)]}' { "log": [ { "commit": "607ca46e97a1b6594b29647d98a32d545c24bdff", "tree": "30f4c0784bfddb57332cdc0678bd06d1e77fa185", "parents": [ "08cce05c5a91f5017f4edc9866cf026908c73f9f" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Sat Oct 13 10:46:48 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Sat Oct 13 10:46:48 2012 +0100" }, "message": "UAPI: (Scripted) Disintegrate include/linux\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nAcked-by: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nAcked-by: Michael Kerrisk \u003cmtk.manpages@gmail.com\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Dave Jones \u003cdavej@redhat.com\u003e\n" }, { "commit": "88265322c14cce39f7afbc416726ef4fac413298", "tree": "e4956f905ef617971f87788d8f8a09dbb66b70a3", "parents": [ "65b99c74fdd325d1ffa2e5663295888704712604", "bf5308344527d015ac9a6d2bda4ad4d40fd7d943" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"Highlights:\n\n - Integrity: add local fs integrity verification to detect offline\n attacks\n - Integrity: add digital signature verification\n - Simple stacking of Yama with other LSMs (per LSS discussions)\n - IBM vTPM support on ppc64\n - Add new driver for Infineon I2C TIS TPM\n - Smack: add rule revocation for subject labels\"\n\nFixed conflicts with the user namespace support in kernel/auditsc.c and\nsecurity/integrity/ima/ima_policy.c.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits)\n Documentation: Update git repository URL for Smack userland tools\n ima: change flags container data type\n Smack: setprocattr memory leak fix\n Smack: implement revoking all rules for a subject label\n Smack: remove task_wait() hook.\n ima: audit log hashes\n ima: generic IMA action flag handling\n ima: rename ima_must_appraise_or_measure\n audit: export audit_log_task_info\n tpm: fix tpm_acpi sparse warning on different address spaces\n samples/seccomp: fix 31 bit build on s390\n ima: digital signature verification support\n ima: add support for different security.ima data types\n ima: add ima_inode_setxattr/removexattr function and calls\n ima: add inode_post_setattr call\n ima: replace iint spinblock with rwlock/read_lock\n ima: allocating iint improvements\n ima: add appraise action keywords and default rules\n ima: integrity appraisal extension\n vfs: move ima_file_free before releasing the file\n ...\n" }, { "commit": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b", "tree": "f83878d309605440b5bc2d2d43a16ccece64c645", "parents": [ "4199d35cbc90c15db447d115bd96ffa5f1d60d3a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Feb 13 10:15:05 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:44 2012 -0400" }, "message": "ima: integrity appraisal extension\n\nIMA currently maintains an integrity measurement list used to assert the\nintegrity of the running system to a third party. The IMA-appraisal\nextension adds local integrity validation and enforcement of the\nmeasurement against a \"good\" value stored as an extended attribute\n\u0027security.ima\u0027. The initial methods for validating \u0027security.ima\u0027 are\nhashed based, which provides file data integrity, and digital signature\nbased, which in addition to providing file data integrity, provides\nauthenticity.\n\nThis patch creates and maintains the \u0027security.ima\u0027 xattr, containing\nthe file data hash measurement. Protection of the xattr is provided by\nEVM, if enabled and configured.\n\nBased on policy, IMA calls evm_verifyxattr() to verify a file\u0027s metadata\nintegrity and, assuming success, compares the file\u0027s current hash value\nwith the one stored as an extended attribute in \u0027security.ima\u0027.\n\nChangelov v4:\n- changed iint cache flags to hex values\n\nChangelog v3:\n- change appraisal default for filesystems without xattr support to fail\n\nChangelog v2:\n- fix audit msg \u0027res\u0027 value\n- removed unused \u0027ima_appraise\u003d\u0027 values\n\nChangelog v1:\n- removed unused iint mutex (Dmitry Kasatkin)\n- setattr hook must not reset appraised (Dmitry Kasatkin)\n- evm_verifyxattr() now differentiates between no \u0027security.evm\u0027 xattr\n (INTEGRITY_NOLABEL) and no EVM \u0027protected\u0027 xattrs included in the\n \u0027security.evm\u0027 (INTEGRITY_NOXATTRS).