)]}' { "log": [ { "commit": "e1770d97a730ff4c3aa1775d98f4d0558390607f", "tree": "64ad3c2d24b5506861aac9cef8f08c0e0fbd9959", "parents": [ "1a6509d991225ad210de54c63314fd9542922095" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Jan 28 19:49:00 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Jan 31 19:27:04 2008 -0800" }, "message": "[SELinux]: Fix double free in selinux_netlbl_sock_setsid()\n\nAs pointed out by Adrian Bunk, commit\n45c950e0f839fded922ebc0bfd59b1081cc71b70 (\"fix memory leak in netlabel\ncode\") caused a double-free when security_netlbl_sid_to_secattr()\nfails. This patch fixes this by removing the netlbl_secattr_destroy()\ncall from that function since we are already releasing the secattr\nmemory in selinux_netlbl_sock_setsid().\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f71ea9ddf0ff110f3fcbb89a46686bfba264014c", "tree": "db6843db55d5e1036248fc41782a891882b2cb54", "parents": [ "374ea019cacfa8b69ae49eea993b74cb5968970b" ], "author": { "name": "sergeh@us.ibm.com", "email": "sergeh@us.ibm.com", "time": "Tue Jan 29 05:04:43 2008 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:18:21 2008 +1100" }, "message": "security: compile capabilities by default\n\nCapabilities have long been the default when CONFIG_SECURITY\u003dn,\nand its help text suggests turning it on when CONFIG_SECURITY\u003dy.\nBut it is set to default n.\n\nDefault it to y instead.\n\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Matt LaPlante \u003ckernel1@cyberdogtech.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "374ea019cacfa8b69ae49eea993b74cb5968970b", "tree": "822718af14d91f3beabbde3e9d5758c055e3bef8", "parents": [ "71f1cb05f773661b6fa98c7a635d7a395cd9c55d" ], "author": { "name": "Adrian Bunk", "email": "bunk@kernel.org", "time": "Tue Jan 29 00:11:52 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:44 2008 +1100" }, "message": "selinux: make selinux_set_mnt_opts() static\n\nselinux_set_mnt_opts() can become static.\n\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "71f1cb05f773661b6fa98c7a635d7a395cd9c55d", "tree": "a540f89c5d1d081ea2c09105f264adce44d92fa9", "parents": [ "effad8df44261031a882e1a895415f7186a5098e" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:51:16 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:30 2008 +1100" }, "message": "SELinux: Add warning messages on network denial due to error\n\nCurrently network traffic can be sliently dropped due to non-avc errors which\ncan lead to much confusion when trying to debug the problem. This patch adds\nwarning messages so that when these events occur there is a user visible\nnotification.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "effad8df44261031a882e1a895415f7186a5098e", "tree": "42c04b3247ede13077546e13f82fe3da83ce7b90", "parents": [ "13541b3adad2dc2f56761c5193c2b88db3597f0e" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:49:27 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:30 2008 +1100" }, "message": "SELinux: Add network ingress and egress control permission checks\n\nThis patch implements packet ingress/egress controls for SELinux which allow\nSELinux security policy to control the flow of all IPv4 and IPv6 packets into\nand out of the system. Currently SELinux does not have proper control over\nforwarded packets and this patch corrects this problem.\n\nSpecial thanks to Venkat Yekkirala \u003cvyekkirala@trustedcs.com\u003e whose earlier\nwork on this topic eventually led to this patch.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5dbe1eb0cfc144a2b0cb1466e22bcb6fc34229a8", "tree": "e1e028acaf0dd08cbcacd2c125f60230f820b442", "parents": [ "d621d35e576aa20a0ddae8022c3810f38357c8ff" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:44:18 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:27 2008 +1100" }, "message": "SELinux: Allow NetLabel to directly cache SIDs\n\nNow that the SELinux NetLabel \"base SID\" is always the netmsg initial SID we\ncan do a big optimization - caching the SID and not just the MLS attributes.\nThis not only saves a lot of per-packet memory allocations and copies but it\nhas a nice side effect of removing a chunk of code.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d621d35e576aa20a0ddae8022c3810f38357c8ff", "tree": "318e8aa890dbe715b901b11b019ebac3badb693d", "parents": [ "220deb966ea51e0dedb6a187c0763120809f3e64" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:43:36 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:26 2008 +1100" }, "message": "SELinux: Enable dynamic enable/disable of the network access checks\n\nThis patch introduces a mechanism for checking when labeled IPsec or SECMARK\nare in use by keeping introducing a configuration reference counter for each\nsubsystem. In the case of labeled IPsec, whenever a labeled SA or SPD entry\nis created the labeled IPsec/XFRM reference count is increased and when the\nentry is removed it is decreased. In the case of SECMARK, when a SECMARK\ntarget is created the reference count is increased and later decreased when the\ntarget is removed. These reference counters allow SELinux to quickly determine\nif either of these subsystems are enabled.\n\nNetLabel already has a similar mechanism which provides the netlbl_enabled()\nfunction.\n\nThis patch also renames the selinux_relabel_packet_permission() function to\nselinux_secmark_relabel_packet_permission() as the original name and\ndescription were misleading in that they referenced a single packet label which\nis not the case.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "220deb966ea51e0dedb6a187c0763120809f3e64", "tree": "7d0e5dd8048907c364b4eeff294991937b466c7e", "parents": [ "f67f4f315f31e7907779adb3296fb6682e755342" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:23 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:25 2008 +1100" }, "message": "SELinux: Better integration between peer labeling subsystems\n\nRework the handling of network peer labels so that the different peer labeling\nsubsystems work better together. This includes moving both subsystems to a\nsingle \"peer\" object class which involves not only changes to the permission\nchecks but an improved method of consolidating multiple packet peer labels.\nAs part of this work the inbound packet permission check code has been heavily\nmodified to handle both the old and new behavior in as sane a fashion as\npossible.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f67f4f315f31e7907779adb3296fb6682e755342", "tree": "237a41ae93b73bf4e98761a4b6d30d7a5a54b896", "parents": [ "3bb56b25dbe0a4b44bd2ebceab6736d068e85068" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:21 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:24 2008 +1100" }, "message": "SELinux: Add a new peer class and permissions to the Flask definitions\n\nAdd additional Flask definitions to support the new \"peer\" object class and\nadditional permissions to the netif, node, and packet object classes. Also,\nbring the kernel Flask definitions up to date with the Fedora SELinux policies\nby adding the \"flow_in\" and \"flow_out\" permissions to the \"packet\" class.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3bb56b25dbe0a4b44bd2ebceab6736d068e85068", "tree": "2285d831352b8580d401730eee98820ed54a81a0", "parents": [ "224dfbd81e1ff672eb46e7695469c395bd531083" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:19 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:23 2008 +1100" }, "message": "SELinux: Add a capabilities bitmap to SELinux policy version 22\n\nAdd a new policy capabilities bitmap to SELinux policy version 22. This bitmap\nwill enable the security server to query the policy to determine which features\nit supports.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "224dfbd81e1ff672eb46e7695469c395bd531083", "tree": "c89c3ab606634a7174db8807b2633df8bb024b8c", "parents": [ "da5645a28a15aed2e541a814ecf9f7ffcd4c4673" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:13 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:23 2008 +1100" }, "message": "SELinux: Add a network node caching mechanism similar to the sel_netif_*() functions\n\nThis patch adds a SELinux IP address/node SID caching mechanism similar to the\nsel_netif_*() functions. The node SID queries in the SELinux hooks files are\nalso modified to take advantage of this new functionality. In addition, remove\nthe address length information from the sk_buff parsing routines as it is\nredundant since we already have the address family.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "da5645a28a15aed2e541a814ecf9f7ffcd4c4673", "tree": "8cedccebd0e12308de30573ad593d703943e3cbb", "parents": [ "e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:10 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:22 2008 +1100" }, "message": "SELinux: Only store the network interface\u0027s ifindex\n\nInstead of storing the packet\u0027s network interface name store the ifindex. This\nallows us to defer the need to lookup the net_device structure until the audit\nrecord is generated meaning that in the majority of cases we never need to\nbother with this at all.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6", "tree": "0d786c0ad972e43d1128296b8e7ae47275ab3ebd", "parents": [ "75e22910cf0c26802b09dac2e34c13e648d3ed02" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:08 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:21 2008 +1100" }, "message": "SELinux: Convert the netif code to use ifindex values\n\nThe current SELinux netif code requires the caller have a valid net_device\nstruct pointer to lookup network interface information. However, we don\u0027t\nalways have a valid net_device pointer so convert the netif code to use\nthe ifindex values we always have as part of the sk_buff. This patch also\nremoves the default message SID from the network interface record, it is\nnot being used and therefore is \"dead code\".\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "75e22910cf0c26802b09dac2e34c13e648d3ed02", "tree": "bf5f5c62f6db8a3057a0265dc7748bf310d26d4a", "parents": [ "16efd45435fa695b501b7f73c3259bd7c77cc12c" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:04 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:20 2008 +1100" }, "message": "NetLabel: Add IP address family information to the netlbl_skbuff_getattr() function\n\nIn order to do any sort of IP header inspection of incoming packets we need to\nknow which address family, AF_INET/AF_INET6/etc., it belongs to and since the\nsk_buff structure does not store this information we need to pass along the\naddress family separate from the packet itself.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "16efd45435fa695b501b7f73c3259bd7c77cc12c", "tree": "f26eb84f65192eb0a17aca399fd405100e4be974", "parents": [ "1c3fad936acaf87b75055b95be781437e97d787f" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:37:59 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:19 2008 +1100" }, "message": "NetLabel: Add secid token support to the NetLabel secattr struct\n\nThis patch adds support to the NetLabel LSM secattr struct for a secid token\nand a type field, paving the way for full LSM/SELinux context support and\n\"static\" or \"fallback\" labels. In addition, this patch adds a fair amount\nof documentation to the core NetLabel structures used as part of the\nNetLabel kernel API.