)]}' { "log": [ { "commit": "5dbbaf2de89613d19a9286d4db0a535ca2735d26", "tree": "1eaa64968a8ecf83aee4d2f6792840abde6c4916", "parents": [ "6f96c142f77c96a34ac377a3616ee7abcd77fb4d" ], "author": { "name": "Paul Moore", "email": "pmoore@redhat.com", "time": "Mon Jan 14 07:12:19 2013 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jan 14 18:16:59 2013 -0500" }, "message": "tun: fix LSM/SELinux labeling of tun/tap devices\n\nThis patch corrects some problems with LSM/SELinux that were introduced\nwith the multiqueue patchset. The problem stems from the fact that the\nmultiqueue work changed the relationship between the tun device and its\nassociated socket; before the socket persisted for the life of the\ndevice, however after the multiqueue changes the socket only persisted\nfor the life of the userspace connection (fd open). For non-persistent\ndevices this is not an issue, but for persistent devices this can cause\nthe tun device to lose its SELinux label.\n\nWe correct this problem by adding an opaque LSM security blob to the\ntun device struct which allows us to have the LSM security state, e.g.\nSELinux labeling information, persist for the lifetime of the tun\ndevice. In the process we tweak the LSM hooks to work with this new\napproach to TUN device/socket labeling and introduce a new LSM hook,\nsecurity_tun_dev_attach_queue(), to approve requests to attach to a\nTUN queue via TUNSETQUEUE.\n\nThe SELinux code has been adjusted to match the new LSM hooks, the\nother LSMs do not make use of the LSM TUN controls. This patch makes\nuse of the recently added \"tun_socket:attach_queue\" permission to\nrestrict access to the TUNSETQUEUE operation. On older SELinux\npolicies which do not define the \"tun_socket:attach_queue\" permission\nthe access control decision for TUNSETQUEUE will be handled according\nto the SELinux policy\u0027s unknown permission setting.\n\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nTested-by: Jason Wang \u003cjasowang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2e72d51b4ac32989496870cd8171b3682fea1839", "tree": "b8190d17aa5d59508f8c979ce0160f21bef89500", "parents": [ "2f3238aebedb243804f58d62d57244edec4149b2" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Oct 16 07:32:07 2012 +1030" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Dec 14 13:05:24 2012 +1030" }, "message": "security: introduce kernel_module_from_file hook\n\nNow that kernel module origins can be reasoned about, provide a hook to\nthe LSMs to make policy decisions about the module file. This will let\nChrome OS enforce that loadable kernel modules can only come from its\nread-only hash-verified root filesystem. Other LSMs can, for example,\nread extended attributes for signatures, etc.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "808d4e3cfdcc52b19276175464f6dbca4df13b09", "tree": "11c319127e8c1314c1ed1a777e4284032ab5bd00", "parents": [ "4b2c551f77f5a0c496e2125b1d883f4b26aabf2c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 11 11:42:01 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 11 20:02:04 2012 -0400" }, "message": "consitify do_mount() arguments\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "88265322c14cce39f7afbc416726ef4fac413298", "tree": "e4956f905ef617971f87788d8f8a09dbb66b70a3", "parents": [ "65b99c74fdd325d1ffa2e5663295888704712604", "bf5308344527d015ac9a6d2bda4ad4d40fd7d943" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"Highlights:\n\n - Integrity: add local fs integrity verification to detect offline\n attacks\n - Integrity: add digital signature verification\n - Simple stacking of Yama with other LSMs (per LSS discussions)\n - IBM vTPM support on ppc64\n - Add new driver for Infineon I2C TIS TPM\n - Smack: add rule revocation for subject labels\"\n\nFixed conflicts with the user namespace support in kernel/auditsc.c and\nsecurity/integrity/ima/ima_policy.c.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits)\n Documentation: Update git repository URL for Smack userland tools\n ima: change flags container data type\n Smack: setprocattr memory leak fix\n Smack: implement revoking all rules for a subject label\n Smack: remove task_wait() hook.\n ima: audit log hashes\n ima: generic IMA action flag handling\n ima: rename ima_must_appraise_or_measure\n audit: export audit_log_task_info\n tpm: fix tpm_acpi sparse warning on different address spaces\n samples/seccomp: fix 31 bit build on s390\n ima: digital signature verification support\n ima: add support for different security.ima data types\n ima: add ima_inode_setxattr/removexattr function and calls\n ima: add inode_post_setattr call\n ima: replace iint spinblock with rwlock/read_lock\n ima: allocating iint improvements\n ima: add appraise action keywords and default rules\n ima: integrity appraisal extension\n vfs: move ima_file_free before releasing the file\n ...\n" }, { "commit": "437589a74b6a590d175f86cf9f7b2efcee7765e7", "tree": "37bf8635b1356d80ef002b00e84f3faf3d555a63", "parents": [ "68d47a137c3bef754923bccf73fb639c9b0bbd5e", "72235465864d84cedb2d9f26f8e1de824ee20339" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 11:11:09 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 11:11:09 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace\n\nPull user namespace changes from Eric Biederman:\n \"This is a mostly modest set of changes to enable basic user namespace\n support. This allows the code to code to compile with user namespaces\n enabled and removes the assumption there is only the initial user\n namespace. Everything is converted except for the most complex of the\n filesystems: autofs4, 9p, afs, ceph, cifs, coda, fuse, gfs2, ncpfs,\n nfs, ocfs2 and xfs as those patches need a bit more review.\n\n The strategy is to push kuid_t and kgid_t values are far down into\n subsystems and filesystems as reasonable. Leaving the make_kuid and\n from_kuid operations to happen at the edge of userspace, as the values\n come off the disk, and as the values come in from the network.\n Letting compile type incompatible compile errors (present when user\n namespaces are enabled) guide me to find the issues.\n\n The most tricky areas have been the places where we had an implicit\n union of uid and gid values and were storing them in an unsigned int.\n Those places were converted into explicit unions. I made certain to\n handle those places with simple trivial patches.\n\n Out of that work I discovered we have generic interfaces for storing\n quota by projid. I had never heard of the project identifiers before.\n Adding full user namespace support for project identifiers accounts\n for most of the code size growth in my git tree.\n\n Ultimately there will be work to relax privlige checks from\n \"capable(FOO)\" to \"ns_capable(user_ns, FOO)\" where it is safe allowing\n root in a user names to do those things that today we only forbid to\n non-root users because it will confuse suid root applications.