\n- replace hash_status with ima_status (Dmitry Kasatkin)\n- re-initialize slab element ima_status on free (Dmitry Kasatkin)\n- include \u0027security.ima\u0027 in EVM if CONFIG_IMA_APPRAISE, not CONFIG_IMA\n- merged half \"ima: ima_must_appraise_or_measure API change\" (Dmitry Kasatkin)\n- removed unnecessary error variable in process_measurement() (Dmitry Kasatkin)\n- use ima_inode_post_setattr() stub function, if IMA_APPRAISE not configured\n (moved ima_inode_post_setattr() to ima_appraise.c)\n- make sure ima_collect_measurement() can read file\n\nChangelog:\n- add \u0027iint\u0027 to evm_verifyxattr() call (Dimitry Kasatkin)\n- fix the race condition between chmod, which takes the i_mutex and then\n iint-\u003emutex, and ima_file_free() and process_measurement(), which take\n the locks in the reverse order, by eliminating iint-\u003emutex. (Dmitry Kasatkin)\n- cleanup of ima_appraise_measurement() (Dmitry Kasatkin)\n- changes as a result of the iint not allocated for all regular files, but\n only for those measured/appraised.\n- don\u0027t try to appraise new/empty files\n- expanded ima_appraisal description in ima/Kconfig\n- IMA appraise definitions required even if IMA_APPRAISE not enabled\n- add return value to ima_must_appraise() stub\n- unconditionally set status \u003d INTEGRITY_PASS *after* testing status,\n not before. (Found by Joe Perches)\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "38f38657444d15e1a8574eae80ed3de9f501737a", "tree": "b39bf533c5acb4b3ee48b6602dea9d92c2e9f72f", "parents": [ "fea7a08acb13524b47711625eebea40a0ede69a0" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Aug 23 16:53:28 2012 -0400" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Fri Aug 24 15:55:33 2012 -0700" }, "message": "xattr: extract simple_xattr code from tmpfs\n\nExtract in-memory xattr APIs from tmpfs. Will be used by cgroup.\n\n$ size vmlinux.o\n text data bss dec hex filename\n4658782 880729 5195032 10734543 a3cbcf vmlinux.o\n$ size vmlinux.o\n text data bss dec hex filename\n4658957 880729 5195032 10734718 a3cc7e vmlinux.o\n\nv7:\n- checkpatch warnings fixed\n- Implement the changes requested by Hugh Dickins:\n\t- make simple_xattrs_init and simple_xattrs_free inline\n\t- get rid of locking and list reinitialization in simple_xattrs_free,\n\t they\u0027re not needed\nv6:\n- no changes\nv5:\n- no changes\nv4:\n- move simple_xattrs_free() to fs/xattr.c\nv3:\n- in kmem_xattrs_free(), reinitialize the list\n- use simple_xattr_* prefix\n- introduce simple_xattr_add() to prevent direct list usage\n\nOriginal-patch-by: Li Zefan \u003clizefan@huawei.com\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: Hillf Danton \u003cdhillf@gmail.com\u003e\nCc: Lennart Poettering \u003clpoetter@redhat.com\u003e\nAcked-by: Hugh Dickins \u003chughd@google.com\u003e\nSigned-off-by: Li Zefan \u003clizefan@huawei.com\u003e\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n" }, { "commit": "bf6d0f5dcda17df3cc5577e203d0f8ea1c2ad6aa", "tree": "c6c5f39d43fe0d27bc1d3aedbd2f9b3ba2f8f537", "parents": [ "a924ce0b35875ef9512135b46a32f4150fd700b2" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Aug 18 18:07:44 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:51 2011 -0400" }, "message": "evm: posix acls modify i_mode\n\nThe posix xattr acls are \u0027system\u0027 prefixed, which normally would not\naffect security.evm. An interesting side affect of writing posix xattr\nacls is their modifying of the i_mode, which is included in security.evm.\n\nThis patch updates security.evm when posix xattr acls are written.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "66dbc325afcef909043c30e90930a36823fc734c", "tree": "5c8a7fe063a058f4266c6db5e48229e8c04dd00e", "parents": [ "1601fbad2b14e0b8d4dbb55e749bfe31e972818a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Mar 15 16:12:09 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:40 2011 -0400" }, "message": "evm: re-release\n\nEVM protects a file\u0027s security extended attributes(xattrs) against integrity\nattacks. This patchset provides the framework and an initial method. The\ninitial method maintains an HMAC-sha1 value across the security extended\nattributes, storing the HMAC value as the extended attribute \u0027security.evm\u0027.