.\" forgot to register\npoll() hook. As a result, /usr/sbin/tomoyo-queryd was doing busy loop.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e2bf69077acefee5247bb661faac2552d29ba7ba", "tree": "946adb588df8647f2476fb2f66996e6231521687", "parents": [ "8e5686874bcb882f69d5c04e6b38dc92b97facea" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Jun 25 11:16:00 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:54 2010 +1000" }, "message": "TOMOYO: Rename symbols.\n\nUse shorter name in order to make it easier to fit 80 columns limit.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8e5686874bcb882f69d5c04e6b38dc92b97facea", "tree": "522733e1e4a172d29252a98d340cea3942296684", "parents": [ "f23571e866309a2048030ef6a5f0725cf139d4c9" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Jun 25 09:30:09 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:54 2010 +1000" }, "message": "TOMOYO: Small cleanup.\n\nSplit tomoyo_write_profile() into several functions.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f23571e866309a2048030ef6a5f0725cf139d4c9", "tree": "0116bcef462f367307b2db927b249b7ce21039c2", "parents": [ "5db5a39b6462c8360c9178b28f4b07c320dfca1c" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 24 14:57:16 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:45 2010 +1000" }, "message": "TOMOYO: Copy directly to userspace buffer.\n\nWhen userspace program reads policy from /sys/kernel/security/tomoyo/\ninterface, TOMOYO uses line buffered mode. A line has at least one word.\n\nCommit 006dacc \"TOMOYO: Support longer pathname.\" changed a word\u0027s max length\nfrom 4000 bytes to max kmalloc()able bytes. By that commit, a line\u0027s max length\nchanged from 8192 bytes to more than max kmalloc()able bytes.\n\nMax number of words in a line remains finite. This patch changes the way of\nbuffering so that all words in a line are firstly directly copied to userspace\nbuffer as much as possible and are secondly queued for next read request.\nWords queued are guaranteed to be valid until /sys/kernel/security/tomoyo/\ninterface is close()d.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5db5a39b6462c8360c9178b28f4b07c320dfca1c", "tree": "0350d94c0e134820e035381bcff81515dbda9666", "parents": [ "063821c8160568b3390044390c8328e36c5696ad" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 24 12:24:19 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:45 2010 +1000" }, "message": "TOMOYO: Use common code for policy reading.\n\ntomoyo_print_..._acl() are similar. Merge them.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "063821c8160568b3390044390c8328e36c5696ad", "tree": "68a61753cdc6b0edaf0358eebdea8c20aaa713b1", "parents": [ "475e6fa3d340e75a454ea09191a29e52e2ee6e71" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 24 12:00:25 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:44 2010 +1000" }, "message": "TOMOYO: Allow reading only execute permission.\n\nPolicy editor needs to know allow_execute entries in order to build domain\ntransition tree. Reading all entries is slow. Thus, allow reading only\nallow_execute entries.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "475e6fa3d340e75a454ea09191a29e52e2ee6e71", "tree": "44e8222ec250f8573199fc3132eaeb2f8922f85e", "parents": [ "5448ec4f5062ef75ce74f8d7784d4cea9c46ad00" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 24 11:28:14 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:44 2010 +1000" }, "message": "TOMOYO: Change list iterator.\n\nChange list_for_each_cookie to\n\n(1) start from current position rather than next position\n(2) remove temporary cursor\n(3) check that srcu_read_lock() is held\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5448ec4f5062ef75ce74f8d7784d4cea9c46ad00", "tree": "c4c742b928c799e03328e345e1d4af738f315afb", "parents": [ "0617c7ff34dc9b1d641640c3953274bb2dbe21a6" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Jun 21 11:14:39 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:43 2010 +1000" }, "message": "TOMOYO: Use common code for domain transition control.\n\nUse common code for \"initialize_domain\"/\"no_initialize_domain\"/\"keep_domain\"/\n\"no_keep_domain\" keywords.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0617c7ff34dc9b1d641640c3953274bb2dbe21a6", "tree": "6be51af32ad65380aff9b7fa385f65ef15b3d53b", "parents": [ "7c2ea22e3c5463627ca98924cd65cb9e480dc29c" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Jun 21 09:58:53 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:42 2010 +1000" }, "message": "TOMOYO: Remove alias keyword.\n\nSome programs behave differently depending on argv[0] passed to execve().\nTOMOYO has \"alias\" keyword in order to allow administrators to define different\ndomains if requested pathname passed to execve() is a symlink. But \"alias\"\nkeyword is incomplete because this keyword assumes that requested pathname and\nargv[0] are identical. Thus, remove \"alias\" keyword (by this patch) and add\nsyntax for checking argv[0] (by future patches).\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7c2ea22e3c5463627ca98924cd65cb9e480dc29c", "tree": "3a105a08cf75c77689bdfe890c64f9ae433748b9", "parents": [ "31845e8c6d3f4f26702e567c667277f9fd1f73a3" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 17 16:55:58 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:42 2010 +1000" }, "message": "TOMOYO: Merge path_group and number_group.\n\nUse common code for \"path_group\" and \"number_group\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "31845e8c6d3f4f26702e567c667277f9fd1f73a3", "tree": "5c457513fcdae4e7e39b19d36e1698ae298ce8d4", "parents": [ "a230f9e7121cbcbfe23bd5a630abf6b53cece555" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 17 16:54:33 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:41 2010 +1000" }, "message": "TOMOYO: Aggregate reader functions.\n\nNow lists are accessible via array index. Aggregate reader functions using index.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a230f9e7121cbcbfe23bd5a630abf6b53cece555", "tree": "a81820f41d57ffd8704aaef4331f696030d7ba77", "parents": [ "a98aa4debe2728abb3353e35fc5d110dcc0d7f0d" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Jun 17 16:53:24 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:40 2010 +1000" }, "message": "TOMOYO: Use array of \"struct list_head\".\n\nAssign list id and make the lists as array of \"struct list_head\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "a98aa4debe2728abb3353e35fc5d110dcc0d7f0d" }