\n\n While I was pushing kuid_t and kgid_t changes deep into the audit code\n I made a few other cleanups. I capitalized on the fact we process\n netlink messages in the context of the message sender. I removed\n usage of NETLINK_CRED, and started directly using current-\u003etty.\n\n Some of these patches have also made it into maintainer trees, with no\n problems from identical code from different trees showing up in\n linux-next.\n\n After reading through all of this code I feel like I might be able to\n win a game of kernel trivial pursuit.\"\n\nFix up some fairly trivial conflicts in netfilter uid/git logging code.\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (107 commits)\n userns: Convert the ufs filesystem to use kuid/kgid where appropriate\n userns: Convert the udf filesystem to use kuid/kgid where appropriate\n userns: Convert ubifs to use kuid/kgid\n userns: Convert squashfs to use kuid/kgid where appropriate\n userns: Convert reiserfs to use kuid and kgid where appropriate\n userns: Convert jfs to use kuid/kgid where appropriate\n userns: Convert jffs2 to use kuid and kgid where appropriate\n userns: Convert hpfs to use kuid and kgid where appropriate\n userns: Convert btrfs to use kuid/kgid where appropriate\n userns: Convert bfs to use kuid/kgid where appropriate\n userns: Convert affs to use kuid/kgid wherwe appropriate\n userns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids\n userns: On ia64 deal with current_uid and current_gid being kuid and kgid\n userns: On ppc convert current_uid from a kuid before printing.\n userns: Convert s390 getting uid and gid system calls to use kuid and kgid\n userns: Convert s390 hypfs to use kuid and kgid where appropriate\n userns: Convert binder ipc to use kuids\n userns: Teach security_path_chown to take kuids and kgids\n userns: Add user namespace support to IMA\n userns: Convert EVM to deal with kuids and kgids in it\u0027s hmac computation\n ...\n" }, { "commit": "be8cfc4af15cf611dfeb66a1fb5df43d5f1e280a", "tree": "b84efb3a6189633a5e3f1a210971f28a0d68dac4", "parents": [ "b5bd6a0e5fa8c0376d9746c566fe3daaa51ec825" ], "author": { "name": "Mark Salter", "email": "msalter@redhat.com", "time": "Mon Sep 24 17:17:38 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Sep 25 08:59:21 2012 -0700" }, "message": "c/r: prctl: fix build error for no-MMU case\n\nCommit 1ad75b9e1628 (\"c/r: prctl: add minimal address test to\nPR_SET_MM\") added some address checking to prctl_set_mm() used by\ncheckpoint-restore. This causes a build error for no-MMU systems:\n\n kernel/sys.c: In function \u0027prctl_set_mm\u0027:\n kernel/sys.c:1868:34: error: \u0027mmap_min_addr\u0027 undeclared (first use in this function)\n\nThe test for mmap_min_addr doesn\u0027t make a lot of sense for no-MMU code\nas noted in commit 6e1415467614 (\"NOMMU: Optimise away the\n{dac_,}mmap_min_addr tests\").\n\nThis patch defines mmap_min_addr as 0UL in the no-MMU case so that the\ncompiler will optimize away tests for \"addr \u003c mmap_min_addr\".\n\nSigned-off-by: Mark Salter \u003cmsalter@redhat.com\u003e\nReviewed-by: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nCc: \u003cstable@vger.kernel.org\u003e\t[3.6.x]\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d2b31ca644fdc8704de3367a6a56a5c958c77f53", "tree": "70967aaec7a5a86ffdd6adf3a45d3b3cb8833678", "parents": [ "8b94eea4bfb8df693c5b35d08b74f13cfb92f3de" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Jun 01 16:14:19 2012 -0600" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Sep 21 03:13:25 2012 -0700" }, "message": "userns: Teach security_path_chown to take kuids and kgids\n\nDon\u0027t make the security modules deal with raw user space uid and\ngids instead pass in a kuid_t and a kgid_t so that security modules\nonly have to deal with internal kernel uids and gids.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: James Morris \u003cjames.l.morris@oracle.com\u003e\nCc: John Johansen \u003cjohn.johansen@canonical.com\u003e\nCc: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nCc: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "c6993e4ac002c92bc75379212e9179c36d4bf7ee", "tree": "cdb4c800ea3cf4003b07087166cc767dab79032f", "parents": [ "81198078d7da4240f3cbfc2c6a8ea6cd417f51a7" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Sep 04 13:32:13 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Sep 05 14:12:31 2012 -0700" }, "message": "security: allow Yama to be unconditionally stacked\n\nUnconditionally call Yama when CONFIG_SECURITY_YAMA_STACKED is selected,\nno matter what LSM module is primary.\n\nUbuntu and Chrome OS already carry patches to do this, and Fedora\nhas voiced interest in doing this as well. Instead of having multiple\ndistributions (or LSM authors) carrying these patches, just allow Yama\nto be called unconditionally when selected by the new CONFIG.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "9d8dad742ad1c74d7e7210ee05d0b44961d5ea16", "tree": "b1e738bf17987552cdace2695d8b77328dc29bcf", "parents": [ "f4ba394c1b02e7fc2179fda8d3941a5b3b65efb6" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Thu Aug 09 19:01:26 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Fri Aug 10 19:58:07 2012 +1000" }, "message": "Yama: higher restrictions should block PTRACE_TRACEME\n\nThe higher ptrace restriction levels should be blocking even\nPTRACE_TRACEME requests. The comments in the LSM documentation are\nmisleading about when the checks happen (the parent does not go through\nsecurity_ptrace_access_check() on a PTRACE_TRACEME call).\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nCc: stable@vger.kernel.org # 3.5.x and later\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "8b3ec6814c83d76b85bd13badc48552836c24839", "tree": "2430a4511c7ea41f67b0d841f4c42eac43828db3", "parents": [ "e5467859f7f79b69fc49004403009dfdba3bec53" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 30 17:11:23 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jun 01 10:37:01 2012 -0400" }, "message": "take security_mmap_file() outside of -\u003emmap_sem\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e5467859f7f79b69fc49004403009dfdba3bec53", "tree": "73b011daf79eeddd61bbcaf65cd197b5e5f6f149", "parents": [ "d007794a182bc072a7b7479909dbd0d67ba341be" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 30 13:30:51 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 31 13:11:54 2012 -0400" }, "message": "split -\u003efile_mmap() into -\u003emmap_addr()/-\u003emmap_file()\n\n... i.e. file-dependent and address-dependent checks.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d007794a182bc072a7b7479909dbd0d67ba341be", "tree": "75aa7ccd563a0fe8b60391824c92f64098674dda", "parents": [ "cf74d14c4fbce9bcc9eb62f52d721d3399a2b87f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 30 13:11:37 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 31 13:10:54 2012 -0400" }, "message": "split cap_mmap_addr() out of cap_file_mmap()\n\n... switch callers.