)]}' { "log": [ { "commit": "f7112e6c9abf1c70f001dcf097c1d6e218a93f5c", "tree": "8ddcab31388e3f220f3ef911f4ec9dce8ac4be92", "parents": [ "ceffec5541cc22486d3ff492e3d76a33a68fbfa3" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Sun May 06 15:22:02 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@vaio-ubuntu.(none)", "time": "Mon May 14 22:48:38 2012 -0700" }, "message": "Smack: allow for significantly longer Smack labels v4\n\nV4 updated to current linux-security#next\nTargeted for git://gitorious.org/smack-next/kernel.git\n\nModern application runtime environments like to use\nnaming schemes that are structured and generated without\nhuman intervention. Even though the Smack limit of 23\ncharacters for a label name is perfectly rational for\nhuman use there have been complaints that the limit is\na problem in environments where names are composed from\na set or sources, including vendor, author, distribution\nchannel and application name. Names like\n\n\tsoftwarehouse-pgwodehouse-coolappstore-mellowmuskrats\n\nare becoming harder to avoid. This patch introduces long\nlabel support in Smack. Labels are now limited to 255\ncharacters instead of the old 23.\n\nThe primary reason for limiting the labels to 23 characters\nwas so they could be directly contained in CIPSO category sets.\nThis is still done were possible, but for labels that are too\nlarge a mapping is required. This is perfectly safe for communication\nthat stays \"on the box\" and doesn\u0027t require much coordination\nbetween boxes beyond what would have been required to keep label\nnames consistent.\n\nThe bulk of this patch is in smackfs, adding and updating\nadministrative interfaces. Because existing APIs can\u0027t be\nchanged new ones that do much the same things as old ones\nhave been introduced.\n\nThe Smack specific CIPSO data representation has been removed\nand replaced with the data format used by netlabel. The CIPSO\nheader is now computed when a label is imported rather than\non use. This results in improved IP performance. The smack\nlabel is now allocated separately from the containing structure,\nallowing for larger strings.\n\nFour new /smack interfaces have been introduced as four\nof the old interfaces strictly required labels be specified\nin fixed length arrays.\n\nThe access interface is supplemented with the check interface:\n\taccess \"Subject Object rwxat\"\n\taccess2 \"Subject Object rwaxt\"\n\nThe load interface is supplemented with the rules interface:\n\tload \"Subject Object rwxat\"\n\tload2 \"Subject Object rwaxt\"\n\nThe load-self interface is supplemented with the self-rules interface:\n\tload-self \"Subject Object rwxat\"\n\tload-self2 \"Subject Object rwaxt\"\n\nThe cipso interface is supplemented with the wire interface:\n\tcipso \"Subject lvl cnt c1 c2 ...\"\n\tcipso2 \"Subject lvl cnt c1 c2 ...\"\n\nThe old interfaces are maintained for compatibility.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "fd75815f727f157a05f4c96b5294a4617c0557da", "tree": "b2e76abf176d37b5d810b0c813b8c0219754b88c", "parents": [ "31d5a79d7f3d436da176a78ebc12d53c06da402e" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "message": "KEYS: Add invalidation support\n\nAdd support for invalidating a key - which renders it immediately invisible to\nfurther searches and causes the garbage collector to immediately wake up,\nremove it from keyrings and then destroy it when it\u0027s no longer referenced.\n\nIt\u0027s better not to do this with keyctl_revoke() as that marks the key to start\nreturning -EKEYREVOKED to searches when what is actually desired is to have the\nkey refetched.\n\nTo invalidate a key the caller must be granted SEARCH permission by the key.\nThis may be too strict. It may be better to also permit invalidation if the\ncaller has any of READ, WRITE or SETATTR permission.\n\nThe primary use for this is to evict keys that are cached in special keyrings,\nsuch as the DNS resolver or an ID mapper.