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6e23ae2a48750bda407a4a58f52a4865d7308bf5", "tree": "633fd60b2a42bf6fdb86564f0c05a6d52d8dc92b", "parents": [ "1bf06cd2e338fd6fc29169d30eaf0df982338285" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Mon Nov 19 18:53:30 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jan 28 14:53:55 2008 -0800" }, "message": "[NETFILTER]: Introduce NF_INET_ hook values\n\nThe IPv4 and IPv6 hook values are identical, yet some code tries to figure\nout the \"correct\" value by looking at the address family. Introduce NF_INET_*\nvalues for both IPv4 and IPv6. The old values are kept in a #ifndef __KERNEL__\nsection for userspace compatibility.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nAcked-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b1aa5301b9f88a4891061650c591fb8fe1c1d1da", "tree": "701ee5bf6cefbf7545c91ebab614fda7d6fd6a27", "parents": [ "99f1c97dbdb30e958edfd1ced0ae43df62504e07" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Jan 25 13:03:42 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Jan 26 12:16:16 2008 +1100" }, "message": "selinux: fix labeling of /proc/net inodes\n\nThe proc net rewrite had a side effect on selinux, leading it to mislabel\nthe /proc/net inodes, thereby leading to incorrect denials. Fix\nsecurity_genfs_sid to ignore extra leading / characters in the path supplied\nby selinux_proc_get_sid since we now get \"//net/...\" rather than \"/net/...\".\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b47711bfbcd4eb77ca61ef0162487b20e023ae55", "tree": "b2a695dbd40f7ca2333664cf946ef34eda7b7dba", "parents": [ "7556afa0e0e436cad4f560ee83e5fbd5dac9359a", "2e08c0c1c3977a5ddc88887dd3af1b26c433e9d0" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 25 08:44:29 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 25 08:44:29 2008 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n selinux: make mls_compute_sid always polyinstantiate\n security/selinux: constify function pointer tables and fields\n security: add a secctx_to_secid() hook\n security: call security_file_permission from rw_verify_area\n security: remove security_sb_post_mountroot hook\n Security: remove security.h include from mm.h\n Security: remove security_file_mmap hook sparse-warnings (NULL as 0).\n Security: add get, set, and cloning of superblock security information\n security/selinux: Add missing \"space\"\n" }, { "commit": "78a2d906b40fe530ea800c1e873bfe8f02326f1e", "tree": "ebeef35150816fa807f71e596a9aaf711ad10a90", "parents": [ "197b12d6796a3bca187f22a8978a33d51e2bcd79" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Thu Dec 20 08:13:05 2007 -0800" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Thu Jan 24 20:40:40 2008 -0800" }, "message": "Kobject: convert remaining kobject_unregister() to kobject_put()\n\nThere is no need for kobject_unregister() anymore, thanks to Kay\u0027s\nkobject cleanup changes, so replace all instances of it with\nkobject_put().\n\n\nCc: Kay Sievers \u003ckay.sievers@vrfy.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n\n" }, { "commit": "0ff21e46630abce11fdaaffabd72bbd4eed5ac2c", "tree": "cc49671622ef90775bf12a91d20b8286aa346e6f", "parents": [ "5c03c7ab886859eb195440dbb6ccb8c30c4e84cc" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Tue Nov 06 10:36:58 2007 -0800" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Thu Jan 24 20:40:24 2008 -0800" }, "message": "kobject: convert kernel_kset to be a kobject\n\nkernel_kset does not need to be a kset, but a much simpler kobject now\nthat we have kobj_attributes.\n\nWe also rename kernel_kset to kernel_kobj to catch all users of this\nsymbol with a build error instead of an easy-to-ignore build warning.\n\nCc: Kay Sievers \u003ckay.sievers@vrfy.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n\n" }, { "commit": "bd35b93d8049ab47b5bfaf6b10ba39badf21d1c3", "tree": "bac82e14d960b2c7011b7f660a93f07e922f8a97", "parents": [ "e5e38a86c0bbe8475543f10f0a48393a45df5182" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Mon Oct 29 20:13:17 2007 +0100" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Thu Jan 24 20:40:14 2008 -0800" }, "message": "kset: convert kernel_subsys to use kset_create\n\nDynamically create the kset instead of declaring it statically. We also\nrename kernel_subsys to kernel_kset to catch all users of this symbol\nwith a build error instead of an easy-to-ignore build warning.\n\nCc: Kay Sievers \u003ckay.sievers@vrfy.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n\n" }, { "commit": "69d8e1389551b107b1a8ec70c280cb7a56096666", "tree": "d487b8ce9435c4b225beb52e41eabc5ce68862e6", "parents": [ "5c89e17e9c2bc03ed16320967832b33b174e6234" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Mon Oct 29 20:13:17 2007 +0100" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Thu Jan 24 20:40:11 2008 -0800" }, "message": "kobject: convert securityfs to use kobject_create\n\nWe don\u0027t need a kset here, a simple kobject will do just fine, so\ndynamically create the kobject and use it.\n\nCc: Kay Sievers \u003ckay.sievers@vrfy.org\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n\n" }, { "commit": "3514faca19a6fdc209734431c509631ea92b094e", "tree": "f6d102e6dec276f8e8d1044b47c74a02b901554f", "parents": [ "c11c4154e7ff4cebfadad849b1e22689d759c3f4" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Tue Oct 16 10:11:44 2007 -0600" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Thu Jan 24 20:40:10 2008 -0800" }, "message": "kobject: remove struct kobj_type from struct kset\n\nWe don\u0027t need a \"default\" ktype for a kset. We should set this\nexplicitly every time for each kset. This change is needed so that we\ncan make ksets dynamic, and cleans up one of the odd, undocumented\nassumption that the kset/kobject/ktype model has.\n\nThis patch is based on a lot of help from Kay Sievers.\n\nNasty bug in the block code was found by Dave Young\n\u003chidave.darkstar@gmail.com\u003e\n\nCc: Kay Sievers \u003ckay.sievers@vrfy.org\u003e\nCc: Dave Young \u003chidave.darkstar@gmail.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n\n" }, { "commit": "2e08c0c1c3977a5ddc88887dd3af1b26c433e9d0", "tree": "2487c7d7bf54a5a26c53416ee4f1f14886121e15", "parents": [ "1996a10948e50e546dc2b64276723c0b64d3173b" ], "author": { "name": "Eamon Walsh", "email": "ewalsh@tycho.nsa.gov", "time": "Thu Jan 24 15:30:52 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jan 25 11:29:56 2008 +1100" }, "message": "selinux: make mls_compute_sid always polyinstantiate\n\nThis patch removes the requirement that the new and related object types\ndiffer in order to polyinstantiate by MLS level. This allows MLS\npolyinstantiation to occur in the absence of explicit type_member rules or\nwhen the type has not changed.\n\nPotential users of this support include pam_namespace.so (directory\npolyinstantiation) and the SELinux X support (property polyinstantiation).\n\nSigned-off-by: Eamon Walsh \u003cewalsh@tycho.nsa.gov\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1996a10948e50e546dc2b64276723c0b64d3173b", "tree": "971b235907b7c6911c21c9139e0ba85c5b84ef80", "parents": [ "63cb34492351078479b2d4bae6a881806a396286" ], "author": { "name": "Jan Engelhardt", "email": "jengelh@computergmbh.de", "time": "Wed Jan 23 00:02:58 2008 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jan 25 11:29:54 2008 +1100" }, "message": "security/selinux: constify function pointer tables and fields\n\nConstify function pointer tables and fields.\n\nSigned-off-by: Jan Engelhardt \u003cjengelh@computergmbh.de\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "63cb34492351078479b2d4bae6a881806a396286", "tree": "d33ab15eda40c5195c4a723d9e49591a9b4950f9", "parents": [ "c43e259cc756ece387faae849af0058b56d78466" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Jan 15 23:47:35 2008 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jan 25 11:29:53 2008 +1100" }, "message": "security: add a secctx_to_secid() hook\n\nAdd a secctx_to_secid() LSM hook to go along with the existing\nsecid_to_secctx() LSM hook. This patch also includes the SELinux\nimplementation for this hook.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bced95283e9434611cbad8f2ff903cd396eaea72", "tree": "5d56afc7a5f239ebc53a1800a508f16b8d8701b0", "parents": [ "42d7896ebc5f7268b1fe6bbd20f2282e20ae7895" ], "author": { "name": "H. Peter Anvin", "email": "hpa@zytor.com", "time": "Sat Dec 29 16:20:25 2007 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jan 25 11:29:50 2008 +1100" }, "message": "security: remove security_sb_post_mountroot hook\n\nThe security_sb_post_mountroot() hook is long-since obsolete, and is\nfundamentally broken: it is never invoked if someone uses initramfs.\nThis is particularly damaging, because the existence of this hook has\nbeen used as motivation for not using initramfs.\n\nStephen Smalley confirmed on 2007-07-19 that this hook was originally\nused by SELinux but can now be safely removed:\n\n http://marc.info/?l\u003dlinux-kernel\u0026m\u003d118485683612916\u0026w\u003d2\n\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: H. Peter Anvin \u003chpa@zytor.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c9180a57a9ab2d5525faf8815a332364ee9e89b7", "tree": "c677ec33735f3529d478a2b71fcc732d4fe59adf", "parents": [ "19c5fc198c369bb00f3ed9716ef40648865d8d94" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Nov 30 13:00:35 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jan 25 11:29:46 2008 +1100" }, "message": "Security: add get, set, and cloning of superblock security information\n\nAdds security_get_sb_mnt_opts, security_set_sb_mnt_opts, and\nsecurity_clont_sb_mnt_opts to the LSM and to SELinux. This will allow\nfilesystems to directly own and control all of their mount options if they\nso choose. This interface deals only with option identifiers and strings so\nit should generic enough for any LSM which may come in the future.\n\nFilesystems which pass text mount data around in the kernel (almost all of\nthem) need not currently make use of this interface when dealing with\nSELinux since it will still parse those strings as it always has. I assume\nfuture LSM\u0027s would do the same. NFS is the primary FS which does not use\ntext mount data and thus must make use of this interface.\n\nAn LSM would need to implement these functions only if they had mount time\noptions, such as selinux has context\u003d or fscontext\u003d. If the LSM has no\nmount time options they could simply not implement and let the dummy ops\ntake care of things.\n\nAn LSM other than SELinux would need to define new option numbers in\nsecurity.h and any FS which decides to own there own security options would\nneed to be patched to use this new interface for every possible LSM. This\nis because it was stated to me very clearly that LSM\u0027s should not attempt to\nunderstand FS mount data and the burdon to understand security should be in\nthe FS which owns the options.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "19c5fc198c369bb00f3ed9716ef40648865d8d94", "tree": "20c6e68e469f509dd80c41736628a6322704f2ed", "parents": [ "49914084e797530d9baaf51df9eda77babc98fa8" ], "author": { "name": "Joe Perches", "email": "joe@perches.com", "time": "Mon Nov 19 17:53:44 2007 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jan 25 11:29:44 2008 +1100" }, "message": "security/selinux: Add missing \"space\"\n\nAdd missing space.\n\nSigned-off-by: Joe Perches \u003cjoe@perches.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8b85eaadd5b8d3786996bd74c73aff54a92ec456", "tree": "7ef6ed3e5955a45d54b1d223e3ebf7749aa3b918", "parents": [ "f290fc3669d659a915e29b6bdb82d454b437cf93", "45c950e0f839fded922ebc0bfd59b1081cc71b70" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jan 21 19:45:49 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jan 21 19:45:49 2008 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n selinux: fix memory leak in netlabel code\n" }, { "commit": "a6dbb1ef2fc8d73578eacd02ac701f4233175c9f", "tree": "eb2efa0193cdc7ab6b1f30068571194d0dabf230", "parents": [ "a10336043b8193ec603ad54bb79cdcd26bbf94b3" ], "author": { "name": "Andrew G. Morgan", "email": "morgan@kernel.org", "time": "Mon Jan 21 17:18:30 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jan 21 19:39:41 2008 -0800" }, "message": "Fix filesystem capability support\n\nIn linux-2.6.24-rc1, security/commoncap.c:cap_inh_is_capped() was\nintroduced. It has the exact reverse of its intended behavior. This\nled to an unintended privilege esculation involving a process\u0027\ninheritable capability set.