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ff2bb047c4bce9742e94911eeb44b4d6ff4734ab", "tree": "9d9b1cfa3fc17f0cc13f34ca697306cb1f46b05f", "parents": [ "cffee16e8b997ab947de661e8820e486b0830c94", "c737f8284cac91428f8fcc8281e69117fa16e887" ], "author": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue May 22 11:21:06 2012 +1000" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue May 22 11:21:06 2012 +1000" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into next\n\nPer pull request, for 3.5.\n" }, { "commit": "259e5e6c75a910f3b5e656151dc602f53f9d7548", "tree": "4405fdf68238f2e33f27b04e8c37c9e29a2493d8", "parents": [ "9ccf010f8172b699ea80178860e8ea228f7dce56" ], "author": { "name": "Andy Lutomirski", "email": "luto@amacapital.net", "time": "Thu Apr 12 16:47:50 2012 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Sat Apr 14 11:13:18 2012 +1000" }, "message": "Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs\n\nWith this change, calling\n prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)\ndisables privilege granting operations at execve-time. For example, a\nprocess will not be able to execute a setuid binary to change their uid\nor gid if this bit is set. The same is true for file capabilities.\n\nAdditionally, LSM_UNSAFE_NO_NEW_PRIVS is defined to ensure that\nLSMs respect the requested behavior.\n\nTo determine if the NO_NEW_PRIVS bit is set, a task may call\n prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0);\nIt returns 1 if set and 0 if it is not set. If any of the arguments are\nnon-zero, it will return -1 and set errno to -EINVAL.\n(PR_SET_NO_NEW_PRIVS behaves similarly.)\n\nThis functionality is desired for the proposed seccomp filter patch\nseries. By using PR_SET_NO_NEW_PRIVS, it allows a task to modify the\nsystem call behavior for itself and its child tasks without being\nable to impact the behavior of a more privileged task.\n\nAnother potential use is making certain privileged operations\nunprivileged. For example, chroot may be considered \"safe\" if it cannot\naffect privileged tasks.\n\nNote, this patch causes execve to fail when PR_SET_NO_NEW_PRIVS is\nset and AppArmor is in use. It is fixed in a subsequent patch.\n\nSigned-off-by: Andy Lutomirski \u003cluto@amacapital.net\u003e\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Kees Cook \u003ckeescook@chromium.org\u003e\n\nv18: updated change desc\nv17: using new define values as per 3.4\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "83d498569e9a7a4b92c4c5d3566f2d6a604f28c9", "tree": "e0d77f21bda5bec5ace52b3fa557f87b1bb57631", "parents": [ "95dbf739313f09c8d859bde1373bc264ef979337" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:45:40 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:50 2012 -0400" }, "message": "SELinux: rename dentry_open to file_open\n\ndentry_open takes a file, rename it to file_open\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "3556485f1595e3964ba539e39ea682acbb835cee", "tree": "7f5ee254f425b1427ac0059b5f347a307f8538a1", "parents": [ "b8716614a7cc2fc15ea2a518edd04755fb08d922", "09f61cdbb32a9d812c618d3922db533542736bb0" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:25:04 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:25:04 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates for 3.4 from James Morris:\n \"The main addition here is the new Yama security module from Kees Cook,\n which was discussed at the Linux Security Summit last year. Its\n purpose is to collect miscellaneous DAC security enhancements in one\n place. This also marks a departure in policy for LSM modules, which\n were previously limited to being standalone access control systems.\n Chromium OS is using Yama, and I believe there are plans for Ubuntu,\n at least.\n\n This patchset also includes maintenance updates for AppArmor, TOMOYO\n and others.\"\n\nFix trivial conflict in \u003cnet/sock.h\u003e due to the jumo_label-\u003estatic_key\nrename.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits)\n AppArmor: Fix location of const qualifier on generated string tables\n TOMOYO: Return error if fails to delete a domain\n AppArmor: add const qualifiers to string arrays\n AppArmor: Add ability to load extended policy\n TOMOYO: Return appropriate value to poll().\n AppArmor: Move path failure information into aa_get_name and rename\n AppArmor: Update dfa matching routines.\n AppArmor: Minor cleanup of d_namespace_path to consolidate error handling\n AppArmor: Retrieve the dentry_path for error reporting when path lookup fails\n AppArmor: Add const qualifiers to generated string tables\n AppArmor: Fix oops in policy unpack auditing\n AppArmor: Fix error returned when a path lookup is disconnected\n KEYS: testing wrong bit for KEY_FLAG_REVOKED\n TOMOYO: Fix mount flags checking order.\n security: fix ima kconfig warning\n AppArmor: Fix the error case for chroot relative path name lookup\n AppArmor: fix mapping of META_READ to audit and quiet flags\n AppArmor: Fix underflow in xindex calculation\n AppArmor: Fix dropping of allowed operations that are force audited\n AppArmor: Add mising end of structure test to caps unpacking\n ...\n" }, { "commit": "fbe74e361c6586cdd996bc2805033999dd469e99", "tree": "76ce4479bbb4391181b8f5bf4f558953ca367074", "parents": [ "4ff162f0795ae962d90f7b0931db03221fa0ac18" ], "author": { "name": "Javier Martinez Canillas", "email": "javier@dowhile0.org", "time": "Wed Feb 15 11:58:54 2012 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Tue Feb 28 16:01:55 2012 +0100" }, "message": "security: struct security_operations kerneldoc fix\n\nunix_may_send hook has the prototype:\n\nint (*unix_may_send) (struct socket *sock, struct socket *other)\n\nso the documentation is wrongly referring to the second argument as @sock.\n\nSigned-off-by: Javier Martinez Canillas \u003cjavier@dowhile0.org\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "4040153087478993cbf0809f444400a3c808074c", "tree": "2dc7af85b0cf930f1656553bd38410b8c16601a6", "parents": [ "191c542442fdf53cc3c496c00be13367fd9cd42d" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Mon Feb 13 03:58:52 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 14 10:45:42 2012 +1100" }, "message": "security: trim security.h\n\nTrim security.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "191c542442fdf53cc3c496c00be13367fd9cd42d", "tree": "4aef9e33a1d99e6530b704243efbe373bb314d61", "parents": [ "bbd36568594d091e682a1975ef4ee41d808de0bc" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Mon Feb 13 03:58:52 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 14 10:45:39 2012 +1100" }, "message": "mm: collapse security_vm_enough_memory() variants into a single function\n\nCollapse security_vm_enough_memory() variants into a single function.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1a2a4d06e1e95260c470ebe3a945f61bbe8c1fd8", "tree": "7167d158749a7acf2ce8bbe1ecd25234b654e813", "parents": [ "9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Wed Dec 21 12:17:03 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 10 09:14:51 2012 +1100" }, "message": "security: create task_free security callback\n\nThe current LSM interface to cred_free is not sufficient for allowing\nan LSM to track the life and death of a task. This patch adds the\ntask_free hook so that an LSM can clean up resources on task death.