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "898bfc1d46bd76f8ea2a0fbd239dd2073efe2aa3", "tree": "e6e666085abe674dbf6292555961fe0a0f2e2d2f", "parents": [ "08162e6a23d476544adfe1164afe9ea8b34ab859", "69964ea4c7b68c9399f7977aa5b9aa6539a6a98a" ], "author": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Fri May 04 12:46:40 2012 +1000" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Fri May 04 12:46:40 2012 +1000" }, "message": "Merge tag \u0027v3.4-rc5\u0027 into next\n\nLinux 3.4-rc5\n\nMerge to pull in prerequisite change for Smack:\n86812bb0de1a3758dc6c7aa01a763158a7c0638a\n\nRequested by Casey.\n" }, { "commit": "a05a4830a32ef9f89e7bd372a7bae9b96b1ac266", "tree": "04e3383340b422753f0db87cad61919ce54335fa", "parents": [ "af3a3ab2966112c0d0a44df7eeb1e95fe32d4495" ], "author": { "name": "Jeff Layton", "email": "jlayton@redhat.com", "time": "Wed Apr 25 12:46:50 2012 -0400" }, "committer": { "name": "Jeff Layton", "email": "jlayton@redhat.com", "time": "Wed Apr 25 12:46:50 2012 -0400" }, "message": "keys: update the documentation with info about \"logon\" keys\n\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Jeff Layton \u003cjlayton@redhat.com\u003e\n" }, { "commit": "389da25f93eea8ff64181ae7e3e87da68acaef2e", "tree": "09277860746b3372cbb49ea82868709cbae99ec3", "parents": [ "8156b451f37898d3c3652b4e988a4d62ae16eaac" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Mon Apr 16 11:56:45 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Apr 19 13:39:56 2012 +1000" }, "message": "Yama: add additional ptrace scopes\n\nThis expands the available Yama ptrace restrictions to include two more\nmodes. Mode 2 requires CAP_SYS_PTRACE for PTRACE_ATTACH, and mode 3\ncompletely disables PTRACE_ATTACH (and locks the sysctl).\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "3556485f1595e3964ba539e39ea682acbb835cee", "tree": "7f5ee254f425b1427ac0059b5f347a307f8538a1", "parents": [ "b8716614a7cc2fc15ea2a518edd04755fb08d922", "09f61cdbb32a9d812c618d3922db533542736bb0" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:25:04 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:25:04 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates for 3.4 from James Morris:\n \"The main addition here is the new Yama security module from Kees Cook,\n which was discussed at the Linux Security Summit last year. Its\n purpose is to collect miscellaneous DAC security enhancements in one\n place. This also marks a departure in policy for LSM modules, which\n were previously limited to being standalone access control systems.\n Chromium OS is using Yama, and I believe there are plans for Ubuntu,\n at least.\n\n This patchset also includes maintenance updates for AppArmor, TOMOYO\n and others.\"\n\nFix trivial conflict in \u003cnet/sock.h\u003e due to the jumo_label-\u003estatic_key\nrename.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits)\n AppArmor: Fix location of const qualifier on generated string tables\n TOMOYO: Return error if fails to delete a domain\n AppArmor: add const qualifiers to string arrays\n AppArmor: Add ability to load extended policy\n TOMOYO: Return appropriate value to poll().\n AppArmor: Move path failure information into aa_get_name and rename\n AppArmor: Update dfa matching routines.\n AppArmor: Minor cleanup of d_namespace_path to consolidate error handling\n AppArmor: Retrieve the dentry_path for error reporting when path lookup fails\n AppArmor: Add const qualifiers to generated string tables\n AppArmor: Fix oops in policy unpack auditing\n AppArmor: Fix error returned when a path lookup is disconnected\n KEYS: testing wrong bit for KEY_FLAG_REVOKED\n TOMOYO: Fix mount flags checking order.\n security: fix ima kconfig warning\n AppArmor: Fix the error case for chroot relative path name lookup\n AppArmor: fix mapping of META_READ to audit and quiet flags\n AppArmor: Fix underflow in xindex calculation\n AppArmor: Fix dropping of allowed operations that are force audited\n AppArmor: Add mising end of structure test to caps unpacking\n ...