\n\nTo be exposed to this bug, you need to have Filesystem Capabilities\nenabled and in use. That is:\n\n- CONFIG_SECURITY_FILE_CAPABILITIES must be defined for the buggy code\n to be compiled in.\n\n- You also need to have files on your system marked with fI bits raised.\n\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\n\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@akpm@linux-foundation.org\u003e\n" }, { "commit": "45c950e0f839fded922ebc0bfd59b1081cc71b70", "tree": "97ca2840c63c0c646daf6b13420157237a3fcbec", "parents": [ "a7da60f41551abb3c520b03d42ec05dd7decfc7f" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 22 09:31:00 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Jan 22 09:31:00 2008 +1100" }, "message": "selinux: fix memory leak in netlabel code\n\nFix a memory leak in security_netlbl_sid_to_secattr() as reported here:\n * https://bugzilla.redhat.com/show_bug.cgi?id\u003d352281\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ab5a91a8364c3d6fc617abc47cc81d162c01d90a", "tree": "0b7f4ef877f56be57f75b8b455b9f694f19da633", "parents": [ "d313f948309ab22797316e789a7ff8fa358176b6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 26 18:47:46 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 06 00:24:30 2007 +1100" }, "message": "Security: allow capable check to permit mmap or low vm space\n\nOn a kernel with CONFIG_SECURITY but without an LSM which implements\nsecurity_file_mmap it is impossible for an application to mmap addresses\nlower than mmap_min_addr. Based on a suggestion from a developer in the\nopenwall community this patch adds a check for CAP_SYS_RAWIO. It is\nassumed that any process with this capability can harm the system a lot\nmore easily than writing some stuff on the zero page and then trying to\nget the kernel to trip over itself. It also means that programs like X\non i686 which use vm86 emulation can work even with mmap_min_addr set.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d313f948309ab22797316e789a7ff8fa358176b6", "tree": "7a6d4a54ea7448ce53cf23349eb8a64d7fd93151", "parents": [ "0955dc03aedfb6a5565445b3f2176255b784cc6a" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Nov 26 11:12:53 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 06 00:24:09 2007 +1100" }, "message": "SELinux: detect dead booleans\n\nInstead of using f_op to detect dead booleans, check the inode index\nagainst the number of booleans and check the dentry name against the\nboolean name for that index on reads and writes. This prevents\nincorrect use of a boolean file opened prior to a policy reload while\nallowing valid use of it as long as it still corresponds to the same\nboolean in the policy.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0955dc03aedfb6a5565445b3f2176255b784cc6a", "tree": "34ec01676c33f5627b8a5c02ca68b8757da3308c", "parents": [ "e3c0ac04f980750a368f7cd5f1b8d1d2cdc1f735" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Nov 21 09:01:36 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 06 00:23:46 2007 +1100" }, "message": "SELinux: do not clear f_op when removing entries\n\nDo not clear f_op when removing entries since it isn\u0027t safe to do.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8ec2328f1138a58eaea55ec6150985a1623b01c5", "tree": "ebaecf41dd8c8789f0c49ee9c0f30c0ce40e3e39", "parents": [ "d0eec99ce50baa5cc2ac02363cdb2a771ed4e1e2" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Wed Nov 28 16:21:47 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Nov 29 09:24:53 2007 -0800" }, "message": "file capabilities: don\u0027t prevent signaling setuid root programs\n\nAn unprivileged process must be able to kill a setuid root program started\nby the same user. This is legacy behavior needed for instance for xinit to\nkill X when the window manager exits.\n\nWhen an unprivileged user runs a setuid root program in !SECURE_NOROOT\nmode, fP, fI, and fE are set full on, so pP\u0027 and pE\u0027 are full on. Then\ncap_task_kill() prevents the user from signaling the setuid root task.\nThis is a change in behavior compared to when\n!CONFIG_SECURITY_FILE_CAPABILITIES.\n\nThis patch introduces a special check into cap_task_kill() just to check\nwhether a non-root user is signaling a setuid root program started by the\nsame user. If so, then signal is allowed.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Andrew Morgan \u003cmorgan@kernel.org\u003e\nCc: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "91ad997a34d7abca1f04e819e31eb9f3d4e20585", "tree": "d39e72f2e2ab69ccb6c69acf46173ccd8803fcc4", "parents": [ "20a1022d4ac5c53f0956006fd9e30cf4846d5e58" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Wed Nov 14 17:00:34 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Nov 14 18:45:44 2007 -0800" }, "message": "file capabilities: allow sigcont within session\n\nFix http://bugzilla.kernel.org/show_bug.cgi?id\u003d9247\n\nAllow sigcont to be sent to a process with greater capabilities if it is in\nthe same session. Otherwise, a shell from which I\u0027ve started a root shell\nand done \u0027suspend\u0027 can\u0027t be restarted by the parent shell.\n\nAlso don\u0027t do file-capabilities signaling checks when uids for the\nprocesses don\u0027t match, since the standard check_kill_permission will have\ndone those checks.\n\n[akpm@linux-foundation.org: coding-style cleanups]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Andrew Morgan \u003cmorgan@kernel.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nTested-by: \"Theodore Ts\u0027o\" \u003ctytso@mit.edu\u003e\nCc: Stephen Smalley \u003csds@epoch.ncsc.mil\u003e\nCc: \"Rafael J. Wysocki\" \u003crjw@sisk.pl\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "45e5421eb5bbcd9efa037d682dd357284e3ef982", "tree": "ceb24143024fe335d08ac30fb4da9ca25fbeb6e6", "parents": [ "6d2b685564ba417f4c6d80c3661f0dfee13fff85" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Nov 07 10:08:00 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Nov 08 08:56:23 2007 +1100" }, "message": "SELinux: add more validity checks on policy load\n\nAdd more validity checks at policy load time to reject malformed\npolicies and prevent subsequent out-of-range indexing when in permissive\nmode. Resolves the NULL pointer dereference reported in\nhttps://bugzilla.redhat.com/show_bug.cgi?id\u003d357541.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6d2b685564ba417f4c6d80c3661f0dfee13fff85", "tree": "a4e098a0eaa0f59b84f167e875a987779a6cba5f", "parents": [ "57002bfb31283e84f694763ed4db0fb761b7d6a9" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@kaigai.gr.jp", "time": "Wed Nov 07 01:17:16 2007 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@sdv.(none)", "time": "Thu Nov 08 08:55:10 2007 +1100" }, "message": "SELinux: fix bug in new ebitmap code.\n\nThe \"e_iter \u003d e_iter-\u003enext;\" statement in the inner for loop is primally\nbug. It should be moved to outside of the for loop.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@kaigai.gr.jp\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "57002bfb31283e84f694763ed4db0fb761b7d6a9", "tree": "7788e55754cbe3a86fdd7e73a1e5e15e2cb8ff1a", "parents": [ "dbeeb816e805091e7cfc03baf36dc40b4adb2bbd" ], "author": { "name": "Stephen Rothwell", "email": "sfr@canb.auug.org.au", "time": "Wed Oct 31 16:47:19 2007 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@sdv.(none)", "time": "Thu Nov 08 08:55:04 2007 +1100" }, "message": "SELinux: suppress a warning for 64k pages.\n\nOn PowerPC allmodconfig build we get this:\n\nsecurity/selinux/xfrm.c:214: warning: comparison is always false due to limited range of data type\n\nSigned-off-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "48d2268473a66fe3aa78fb13b09ee59d6ee95073", "tree": "20d55db1f93294f006ce79156a05652dfa7a8048", "parents": [ "e5eca6aef6a2a57e433db1eac247d2d1c213ce08", "8a53514043e380aa573baa805298a7727c993985" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Oct 23 08:59:46 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Oct 23 08:59:46 2007 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n SELinux: always check SIGCHLD in selinux_task_wait\n" }, { "commit": "8a53514043e380aa573baa805298a7727c993985", "tree": "869d2c0f90390814430fc6639914dc8ea4c0c9c6", "parents": [ "55b70a0300b873c0ec7ea6e33752af56f41250ce" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Oct 22 16:10:31 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Oct 23 08:47:48 2007 +1000" }, "message": "SELinux: always check SIGCHLD in selinux_task_wait\n\nWhen checking if we can wait on a child we were looking at\np-\u003eexit_signal and trying to make the decision based on if the signal\nwould eventually be allowed. One big flaw is that p-\u003eexit_signal is -1\nfor NPTL threads and so aignal_to_av was not actually checking SIGCHLD\nwhich is what would have been sent. Even is exit_signal was set to\nsomething strange it wouldn\u0027t change the fact that the child was there\nand needed to be waited on. This patch just assumes wait is based on\nSIGCHLD. Specific permission checks are made when the child actually\nattempts to send a signal.\n\nThis resolves the problem of things like using GDB on confined domains\nsuch as in RH BZ 232371. The confined domain did not have permission to\nsend a generic signal (exit_signal \u003d\u003d -1) back to the unconfined GDB.\nWith this patch the GDB wait works and since the actual signal sent is\nallowed everything functions as it should.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b68680e4731abbd78863063aaa0dca2a6d8cc723", "tree": "6c546575432b34abb27a54b51f549071d2819282", "parents": [ "b9049e234401e1fad8459d69a952b174d76c399d" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Sun Oct 21 16:41:38 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Oct 22 08:13:18 2007 -0700" }, "message": "capabilities: clean up file capability reading\n\nSimplify the vfs_cap_data structure.\n\nAlso fix get_file_caps which was declaring\n__le32 v1caps[XATTR_CAPS_SZ] on the stack, but\nXATTR_CAPS_SZ is already * sizeof(__le32).\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Andrew Morgan \u003cmorgan@kernel.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b460cbc581a53cc088ceba80608021dd49c63c43", "tree": "83c28d0adbc15f4157c77b40fa60c40a71cb8673", "parents": [ "3743ca05ff464b8a9e345c08a6c9ce30485f9805" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Thu Oct 18 23:39:52 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Oct 19 11:53:37 2007 -0700" }, "message": "pid namespaces: define is_global_init() and is_container_init()\n\nis_init() is an ambiguous name for the pid\u003d\u003d1 check. Split it into\nis_global_init() and is_container_init().\n\nA cgroup init has it\u0027s tsk-\u003epid \u003d\u003d 1.\n\nA global init also has it\u0027s tsk-\u003epid \u003d\u003d 1 and it\u0027s active pid namespace\nis the init_pid_ns. But rather than check the active pid namespace,\ncompare the task structure with \u0027init_pid_ns.child_reaper\u0027, which is\ninitialized during boot to the /sbin/init process and never changes.