)]}' { "log": [ { "commit": "f9ad1af53d5232a89a1ff1827102843999975dfa", "tree": "2d7f4c35208b74995651fa6eb47031a37f928503", "parents": [ "c1c124e91e7c6d5a600c98f6fb5b443c403a14f4" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Jul 29 14:48:08 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:34 2010 +1000" }, "message": "AppArmor: Enable configuring and building of the AppArmor security module\n\nKconfig and Makefiles to enable configuration and building of AppArmor.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6e1415467614e854fee660ff6648bd10fa976e95", "tree": "2ae2e2f51eff0629bc0e26a97eac85483a7ba56f", "parents": [ "dd880fbe8e4792d1185a5101dc751f49eab0a509" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Dec 15 19:27:45 2009 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 17 09:25:19 2009 +1100" }, "message": "NOMMU: Optimise away the {dac_,}mmap_min_addr tests\n\nIn NOMMU mode clamp dac_mmap_min_addr to zero to cause the tests on it to be\nskipped by the compiler. We do this as the minimum mmap address doesn\u0027t make\nany sense in NOMMU mode.\n\nmmap_min_addr and round_hint_to_min() can be discarded entirely in NOMMU mode.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3e1c2515acf70448cad1ae3ab835ca80be043d33", "tree": "46034a30e83ba406479d9753acdbb0fd76180b2b", "parents": [ "b7f3008ad1d795935551e4dd810b0255a7bfa3c9" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Oct 20 13:48:33 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Oct 20 14:26:16 2009 +0900" }, "message": "security: remove root_plug\n\n Remove the root_plug example LSM code. It\u0027s unmaintained and\n increasingly broken in various ways.\n\n Made at the 2009 Kernel Summit in Tokyo!\n\n Acked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n Signed-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2bf49690325b62480a42f7afed5e9f164173c570", "tree": "bc8525f6a45ea3ffaed9449084df7644bcd4e3c2", "parents": [ "f322abf83feddc3c37c3a91794e0c5aece4af18e" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Tue Jul 14 12:14:09 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 17 08:37:18 2009 +1000" }, "message": "SELinux: Convert avc_audit to use lsm_audit.h\n\nConvert avc_audit in security/selinux/avc.c to use lsm_audit.h,\nfor better maintainability.\n\n - changed selinux to use common_audit_data instead of\n avc_audit_data\n - eliminated code in avc.c and used code from lsm_audit.h instead.\n\nHad to add a LSM_AUDIT_NO_AUDIT to lsm_audit.h so that avc_audit\ncan call common_lsm_audit and do the pre and post callbacks without\ndoing the actual dump. This makes it so that the patched version\nbehaves the same way as the unpatched version.\n\nAlso added a denied field to the selinux_audit_data private space,\nonce again to make it so that the patched version behaves like the\nunpatched.\n\nI\u0027ve tested and confirmed that AVCs look the same before and after\nthis patch.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a2551df7ec568d87793d2eea4ca744e86318f205", "tree": "3bdd4257bf757d9d1d64d9d7aa10cd144cd3a657", "parents": [ "84336d1a77ccd2c06a730ddd38e695c2324a7386" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:54:11 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 06 09:02:23 2009 +1000" }, "message": "Security/SELinux: seperate lsm specific mmap_min_addr\n\nCurrently SELinux enforcement of controls on the ability to map low memory\nis determined by the mmap_min_addr tunable. This patch causes SELinux to\nignore the tunable and instead use a seperate Kconfig option specific to how\nmuch space the LSM should protect.\n\nThe tunable will now only control the need for CAP_SYS_RAWIO and SELinux\npermissions will always protect the amount of low memory designated by\nCONFIG_LSM_MMAP_MIN_ADDR.\n\nThis allows users who need to disable the mmap_min_addr controls (usual reason\nbeing they run WINE as a non-root user) to do so and still have SELinux\ncontrols preventing confined domains (like a web server) from being able to\nmap some area of low memory.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "be940d6279c30a2d7c4e8d1d5435f957f594d66d", "tree": "965805d563cb756879fd3595230c3ca205da76d1", "parents": [ "b3a633c8527ef155b1a4e22e8f5abc58f7af54c9" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 13 10:39:36 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 13 10:39:36 2009 +1000" }, "message": "Revert \"SELinux: Convert avc_audit to use lsm_audit.h\"\n\nThis reverts commit 8113a8d80f4c6a3dc3724b39b470f3fee9c426b6.\n\nThe patch causes a stack overflow on my system during boot.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8113a8d80f4c6a3dc3724b39b470f3fee9c426b6", "tree": "27eb775108daaff8390ad564010a9f2fbd5187a2", "parents": [ "65c3f0a2d0f72d210c879e4974c2d222b7951321" ], "author": { "name": "Thomas Liu", "email": "tliu@redhat.com", "time": "Fri Jul 10 10:31:04 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 13 07:54:48 2009 +1000" }, "message": "SELinux: Convert avc_audit to use lsm_audit.h\n\nConvert avc_audit in security/selinux/avc.c to use lsm_audit.h,\nfor better maintainability and for less code duplication.