\n" }, { "commit": "40e47125e6c5110383b0176d7b9d530f2936b1ae", "tree": "9653ac1f586cbfe36286c2d987c9330078eb37ad", "parents": [ "4e70daaf05a181b6968e29e72e9f1c16a183e92c" ], "author": { "name": "Masanari Iida", "email": "standby24x7@gmail.com", "time": "Sun Mar 04 23:16:11 2012 +0900" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Mar 07 16:08:24 2012 +0100" }, "message": "Documentation: Fix multiple typo in Documentation\n\nSigned-off-by: Masanari Iida \u003cstandby24x7@gmail.com\u003e\nAcked-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "bf06189e4d14641c0148bea16e9dd24943862215", "tree": "5c62eb24339041baf65b8e42daac42c7a01efc0e", "parents": [ "3ab1aff89477dafb1aaeafe8c8669114a02b7226" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Feb 14 16:48:09 2012 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 16 10:25:18 2012 +1100" }, "message": "Yama: add PR_SET_PTRACER_ANY\n\nFor a process to entirely disable Yama ptrace restrictions, it can use\nthe special PR_SET_PTRACER_ANY pid to indicate that any otherwise allowed\nprocess may ptrace it. This is stronger than calling PR_SET_PTRACER with\npid \"1\" because it includes processes in external pid namespaces. This is\ncurrently needed by the Chrome renderer, since its crash handler (Breakpad)\nruns external to the renderer\u0027s pid namespace.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2d514487faf188938a4ee4fb3464eeecfbdcf8eb", "tree": "42147f0459ab062375f63891943242e3b95797bb", "parents": [ "1a2a4d06e1e95260c470ebe3a945f61bbe8c1fd8" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Wed Dec 21 12:17:04 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 10 09:18:52 2012 +1100" }, "message": "security: Yama LSM\n\nThis adds the Yama Linux Security Module to collect DAC security\nimprovements (specifically just ptrace restrictions for now) that have\nexisted in various forms over the years and have been carried outside the\nmainline kernel by other Linux distributions like Openwall and grsecurity.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "700920eb5ba4de5417b446c9a8bb008df2b973e0", "tree": "8e2caa32a5cdcd47347ff84bc3e95915d000f537", "parents": [ "53999bf34d55981328f8ba9def558d3e104d6e36" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Jan 18 15:31:45 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jan 19 14:38:51 2012 +1100" }, "message": "KEYS: Allow special keyrings to be cleared\n\nThe kernel contains some special internal keyrings, for instance the DNS\nresolver keyring :\n\n2a93faf1 I----- 1 perm 1f030000 0 0 keyring .dns_resolver: empty\n\nIt would occasionally be useful to allow the contents of such keyrings to be\nflushed by root (cache invalidation).\n\nAllow a flag to be set on a keyring to mark that someone possessing the\nsysadmin capability can clear the keyring, even without normal write access to\nthe keyring.\n\nSet this flag on the special keyrings created by the DNS resolver, the NFS\nidentity mapper and the CIFS identity mapper.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nAcked-by: Steve Dickson \u003csteved@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "24942c8e5cc8696064ee207ff29d4cf21f70dafc", "tree": "08a8221eb72ec3da7746d7d76f6f5915ce77cde7", "parents": [ "e163bc8e4a0cd1cdffadb58253f7651201722d56", "ff0ff78068dd8a962358dbbdafa9d6f24540d3e5" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 16 12:39:48 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 16 12:39:48 2011 +1100" }, "message": "Merge branch \u0027master\u0027; commit \u0027v3.2-rc2\u0027 into next\n" }, { "commit": "e163bc8e4a0cd1cdffadb58253f7651201722d56", "tree": "66570af9c0304cf53350e8e67c67e407e92ee12f", "parents": [ "1933ca8771585d43d3d2099c0c9ba7ca6b96e303" ], "author": { "name": "Kees Cook", "email": "kees@outflux.net", "time": "Tue Nov 01 17:20:01 2011 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 16 12:37:27 2011 +1100" }, "message": "Documentation: clarify the purpose of LSMs\n\nClarify the purpose of the LSM interface with some brief examples and\npointers to additional documentation.