\n\nChangelog:\n\n\t2.6.22-rc4-mm2-pidns1:\n\t- Use \u0027init_pid_ns.child_reaper\u0027 to determine if a given task is the\n\t global init (/sbin/init) process. This would improve performance\n\t and remove dependence on the task_pid().\n\n\t2.6.21-mm2-pidns2:\n\n\t- [Sukadev Bhattiprolu] Changed is_container_init() calls in {powerpc,\n\t ppc,avr32}/traps.c for the _exception() call to is_global_init().\n\t This way, we kill only the cgroup if the cgroup\u0027s init has a\n\t bug rather than force a kernel panic.\n\n[akpm@linux-foundation.org: fix comment]\n[sukadev@us.ibm.com: Use is_global_init() in arch/m32r/mm/fault.c]\n[bunk@stusta.de: kernel/pid.c: remove unused exports]\n[sukadev@us.ibm.com: Fix capability.c to work with threaded init]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Sukadev Bhattiprolu \u003csukadev@us.ibm.com\u003e\nAcked-by: Pavel Emelianov \u003cxemul@openvz.org\u003e\nCc: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nCc: Herbert Poetzel \u003cherbert@13thfloor.at\u003e\nCc: Kirill Korotaev \u003cdev@sw.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c80544dc0b87bb65038355e7aafdc30be16b26ab", "tree": "176349304bec88a9de16e650c9919462e0dd453c", "parents": [ "0e9663ee452ffce0d429656ebbcfe69417a30e92" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@linux-foundation.org", "time": "Thu Oct 18 03:07:05 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Oct 18 14:37:31 2007 -0700" }, "message": "sparse pointer use of zero as null\n\nGet rid of sparse related warnings from places that use integer as NULL\npointer.\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Stephen Hemminger \u003cshemminger@linux-foundation.org\u003e\nCc: Andi Kleen \u003cak@suse.de\u003e\nCc: Jeff Garzik \u003cjeff@garzik.org\u003e\nCc: Matt Mackall \u003cmpm@selenic.com\u003e\nCc: Ian Kent \u003craven@themaw.net\u003e\nCc: Arnd Bergmann \u003carnd@arndb.de\u003e\nCc: Davide Libenzi \u003cdavidel@xmailserver.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "72c2d5823fc7be799a12184974c3bdc57acea3c4", "tree": "5c17418efb57cd5b2cdc0d751f577b2c64012423", "parents": [ "7058cb02ddab4bce70a46e519804fccb7ac0a060" ], "author": { "name": "Andrew Morgan", "email": "morgan@kernel.org", "time": "Thu Oct 18 03:05:59 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Oct 18 14:37:24 2007 -0700" }, "message": "V3 file capabilities: alter behavior of cap_setpcap\n\nThe non-filesystem capability meaning of CAP_SETPCAP is that a process, p1,\ncan change the capabilities of another process, p2. This is not the\nmeaning that was intended for this capability at all, and this\nimplementation came about purely because, without filesystem capabilities,\nthere was no way to use capabilities without one process bestowing them on\nanother.\n\nSince we now have a filesystem support for capabilities we can fix the\nimplementation of CAP_SETPCAP.\n\nThe most significant thing about this change is that, with it in effect, no\nprocess can set the capabilities of another process.\n\nThe capabilities of a program are set via the capability convolution\nrules:\n\n pI(post-exec) \u003d pI(pre-exec)\n pP(post-exec) \u003d (X(aka cap_bset) \u0026 fP) | (pI(post-exec) \u0026 fI)\n pE(post-exec) \u003d fE ? pP(post-exec) : 0\n\nat exec() time. As such, the only influence the pre-exec() program can\nhave on the post-exec() program\u0027s capabilities are through the pI\ncapability set.\n\nThe correct implementation for CAP_SETPCAP (and that enabled by this patch)\nis that it can be used to add extra pI capabilities to the current process\n- to be picked up by subsequent exec()s when the above convolution rules\nare applied.\n\nHere is how it works:\n\nLet\u0027s say we have a process, p. It has capability sets, pE, pP and pI.\nGenerally, p, can change the value of its own pI to pI\u0027 where\n\n (pI\u0027 \u0026 ~pI) \u0026 ~pP \u003d 0.\n\nThat is, the only new things in pI\u0027 that were not present in pI need to\nbe present in pP.\n\nThe role of CAP_SETPCAP is basically to permit changes to pI beyond\nthe above:\n\n if (pE \u0026 CAP_SETPCAP) {\n pI\u0027 \u003d anything; /* ie., even (pI\u0027 \u0026 ~pI) \u0026 ~pP !\u003d 0 */\n }\n\nThis capability is useful for things like login, which (say, via\npam_cap) might want to raise certain inheritable capabilities for use\nby the children of the logged-in user\u0027s shell, but those capabilities\nare not useful to or needed by the login program itself.\n\nOne such use might be to limit who can run ping. You set the\ncapabilities of the \u0027ping\u0027 program to be \"\u003d cap_net_raw+i\", and then\nonly shells that have (pI \u0026 CAP_NET_RAW) will be able to run\nit. Without CAP_SETPCAP implemented as described above, login(pam_cap)\nwould have to also have (pP \u0026 CAP_NET_RAW) in order to raise this\ncapability and pass it on through the inheritable set.\n\nSigned-off-by: Andrew Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cbfee34520666862f8ff539e580c48958fbb7706", "tree": "ded5cafce333e908a0fbeda1f7c55eaf7c1fbaaa", "parents": [ "b53767719b6cd8789392ea3e7e2eb7b8906898f0" ], "author": { "name": "Adrian Bunk", "email": "bunk@kernel.org", "time": "Tue Oct 16 23:31:38 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:43:07 2007 -0700" }, "message": "security/ cleanups\n\nThis patch contains the following cleanups that are now possible:\n- remove the unused security_operations-\u003einode_xattr_getsuffix\n- remove the no longer used security_operations-\u003eunregister_security\n- remove some no longer required exit code\n- remove a bunch of no longer used exports\n\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b53767719b6cd8789392ea3e7e2eb7b8906898f0", "tree": "a0279dc93c79b94d3865b0f19f6b7b353e20608c", "parents": [ "57c521ce6125e15e99e56c902cb8da96bee7b36d" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Tue Oct 16 23:31:36 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:43:07 2007 -0700" }, "message": "Implement file posix capabilities\n\nImplement file posix capabilities. This allows programs to be given a\nsubset of root\u0027s powers regardless of who runs them, without having to use\nsetuid and giving the binary all of root\u0027s powers.\n\nThis version works with Kaigai Kohei\u0027s userspace tools, found at\nhttp://www.kaigai.gr.jp/index.php. For more information on how to use this\npatch, Chris Friedhoff has posted a nice page at\nhttp://www.friedhoff.org/fscaps.html.\n\nChangelog:\n\tNov 27:\n\tIncorporate fixes from Andrew Morton\n\t(security-introduce-file-caps-tweaks and\n\tsecurity-introduce-file-caps-warning-fix)\n\tFix Kconfig dependency.\n\tFix change signaling behavior when file caps are not compiled in.\n\n\tNov 13:\n\tIntegrate comments from Alexey: Remove CONFIG_ ifdef from\n\tcapability.h, and use %zd for printing a size_t.\n\n\tNov 13:\n\tFix endianness warnings by sparse as suggested by Alexey\n\tDobriyan.\n\n\tNov 09:\n\tAddress warnings of unused variables at cap_bprm_set_security\n\twhen file capabilities are disabled, and simultaneously clean\n\tup the code a little, by pulling the new code into a helper\n\tfunction.\n\n\tNov 08:\n\tFor pointers to required userspace tools and how to use\n\tthem, see http://www.friedhoff.org/fscaps.html.\n\n\tNov 07:\n\tFix the calculation of the highest bit checked in\n\tcheck_cap_sanity().\n\n\tNov 07:\n\tAllow file caps to be enabled without CONFIG_SECURITY, since\n\tcapabilities are the default.\n\tHook cap_task_setscheduler when !CONFIG_SECURITY.\n\tMove capable(TASK_KILL) to end of cap_task_kill to reduce\n\taudit messages.\n\n\tNov 05:\n\tAdd secondary calls in selinux/hooks.c to task_setioprio and\n\ttask_setscheduler so that selinux and capabilities with file\n\tcap support can be stacked.\n\n\tSep 05:\n\tAs Seth Arnold points out, uid checks are out of place\n\tfor capability code.\n\n\tSep 01:\n\tDefine task_setscheduler, task_setioprio, cap_task_kill, and\n\ttask_setnice to make sure a user cannot affect a process in which\n\tthey called a program with some fscaps.\n\n\tOne remaining question is the note under task_setscheduler: are we\n\tok with CAP_SYS_NICE being sufficient to confine a process to a\n\tcpuset?\n\n\tIt is a semantic change, as without fsccaps, attach_task doesn\u0027t\n\tallow CAP_SYS_NICE to override the uid equivalence check. But since\n\tit uses security_task_setscheduler, which elsewhere is used where\n\tCAP_SYS_NICE can be used to override the uid equivalence check,\n\tfixing it might be tough.\n\n\t task_setscheduler\n\t\t note: this also controls cpuset:attach_task. Are we ok with\n\t\t CAP_SYS_NICE being used to confine to a cpuset?\n\t task_setioprio\n\t task_setnice\n\t\t sys_setpriority uses this (through set_one_prio) for another\n\t\t process. Need same checks as setrlimit\n\n\tAug 21:\n\tUpdated secureexec implementation to reflect the fact that\n\teuid and uid might be the same and nonzero, but the process\n\tmight still have elevated caps.\n\n\tAug 15:\n\tHandle endianness of xattrs.\n\tEnforce capability version match between kernel and disk.\n\tEnforce that no bits beyond the known max capability are\n\tset, else return -EPERM.\n\tWith this extra processing, it may be worth reconsidering\n\tdoing all the work at bprm_set_security rather than\n\td_instantiate.\n\n\tAug 10:\n\tAlways call getxattr at bprm_set_security, rather than\n\tcaching it at d_instantiate.\n\n[morgan@kernel.org: file-caps clean up for linux/capability.h]\n[bunk@kernel.org: unexport cap_inode_killpriv]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Andrew Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Andrew Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "20510f2f4e2dabb0ff6c13901807627ec9452f98", "tree": "d64b9eeb90d577f7f9688a215c4c6c3c2405188a", "parents": [ "5c3b447457789374cdb7b03afe2540d48c649a36" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Oct 16 23:31:32 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:43:07 2007 -0700" }, "message": "security: Convert LSM into a static interface\n\nConvert LSM into a static interface, as the ability to unload a security\nmodule is not required by in-tree users and potentially complicates the\noverall security architecture.\n\nNeedlessly exported LSM symbols have been unexported, to help reduce API\nabuse.\n\nParameters for the capability and root_plug modules are now specified\nat boot.\n\nThe SECURITY_FRAMEWORK_VERSION macro has also been removed.\n\nIn a nutshell, there is no safe way to unload an LSM. The modular interface\nis thus unecessary and broken infrastructure. It is used only by out-of-tree\nmodules, which are often binary-only, illegal, abusive of the API and\ndangerous, e.g. silently re-vectoring SELinux.\n\n[akpm@linux-foundation.org: cleanups]\n[akpm@linux-foundation.org: USB Kconfig fix]\n[randy.dunlap@oracle.com: fix LSM kernel-doc]\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: \"Serge E. Hallyn\" \u003cserue@us.ibm.com\u003e\nAcked-by: Arjan van de Ven \u003carjan@infradead.org\u003e\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "76181c134f87479fa13bf2548ddf2999055d34d4", "tree": "34694341c190e7ecdd3111ee48e4b98602ff012f", "parents": [ "398c95bdf2c24d7866692a40ba04425aef238cdd" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 16 23:29:46 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:42:57 2007 -0700" }, "message": "KEYS: Make request_key() and co fundamentally asynchronous\n\nMake request_key() and co fundamentally asynchronous to make it easier for\nNFS to make use of them. There are now accessor functions that do\nasynchronous constructions, a wait function to wait for construction to\ncomplete, and a completion function for the key type to indicate completion\nof construction.