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c49c41a4134679cecb77362e7f6b59acb6320aa7", "tree": "45e690c036ca5846a48c8be67945d1d841b2d96d", "parents": [ "892d208bcf79e4e1058707786a7b6d486697cd78", "f423e5ba76e7e4a6fcb4836b4f072d1fdebba8b5" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security:\n capabilities: remove __cap_full_set definition\n security: remove the security_netlink_recv hook as it is equivalent to capable()\n ptrace: do not audit capability check when outputing /proc/pid/stat\n capabilities: remove task_ns_* functions\n capabitlies: ns_capable can use the cap helpers rather than lsm call\n capabilities: style only - move capable below ns_capable\n capabilites: introduce new has_ns_capabilities_noaudit\n capabilities: call has_ns_capability from has_capability\n capabilities: remove all _real_ interfaces\n capabilities: introduce security_capable_noaudit\n capabilities: reverse arguments to security_capable\n capabilities: remove the task from capable LSM hook entirely\n selinux: sparse fix: fix several warnings in the security server cod\n selinux: sparse fix: fix warnings in netlink code\n selinux: sparse fix: eliminate warnings for selinuxfs\n selinux: sparse fix: declare selinux_disable() in security.h\n selinux: sparse fix: move selinux_complete_init\n selinux: sparse fix: make selinux_secmark_refcount static\n SELinux: Fix RCU deref check warning in sel_netport_insert()\n\nManually fix up a semantic mis-merge wrt security_netlink_recv():\n\n - the interface was removed in commit fd7784615248 (\"security: remove\n the security_netlink_recv hook as it is equivalent to capable()\")\n\n - a new user of it appeared in commit a38f7907b926 (\"crypto: Add\n userspace configuration API\")\n\ncausing no automatic merge conflict, but Eric Paris pointed out the\nissue.\n" }, { "commit": "e7691a1ce341c80ed9504244a36b31c025217391", "tree": "e9941bb350f64a726130e299c411821da6f41a53", "parents": [ "5cd9599bba428762025db6027764f1c59d0b1e1b", "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 10 21:51:23 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 10 21:51:23 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security: (32 commits)\n ima: fix invalid memory reference\n ima: free duplicate measurement memory\n security: update security_file_mmap() docs\n selinux: Casting (void *) value returned by kmalloc is useless\n apparmor: fix module parameter handling\n Security: tomoyo: add .gitignore file\n tomoyo: add missing rcu_dereference()\n apparmor: add missing rcu_dereference()\n evm: prevent racing during tfm allocation\n evm: key must be set once during initialization\n mpi/mpi-mpow: NULL dereference on allocation failure\n digsig: build dependency fix\n KEYS: Give key types their own lockdep class for key-\u003esem\n TPM: fix transmit_cmd error logic\n TPM: NSC and TIS drivers X86 dependency fix\n TPM: Export wait_for_stat for other vendor specific drivers\n TPM: Use vendor specific function for status probe\n tpm_tis: add delay after aborting command\n tpm_tis: Check return code from getting timeouts/durations\n tpm: Introduce function to poll for result of self test\n ...\n\nFix up trivial conflict in lib/Makefile due to addition of CONFIG_MPI\nand SIGSIG next to CONFIG_DQL addition.\n" }, { "commit": "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8", "tree": "a118eaef15d4ba22247f45ee01537ecc906cd161", "parents": [ "805a6af8dba5dfdd35ec35dc52ec0122400b2610", "7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n\nConflicts:\n\tsecurity/integrity/evm/evm_crypto.c\n\nResolved upstream fix vs. next conflict manually.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "98793265b429a3f0b3f1750e74d67cd4d740d162", "tree": "b0bd717673f0c21845cf053f3fb6b75d42530af5", "parents": [ "b4a133da2eaccb844a7beaef16ffd9c76a0d21d3", "bd1b2a555952d959f47169056fca05acf7eff81f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jan 08 13:21:22 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jan 08 13:21:22 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (53 commits)\n Kconfig: acpi: Fix typo in comment.\n misc latin1 to utf8 conversions\n devres: Fix a typo in devm_kfree comment\n btrfs: free-space-cache.c: remove extra semicolon.\n fat: Spelling s/obsolate/obsolete/g\n SCSI, pmcraid: Fix spelling error in a pmcraid_err() call\n tools/power turbostat: update fields in manpage\n mac80211: drop spelling fix\n types.h: fix comment spelling for \u0027architectures\u0027\n typo fixes: aera -\u003e area, exntension -\u003e extension\n devices.txt: Fix typo of \u0027VMware\u0027.\n sis900: Fix enum typo \u0027sis900_rx_bufer_status\u0027\n decompress_bunzip2: remove invalid vi modeline\n treewide: Fix comment and string typo \u0027bufer\u0027\n hyper-v: Update MAINTAINERS\n treewide: Fix typos in various parts of the kernel, and fix some comments.\n clockevents: drop unknown Kconfig symbol GENERIC_CLOCKEVENTS_MIGR\n gpio: Kconfig: drop unknown symbol \u0027CS5535_GPIO\u0027\n leds: Kconfig: Fix typo \u0027D2NET_V2\u0027\n sound: Kconfig: drop unknown symbol ARCH_CLPS7500\n ...\n\nFix up trivial conflicts in arch/powerpc/platforms/40x/Kconfig (some new\nkconfig additions, close to removed commented-out old ones)\n" }, { "commit": "cdcf116d44e78c7216ba9f8be9af1cdfca7af728", "tree": "2417cfd3e06ac5e2468585e8f00d580242cb5571", "parents": [ "d8c9584ea2a92879f471fd3a2be3af6c534fb035" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Dec 08 10:51:53 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:16:53 2012 -0500" }, "message": "switch security_path_chmod() to struct path *\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "fd778461524849afd035679030ae8e8873c72b81", "tree": "32a5849c1879413fce0307af304e372eaa8225b4", "parents": [ "69f594a38967f4540ce7a29b3fd214e68a8330bd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:16 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:53:01 2012 -0500" }, "message": "security: remove the security_netlink_recv hook as it is equivalent to capable()\n\nOnce upon a time netlink was not sync and we had to get the effective\ncapabilities from the skb that was being received. Today we instead get\nthe capabilities from the current task. This has rendered the entire\npurpose of the hook moot as it is now functionally equivalent to the\ncapable() call.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2920a8409de5a51575d03deca07e5bb2be6fc98d", "tree": "1f16eba518068e7096b6ff200c09d3d31e285586", "parents": [ "c7eba4a97563fd8b431787f7ad623444f2da80c6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:15 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:55 2012 -0500" }, "message": "capabilities: remove all _real_ interfaces\n\nThe name security_real_capable and security_real_capable_noaudit just don\u0027t\nmake much sense to me. Convert them to use security_capable and\nsecurity_capable_noaudit.