)]}'
{
  "log": [
    {
      "commit": "5cd9c58fbe9ec92b45b27e131719af4f2bd9eb40",
      "tree": "8573db001b4dc3c2ad97102dda42b841c40b5f6c",
      "parents": [
        "8d0968abd03ec6b407df117adc773562386702fa"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Thu Aug 14 11:37:28 2008 +0100"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Thu Aug 14 22:59:43 2008 +1000"
      },
      "message": "security: Fix setting of PF_SUPERPRIV by __capable()\n\nFix the setting of PF_SUPERPRIV by __capable() as it could corrupt the flags\nthe target process if that is not the current process and it is trying to\nchange its own flags in a different way at the same time.\n\n__capable() is using neither atomic ops nor locking to protect t-\u003eflags.  This\npatch removes __capable() and introduces has_capability() that doesn\u0027t set\nPF_SUPERPRIV on the process being queried.\n\nThis patch further splits security_ptrace() in two:\n\n (1) security_ptrace_may_access().  This passes judgement on whether one\n     process may access another only (PTRACE_MODE_ATTACH for ptrace() and\n     PTRACE_MODE_READ for /proc), and takes a pointer to the child process.\n     current is the parent.\n\n (2) security_ptrace_traceme().  This passes judgement on PTRACE_TRACEME only,\n     and takes only a pointer to the parent process.  current is the child.\n\n     In Smack and commoncap, this uses has_capability() to determine whether\n     the parent will be permitted to use PTRACE_ATTACH if normal checks fail.\n     This does not set PF_SUPERPRIV.\n\nTwo of the instances of __capable() actually only act on current, and so have\nbeen changed to calls to capable().\n\nOf the places that were using __capable():\n\n (1) The OOM killer calls __capable() thrice when weighing the killability of a\n     process.  All of these now use has_capability().\n\n (2) cap_ptrace() and smack_ptrace() were using __capable() to check to see\n     whether the parent was allowed to trace any process.  As mentioned above,\n     these have been split.  For PTRACE_ATTACH and /proc, capable() is now\n     used, and for PTRACE_TRACEME, has_capability() is used.\n\n (3) cap_safe_nice() only ever saw current, so now uses capable().\n\n (4) smack_setprocattr() rejected accesses to tasks other than current just\n     after calling __capable(), so the order of these two tests have been\n     switched and capable() is used instead.\n\n (5) In smack_file_send_sigiotask(), we need to allow privileged processes to\n     receive SIGIO on files they\u0027re manipulating.\n\n (6) In smack_task_wait(), we let a process wait for a privileged process,\n     whether or not the process doing the waiting is privileged.\n\nI\u0027ve tested this with the LTP SELinux and syscalls testscripts.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nAcked-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "6f0f0fd496333777d53daff21a4e3b28c4d03a6d",
      "tree": "202de67376fce2547b44ae5b016d6424c3c7409c",
      "parents": [
        "93cbace7a058bce7f99319ef6ceff4b78cf45051"
      ],
      "author": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Thu Jul 10 17:02:07 2008 +0900"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Mon Jul 14 15:04:06 2008 +1000"
      },
      "message": "security: remove register_security hook\n\nThe register security hook is no longer required, as the capability\nmodule is always registered.  LSMs wishing to stack capability as\na secondary module should do so explicitly.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n"
    },
    {
      "commit": "55d00ccfb336b4f85a476a24e18c17b2eaff919e",
      "tree": "5be259b88f5cfe17206ad20dcb11929dd4a40781",
      "parents": [
        "c60264c494a119cd3a716a22edc0137b11de6d1e"
      ],
      "author": {
        "name": "Serge E. Hallyn",
        "email": "serue@us.ibm.com",
        "time": "Mon Apr 28 02:13:42 2008 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Mon Apr 28 08:58:27 2008 -0700"
      },
      "message": "root_plug: use cap_task_prctl\n\nWith the introduction of per-process securebits, the capabilities-related\nprctl callbacks were moved into cap_task_prctl().  Have root_plug use\ncap_task_prctl() so that PR_SET_KEEPCAPS is defined.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "dd6f953adb5c4deb9cd7b6a5054e7d5eafe4ed71",
      "tree": "0ed459ca8da43b7e0486c8f0a840845a731920bf",
      "parents": [
        "b0c636b99997c8594da6a46e166ce4fcf6956fda"
      ],
      "author": {
        "name": "Harvey Harrison",
        "email": "harvey.harrison@gmail.com",
        "time": "Thu Mar 06 10:03:59 2008 +1100"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Fri Apr 18 20:26:07 2008 +1000"
      },
      "message": "security: replace remaining __FUNCTION__ occurrences\n\n__FUNCTION__ is gcc-specific, use __func__\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "20510f2f4e2dabb0ff6c13901807627ec9452f98",
      "tree": "d64b9eeb90d577f7f9688a215c4c6c3c2405188a",
      "parents": [
        "5c3b447457789374cdb7b03afe2540d48c649a36"
      ],
      "author": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Tue Oct 16 23:31:32 2007 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@woody.linux-foundation.org",
        "time": "Wed Oct 17 08:43:07 2007 -0700"
      },
      "message": "security: Convert LSM into a static interface\n\nConvert LSM into a static interface, as the ability to unload a security\nmodule is not required by in-tree users and potentially complicates the\noverall security architecture.\n\nNeedlessly exported LSM symbols have been unexported, to help reduce API\nabuse.\n\nParameters for the capability and root_plug modules are now specified\nat boot.\n\nThe SECURITY_FRAMEWORK_VERSION macro has also been removed.\n\nIn a nutshell, there is no safe way to unload an LSM.  The modular interface\nis thus unecessary and broken infrastructure.  It is used only by out-of-tree\nmodules, which are often binary-only, illegal, abusive of the API and\ndangerous, e.g.  silently re-vectoring SELinux.\n\n[akpm@linux-foundation.org: cleanups]\n[akpm@linux-foundation.org: USB Kconfig fix]\n[randy.dunlap@oracle.com: fix LSM kernel-doc]\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: \"Serge E. Hallyn\" \u003cserue@us.ibm.com\u003e\nAcked-by: Arjan van de Ven \u003carjan@infradead.org\u003e\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "6ab3d5624e172c553004ecc862bfeac16d9d68b7",
      "tree": "6d98881fe91fd9583c109208d5c27131b93fa248",
      "parents": [
        "e02169b682bc448ccdc819dc8639ed34a23cedd8"
      ],
      "author": {
        "name": "Jörn Engel",
        "email": "joern@wohnheim.fh-wedel.de",
        "time": "Fri Jun 30 19:25:36 2006 +0200"
      },
      "committer": {
        "name": "Adrian Bunk",
        "email": "bunk@stusta.de",
        "time": "Fri Jun 30 19:25:36 2006 +0200"
      },
      "message": "Remove obsolete #include \u003clinux/config.h\u003e\n\nSigned-off-by: Jörn Engel \u003cjoern@wohnheim.fh-wedel.de\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\n"
    },
    {
      "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
      "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d",
      "parents": [],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@ppc970.osdl.org",
        "time": "Sat Apr 16 15:20:36 2005 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@ppc970.osdl.org",
        "time": "Sat Apr 16 15:20:36 2005 -0700"
      },
      "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n"
    }
  ]
}