\n\nNote that the construction queue is now gone. Instead, keys under\nconstruction are linked in to the appropriate keyring in advance, and that\nanyone encountering one must wait for it to be complete before they can use\nit. This is done automatically for userspace.\n\nThe following auxiliary changes are also made:\n\n (1) Key type implementation stuff is split from linux/key.h into\n linux/key-type.h.\n\n (2) AF_RXRPC provides a way to allocate null rxrpc-type keys so that AFS does\n not need to call key_instantiate_and_link() directly.\n\n (3) Adjust the debugging macros so that they\u0027re -Wformat checked even if\n they are disabled, and make it so they can be enabled simply by defining\n __KDEBUG to be consistent with other code of mine.\n\n (3) Documentation.\n\n[alan@lxorguk.ukuu.org.uk: keys: missing word in documentation]\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "087feb980443aadc7c62f6c26d3867543b470d8c", "tree": "06922e22b5390aeb2ad9ef8ea64b4f05d1d354e3", "parents": [ "9fe79ad1e43d236bbbb8edb3cf634356de714c79" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@kaigai.gr.jp", "time": "Wed Oct 03 23:42:56 2007 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 17 08:59:36 2007 +1000" }, "message": "SELinux: kills warnings in Improve SELinux performance when AVC misses\n\nThis patch kills ugly warnings when the \"Improve SELinux performance\nwhen ACV misses\" patch.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9fe79ad1e43d236bbbb8edb3cf634356de714c79", "tree": "91149cefa28baf692eb55f88f8c544a33e9126df", "parents": [ "3f12070e27b4a213d62607d2bff139793089a77d" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Sat Sep 29 02:20:55 2007 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 17 08:59:34 2007 +1000" }, "message": "SELinux: improve performance when AVC misses.\n\n* We add ebitmap_for_each_positive_bit() which enables to walk on\n any positive bit on the given ebitmap, to improve its performance\n using common bit-operations defined in linux/bitops.h.\n In the previous version, this logic was implemented using a combination\n of ebitmap_for_each_bit() and ebitmap_node_get_bit(), but is was worse\n in performance aspect.\n This logic is most frequestly used to compute a new AVC entry,\n so this patch can improve SELinux performance when AVC misses are happen.\n* struct ebitmap_node is redefined as an array of \"unsigned long\", to get\n suitable for using find_next_bit() which is fasted than iteration of\n shift and logical operation, and to maximize memory usage allocated\n from general purpose slab.\n* Any ebitmap_for_each_bit() are repleced by the new implementation\n in ss/service.c and ss/mls.c. Some of related implementation are\n changed, however, there is no incompatibility with the previous\n version.\n* The width of any new line are less or equal than 80-chars.\n\nThe following benchmark shows the effect of this patch, when we\naccess many files which have different security context one after\nanother. The number is more than /selinux/avc/cache_threshold, so\nany access always causes AVC misses.\n\n selinux-2.6 selinux-2.6-ebitmap\nAVG: 22.763 [s] 8.750 [s]\nSTD: 0.265 0.019\n------------------------------------------\n1st: 22.558 [s] 8.786 [s]\n2nd: 22.458 [s] 8.750 [s]\n3rd: 22.478 [s] 8.754 [s]\n4th: 22.724 [s] 8.745 [s]\n5th: 22.918 [s] 8.748 [s]\n6th: 22.905 [s] 8.764 [s]\n7th: 23.238 [s] 8.726 [s]\n8th: 22.822 [s] 8.729 [s]\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3f12070e27b4a213d62607d2bff139793089a77d", "tree": "b6b614737f916c7c3102f66e6ad9e682b9c9bf04", "parents": [ "788e7dd4c22e6f41b3a118fd8c291f831f6fddbb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Sep 21 14:37:10 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 17 08:59:33 2007 +1000" }, "message": "SELinux: policy selectable handling of unknown classes and perms\n\nAllow policy to select, in much the same way as it selects MLS support, how\nthe kernel should handle access decisions which contain either unknown\nclasses or unknown permissions in known classes. The three choices for the\npolicy flags are\n\n0 - Deny unknown security access. (default)\n2 - reject loading policy if it does not contain all definitions\n4 - allow unknown security access\n\nThe policy\u0027s choice is exported through 2 booleans in\nselinuxfs. /selinux/deny_unknown and /selinux/reject_unknown.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "788e7dd4c22e6f41b3a118fd8c291f831f6fddbb", "tree": "cbe2d2a360aaf7dc243bef432e1c50507ae6db7b", "parents": [ "3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9" ], "author": { "name": "Yuichi Nakamura", "email": "ynakam@hitachisoft.jp", "time": "Fri Sep 14 09:27:07 2007 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 17 08:59:31 2007 +1000" }, "message": "SELinux: Improve read/write performance\n\nIt reduces the selinux overhead on read/write by only revalidating\npermissions in selinux_file_permission if the task or inode labels have\nchanged or the policy has changed since the open-time check. A new LSM\nhook, security_dentry_open, is added to capture the necessary state at open\ntime to allow this optimization.\n\n(see http://marc.info/?l\u003dselinux\u0026m\u003d118972995207740\u0026w\u003d2)\n\nSigned-off-by: Yuichi Nakamura\u003cynakam@hitachisoft.jp\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9", "tree": "b369f8dc55e9d27bbd0b8b4b6843c0736d61b005", "parents": [ "821f3eff7cdb9d6c7076effabd46c96c322daed1" ], "author": { "name": "Yuichi Nakamura", "email": "ynakam@hitachisoft.jp", "time": "Fri Aug 24 11:55:11 2007 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 17 08:59:30 2007 +1000" }, "message": "SELinux: tune avtab to reduce memory usage\n\nThis patch reduces memory usage of SELinux by tuning avtab. Number of hash\nslots in avtab was 32768. Unused slots used memory when number of rules is\nfewer. This patch decides number of hash slots dynamically based on number\nof rules. (chain length)^2 is also printed out in avtab_hash_eval to see\nstandard deviation of avtab hash table.\n\nSigned-off-by: Yuichi Nakamura\u003cynakam@hitachisoft.jp\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a224be766bf593f7bcd534ca0c48dbd3eaf7bfce", "tree": "b0a053b35fe654fb35199c1b5326a4d3932f79da", "parents": [ "762cc40801ad757a34527d5e548816cf3b6fc606" ], "author": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Oct 15 02:58:25 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Oct 15 12:26:44 2007 -0700" }, "message": "[SELINUX]: Update for netfilter -\u003ehook() arg changes.\n\nThey take a \"struct sk_buff *\" instead of a \"struct sk_buff **\" now.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "227b60f5102cda4e4ab792b526a59c8cb20cd9f8", "tree": "2c9e372601ba794894833b0618bc531a9f5d57c4", "parents": [ "06393009000779b00a558fd2f280882cc7dc2008" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@linux-foundation.org", "time": "Wed Oct 10 17:30:46 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Oct 10 17:30:46 2007 -0700" }, "message": "[INET]: local port range robustness\n\nExpansion of original idea from Denis V. Lunev \u003cden@openvz.org\u003e\n\nAdd robustness and locking to the local_port_range sysctl.\n1. Enforce that low \u003c high when setting.\n2. Use seqlock to ensure atomic update.\n\nThe locking might seem like overkill, but there are\ncases where sysadmin might want to change value in the\nmiddle of a DoS attack.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b4b510290b056b86611757ce1175a230f1080f53", "tree": "7bd1d45855ac7457be6d50338c60751f19e436d9", "parents": [ "e9dc86534051b78e41e5b746cccc291b57a3a311" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Sep 12 13:05:38 2007 +0200" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:49:09 2007 -0700" }, "message": "[NET]: Support multiple network namespaces with netlink\n\nEach netlink socket will live in exactly one network namespace,\nthis includes the controlling kernel sockets.\n\nThis patch updates all of the existing netlink protocols\nto only support the initial network namespace. Request\nby clients in other namespaces will get -ECONREFUSED.\nAs they would if the kernel did not have the support for\nthat netlink protocol compiled in.\n\nAs each netlink protocol is updated to be multiple network\nnamespace safe it can register multiple kernel sockets\nto acquire a presence in the rest of the network namespaces.\n\nThe implementation in af_netlink is a simple filter implementation\nat hash table insertion and hash table look up time.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "e9dc86534051b78e41e5b746cccc291b57a3a311", "tree": "1cd4a1dde4c51b6311749428a22cc8a8f5436825", "parents": [ "e730c15519d09ea528b4d2f1103681fa5937c0e6" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Sep 12 13:02:17 2007 +0200" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:49:09 2007 -0700" }, "message": "[NET]: Make device event notification network namespace safe\n\nEvery user of the network device notifiers is either a protocol\nstack or a pseudo device. If a protocol stack that does not have\nsupport for multiple network namespaces receives an event for a\ndevice that is not in the initial network namespace it quite possibly\ncan get confused and do the wrong thing.\n\nTo avoid problems until all of the protocol stacks are converted\nthis patch modifies all netdev event handlers to ignore events on\ndevices that are not in the initial network namespace.\n\nAs the rest of the code is made network namespace aware these\nchecks can be removed.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "31e879309474d1666d645b96de99d0b682fa055f", "tree": "bb9d45dc85e03044b5ee7635f3646774bcbb30d4", "parents": [ "a88a8eff1e6e32d3288986a9d36c6a449c032d3a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Sep 19 17:19:12 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 20 08:06:40 2007 +1000" }, "message": "SELinux: fix array out of bounds when mounting with selinux options\n\nGiven an illegal selinux option it was possible for match_token to work in\nrandom memory at the end of the match_table_t array.\n\nNote that privilege is required to perform a context mount, so this issue is\neffectively limited to root only.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4ac212ad4e8fafc22fa147fc255ff5fa5435cf33", "tree": "9ab703429a2b24ccafc6748c1e0f2147f2b47114", "parents": [ "a1c582d0720f2eff61043e90711767decf37b917" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Aug 29 08:51:50 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@localhost.localdomain", "time": "Thu Aug 30 20:22:47 2007 -0400" }, "message": "SELinux: clear parent death signal on SID transitions\n\nClear parent death signal on SID transitions to prevent unauthorized\nsignaling between SIDs.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: James Morris \u003cjmorris@localhost.localdomain\u003e\n" }, { "commit": "34b4e4aa3c470ce8fa2bd78abb1741b4b58baad7", "tree": "91d620288f1aaf63c12dc84ca1015465818601f2", "parents": [ "afe1ab4d577892822de2c8e803fbfaed6ec44ba3" ], "author": { "name": "Alan Cox", "email": "alan@lxorguk.ukuu.org.uk", "time": "Wed Aug 22 14:01:28 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Aug 22 19:52:45 2007 -0700" }, "message": "fix NULL pointer dereference in __vm_enough_memory()\n\nThe new exec code inserts an accounted vma into an mm struct which is not\ncurrent-\u003emm. The existing memory check code has a hard coded assumption\nthat this does not happen as does the security code.\n\nAs the correct mm is known we pass the mm to the security method and the\nhelper function. A new security test is added for the case where we need\nto pass the mm and the existing one is modified to pass current-\u003emm to\navoid the need to change large amounts of code.