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\n" }, { "commit": "c7eba4a97563fd8b431787f7ad623444f2da80c6", "tree": "12041949c45c2f394d6a96041c39e07ad6df720b", "parents": [ "b7e724d303b684655e4ca3dabd5a6840ad19012d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:15 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:54 2012 -0500" }, "message": "capabilities: introduce security_capable_noaudit\n\nExactly like security_capable except don\u0027t audit any denials. This is for\nplaces where the kernel may make decisions about what to do if a task has a\ngiven capability, but which failing that capability is not a sign of a\nsecurity policy violation. An example is checking if a task has\nCAP_SYS_ADMIN to lower it\u0027s likelyhood of being killed by the oom killer.\nThis check is not a security violation if it is denied.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\n" }, { "commit": "b7e724d303b684655e4ca3dabd5a6840ad19012d", "tree": "5474d8d49d61ade4c5e306a0485a835587237bf4", "parents": [ "6a9de49115d5ff9871d953af1a5c8249e1585731" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:15 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:53 2012 -0500" }, "message": "capabilities: reverse arguments to security_capable\n\nsecurity_capable takes ns, cred, cap. But the LSM capable() hook takes\ncred, ns, cap. The capability helper functions also take cred, ns, cap.\nRather than flip argument order just to flip it back, leave them alone.\nHeck, this should be a little faster since argument will be in the right\nplace!\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6a9de49115d5ff9871d953af1a5c8249e1585731", "tree": "eee3700ccc2ce26c566bfe99129e646fac9f983e", "parents": [ "2653812e14f4e16688ec8247d7fd290bdbbc4747" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:14 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:53 2012 -0500" }, "message": "capabilities: remove the task from capable LSM hook entirely\n\nThe capabilities framework is based around credentials, not necessarily the\ncurrent task. Yet we still passed the current task down into LSMs from the\nsecurity_capable() LSM hook as if it was a meaningful portion of the security\ndecision. This patch removes the \u0027generic\u0027 passing of current and instead\nforces individual LSMs to use current explicitly if they think it is\nappropriate. In our case those LSMs are SELinux and AppArmor.\n\nI believe the AppArmor use of current is incorrect, but that is wholely\nunrelated to this patch. This patch does not change what AppArmor does, it\njust makes it clear in the AppArmor code that it is doing it.\n\nThe SELinux code still uses current in it\u0027s audit message, which may also be\nwrong and needs further investigation. Again this is NOT a change, it may\nhave always been wrong, this patch just makes it clear what is happening.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "04fc66e789a896e684bfdca30208e57eb832dd96", "tree": "37c26bff07e48c8c25d147850b7906d0d1c79a81", "parents": [ "4572befe248fd0d94aedc98775e3f0ddc8a26651" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Nov 21 14:58:38 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:19 2012 -0500" }, "message": "switch -\u003epath_mknod() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4572befe248fd0d94aedc98775e3f0ddc8a26651", "tree": "2f4c4dabaebadb2790c8266a0434c7030c5f7cc0", "parents": [ "d179333f37d33533f4c77118f757b9e7835ccb7c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Nov 21 14:56:21 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:18 2012 -0500" }, "message": "switch -\u003epath_mkdir() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "52ef0c042bf06f6aef382fade175075627beebc1", "tree": "a1256aebfd835da4cb29a80f391112fea82bf38e", "parents": [ "910f4ecef3f67714ebff69d0bc34313e48afaed2" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 04:30:04 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:13 2012 -0500" }, "message": "switch securityfs_create_file() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "910f4ecef3f67714ebff69d0bc34313e48afaed2", "tree": "348fe3b5d8789a4c019a700da5501a4756f988de", "parents": [ "49f0a0767211d3076974e59a26f36b567cbe8621" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 04:25:58 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:13 2012 -0500" }, "message": "switch security_path_chmod() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1a67aafb5f72a436ca044293309fa7e6351d6a35", "tree": "d9e58600148de9d41b478cf815773b746647d15b", "parents": [ "4acdaf27ebe2034c342f3be57ef49aed1ad885ef" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 01:52:52 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:54:54 2012 -0500" }, "message": "switch -\u003emknod() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4acdaf27ebe2034c342f3be57ef49aed1ad885ef", "tree": "d89a876ee19cd88609a587f8aa6c464a52ee6d98", "parents": [ "18bb1db3e7607e4a997d50991a6f9fa5b0f8722c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 01:42:34 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:54:53 2012 -0500" }, "message": "switch -\u003ecreate() to umode_t\n\nvfs_create() ignores everything outside of 16bit subset of its\nmode argument; switching it to umode_t is obviously equivalent\nand it\u0027s the only caller of the method\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "18bb1db3e7607e4a997d50991a6f9fa5b0f8722c", "tree": "4ee4e584bc9a67f3ec14ce159d2d7d4a27e68d4a", "parents": [ "8208a22bb8bd3c52ef634b4ff194f14892ab1713" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 01:41:39 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:54:53 2012 -0500" }, "message": "switch vfs_mkdir() and -\u003emkdir() to umode_t\n\nvfs_mkdir() gets int, but immediately drops everything that might not\nfit into umode_t and that\u0027s the only caller of -\u003emkdir()...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "30e053248da178cf6154bb7e950dc8713567e3fa", "tree": "3ef4cb7f85f581fe53361ea0eb2586a8b6e696c2", "parents": [ "4376eee92e5a8332b470040e672ea99cd44c826a" ], "author": { "name": "Jan Kara", "email": "jack@suse.cz", "time": "Tue Jan 03 13:14:29 2012 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 03 16:12:19 2012 -0800" }, "message": "security: Fix security_old_inode_init_security() when CONFIG_SECURITY is not set\n\nCommit 1e39f384bb01 (\"evm: fix build problems\") makes the stub version\nof security_old_inode_init_security() return 0 when CONFIG_SECURITY is\nnot set.\n\nBut that makes callers such as reiserfs_security_init() assume that\nsecurity_old_inode_init_security() has set name, value, and len\narguments properly - but security_old_inode_init_security() left them\nuninitialized which then results in interesting failures.\n\nRevert security_old_inode_init_security() to the old behavior of\nreturning EOPNOTSUPP since both callers (reiserfs and ocfs2) handle this\njust fine.\n\n[ Also fixed the S_PRIVATE(inode) case of the actual non-stub\n security_old_inode_init_security() function to return EOPNOTSUPP\n for the same reason, as pointed out by Mimi Zohar.