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "395cf9691d72173d8cdaa613c5f0255f993af94b", "tree": "813be524794fe1c0850805d7faca90e45fd0e60b", "parents": [ "e060c38434b2caa78efe7cedaff4191040b65a15" ], "author": { "name": "Paul Bolle", "email": "pebolle@tiscali.nl", "time": "Mon Aug 15 02:02:26 2011 +0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Tue Sep 27 18:08:04 2011 +0200" }, "message": "doc: fix broken references\n\nThere are numerous broken references to Documentation files (in other\nDocumentation files, in comments, etc.). These broken references are\ncaused by typo\u0027s in the references, and by renames or removals of the\nDocumentation files. Some broken references are simply odd.\n\nFix these broken references, sometimes by dropping the irrelevant text\nthey were part of.\n\nSigned-off-by: Paul Bolle \u003cpebolle@tiscali.nl\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "ad599f9cf0187e823bc92bc83f3867a38fa266b9", "tree": "cb018d0a4ec10e3710e1048624998d84ee58ca88", "parents": [ "3ddf17f08cf2f0d7ff06858eb07d1cc3db8994de" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jun 29 14:53:56 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 30 19:08:14 2011 +1000" }, "message": "encrypted-keys: move ecryptfs documentation to proper location\n\nMove keys-ecryptfs.txt to Documentation/security.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "79a73d188726b473ca3bf483244bc96096831905", "tree": "787ba050c91981cae2524b1e95e415424b067e64", "parents": [ "f8f8527103a264b5e4ab2ce5c1743b28f3219d90" ], "author": { "name": "Roberto Sassu", "email": "roberto.sassu@polito.it", "time": "Mon Jun 27 13:45:44 2011 +0200" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jun 27 09:11:17 2011 -0400" }, "message": "encrypted-keys: add ecryptfs format support\n\nThe \u0027encrypted\u0027 key type defines its own payload format which contains a\nsymmetric key randomly generated that cannot be used directly to mount\nan eCryptfs filesystem, because it expects an authentication token\nstructure.\n\nThis patch introduces the new format \u0027ecryptfs\u0027 that allows to store an\nauthentication token structure inside the encrypted key payload containing\na randomly generated symmetric key, as the same for the format \u0027default\u0027.\n\nMore details about the usage of encrypted keys with the eCryptfs\nfilesystem can be found in the file \u0027Documentation/keys-ecryptfs.txt\u0027.\n\nSigned-off-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nAcked-by: Gianluca Ramunno \u003cramunno@polito.it\u003e\nAcked-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "4e561d388feff18e4b798cef6a1a84a2cc7f20c2", "tree": "9208588c7d0e5e75766dd2c98e960840fdc8681e", "parents": [ "7103dff0e598cd634767f17a2958302c515700ca" ], "author": { "name": "Roberto Sassu", "email": "roberto.sassu@polito.it", "time": "Mon Jun 27 13:45:42 2011 +0200" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jun 27 09:10:45 2011 -0400" }, "message": "encrypted-keys: add key format support\n\nThis patch introduces a new parameter, called \u0027format\u0027, that defines the\nformat of data stored by encrypted keys. The \u0027default\u0027 format identifies\nencrypted keys containing only the symmetric key, while other formats can\nbe defined to support additional information. The \u0027format\u0027 parameter is\nwritten in the datablob produced by commands \u0027keyctl print\u0027 or\n\u0027keyctl pipe\u0027 and is integrity protected by the HMAC.\n\nSigned-off-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nAcked-by: Gianluca Ramunno \u003cramunno@polito.it\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "d410fa4ef99112386de5f218dd7df7b4fca910b4", "tree": "e29fbc3f6d27b20d73d8feb4ed73f6767f2e18fe", "parents": [ "61c4f2c81c61f73549928dfd9f3e8f26aa36a8cf" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Thu May 19 15:59:38 2011 -0700" }, "committer": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Thu May 19 15:59:38 2011 -0700" }, "message": "Create Documentation/security/,\nmove LSM-, credentials-, and keys-related files from Documentation/\n to Documentation/security/,\nadd Documentation/security/00-INDEX, and\nupdate all occurrences of Documentation/\u003cmoved_file\u003e\n to Documentation/security/\u003cmoved_file\u003e.\n" } ] }