\n\n(Thanks to Tobias for fixing rejects and testing)\n\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nCc: WU Fengguang \u003cwfg@mail.ustc.edu.cn\u003e\nCc: James Morris \u003cjmorris@redhat.com\u003e\nCc: Tobias Diedrich \u003cranma+kernel@tdiedrich.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3ad40d647d5e7c320385649e5eb422a5e89e035d", "tree": "496025ef0d9427967f56d2523cfc2b2097531ec4", "parents": [ "28e8351ac22de25034e048c680014ad824323c65" ], "author": { "name": "Steve G", "email": "linux_4ever@yahoo.com", "time": "Tue Aug 14 12:50:46 2007 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@halo.namei", "time": "Thu Aug 16 11:42:28 2007 -0400" }, "message": "SELinux: correct error code in selinux_audit_rule_init\n\nCorrects an error code so that it is valid to pass to userspace.\n\nSigned-off-by: Steve Grubb \u003clinux_4ever@yahoo.com\u003e\nSigned-off-by: James Morris \u003cjmorris@halo.namei\u003e\n" }, { "commit": "088999e98b8caecd31adc3b62223a228555c5ab7", "tree": "ee16fd7c6cdde90642550ee9937fafb96e979f67", "parents": [ "9534f71ca33e5a9de26dfd43c76af86e005005dd" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Aug 01 11:12:58 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 02 11:52:23 2007 -0400" }, "message": "SELinux: remove redundant pointer checks before calling kfree()\n\nWe don\u0027t need to check for NULL pointers before calling kfree().\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9534f71ca33e5a9de26dfd43c76af86e005005dd", "tree": "344444735f541f79ed98cc38fa9040bc018ec66e", "parents": [ "1ed4395035a6791ebbbf618429a58ab9c207cc83" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Jul 30 16:33:26 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 02 11:52:21 2007 -0400" }, "message": "SELinux: restore proper NetLabel caching behavior\n\nA small fix to the SELinux/NetLabel glue code to ensure that the NetLabel\ncache is utilized when possible. This was broken when the SELinux/NetLabel\nglue code was reorganized in the last kernel release.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d133a9609ee6111c9718a4bbe559b84a399603e6", "tree": "c838cc2ec00584acdf42125a13be1a8274b038e7", "parents": [ "6ace06dc68db13f7f82f9341fdef89502f0bb217" ], "author": { "name": "Gabriel Craciunescu", "email": "nix.or.die@googlemail.com", "time": "Tue Jul 31 00:39:19 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Jul 31 15:39:42 2007 -0700" }, "message": "Typo fixes errror -\u003e error\n\nTypo fixes errror -\u003e error\n\nSigned-off-by: Gabriel Craciunescu \u003cnix.or.die@googlemail.com\u003e\nCc: Jeff Garzik \u003cjeff@garzik.org\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "910949a66839ff5f59fede5b7cb68ecf1453e22c", "tree": "6842924dba1c4af0397d06aa4b6363e8c26c220e", "parents": [ "0de085bb474f64e4fdb2f1ff3268590792648c7b" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@trustedcs.com", "time": "Tue Jul 24 09:53:23 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 25 12:49:41 2007 -0400" }, "message": "SELinux: null-terminate context string in selinux_xfrm_sec_ctx_alloc\n\nxfrm_audit_log() expects the context string to be null-terminated\nwhich currently doesn\u0027t happen with user-supplied contexts.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0ec8abd7086ee4f760cb1b477fe376805b17558c", "tree": "09eff2e119de344244242788eab5b6514191f040", "parents": [ "f695baf2df9e0413d3521661070103711545207a" ], "author": { "name": "Jesper Juhl", "email": "jesper.juhl@gmail.com", "time": "Sat Jul 21 00:12:44 2007 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jul 23 09:35:37 2007 -0400" }, "message": "SELinux: fix memory leak in security_netlbl_cache_add()\n\nFix memory leak in security_netlbl_cache_add()\nNote: The Coverity checker gets credit for spotting this one.\n\nSigned-off-by: Jesper Juhl \u003cjesper.juhl@gmail.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "4259fa01a2d2aa3e589b34ba7624080232d9c1ff", "tree": "3aa83d784c4db22f3b62e4d963757497555c5e5c", "parents": [ "74f2345b6be1410f824cb7dd638d2c10a9709379" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jun 07 11:13:31 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 09:57:02 2007 -0400" }, "message": "[PATCH] get rid of AVC_PATH postponed treatment\n\n Selinux folks had been complaining about the lack of AVC_PATH\nrecords when audit is disabled. I must admit my stupidity - I assumed\nthat avc_audit() really couldn\u0027t use audit_log_d_path() because of\ndeadlocks (\u003d\u003d could be called with dcache_lock or vfsmount_lock held).\nShouldn\u0027t have made that assumption - it never gets called that way.\nIt _is_ called under spinlocks, but not those.\n\n Since audit_log_d_path() uses ab-\u003egfp_mask for allocations,\nkmalloc() in there is not a problem. IOW, the simple fix is sufficient:\nlet\u0027s rip AUDIT_AVC_PATH out and simply generate pathname as part of main\nrecord. It\u0027s trivial to do.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "20c2df83d25c6a95affe6157a4c9cac4cf5ffaac", "tree": "415c4453d2b17a50abe7a3e515177e1fa337bd67", "parents": [ "64fb98fc40738ae1a98bcea9ca3145b89fb71524" ], "author": { "name": "Paul Mundt", "email": "lethal@linux-sh.org", "time": "Fri Jul 20 10:11:58 2007 +0900" }, "committer": { "name": "Paul Mundt", "email": "lethal@linux-sh.org", "time": "Fri Jul 20 10:11:58 2007 +0900" }, "message": "mm: Remove slab destructors from kmem_cache_create().\n\nSlab destructors were no longer supported after Christoph\u0027s\nc59def9f222d44bb7e2f0a559f2906191a0862d7 change. They\u0027ve been\nBUGs for both slab and slub, and slob never supported them\neither.\n\nThis rips out support for the dtor pointer from kmem_cache_create()\ncompletely and fixes up every single callsite in the kernel (there were\nabout 224, not including the slab allocator definitions themselves,\nor the documentation references).\n\nSigned-off-by: Paul Mundt \u003clethal@linux-sh.org\u003e\n" }, { "commit": "721e2629fa2167c0e5a9f10d704b1fee1621a8cb", "tree": "a1580ed191e710f891ef1bf25c8c1fc7d6f054a9", "parents": [ "fdb64f93b38a3470fa4db8cd5720b8c731922d1a", "f36158c410651fe66f438c17b2ab3ae813f8c060" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Jul 19 14:42:40 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Jul 19 14:42:40 2007 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel\n SELinux: enable dynamic activation/deactivation of NetLabel/SELinux enforcement\n" }, { "commit": "6c5d523826dc639df709ed0f88c5d2ce25379652", "tree": "ef2fa8cb30266b3a9b047902794e78c583b099da", "parents": [ "76fdbb25f963de5dc1e308325f0578a2f92b1c2d" ], "author": { "name": "Kawai, Hidehiro", "email": "hidehiro.kawai.ez@hitachi.com", "time": "Thu Jul 19 01:48:27 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Jul 19 10:04:46 2007 -0700" }, "message": "coredump masking: reimplementation of dumpable using two flags\n\nThis patch changes mm_struct.dumpable to a pair of bit flags.\n\nset_dumpable() converts three-value dumpable to two flags and stores it into\nlower two bits of mm_struct.flags instead of mm_struct.dumpable.\nget_dumpable() behaves in the opposite way.\n\n[akpm@linux-foundation.org: export set_dumpable]\nSigned-off-by: Hidehiro Kawai \u003chidehiro.kawai.ez@hitachi.com\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nCc: Hugh Dickins \u003chugh@veritas.com\u003e\nCc: Nick Piggin \u003cnickpiggin@yahoo.com.au\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f36158c410651fe66f438c17b2ab3ae813f8c060", "tree": "644e57a36d918fe2b2fcdd2f59daffb847cd8d36", "parents": [ "23bcdc1adebd3cb47d5666f2e9ecada95c0134e4" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Jul 18 12:28:46 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jul 19 10:21:13 2007 -0400" }, "message": "SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel\n\nThese changes will make NetLabel behave like labeled IPsec where there is an\naccess check for both labeled and unlabeled packets as well as providing the\nability to restrict domains to receiving only labeled packets when NetLabel is\nin use. The changes to the policy are straight forward with the following\nnecessary to receive labeled traffic (with SECINITSID_NETMSG defined as\n\"netlabel_peer_t\"):\n\n allow mydom_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;\n\nThe policy for unlabeled traffic would be:\n\n allow mydom_t unlabeled_t:{ tcp_socket udp_socket rawip_socket } recvfrom;\n\nThese policy changes, as well as more general NetLabel support, are included in\nthe latest SELinux Reference Policy release 20070629 or later. Users who make\nuse of NetLabel are strongly encouraged to upgrade their policy to avoid\nnetwork problems. Users who do not make use of NetLabel will not notice any\ndifference.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "23bcdc1adebd3cb47d5666f2e9ecada95c0134e4", "tree": "71caf0ac9fa86e4a9cf423d968a2486656c2e196", "parents": [ "589f1e81bde732dd0b1bc5d01b6bddd4bcb4527b" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Jul 18 12:28:45 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jul 19 10:21:11 2007 -0400" }, "message": "SELinux: enable dynamic activation/deactivation of NetLabel/SELinux enforcement\n\nCreate a new NetLabel KAPI interface, netlbl_enabled(), which reports on the\ncurrent runtime status of NetLabel based on the existing configuration. LSMs\nthat make use of NetLabel, i.e. SELinux, can use this new function to determine\nif they should perform NetLabel access checks. This patch changes the\nNetLabel/SELinux glue code such that SELinux only enforces NetLabel related\naccess checks when netlbl_enabled() returns true.\n\nAt present NetLabel is considered to be enabled when there is at least one\nlabeled protocol configuration present. The result is that by default NetLabel\nis considered to be disabled, however, as soon as an administrator configured\na CIPSO DOI definition NetLabel is enabled and SELinux starts enforcing\nNetLabel related access controls - including unlabeled packet controls.\n\nThis patch also tries to consolidate the multiple \"#ifdef CONFIG_NETLABEL\"\nblocks into a single block to ease future review as recommended by Linus.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "86313c488a6848b7ec2ba04e74f25f79dd32a0b7", "tree": "3b190f7afc338362470573b563f65a1eb83795ac", "parents": [ "10a0a8d4e3f6bf2d077f94344441909abe670f5a" ], "author": { "name": "Jeremy Fitzhardinge", "email": "jeremy@xensource.com", "time": "Tue Jul 17 18:37:03 2007 -0700" }, "committer": { "name": "Jeremy Fitzhardinge", "email": "jeremy@goop.org", "time": "Wed Jul 18 08:47:40 2007 -0700" }, "message": "usermodehelper: Tidy up waiting\n\nRather than using a tri-state integer for the wait flag in\ncall_usermodehelper_exec, define a proper enum, and use that. I\u0027ve\npreserved the integer values so that any callers I\u0027ve missed should\nstill work OK.\n\nSigned-off-by: Jeremy Fitzhardinge \u003cjeremy@xensource.com\u003e\nCc: James Bottomley \u003cJames.Bottomley@HansenPartnership.com\u003e\nCc: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nCc: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Andi Kleen \u003cak@suse.de\u003e\nCc: Paul Mackerras \u003cpaulus@samba.org\u003e\nCc: Johannes Berg \u003cjohannes@sipsolutions.net\u003e\nCc: Ralf Baechle \u003cralf@linux-mips.org\u003e\nCc: Bjorn Helgaas \u003cbjorn.helgaas@hp.com\u003e\nCc: Joel Becker \u003cjoel.becker@oracle.com\u003e\nCc: Tony Luck \u003ctony.luck@intel.com\u003e\nCc: Kay Sievers \u003ckay.sievers@vrfy.org\u003e\nCc: Srivatsa Vaddagiri \u003cvatsa@in.ibm.