\n\n It got incorrectly changed to match the new function in commit\n fb88c2b6cbb1: \"evm: fix security/security_old_init_security return\n code\". - Linus ]\n\nReported-by: Jorge Bastos \u003cmysql.jorge@decimal.pt\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Jan Kara \u003cjack@suse.cz\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "114d6e9c103736487c967060d0a7aec9a7fce967", "tree": "4f1fb57be558104adfef77ed2173f14a536e5219", "parents": [ "2ff6fa8fafd6fa94029fa0558a6b85956930f1f5" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Mon Dec 19 11:32:56 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Dec 20 09:36:23 2011 +1100" }, "message": "security: update security_file_mmap() docs\n\nThis documents the fields added to security_file_mmap() that were\nintroduced in ed0321895182ffb6ecf210e066d87911b270d587.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1933ca8771585d43d3d2099c0c9ba7ca6b96e303", "tree": "098a648ed66081de4321786834192ad7bdbec065", "parents": [ "af7ff2c2c45e6c6d533dd968709732da3d1d48f8" ], "author": { "name": "Andrew Morton", "email": "akpm@linux-foundation.org", "time": "Tue Nov 15 15:11:44 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 16 11:30:56 2011 +1100" }, "message": "include/linux/security.h: fix security_inode_init_security() arg\n\nMake the security_inode_init_security() initxattrs arg const, to match the\nnon-stubbed version of that function.\n\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "11be0b3c18d654a8d5ed441fa9e988193a57c1d2", "tree": "33e5de55186308b3cf6f233c7565e97777b1a0b4", "parents": [ "f854b5bc264023b21bbcb4b358cd858d5d45a4cb" ], "author": { "name": "Vsevolod Alekseev", "email": "vsevolod.alekseev@gmx.com", "time": "Sat Nov 05 02:35:28 2011 -0700" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Sat Nov 05 20:59:16 2011 +0100" }, "message": "security.h: fix misc typos/grammar errors in comments\n\nFix various typos/grammar errors in include/linux/security.h comments (no code changes).\n\nSigned-off-by: Vsevolod Alekseev \u003cvsevolod.alekseev@gmx.com\u003e\nAcked-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "5dbe3040c74eef18e66951347eda05b153e69328", "tree": "72c9e5f77deae00f1234e488254d4898cab32027", "parents": [ "7b98a5857c3fa86cb0a7e5f893643491a8b5b425" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 13:48:53 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:33 2011 -0700" }, "message": "security: sparse fix: Move security_fixup_op to security.h\n\nFix sparse warning by moving declaraion to global header.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fc9ff9b7e3eaff3f49bc0fbbddfc1416212e888a", "tree": "bf2f9905f32040e7ad164dd9f2bff957af38b7b7", "parents": [ "852584157c55c1689bcf3809ea44b79870c3e409" ], "author": { "name": "rongqing.li@windriver.com", "email": "rongqing.li@windriver.com", "time": "Tue Sep 06 11:35:36 2011 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:40:31 2011 -0700" }, "message": "security: Fix a typo\n\nFix a typo.\n\nSigned-off-by: Roy.Li \u003crongqing.li@windriver.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1e39f384bb01b0395b69cb70c2cacae65012f203", "tree": "d80fa4881dd94a198a6a8c34212e04187dc136ab", "parents": [ "7d8db1808a2001077a9f966180c5e4f7cc20d4c7" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Aug 15 09:09:16 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 16 09:23:44 2011 +1000" }, "message": "evm: fix build problems\n\n- Make the previously missing security_old_inode_init_security() stub\n function definition static inline.\n\n- The stub security_inode_init_security() function previously returned\n -EOPNOTSUPP and relied on the callers to change it to 0. The stub\n security/security_old_inode_init_security() functions now return 0.\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e1c9b23adbe86c725738402857397d7a29f9d6ef", "tree": "746d85cd4518480507c7d01b4c25d39d4ef21805", "parents": [ "0b024d2446474c6a7c47573af5a35db83f557ce3" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Aug 11 00:22:51 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 11 17:42:07 2011 +1000" }, "message": "evm: building without EVM enabled fixes\n\n- Missing \u0027inline\u0027 on evm_inode_setattr() definition.\nIntroduced by commit 817b54aa45db (\"evm: add evm_inode_setattr to prevent\nupdating an invalid security.evm\").\n\n- Missing security_old_inode_init_security() stub function definition.\nCaused by commit 9d8f13ba3f48 (\"security: new security_inode_init_security\nAPI adds function callback\").\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5a2f3a02aea164f4f59c0c3497772090a411b462", "tree": "d3ebe03d4f97575290087843960baa01de3acd0a", "parents": [ "1d568ab068c021672d6cd7f50f92a3695a921ffb", "817b54aa45db03437c6d09a7693fc6926eb8e822" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 10:31:03 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 10:31:03 2011 +1000" }, "message": "Merge branch \u0027next-evm\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/ima-2.6 into next\n\nConflicts:\n\tfs/attr.c\n\nResolve conflict manually.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "eecdd358b467405a084d400d5ec571bbdbfe97a3", "tree": "357332873b909a19964e77dbae3c4aed5c100dc6", "parents": [ "cf1dd1dae851ce5765cda5de16aa965eef7c2dbf" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jun 20 19:48:41 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jul 20 01:43:29 2011 -0400" }, "message": "-\u003epermission() sanitizing: don\u0027t pass flags to exec_permission()\n\npass mask instead; kill security_inode_exec_permission() since we can use\nsecurity_inode_permission() instead.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e74f71eb78a4a8b9eaf1bc65f20f761648e85f76", "tree": "7bc7fc1344f5ed6e3ce8132b36125ef5cec6407c", "parents": [ "10556cb21a0d0b24d95f00ea6df16f599a3345b2" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jun 20 19:38:15 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jul 20 01:43:26 2011 -0400" }, "message": "-\u003epermission() sanitizing: don\u0027t pass flags to -\u003einode_permission()\n\npass that via mask instead.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9d8f13ba3f4833219e50767b022b82cd0da930eb", "tree": "3ba2367380d009111ea17696162a62320c88d144", "parents": [ "0f2a55d5bb2372058275b0b343d90dd5d640d045" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jun 06 15:29:25 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:38 2011 -0400" }, "message": "security: new security_inode_init_security API adds function callback\n\nThis patch changes the security_inode_init_security API by adding a\nfilesystem specific callback to write security extended attributes.\nThis change is in preparation for supporting the initialization of\nmultiple LSM xattrs and the EVM xattr. Initially the callback function\nwalks an array of xattrs, writing each xattr separately, but could be\noptimized to write multiple xattrs at once.\n\nFor existing security_inode_init_security() calls, which have not yet\nbeen converted to use the new callback function, such as those in\nreiserfs and ocfs2, this patch defines security_old_inode_init_security().