\n\n - changed selinux to use common_audit_data instead of\n avc_audit_data\n - eliminated code in avc.c and used code from lsm_audit.h instead.\n\nI have tested to make sure that the avcs look the same before and\nafter this patch.\n\nSigned-off-by: Thomas Liu \u003ctliu@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ecfcc53fef3c357574bb6143dce6631e6d56295c", "tree": "d7bee04b64c5ad2ba0ed273bff2c8c7c98b3eee5", "parents": [ "6e837fb152410e571a81aaadbd9884f0bc46a55e" ], "author": { "name": "Etienne Basset", "email": "etienne.basset@numericable.fr", "time": "Wed Apr 08 20:40:06 2009 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Apr 14 09:00:23 2009 +1000" }, "message": "smack: implement logging V3\n\nthe following patch, add logging of Smack security decisions.\nThis is of course very useful to understand what your current smack policy does.\nAs suggested by Casey, it also now forbids labels with \u0027, \" or \\\n\nIt introduces a \u0027/smack/logging\u0027 switch :\n0: no logging\n1: log denied (default)\n2: log accepted\n3: log denied\u0026accepted\n\nSigned-off-by: Etienne Basset \u003cetienne.basset@numericable.fr\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "42d5aaa2d826f54924e260b58a8e410e59d54163", "tree": "64e3c400671d3adf1ed40f5179e95655400ce1cc", "parents": [ "d74db3b22a75fac474abe711f582ffe25eacce25" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 12 16:29:04 2009 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 12 16:29:04 2009 +1100" }, "message": "security: change link order of LSMs so security\u003dtomoyo works\n\nLSMs need to be linked before root_plug to ensure the security\u003d\nboot parameter works with them. Do this for Tomoyo.\n\n(root_plug probably needs to be taken out and shot at some point,\ntoo).\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "00d7d6f840ddc947237307e022de5e75ded4105f", "tree": "53669494101f93becdd401be2e70073bc7c6fe0b", "parents": [ "f7433243770c77979c396b4c7449a10e9b3521db" ], "author": { "name": "Kentaro Takeda", "email": "takedakn@nttdata.co.jp", "time": "Thu Feb 05 17:18:17 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 12 15:19:00 2009 +1100" }, "message": "Kconfig and Makefile\n\nTOMOYO uses LSM hooks for pathname based access control and securityfs support.\n\nSigned-off-by: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3323eec921efd815178a23107ab63588c605c0b2", "tree": "bc9e9714ac4881ebc515c1bd155674c52c356d6a", "parents": [ "6146f0d5e47ca4047ffded0fb79b6c25359b386c" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 04 09:06:58 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 06 09:05:30 2009 +1100" }, "message": "integrity: IMA as an integrity service provider\n\nIMA provides hardware (TPM) based measurement and attestation for\nfile measurements. As the Trusted Computing (TPM) model requires,\nIMA measures all files before they are accessed in any way (on the\nintegrity_bprm_check, integrity_path_check and integrity_file_mmap\nhooks), and commits the measurements to the TPM. Once added to the\nTPM, measurements can not be removed.\n\nIn addition, IMA maintains a list of these file measurements, which\ncan be used to validate the aggregate value stored in the TPM. The\nTPM can sign these measurements, and thus the system can prove, to\nitself and to a third party, the system\u0027s integrity in a way that\ncannot be circumvented by malicious or compromised software.\n\n- alloc ima_template_entry before calling ima_store_template()\n- log ima_add_boot_aggregate() failure\n- removed unused IMA_TEMPLATE_NAME_LEN\n- replaced hard coded string length with #define name\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "da31894ed7b654e2e1741e7ac4ef6c15be0dd14b", "tree": "7247357082b105a4aab13a2fb7dad73886f1a9e5", "parents": [ "86d688984deefa3ae5a802880c11f2b408b5d6cf" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Aug 22 11:35:57 2008 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 28 10:47:42 2008 +1000" }, "message": "securityfs: do not depend on CONFIG_SECURITY\n\nAdd a new Kconfig option SECURITYFS which will build securityfs support\nbut does not require CONFIG_SECURITY. The only current user of\nsecurityfs does not depend on CONFIG_SECURITY and there is no reason the\nfull LSM needs to be built to build this fs.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5915eb53861c5776cfec33ca4fcc1fd20d66dd27", "tree": "d4895b96dfdc227a3abe2f13c093b6f53ac3aef8", "parents": [ "b478a9f9889c81e88077d1495daadee64c0af541" ], "author": { "name": "Miklos Szeredi", "email": "mszeredi@suse.cz", "time": "Thu Jul 03 20:56:05 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 14 15:03:04 2008 +1000" }, "message": "security: remove dummy module\n\nRemove the dummy module and make the \"capability\" module the default.