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "3bd858ab1c451725c07a805dcb315215dc85b86e", "tree": "5d49c4300e350d64fd81eb3230b81f754117e0c1", "parents": [ "49c13b51a15f1ba9f6d47e26e4a3886c4f3931e2" ], "author": { "name": "Satyam Sharma", "email": "ssatyam@cse.iitk.ac.in", "time": "Tue Jul 17 15:00:08 2007 +0530" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Jul 17 12:00:03 2007 -0700" }, "message": "Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check\n\nIntroduce is_owner_or_cap() macro in fs.h, and convert over relevant\nusers to it. This is done because we want to avoid bugs in the future\nwhere we check for only effective fsuid of the current task against a\nfile\u0027s owning uid, without simultaneously checking for CAP_FOWNER as\nwell, thus violating its semantics.\n[ XFS uses special macros and structures, and in general looked ...\nuntouchable, so we leave it alone -- but it has been looked over. ]\n\nThe (current-\u003efsuid !\u003d inode-\u003ei_uid) check in generic_permission() and\nexec_permission_lite() is left alone, because those operations are\ncovered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH. Similarly operations\nfalling under the purview of CAP_CHOWN and CAP_LEASE are also left alone.\n\nSigned-off-by: Satyam Sharma \u003cssatyam@cse.iitk.ac.in\u003e\nCc: Al Viro \u003cviro@ftp.linux.org.uk\u003e\nAcked-by: Serge E. Hallyn \u003cserge@hallyn.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "522ed7767e800cff6c650ec64b0ee0677303119c", "tree": "f65ecb29f2cf885018d3557f840de3ef4be6ec64", "parents": [ "4f27c00bf80f122513d3a5be16ed851573164534" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Sun Jul 15 23:40:56 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "Audit: add TTY input auditing\n\nAdd TTY input auditing, used to audit system administrator\u0027s actions. This is\nrequired by various security standards such as DCID 6/3 and PCI to provide\nnon-repudiation of administrator\u0027s actions and to allow a review of past\nactions if the administrator seems to overstep their duties or if the system\nbecomes misconfigured for unknown reasons. These requirements do not make it\nnecessary to audit TTY output as well.\n\nCompared to an user-space keylogger, this approach records TTY input using the\naudit subsystem, correlated with other audit events, and it is completely\ntransparent to the user-space application (e.g. the console ioctls still\nwork).\n\nTTY input auditing works on a higher level than auditing all system calls\nwithin the session, which would produce an overwhelming amount of mostly\nuseless audit events.\n\nAdd an \"audit_tty\" attribute, inherited across fork (). Data read from TTYs\nby process with the attribute is sent to the audit subsystem by the kernel.\nThe audit netlink interface is extended to allow modifying the audit_tty\nattribute, and to allow sending explanatory audit events from user-space (for\nexample, a shell might send an event containing the final command, after the\ninteractive command-line editing and history expansion is performed, which\nmight be difficult to decipher from the TTY input alone).\n\nBecause the \"audit_tty\" attribute is inherited across fork (), it would be set\ne.g. for sshd restarted within an audited session. To prevent this, the\naudit_tty attribute is cleared when a process with no open TTY file\ndescriptors (e.g. after daemon startup) opens a TTY.\n\nSee https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a\nmore detailed rationale document for an older version of this patch.\n\n[akpm@linux-foundation.org: build fix]\nSigned-off-by: Miloslav Trmac \u003cmitr@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: Paul Fulghum \u003cpaulkf@microgate.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8d9107e8c50e1c4ff43c91c8841805833f3ecfb9", "tree": "abc57f38cf659d4031d5a9915a088f2c47b2cc7e", "parents": [ "16cefa8c3863721fd40445a1b34dea18cd16ccfe" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Jul 13 16:53:18 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Jul 13 16:53:18 2007 -0700" }, "message": "Revert \"SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel\"\n\nThis reverts commit 9faf65fb6ee2b4e08325ba2d69e5ccf0c46453d0.\n\nIt bit people like Michal Piotrowski:\n\n \"My system is too secure, I can not login :)\"\n\nbecause it changed how CONFIG_NETLABEL worked, and broke older SElinux\npolicies.\n\nAs a result, quoth James Morris:\n\n \"Can you please revert this patch?\n\n We thought it only affected people running MLS, but it will affect others.\n\n Sorry for the hassle.\"\n\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Michal Piotrowski \u003cmichal.k.k.piotrowski@gmail.com\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d4cf291526a74cc33d33700a35b74395eec812fd", "tree": "321018f7ef60b7cf2df7104f5361901d021edfdb", "parents": [ "9faf65fb6ee2b4e08325ba2d69e5ccf0c46453d0" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Sun Jul 01 22:23:53 2007 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:33 2007 -0400" }, "message": "security: unexport mmap_min_addr\n\nRemove unneeded export.\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9faf65fb6ee2b4e08325ba2d69e5ccf0c46453d0", "tree": "ee167dc8c575dee062cdaf91d0b60a5997bba0c3", "parents": [ "ed0321895182ffb6ecf210e066d87911b270d587" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Jun 29 11:48:16 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:31 2007 -0400" }, "message": "SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel\n\nThese changes will make NetLabel behave like labeled IPsec where there is an\naccess check for both labeled and unlabeled packets as well as providing the\nability to restrict domains to receiving only labeled packets when NetLabel\nis in use. The changes to the policy are straight forward with the\nfollowing necessary to receive labeled traffic (with SECINITSID_NETMSG\ndefined as \"netlabel_peer_t\"):\n\n allow mydom_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;\n\nThe policy for unlabeled traffic would be:\n\n allow mydom_t unlabeled_t:{ tcp_socket udp_socket rawip_socket } recvfrom;\n\nThese policy changes, as well as more general NetLabel support, are included\nin the SELinux Reference Policy SVN tree, r2352 or later. Users who enable\nNetLabel support in the kernel are strongly encouraged to upgrade their\npolicy to avoid network problems.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ed0321895182ffb6ecf210e066d87911b270d587", "tree": "832bb54666f73b06e55322df40f915c5e9ef64d7", "parents": [ "13bddc2e9d591e31bf20020dc19ea6ca85de420e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 28 15:55:21 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:29 2007 -0400" }, "message": "security: Protection for exploiting null dereference using mmap\n\nAdd a new security check on mmap operations to see if the user is attempting\nto mmap to low area of the address space. The amount of space protected is\nindicated by the new proc tunable /proc/sys/vm/mmap_min_addr and defaults to\n0, preserving existing behavior.\n\nThis patch uses a new SELinux security class \"memprotect.\" Policy already\ncontains a number of allow rules like a_t self:process * (unconfined_t being\none of them) which mean that putting this check in the process class (its\nbest current fit) would make it useless as all user processes, which we also\nwant to protect against, would be allowed. By taking the memprotect name of\nthe new class it will also make it possible for us to move some of the other\nmemory protect permissions out of \u0027process\u0027 and into the new class next time\nwe bump the policy version number (which I also think is a good future idea)\n\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "13bddc2e9d591e31bf20020dc19ea6ca85de420e", "tree": "b813a0a060439c4cfb84c93dc14307179465829b", "parents": [ "2c3c05dbcbc7b9d71549fe0e2b249f10f5a66518" ], "author": { "name": "Tobias Oed", "email": "tobias.oed@octant-fr.com", "time": "Mon Jun 11 08:56:31 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:27 2007 -0400" }, "message": "SELinux: Use %lu for inode-\u003ei_no when printing avc\n\nInode numbers are unsigned long and so need to %lu as format string of printf.\n\nSigned-off-by: Tobias Oed \u003ctobias.oed@octant-fr.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2c3c05dbcbc7b9d71549fe0e2b249f10f5a66518", "tree": "bab75df9fafc435f3370a6d773d3284716347249", "parents": [ "9dc9978084ea2a96b9f42752753d9e38a9f9d7b2" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jun 07 15:34:10 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:25 2007 -0400" }, "message": "SELinux: allow preemption between transition permission checks\n\nIn security_get_user_sids, move the transition permission checks\noutside of the section holding the policy rdlock, and use the AVC to\nperform the checks, calling cond_resched after each one. These\nchanges should allow preemption between the individual checks and\nenable caching of the results. It may however increase the overall\ntime spent in the function in some cases, particularly in the cache\nmiss case.\n\nThe long term fix will be to take much of this logic to userspace by\nexporting additional state via selinuxfs, and ultimately deprecating\nand eliminating this interface from the kernel.\n\nTested-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9dc9978084ea2a96b9f42752753d9e38a9f9d7b2", "tree": "24aac2351df72f9f12fa9143a7746a2e83d24899", "parents": [ "e47c8fc582a2c9f3cba059e543c4a056cd6bf8c4" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jun 04 17:41:22 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:23 2007 -0400" }, "message": "selinux: introduce schedule points in policydb_destroy()\n\nDuring the LSPP testing we found that it was possible for\npolicydb_destroy() to take 10+ seconds of kernel time to complete.\nBasically all policydb_destroy() does is walk some (possibly long) lists\nand free the memory it finds. Turning off slab debugging config options\nmade the problem go away since the actual functions which took most of\nthe time were (as seen by oprofile)\n\n\u003e 121202 23.9879 .check_poison_obj\n\u003e 78247 15.4864 .check_slabp\n\nwere caused by that. So I decided to also add some voluntary schedule\npoints in that code so config voluntary preempt would be enough to solve\nthe problem. Something similar was done in places like\nshmem_free_pages() when we have to walk a list of memory and free it.\nThis was tested by the LSPP group on the hardware which could reproduce\nthe problem just loading a new policy and was found to not trigger the\nsoftlock detector. It takes just as much processing time, but the\nkernel doesn\u0027t spend all that time stuck doing one thing and never\nscheduling.\n\nSomeday a better way to handle memory might make the time needed in this\nfunction a lot less, but this fixes the current issue as it stands\ntoday.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e47c8fc582a2c9f3cba059e543c4a056cd6bf8c4", "tree": "20f43ed6ecb1bea6160f660721dee748a57e0568", "parents": [ "0dd4ae516e7b5be89caed2532f9d953d0b1dbf01" ], "author": { "name": "Christopher J. PeBenito", "email": "cpebenito@tresys.com", "time": "Wed May 23 09:12:09 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:20 2007 -0400" }, "message": "selinux: add selinuxfs structure for object class discovery\n\nThe structure is as follows (relative to selinuxfs root):\n\n/class/file/index\n/class/file/perms/read\n/class/file/perms/write\n...\n\nEach class is allocated 33 inodes, 1 for the class index and 32 for\npermissions. Relative to SEL_CLASS_INO_OFFSET, the inode of the index file\nDIV 33 is the class number. The inode of the permission file % 33 is the\nindex of the permission for that class.