\nOther methods of validating the integrity of a file\u0027s metadata will be posted\nseparately (eg. EVM-digital-signatures).\n\nWhile this patchset does authenticate the security xattrs, and\ncryptographically binds them to the inode, coming extensions will bind other\ndirectory and inode metadata for more complete protection. To help simplify\nthe review and upstreaming process, each extension will be posted separately\n(eg. IMA-appraisal, IMA-appraisal-directory). For a general overview of the\nproposed Linux integrity subsystem, refer to Dave Safford\u0027s whitepaper:\nhttp://downloads.sf.net/project/linux-ima/linux-ima/Integrity_overview.pdf.\n\nEVM depends on the Kernel Key Retention System to provide it with a\ntrusted/encrypted key for the HMAC-sha1 operation. The key is loaded onto the\nroot\u0027s keyring using keyctl. Until EVM receives notification that the key has\nbeen successfully loaded onto the keyring (echo 1 \u003e \u003csecurityfs\u003e/evm), EVM can\nnot create or validate the \u0027security.evm\u0027 xattr, but returns INTEGRITY_UNKNOWN.\nLoading the key and signaling EVM should be done as early as possible. Normally\nthis is done in the initramfs, which has already been measured as part of the\ntrusted boot. For more information on creating and loading existing\ntrusted/encrypted keys, refer to Documentation/keys-trusted-encrypted.txt. A\nsample dracut patch, which loads the trusted/encrypted key and enables EVM, is\navailable from http://linux-ima.sourceforge.net/#EVM.\n\nBased on the LSMs enabled, the set of EVM protected security xattrs is defined\nat compile. EVM adds the following three calls to the existing security hooks:\nevm_inode_setxattr(), evm_inode_post_setxattr(), and evm_inode_removexattr. To\ninitialize and update the \u0027security.evm\u0027 extended attribute, EVM defines three\ncalls: evm_inode_post_init(), evm_inode_post_setattr() and\nevm_inode_post_removexattr() hooks. To verify the integrity of a security\nxattr, EVM exports evm_verifyxattr().\n\nChangelog v7:\n- Fixed URL in EVM ABI documentation\n\nChangelog v6: (based on Serge Hallyn\u0027s review)\n- fix URL in patch description\n- remove evm_hmac_size definition\n- use SHA1_DIGEST_SIZE (removed both MAX_DIGEST_SIZE and evm_hmac_size)\n- moved linux include before other includes\n- test for crypto_hash_setkey failure\n- fail earlier for invalid key\n- clear entire encrypted key, even on failure\n- check xattr name length before comparing xattr names\n\nChangelog:\n- locking based on i_mutex, remove evm_mutex\n- using trusted/encrypted keys for storing the EVM key used in the HMAC-sha1\n operation.\n- replaced crypto hash with shash (Dmitry Kasatkin)\n- support for additional methods of verifying the security xattrs\n (Dmitry Kasatkin)\n- iint not allocated for all regular files, but only for those appraised\n- Use cap_sys_admin in lieu of cap_mac_admin\n- Use __vfs_setxattr_noperm(), without permission checks, from EVM\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\n" }, { "commit": "1601fbad2b14e0b8d4dbb55e749bfe31e972818a", "tree": "ca9271af43fc7b0edaaa9e5464a82d3b427db8b2", "parents": [ "f381c272224f5f158f5cff64f8f3481fa0eee8b3" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Mar 09 14:23:34 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:39 2011 -0400" }, "message": "xattr: define vfs_getxattr_alloc and vfs_xattr_cmp\n\nvfs_getxattr_alloc() and vfs_xattr_cmp() are two new kernel xattr helper\nfunctions. vfs_getxattr_alloc() first allocates memory for the requested\nxattr and then retrieves it. vfs_xattr_cmp() compares a given value with\nthe contents of an extended attribute.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@ubuntu.com\u003e\n" }, { "commit": "9d8f13ba3f4833219e50767b022b82cd0da930eb", "tree": "3ba2367380d009111ea17696162a62320c88d144", "parents": [ "0f2a55d5bb2372058275b0b343d90dd5d640d045" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jun 06 15:29:25 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:38 2011 -0400" }, "message": "security: new security_inode_init_security API adds function callback\n\nThis patch changes the security_inode_init_security API by adding a\nfilesystem specific callback to write security extended attributes.