\n\nCompile and boot tested.\n\nSigned-off-by: Miklos Szeredi \u003cmszeredi@suse.cz\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "08ce5f16ee466ffc5bf243800deeecd77d9eaf50", "tree": "8fb921137a677d463f11727dab7e683db426b810", "parents": [ "d447ea2f30ec60370ddb99a668e5ac12995f043d" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Tue Apr 29 01:00:10 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:09 2008 -0700" }, "message": "cgroups: implement device whitelist\n\nImplement a cgroup to track and enforce open and mknod restrictions on device\nfiles. A device cgroup associates a device access whitelist with each cgroup.\n A whitelist entry has 4 fields. \u0027type\u0027 is a (all), c (char), or b (block).\n\u0027all\u0027 means it applies to all types and all major and minor numbers. Major\nand minor are either an integer or * for all. Access is a composition of r\n(read), w (write), and m (mknod).\n\nThe root device cgroup starts with rwm to \u0027all\u0027. A child devcg gets a copy of\nthe parent. Admins can then remove devices from the whitelist or add new\nentries. A child cgroup can never receive a device access which is denied its\nparent. However when a device access is removed from a parent it will not\nalso be removed from the child(ren).\n\nAn entry is added using devices.allow, and removed using\ndevices.deny. For instance\n\n\techo \u0027c 1:3 mr\u0027 \u003e /cgroups/1/devices.allow\n\nallows cgroup 1 to read and mknod the device usually known as\n/dev/null. Doing\n\n\techo a \u003e /cgroups/1/devices.deny\n\nwill remove the default \u0027a *:* mrw\u0027 entry.\n\nCAP_SYS_ADMIN is needed to change permissions or move another task to a new\ncgroup. A cgroup may not be granted more permissions than the cgroup\u0027s parent\nhas. Any task can move itself between cgroups. This won\u0027t be sufficient, but\nwe can decide the best way to adequately restrict movement later.\n\n[akpm@linux-foundation.org: coding-style fixes]\n[akpm@linux-foundation.org: fix may-be-used-uninitialized warning]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nLooks-good-to: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Daniel Hokka Zakrisson \u003cdaniel@hozac.com\u003e\nCc: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e114e473771c848c3cfec05f0123e70f1cdbdc99", "tree": "933b840f3ccac6860da56291c742094f9b5a20cb", "parents": [ "eda61d32e8ad1d9102872f9a0abf3344bf9c5e67" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Feb 04 22:29:50 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "Smack: Simplified Mandatory Access Control Kernel\n\nSmack is the Simplified Mandatory Access Control Kernel.\n\nSmack implements mandatory access control (MAC) using labels\nattached to tasks and data containers, including files, SVIPC,\nand other tasks. Smack is a kernel based scheme that requires\nan absolute minimum of application support and a very small\namount of configuration data.\n\nSmack uses extended attributes and\nprovides a set of general mount options, borrowing technics used\nelsewhere. Smack uses netlabel for CIPSO labeling. Smack provides\na pseudo-filesystem smackfs that is used for manipulation of\nsystem Smack attributes.\n\nThe patch, patches for ls and sshd, a README, a startup script,\nand x86 binaries for ls and sshd are also available on\n\n http://www.schaufler-ca.com\n\nDevelopment has been done using Fedora Core 7 in a virtual machine\nenvironment and on an old Sony laptop.\n\nSmack provides mandatory access controls based on the label attached\nto a task and the label attached to the object it is attempting to\naccess. Smack labels are deliberately short (1-23 characters) text\nstrings. Single character labels using special characters are reserved\nfor system use. The only operation applied to Smack labels is equality\ncomparison. No wildcards or expressions, regular or otherwise, are\nused. Smack labels are composed of printable characters and may not\ninclude \"/\".\n\nA file always gets the Smack label of the task that created it.\n\nSmack defines and uses these labels:\n\n \"*\" - pronounced \"star\"\n \"_\" - pronounced \"floor\"\n \"^\" - pronounced \"hat\"\n \"?\" - pronounced \"huh\"\n\nThe access rules enforced by Smack are, in order:\n\n1. Any access requested by a task labeled \"*\" is denied.\n2. A read or execute access requested by a task labeled \"^\"\n is permitted.\n3. A read or execute access requested on an object labeled \"_\"\n is permitted.\n4. Any access requested on an object labeled \"*\" is permitted.\n5. Any access requested by a task on an object with the same\n label is permitted.\n6. Any access requested that is explicitly defined in the loaded\n rule set is permitted.\n7. Any other access is denied.