\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "8c9e80ed276fc4b9c9fadf29d8bf6b3576112f1a", "tree": "7595dd217545593675d40f85cfb11d69697a8300", "parents": [ "8d082f8f3fb89e8a1fcb5120ad98cd9860c8a3e8" ], "author": { "name": "Andi Kleen", "email": "ak@linux.intel.com", "time": "Thu Apr 21 17:23:19 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Apr 22 16:17:29 2011 -0700" }, "message": "SECURITY: Move exec_permission RCU checks into security modules\n\nRight now all RCU walks fall back to reference walk when CONFIG_SECURITY\nis enabled, even though just the standard capability module is active.\nThis is because security_inode_exec_permission unconditionally fails\nRCU walks.\n\nMove this decision to the low level security module. This requires\npassing the RCU flags down the security hook. This way at least\nthe capability module and a few easy cases in selinux/smack work\nwith RCU walks with CONFIG_SECURITY\u003dy\n\nSigned-off-by: Andi Kleen \u003cak@linux.intel.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3486740a4f32a6a466f5ac931654d154790ba648", "tree": "ac5d968a66057fa84933b8f89fd3e916270dffed", "parents": [ "59607db367c57f515183cb203642291bb14d9c40" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Wed Mar 23 16:43:17 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:47:02 2011 -0700" }, "message": "userns: security: make capabilities relative to the user namespace\n\n- Introduce ns_capable to test for a capability in a non-default\n user namespace.\n- Teach cap_capable to handle capabilities in a non-default\n user namespace.\n\nThe motivation is to get to the unprivileged creation of new\nnamespaces. It looks like this gets us 90% of the way there, with\nonly potential uid confusion issues left.\n\nI still need to handle getting all caps after creation but otherwise I\nthink I have a good starter patch that achieves all of your goals.\n\nChangelog:\n\t11/05/2010: [serge] add apparmor\n\t12/14/2010: [serge] fix capabilities to created user namespaces\n\tWithout this, if user serge creates a user_ns, he won\u0027t have\n\tcapabilities to the user_ns he created. THis is because we\n\twere first checking whether his effective caps had the caps\n\the needed and returning -EPERM if not, and THEN checking whether\n\the was the creator. Reverse those checks.\n\t12/16/2010: [serge] security_real_capable needs ns argument in !security case\n\t01/11/2011: [serge] add task_ns_capable helper\n\t01/11/2011: [serge] add nsown_capable() helper per Bastian Blank suggestion\n\t02/16/2011: [serge] fix a logic bug: the root user is always creator of\n\t\t init_user_ns, but should not always have capabilities to\n\t\t it! Fix the check in cap_capable().\n\t02/21/2011: Add the required user_ns parameter to security_capable,\n\t\t fixing a compile failure.\n\t02/23/2011: Convert some macros to functions as per akpm comments. Some\n\t\t couldn\u0027t be converted because we can\u0027t easily forward-declare\n\t\t them (they are inline if !SECURITY, extern if SECURITY). Add\n\t\t a current_user_ns function so we can use it in capability.h\n\t\t without #including cred.h. Move all forward declarations\n\t\t together to the top of the #ifdef __KERNEL__ section, and use\n\t\t kernel-doc format.\n\t02/23/2011: Per dhowells, clean up comment in cap_capable().\n\t02/23/2011: Per akpm, remove unreachable \u0027return -EPERM\u0027 in cap_capable.\n\n(Original written and signed off by Eric; latest, modified version\nacked by him)\n\n[akpm@linux-foundation.org: fix build]\n[akpm@linux-foundation.org: export current_user_ns() for ecryptfs]\n[serge.hallyn@canonical.com: remove unneeded extra argument in selinux\u0027s task_has_capability]\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7a6362800cb7d1d618a697a650c7aaed3eb39320", "tree": "087f9bc6c13ef1fad4b392c5cf9325cd28fa8523", "parents": [ "6445ced8670f37cfc2c5e24a9de9b413dbfc788d", "ceda86a108671294052cbf51660097b6534672f5" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 16 16:29:25 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 16 16:29:25 2011 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1480 commits)\n bonding: enable netpoll without checking link status\n xfrm: Refcount destination entry on xfrm_lookup\n net: introduce rx_handler results and logic around that\n bonding: get rid of IFF_SLAVE_INACTIVE netdev-\u003epriv_flag\n bonding: wrap slave state work\n net: get rid of multiple bond-related netdevice-\u003epriv_flags\n bonding: register slave pointer for rx_handler\n be2net: Bump up the version number\n be2net: Copyright notice change. Update to Emulex instead of ServerEngines\n e1000e: fix kconfig for crc32 dependency\n netfilter ebtables: fix xt_AUDIT to work with ebtables\n xen network backend driver\n bonding: Improve syslog message at device creation time\n bonding: Call netif_carrier_off after register_netdevice\n bonding: Incorrect TX queue offset\n net_sched: fix ip_tos2prio\n xfrm: fix __xfrm_route_forward()\n be2net: Fix UDP packet detected status in RX compl\n Phonet: fix aligned-mode pipe socket buffer header reserve\n netxen: support for GbE port settings\n ...\n\nFix up conflicts in drivers/staging/brcm80211/brcmsmac/wl_mac80211.c\nwith the staging updates.\n" }, { "commit": "0f6e0e8448a16d8d22119ce91d8dd24b44865b51", "tree": "7c295c02db035fc6a0b867465911a2bc9dc6b1ef", "parents": [ "0d2ecee2bdb2a19d04bc5cefac0f86e790f1aad4", "a002951c97ff8da49938c982a4c236bf2fafdc9f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 16 09:15:43 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 16 09:15:43 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (33 commits)\n AppArmor: kill unused macros in lsm.c\n AppArmor: cleanup generated files correctly\n KEYS: Add an iovec version of KEYCTL_INSTANTIATE\n KEYS: Add a new keyctl op to reject a key with a specified error code\n KEYS: Add a key type op to permit the key description to be vetted\n KEYS: Add an RCU payload dereference macro\n AppArmor: Cleanup make file to remove cruft and make it easier to read\n SELinux: implement the new sb_remount LSM hook\n LSM: Pass -o remount options to the LSM\n SELinux: Compute SID for the newly created socket\n SELinux: Socket retains creator role and MLS attribute\n SELinux: Auto-generate security_is_socket_class\n TOMOYO: Fix memory leak upon file open.\n Revert \"selinux: simplify ioctl checking\"\n selinux: drop unused packet flow permissions\n selinux: Fix packet forwarding checks on postrouting\n selinux: Fix wrong checks for selinux_policycap_netpeer\n selinux: Fix check for xfrm selinux context algorithm\n ima: remove unnecessary call to ima_must_measure\n IMA: remove IMA imbalance checking\n ...