\n\nSigned-off-by: Christopher J. PeBenito \u003ccpebenito@tresys.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0dd4ae516e7b5be89caed2532f9d953d0b1dbf01", "tree": "7337115925bf6cbf875c17f465deb53e2ae2ad52", "parents": [ "0c92d7c73b6f99897c8bc7990717b9050cfc722f" ], "author": { "name": "Christopher J. PeBenito", "email": "cpebenito@tresys.com", "time": "Wed May 23 09:12:08 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:19 2007 -0400" }, "message": "selinux: change sel_make_dir() to specify inode counter.\n\nSpecify the inode counter explicitly in sel_make_dir(), rather than always\nusing sel_last_ino.\n\nSigned-off-by: Christopher J. PeBenito \u003ccpebenito@tresys.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0c92d7c73b6f99897c8bc7990717b9050cfc722f", "tree": "327e361aebe40e553e6eb9d0b2f0b10438e8ad9b", "parents": [ "55fcf09b3fe4325c9395ebbb0322a547a157ebc7" ], "author": { "name": "Christopher J. PeBenito", "email": "cpebenito@tresys.com", "time": "Wed May 23 09:12:07 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:17 2007 -0400" }, "message": "selinux: rename sel_remove_bools() for more general usage.\n\nsel_remove_bools() will also be used by the object class discovery, rename\nit for more general use.\n\nSigned-off-by: Christopher J. PeBenito \u003ccpebenito@tresys.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "55fcf09b3fe4325c9395ebbb0322a547a157ebc7", "tree": "36415abc8ad7e917909a1fbfbdcc8ad84f0cebd2", "parents": [ "4eb6bf6bfb580afaf1e1a1d30cba17a078530cf4" ], "author": { "name": "Christopher J. PeBenito", "email": "cpebenito@tresys.com", "time": "Wed May 23 09:12:06 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jul 11 22:52:15 2007 -0400" }, "message": "selinux: add support for querying object classes and permissions from the running policy\n\nAdd support to the SELinux security server for obtaining a list of classes,\nand for obtaining a list of permissions for a specified class.\n\nSigned-off-by: Christopher J. PeBenito \u003ccpebenito@tresys.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ba6ff9f2b5c6018b293bd21083ffaa5ad710e671", "tree": "7a868d3a1948ab9e1aaf7b6e64e114e0f790370d", "parents": [ "6363097cc4d182f93788131b5d8f72aa91d950a0" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Jun 07 18:37:15 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Jun 08 13:33:09 2007 -0700" }, "message": "[NetLabel]: consolidate the struct socket/sock handling to just struct sock\n\nThe current NetLabel code has some redundant APIs which allow both\n\"struct socket\" and \"struct sock\" types to be used; this may have made\nsense at some point but it is wasteful now. Remove the functions that\noperate on sockets and convert the callers. Not only does this make\nthe code smaller and more consistent but it pushes the locking burden\nup to the caller which can be more intelligent about the locks. Also,\nperform the same conversion (socket to sock) on the SELinux/NetLabel\nglue code where it make sense.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3dde6ad8fc3939d345a3768464ecff43c91d511a", "tree": "bf36419973a724f854ba69de793daaf3d916f9a0", "parents": [ "ccf6780dc3d228f380e17b6858b93fc48e40afd4" ], "author": { "name": "David Sterba", "email": "dave@jikos.cz", "time": "Wed May 09 07:12:20 2007 +0200" }, "committer": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Wed May 09 07:12:20 2007 +0200" }, "message": "Fix trivial typos in Kconfig* files\n\nFix several typos in help text in Kconfig* files.\n\nSigned-off-by: David Sterba \u003cdave@jikos.cz\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\n" }, { "commit": "e63340ae6b6205fef26b40a75673d1c9c0c8bb90", "tree": "8d3212705515edec73c3936bb9e23c71d34a7b41", "parents": [ "04c9167f91e309c9c4ea982992aa08e83b2eb42e" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Tue May 08 00:28:08 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue May 08 11:15:07 2007 -0700" }, "message": "header cleaning: don\u0027t include smp_lock.h when not used\n\nRemove includes of \u003clinux/smp_lock.h\u003e where it is not used/needed.\nSuggested by Al Viro.\n\nBuilds cleanly on x86_64, i386, alpha, ia64, powerpc, sparc,\nsparc64, and arm (all 59 defconfigs).\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "98a27ba485c7508ef9d9527fe06e4686f3a163dc", "tree": "73d5dca7f1b5120ecf1bbcc664094044bc35dc56", "parents": [ "2a65f1d9fe78475720bd8f0e0fbbf1973b1b5ac2" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue May 08 00:26:56 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue May 08 11:15:04 2007 -0700" }, "message": "tty: introduce no_tty and use it in selinux\n\nWhile researching the tty layer pid leaks I found a weird case in selinux when\nwe drop a controlling tty because of inadequate permissions we don\u0027t do the\nnormal hangup processing. Which is a problem if it happens the session leader\nhas exec\u0027d something that can no longer access the tty.\n\nWe already have code in the kernel to handle this case in the form of the\nTIOCNOTTY ioctl. So this patch factors out a helper function that is the\nessence of that ioctl and calls it from the selinux code.\n\nThis removes the inconsistency in handling dropping of a controlling tty and\nwho knows it might even make some part of user space happy because it received\na SIGHUP it was expecting.\n\nIn addition since this removes the last user of proc_set_tty outside of\ntty_io.c proc_set_tty is made static and removed from tty.h\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nAcked-by: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "823bccfc4002296ba88c3ad0f049e1abd8108d30", "tree": "5338ae0b32409446af4cd00c5107d9405d5bf0b6", "parents": [ "2609e7b9bebfd433254c02538ba803dc516ff674" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Fri Apr 13 13:15:19 2007 -0700" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Wed May 02 18:57:59 2007 -0700" }, "message": "remove \"struct subsystem\" as it is no longer needed\n\nWe need to work on cleaning up the relationship between kobjects, ksets and\nktypes. The removal of \u0027struct subsystem\u0027 is the first step of this,\nespecially as it is not really needed at all.\n\nThanks to Kay for fixing the bugs in this patch.\n\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n\n" }, { "commit": "a205752d1ad2d37d6597aaae5a56fc396a770868", "tree": "1def76b02da90b98cefd66c4ba3904697963c358", "parents": [ "39bc89fd4019b164002adaacef92c4140e37955a", "e900a7d90ae1486ac95c10e0b7337fc2c2eda529" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Apr 27 10:47:29 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Apr 27 10:47:29 2007 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:\n selinux: preserve boolean values across policy reloads\n selinux: change numbering of boolean directory inodes in selinuxfs\n selinux: remove unused enumeration constant from selinuxfs\n selinux: explicitly number all selinuxfs inodes\n selinux: export initial SID contexts via selinuxfs\n selinux: remove userland security class and permission definitions\n SELinux: move security_skb_extlbl_sid() out of the security server\n MAINTAINERS: update selinux entry\n SELinux: rename selinux_netlabel.h to netlabel.h\n SELinux: extract the NetLabel SELinux support from the security server\n NetLabel: convert a BUG_ON in the CIPSO code to a runtime check\n NetLabel: cleanup and document CIPSO constants\n" }, { "commit": "7318226ea2931a627f3572e5f4804c91ca19ecbc", "tree": "d2492bb7e87a9c1740432c4dcde13e75ee46ad8d", "parents": [ "071b638689464c6b39407025eedd810d5b5e6f5d" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Apr 26 15:46:23 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 26 15:46:23 2007 -0700" }, "message": "[AF_RXRPC]: Key facility changes for AF_RXRPC\n\nExport the keyring key type definition and document its availability.\n\nAdd alternative types into the key\u0027s type_data union to make it more useful.\nNot all users necessarily want to use it as a list_head (AF_RXRPC doesn\u0027t, for\nexample), so make it clear that it can be used in other ways.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "e900a7d90ae1486ac95c10e0b7337fc2c2eda529", "tree": "924c8b62c3c02d600a02c87bd2a7ed44d39a808b", "parents": [ "bce34bc0eef03c68b5c49a3cc5bc77c84760cfe2" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Apr 19 14:16:19 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:36:13 2007 -0400" }, "message": "selinux: preserve boolean values across policy reloads\n\nAt present, the userland policy loading code has to go through contortions to preserve\nboolean values across policy reloads, and cannot do so atomically.\nAs this is what we always want to do for reloads, let the kernel preserve them instead.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Karl MacMillan \u003ckmacmillan@mentalrootkit.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bce34bc0eef03c68b5c49a3cc5bc77c84760cfe2", "tree": "2ef7c5fc9578fa2a7cdfac297681f6b6a6415a53", "parents": [ "68b00df9bb5f38e87c102b3179a18eba9c9937a8" ], "author": { "name": "James Carter", "email": "jwcart2@tycho.nsa.gov", "time": "Wed Apr 04 16:18:50 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:36:11 2007 -0400" }, "message": "selinux: change numbering of boolean directory inodes in selinuxfs\n\nChange the numbering of the booleans directory inodes in selinuxfs to\nprovide more room for new inodes without a conflict in inode numbers and\nto be consistent with how inode numbering is done in the\ninitial_contexts directory.\n\nSigned-off-by: James Carter \u003cjwcart2@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "68b00df9bb5f38e87c102b3179a18eba9c9937a8", "tree": "16d0075e571fafe0a16591a306da326c1d5194ae", "parents": [ "6174eafce3a38114adc6058e2872434c53feae87" ], "author": { "name": "James Carter", "email": "jwcart2@tycho.nsa.gov", "time": "Wed Apr 04 16:18:43 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:36:10 2007 -0400" }, "message": "selinux: remove unused enumeration constant from selinuxfs\n\nRemove the unused enumeration constant, SEL_AVC, from the sel_inos\nenumeration in selinuxfs.\n\nSigned-off-by: James Carter \u003cjwcart2@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6174eafce3a38114adc6058e2872434c53feae87", "tree": "8e97a2f10da78d6dc3a628109829c91c67584195", "parents": [ "f0ee2e467ffa68c3122128b704c1540ee294b748" ], "author": { "name": "James Carter", "email": "jwcart2@tycho.nsa.gov", "time": "Wed Apr 04 16:18:39 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:36:09 2007 -0400" }, "message": "selinux: explicitly number all selinuxfs inodes\n\nExplicitly number all selinuxfs inodes to prevent a conflict between\ninodes numbered using last_ino when created with new_inode() and those\nlabeled explicitly.\n\nSigned-off-by: James Carter \u003cjwcart2@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f0ee2e467ffa68c3122128b704c1540ee294b748", "tree": "1fb9bf27386233b88406b50ff69b83a2c9cdbe38", "parents": [ "a764ae4b0781fac75f9657bc737c37ae59888389" ], "author": { "name": "James Carter", "email": "jwcart2@tycho.nsa.gov", "time": "Wed Apr 04 10:11:29 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:36:00 2007 -0400" }, "message": "selinux: export initial SID contexts via selinuxfs\n\nMake the initial SID contexts accessible to userspace via selinuxfs.\nAn initial use of this support will be to make the unlabeled context\navailable to libselinux for use for invalidated userspace SIDs.\n\nSigned-off-by: James Carter \u003cjwcart2@tycho.nsa.gov\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "a764ae4b0781fac75f9657bc737c37ae59888389" }