\nThis change is in preparation for supporting the initialization of\nmultiple LSM xattrs and the EVM xattr. Initially the callback function\nwalks an array of xattrs, writing each xattr separately, but could be\noptimized to write multiple xattrs at once.\n\nFor existing security_inode_init_security() calls, which have not yet\nbeen converted to use the new callback function, such as those in\nreiserfs and ocfs2, this patch defines security_old_inode_init_security().\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "1dbe39424a43e56a6c9aed12661192af51dcdb9f", "tree": "6f0a3be90ac48145012b91b750ba485f5d27ea89", "parents": [ "4b060420a596095869a6d7849caa798d23839cd1" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue May 24 17:13:13 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed May 25 08:39:45 2011 -0700" }, "message": "xattr.h: expose string defines to userspace\n\naf4f136056c9 (\"security: move LSM xattrnames to xattr.h\") moved the\nXATTR_CAPS_SUFFIX define from capability.h to xattr.h. This makes sense\nexcept it was previously exports to userspace but xattr.h does not export\nit to userspace. This patch exports these headers to userspace to fix the\nABI regression.\n\nThere is some slight possibility that this will cause problems in other\napplications which used these #defines differently (wrongly) and I could\nJUST export the capabilities xattr name that we broke. Does anyonehave an\nidea how exposing these headers could cause a problem?\n\nBelow is what is being exposed to userspace, included here since it isn\u0027t\nclear exactly what is going to be made available from the patch.\n\n/* Namespaces */\n#define XATTR_OS2_PREFIX \"os2.\"\n#define XATTR_OS2_PREFIX_LEN (sizeof (XATTR_OS2_PREFIX) - 1)\n\n#define XATTR_SECURITY_PREFIX \"security.\"\n#define XATTR_SECURITY_PREFIX_LEN (sizeof (XATTR_SECURITY_PREFIX) - 1)\n\n#define XATTR_SYSTEM_PREFIX \"system.\"\n#define XATTR_SYSTEM_PREFIX_LEN (sizeof (XATTR_SYSTEM_PREFIX) - 1)\n\n#define XATTR_TRUSTED_PREFIX \"trusted.\"\n#define XATTR_TRUSTED_PREFIX_LEN (sizeof (XATTR_TRUSTED_PREFIX) - 1)\n\n#define XATTR_USER_PREFIX \"user.\"\n#define XATTR_USER_PREFIX_LEN (sizeof (XATTR_USER_PREFIX) - 1)\n\n/* Security namespace */\n#define XATTR_SELINUX_SUFFIX \"selinux\"\n#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX\n\n#define XATTR_SMACK_SUFFIX \"SMACK64\"\n#define XATTR_SMACK_IPIN \"SMACK64IPIN\"\n#define XATTR_SMACK_IPOUT \"SMACK64IPOUT\"\n#define XATTR_NAME_SMACK XATTR_SECURITY_PREFIX XATTR_SMACK_SUFFIX\n#define XATTR_NAME_SMACKIPIN XATTR_SECURITY_PREFIX XATTR_SMACK_IPIN\n#define XATTR_NAME_SMACKIPOUT XATTR_SECURITY_PREFIX XATTR_SMACK_IPOUT\n\n#define XATTR_CAPS_SUFFIX \"capability\"\n#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX\n\nReported-by: Ozan Çaglayan \u003cozan@pardus.org.tr\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Mimi Zohar \u003czohar@us.ibm.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7898e1f8e9eb1bee88c92d636e0ab93f2cbe31c6", "tree": "d4aaa367bb42d0ff9d1e4ba227f248b5b9cd7687", "parents": [ "aeda4ac3efc29e4d55989abd0a73530453aa69ba" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Jan 17 08:05:27 2011 -0800" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Jan 17 08:05:27 2011 -0800" }, "message": "Subject: [PATCH] Smack: mmap controls for library containment\n\n In the embedded world there are often situations\n where libraries are updated from a variety of sources,\n for a variety of reasons, and with any number of\n security characteristics. These differences\n might include privilege required for a given library\n provided interface to function properly, as occurs\n from time to time in graphics libraries. There are\n also cases where it is important to limit use of\n libraries based on the provider of the library and\n the security aware application may make choices\n based on that criteria.\n\n These issues are addressed by providing an additional\n Smack label that may optionally be assigned to an object,\n the SMACK64MMAP attribute. An mmap operation is allowed\n if there is no such attribute.