\n\nRules may be explicitly defined by writing subject,object,access\ntriples to /smack/load.\n\nSmack rule sets can be easily defined that describe Bell\u0026LaPadula\nsensitivity, Biba integrity, and a variety of interesting\nconfigurations. Smack rule sets can be modified on the fly to\naccommodate changes in the operating environment or even the time\nof day.\n\nSome practical use cases:\n\nHierarchical levels. The less common of the two usual uses\nfor MLS systems is to define hierarchical levels, often\nunclassified, confidential, secret, and so on. To set up smack\nto support this, these rules could be defined:\n\n C Unclass rx\n S C rx\n S Unclass rx\n TS S rx\n TS C rx\n TS Unclass rx\n\nA TS process can read S, C, and Unclass data, but cannot write it.\nAn S process can read C and Unclass. Note that specifying that\nTS can read S and S can read C does not imply TS can read C, it\nhas to be explicitly stated.\n\nNon-hierarchical categories. This is the more common of the\nusual uses for an MLS system. Since the default rule is that a\nsubject cannot access an object with a different label no\naccess rules are required to implement compartmentalization.\n\nA case that the Bell \u0026 LaPadula policy does not allow is demonstrated\nwith this Smack access rule:\n\nA case that Bell\u0026LaPadula does not allow that Smack does:\n\n ESPN ABC r\n ABC ESPN r\n\nOn my portable video device I have two applications, one that\nshows ABC programming and the other ESPN programming. ESPN wants\nto show me sport stories that show up as news, and ABC will\nonly provide minimal information about a sports story if ESPN\nis covering it. Each side can look at the other\u0027s info, neither\ncan change the other. Neither can see what FOX is up to, which\nis just as well all things considered.\n\nAnother case that I especially like:\n\n SatData Guard w\n Guard Publish w\n\nA program running with the Guard label opens a UDP socket and\naccepts messages sent by a program running with a SatData label.\nThe Guard program inspects the message to ensure it is wholesome\nand if it is sends it to a program running with the Publish label.\nThis program then puts the information passed in an appropriate\nplace. Note that the Guard program cannot write to a Publish\nfile system object because file system semanitic require read as\nwell as write.\n\nThe four cases (categories, levels, mutual read, guardbox) here\nare all quite real, and problems I\u0027ve been asked to solve over\nthe years. The first two are easy to do with traditonal MLS systems\nwhile the last two you can\u0027t without invoking privilege, at least\nfor a while.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Joshua Brindle \u003cmethod@manicmethod.com\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: \"Ahmed S. Darwish\" \u003cdarwish.07@gmail.com\u003e\nCc: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3bc1fa8ae18f281b40903cce94baba10c3cf9d88", "tree": "9097244b28cbf4eba16368803272af0fc70224d5", "parents": [ "cd1c6a48ac16b360746f9f111895931d332c35dd" ], "author": { "name": "Chris Wright", "email": "chrisw@sous-sol.org", "time": "Fri Sep 29 01:59:49 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 29 09:18:10 2006 -0700" }, "message": "[PATCH] LSM: remove BSD secure level security module\n\nThis code has suffered from broken core design and lack of developer\nattention. Broken security modules are too dangerous to leave around. It\nis time to remove this one.\n\nSigned-off-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nAcked-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Davi Arnaut \u003cdavi.arnaut@gmail.com\u003e\nAcked-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Alan Cox \u003calan@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "b67dbf9d4c1987c370fd18fdc4cf9d8aaea604c2", "tree": "76c8bf2d44a9e8b3fb8df8dedf950bbb78d340ae", "parents": [ "043d051615aa5da09a7e44f1edbb69798458e067" ], "author": { "name": "Greg KH", "email": "greg@kroah.com", "time": "Thu Jul 07 14:37:53 2005 -0700" }, "committer": { "name": "Chris Wright", "email": "chrisw@osdl.org", "time": "Fri Jul 08 18:48:41 2005 -0700" }, "message": "[PATCH] add securityfs for all LSMs to use\n\nHere\u0027s a small patch against 2.6.13-rc2 that adds securityfs, a virtual\nfs that all LSMs can use instead of creating their own. The fs should\nbe mounted at /sys/kernel/security, and the fs creates that mount point.\nThis will make the LSB people happy that we aren\u0027t creating a new\n/my_lsm_fs directory in the root for every different LSM.\n\nIt has changed a bit since the last version, thanks to comments from\nMike Waychison.\n\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nSigned-off-by: Chris Wright \u003cchrisw@osdl.org\u003e\n" }, { "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d", "parents": [], "author": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n" } ] }