\n\n If there is a SMACK64MMAP attribute the mmap is permitted\n only if a subject with that label has all of the access\n permitted a subject with the current task label.\n\n Security aware applications may from time to time\n wish to reduce their \"privilege\" to avoid accidental use\n of privilege. One case where this arises is the\n environment in which multiple sources provide libraries\n to perform the same functions. An application may know\n that it should eschew services made available from a\n particular vendor, or of a particular version.\n\n In support of this a secondary list of Smack rules has\n been added that is local to the task. This list is\n consulted only in the case where the global list has\n approved access. It can only further restrict access.\n Unlike the global last, if no entry is found on the\n local list access is granted. An application can add\n entries to its own list by writing to /smack/load-self.\n\n The changes appear large as they involve refactoring\n the list handling to accomodate there being more\n than one rule list.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "5c6d1125f8dbd1bfef39e38fbc2837003be78a59", "tree": "368d34e800bc5478442679323270d776b79501e8", "parents": [ "fe27d4b012273640e033be80f143bdc54daa8e16" ], "author": { "name": "Jarkko Sakkinen", "email": "ext-jarkko.2.sakkinen@nokia.com", "time": "Tue Dec 07 13:34:01 2010 +0200" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Dec 07 14:04:02 2010 -0800" }, "message": "Smack: Transmute labels on specified directories\n\nIn a situation where Smack access rules allow processes\nwith multiple labels to write to a directory it is easy\nto get into a situation where the directory gets cluttered\nwith files that the owner can\u0027t deal with because while\nthey could be written to the directory a process at the\nlabel of the directory can\u0027t write them. This is generally\nthe desired behavior, but when it isn\u0027t it is a real\nissue.\n\nThis patch introduces a new attribute SMACK64TRANSMUTE that\ninstructs Smack to create the file with the label of the directory\nunder certain circumstances.\n\nA new access mode, \"t\" for transmute, is made available to\nSmack access rules, which are expanded from \"rwxa\" to \"rwxat\".\nIf a file is created in a directory marked as transmutable\nand if access was granted to perform the operation by a rule\nthat included the transmute mode, then the file gets the\nSmack label of the directory instead of the Smack label of the\ncreating process.\n\nNote that this is equivalent to creating an empty file at the\nlabel of the directory and then having the other process write\nto it. The transmute scheme requires that both the access rule\nallows transmutation and that the directory be explicitly marked.\n\nSigned-off-by: Jarkko Sakkinen \u003cext-jarkko.2.sakkinen@nokia.com\u003e\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "676dac4b1bee0469d6932f698aeb77e8489f5861", "tree": "196b4cb35cf8dfdff0698dc4368cfd00acc7391a", "parents": [ "93ae86e759299718c611bc543b9b1633bf32905a" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Dec 02 06:43:39 2010 -0800" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Dec 02 06:43:39 2010 -0800" }, "message": "This patch adds a new security attribute to Smack called\nSMACK64EXEC. It defines label that is used while task is\nrunning.\n\nException: in smack_task_wait() child task is checked\nfor write access to parent task using label inherited\nfrom the task that forked it.\n\nFixed issues from previous submit:\n- SMACK64EXEC was not read when SMACK64 was not set.\n- inode security blob was not updated after setting\n SMACK64EXEC\n- inode security blob was not updated when removing\n SMACK64EXEC\n" }, { "commit": "af4f136056c984b0aa67feed7d3170b958370b2f", "tree": "30b62cd9174044cbdfdddc1fe5e0f21e7ddde85c", "parents": [ "5ad18a0d59ba9e65b3c8b2b489fd23bc6b3daf94" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jul 01 15:07:43 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:57 2010 +1000" }, "message": "security: move LSM xattrnames to xattr.h\n\nMake the security extended attributes names global. Updated to move\nthe remaining Smack xattrs.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bb4354538eb7b92f32cfedbad68c7be266c0b467", "tree": "5ecc43dabf5a0ecb511c74411272eba70415cdaf", "parents": [ "18e9e5104fcd9a973ffe3eed3816c87f2a1b6cd2" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@vyatta.com", "time": "Thu May 13 17:53:14 2010 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 21 18:31:18 2010 -0400" }, "message": "fs: xattr_handler table should be const\n\nThe entries in xattr handler table should be immutable (ie const)\nlike other operation tables.\n\nLater patches convert common filesystems. Uncoverted filesystems\nwill still work, but will generate a compiler warning.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "431547b3c4533b8c7fd150ab36980b9a3147797b", "tree": "807ff2790f3c13c7c91ed2afd6d833032899482d", "parents": [ "ef26ca97e83052790940cbc444b01b0d17a813c1" ], "author": { "name": "Christoph Hellwig", "email": "hch@lst.de", "time": "Fri Nov 13 09:52:56 2009 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 16 12:16:49 2009 -0500" }, "message": "sanitize xattr handler prototypes\n\nAdd a flags argument to struct xattr_handler and pass it to all xattr\nhandler methods. This allows using the same methods for multiple\nhandlers, e.g. for the ACL methods which perform exactly the same action\nfor the access and default ACLs, just using a different underlying\nattribute. With a little more groundwork it\u0027ll also allow sharing the\nmethods for the regular user/trusted/secure handlers in extN, ocfs2 and\njffs2 like it\u0027s already done for xfs in this patch.\n\nAlso change the inode argument to the handlers to a dentry to allow\nusing the handlers mechnism for filesystems that require it later,\ne.g. cifs.\n\n[with GFS2 bits updated by Steven Whitehouse \u003cswhiteho@redhat.com\u003e]\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Joel Becker \u003cjoel.becker@oracle.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b1ab7e4b2a88d3ac13771463be8f302ce1616cfc", "tree": "c08825120cb290a4307d36ee0bee806ad2aae83c", "parents": [ "733e5e4b4eb1bc1e27acbe092200154051171426" ], "author": { "name": "David P. Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Thu Sep 03 14:25:56 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 10 10:11:22 2009 +1000" }, "message": "VFS: Factor out part of vfs_setxattr so it can be called from the SELinux hook for inode_setsecctx.\n\nThis factors out the part of the vfs_setxattr function that performs the\nsetting of the xattr and its notification. This is needed so the SELinux\nimplementation of inode_setsecctx can handle the setting of the xattr while\nmaintaining the proper separation of layers.\n\nSigned-off-by: David P. Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8f0cfa52a1d4ffacd8e7de906d19662f5da58d58", "tree": "2aa82e3682e75330d9b5d601855e3af3c57c03d8", "parents": [ "7ec02ef1596bb3c829a7e8b65ebf13b87faf1819" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Apr 29 00:59:41 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:06 2008 -0700" }, "message": "xattr: add missing consts to function arguments\n\nAdd missing consts to xattr function arguments.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "42492594043d621a7910ff5877c3eb9202870b45", "tree": "9188d112c019a189606847dc1d90ccc63c1bacf2", "parents": [ "3729145821e3088a0c3c4183037fde356204bf97" ], "author": { "name": "David P. Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Mon Feb 04 22:29:39 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "VFS/Security: Rework inode_getsecurity and callers to return resulting buffer\n\nThis patch modifies the interface to inode_getsecurity to have the function\nreturn a buffer containing the security blob and its length via parameters\ninstead of relying on the calling function to give it an appropriately sized\nbuffer.\n\nSecurity blobs obtained with this function should be freed using the\nrelease_secctx LSM hook. This alleviates the problem of the caller having to\nguess a length and preallocate a buffer for this function allowing it to be\nused elsewhere for Labeled NFS.\n\nThe patch also removed the unused err parameter. The conversion is similar to\nthe one performed by Al Viro for the security_getprocattr hook.\n\nSigned-off-by: David P. Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5b0a2075adb04846870a7fc1e62b08a532054ba6", "tree": "fc877f8acfe582e2b096ae7d699d34e160b8a8e6", "parents": [ "842f968f3fcdc475c95ec76a03b29c5147e87b54" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Sat Feb 10 01:46:24 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sun Feb 11 11:18:05 2007 -0800" }, "message": "[PATCH] cleanup include/linux/xattr.h\n\n- reduce the userspace visible part\n- fix the in-kernel compilation\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "659564c8adfe1765476beee8d55cd18986946892", "tree": "8ddef1e06257449b4ca6ca83fc80867771a6f5a4", "parents": [ "e069d79d23739977800c3b8495853b735f77ef30" ], "author": { "name": "Bill Nottingham", "email": "notting@redhat.com", "time": "Mon Oct 09 16:10:48 2006 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Oct 09 14:20:38 2006 -0700" }, "message": "[PATCH] Introduce vfs_listxattr\n\nThis patch moves code out of fs/xattr.c:listxattr into a new function -\nvfs_listxattr. The code for vfs_listxattr was originally submitted by Bill\nNottingham \u003cnotting@redhat.com\u003e to Unionfs.\n\nSorry about that. The reason for this submission is to make the\nlistxattr code in fs/xattr.c a little cleaner (as well as to clean up\nsome code in Unionfs.)\n\nCurrently, Unionfs has vfs_listxattr defined in its code. I think\nthat\u0027s very ugly, and I\u0027d like to see it (re)moved. The logical place\nto put it, is along side of all the other vfs_*xattr functions.\n\nOverall, I think this patch is benefitial for both kernel.org kernel and\nUnionfs.\n\nSigned-off-by: Josef \"Jeff\" Sipek \u003cjsipek@cs.sunysb.edu\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e0ad7b073eb7317e5afe0385b02dcb1d52a1eedf", "tree": "bd4a424efe77bfb94c74bb6e57dcf0a0ff998969", "parents": [ "5be196e5f925dab2309530fabce69c2e562b9791" ], "author": { "name": "akpm@osdl.org", "email": "akpm@osdl.org", "time": "Mon Jan 09 20:51:56 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jan 10 08:01:29 2006 -0800" }, "message": "[PATCH] move xattr permission checks into the VFS\n\n\r)\n\nFrom: Christoph Hellwig \u003chch@lst.de\u003e\n\nThe xattr code has rather complex permission checks because the rules are very\ndifferent for different attribute namespaces. This patch moves as much as we\ncan into the generic code. Currently all the major disk based filesystems\nduplicate these checks, while many minor filesystems or network filesystems\nlack some or all of them.\n\nTo do this we need defines for the extended attribute names in common code, I\nmoved them up from JFS which had the nicest defintions.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nAcked-by: Dave Kleikamp \u003cshaggy@austin.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "5be196e5f925dab2309530fabce69c2e562b9791", "tree": "4249d808c38b6f13e899ac936585c1fbb48e5b3b", "parents": [ "a7e670d828e85ef9aacb7fa1cd221525c408110f" ], "author": { "name": "Christoph Hellwig", "email": "hch@lst.de", "time": "Mon Jan 09 20:51:55 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jan 10 08:01:29 2006 -0800" }, "message": "[PATCH] add vfs_* helpers for xattr operations\n\nAdd vfs_getxattr, vfs_setxattr and vfs_removexattr helpers for common checks\naround invocation of the xattr methods. NFSD already was missing some of the\nchecks and there will be more soon.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\n\n(James, I haven\u0027t touched selinux yet because it\u0027s doing various odd things\nand I\u0027m not sure how it would interact with the security attribute fallbacks\nyou added. Could you investigate whether it could use vfs_getxattr or if not\nadd a __vfs_getxattr helper to share the bits it is fine with?)\n\nFor NFSv4: instead of just converting it add an nfsd_getxattr helper for the\ncode shared by NFSv2/3 and NFSv4 ACLs. In fact that code isn\u0027t even\nNFS-specific, but I\u0027ll wait for more users to pop up first before moving it to\ncommon code.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nAcked-by: Dave Kleikamp \u003cshaggy@austin.ibm.com\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Neil Brown \u003cneilb@suse.de\u003e\nCc: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d", "parents": [], "author": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n" } ] }