\n" }, { "commit": "420c1c572d4ceaa2f37b6311b7017ac6cf049fe2", "tree": "df04e6b4b756b7a46d9887462d54a3ad0e1f91d5", "parents": [ "9620639b7ea3843983f4ced8b4c81eb4d8974838", "6e6823d17b157f185be09f4c70181299f9273f0b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Mar 15 18:53:35 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Mar 15 18:53:35 2011 -0700" }, "message": "Merge branch \u0027timers-core-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip\n\n* \u0027timers-core-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (62 commits)\n posix-clocks: Check write permissions in posix syscalls\n hrtimer: Remove empty hrtimer_init_hres_timer()\n hrtimer: Update hrtimer-\u003estate documentation\n hrtimer: Update base[CLOCK_BOOTTIME].offset correctly\n timers: Export CLOCK_BOOTTIME via the posix timers interface\n timers: Add CLOCK_BOOTTIME hrtimer base\n time: Extend get_xtime_and_monotonic_offset() to also return sleep\n time: Introduce get_monotonic_boottime and ktime_get_boottime\n hrtimers: extend hrtimer base code to handle more then 2 clockids\n ntp: Remove redundant and incorrect parameter check\n mn10300: Switch do_timer() to xtimer_update()\n posix clocks: Introduce dynamic clocks\n posix-timers: Cleanup namespace\n posix-timers: Add support for fd based clocks\n x86: Add clock_adjtime for x86\n posix-timers: Introduce a syscall for clock tuning.\n time: Splitout compat timex accessors\n ntp: Add ADJ_SETOFFSET mode bit\n time: Introduce timekeeping_inject_offset\n posix-timer: Update comment\n ...\n\nFix up new system-call-related conflicts in\n\tarch/x86/ia32/ia32entry.S\n\tarch/x86/include/asm/unistd_32.h\n\tarch/x86/include/asm/unistd_64.h\n\tarch/x86/kernel/syscall_table_32.S\n(name_to_handle_at()/open_by_handle_at() vs clock_adjtime()), and some\ndue to movement of get_jiffies_64() in:\n\tkernel/time.c\n" }, { "commit": "fe3fa43039d47ee4e22caf460b79b62a14937f79", "tree": "9eab8d00f1227b9fe0959f32a62d892ed35803ba", "parents": [ "ee009e4a0d4555ed522a631bae9896399674f064", "026eb167ae77244458fa4b4b9fc171209c079ba7" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:38:10 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:38:10 2011 +1100" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into next\n" }, { "commit": "ff36fe2c845cab2102e4826c1ffa0a6ebf487c65", "tree": "d61f4c65bc51e6455f0cb5a3d03fab41d0f83169", "parents": [ "2ad18bdf3b8f84c85c7da7e4de365f7c5701fb3f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 16:09:14 2011 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 16:12:27 2011 -0500" }, "message": "LSM: Pass -o remount options to the LSM\n\nThe VFS mount code passes the mount options to the LSM. The LSM will remove\noptions it understands from the data and the VFS will then pass the remaining\noptions onto the underlying filesystem. This is how options like the\nSELinux context\u003d work. The problem comes in that -o remount never calls\ninto LSM code. So if you include an LSM specific option it will get passed\nto the filesystem and will cause the remount to fail. An example of where\nthis is a problem is the \u0027seclabel\u0027 option. The SELinux LSM hook will\nprint this word in /proc/mounts if the filesystem is being labeled using\nxattrs. If you pass this word on mount it will be silently stripped and\nignored. But if you pass this word on remount the LSM never gets called\nand it will be passed to the FS. The FS doesn\u0027t know what seclabel means\nand thus should fail the mount. For example an ext3 fs mounted over loop\n\n# mount -o loop /tmp/fs /mnt/tmp\n# cat /proc/mounts | grep /mnt/tmp\n/dev/loop0 /mnt/tmp ext3 rw,seclabel,relatime,errors\u003dcontinue,barrier\u003d0,data\u003dordered 0 0\n# mount -o remount /mnt/tmp\nmount: /mnt/tmp not mounted already, or bad option\n# dmesg\nEXT3-fs (loop0): error: unrecognized mount option \"seclabel\" or missing value\n\nThis patch passes the remount mount options to an new LSM hook.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e33f770426674a565a188042caf3f974f8b3722d", "tree": "6ee309a1cbccec1cef9972fc6c8f8d9b280978f5", "parents": [ "e1ad2ab2cf0cabcd81861e2c61870fc27bb27ded" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 22 18:13:15 2011 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 22 18:13:15 2011 -0800" }, "message": "xfrm: Mark flowi arg to security_xfrm_state_pol_flow_match() const.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6037b715d6fab139742c3df8851db4c823081561", "tree": "aba9e9427debd4fa5b904daefa8e71a6320f4b93", "parents": [ "deabb19ba4bd8c06ae69bc262e3594b515e3a459" ], "author": { "name": "Chris Wright", "email": "chrisw@sous-sol.org", "time": "Wed Feb 09 22:11:51 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 11 17:41:58 2011 +1100" }, "message": "security: add cred argument to security_capable()\n\nExpand security_capable() to include cred, so that it can be usable in a\nwider range of call sites.\n\nSigned-off-by: Chris Wright \u003cchrisw@sous-sol.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1e6d767924c74929c0cfe839ae8f37bcee9e544e", "tree": "4ace06971e2b3519e556bea2f7e3e999e860eedd", "parents": [ "7cf37e87dd2cfa17a64f28ea7f31eed4525f79e4" ], "author": { "name": "Richard Cochran", "email": "richard.cochran@omicron.at", "time": "Tue Feb 01 13:50:58 2011 +0000" }, "committer": { "name": "Thomas Gleixner", "email": "tglx@linutronix.de", "time": "Wed Feb 02 15:28:11 2011 +0100" }, "message": "time: Correct the *settime* parameters\n\nBoth settimeofday() and clock_settime() promise with a \u0027const\u0027\nattribute not to alter the arguments passed in. This patch adds the\nmissing \u0027const\u0027 attribute into the various kernel functions\nimplementing these calls.\n\nSigned-off-by: Richard Cochran \u003crichard.cochran@omicron.at\u003e\nAcked-by: John Stultz \u003cjohnstul@us.ibm.com\u003e\nLKML-Reference: \u003c20110201134417.545698637@linutronix.de\u003e\nSigned-off-by: Thomas Gleixner \u003ctglx@linutronix.de\u003e\n" }, { "commit": "4916ca401e3051dad326ddd69765bd0e3f32fb9b", "tree": "593778babcd691a498a909a5eaf462f29d241cf6", "parents": [ "8e6c96935fcc1ed3dbebc96fddfef3f2f2395afc" ], "author": { "name": "Lucian Adrian Grijincu", "email": "lucian.grijincu@gmail.com", "time": "Tue Feb 01 18:44:56 2011 +0200" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 01 11:54:02 2011 -0500" }, "message": "security: remove unused security_sysctl hook\n\nThe only user for this hook was selinux. sysctl routes every call\nthrough /proc/sys/. Selinux and other security modules use the file\nsystem checks for sysctl too, so no need for this hook any more.\n\nSigned-off-by: Lucian Adrian Grijincu \u003clucian.grijincu@gmail.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2a7dba391e5628ad665ce84ef9a6648da541ebab", "tree": "ba0722bd74d2c883dbda7ff721850bab411cac04", "parents": [ "821404434f3324bf23f545050ff64055a149766e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 01 11:05:39 2011 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 01 11:12:29 2011 -0500" }, "message": "fs/vfs/security: pass last path component to LSM on inode creation\n\nSELinux would like to implement a new labeling behavior of newly created\ninodes. We currently label new inodes based on the parent and the creating\nprocess. This new behavior would also take into account the name of the\nnew object when deciding the new label. This is not the (supposed) full path,\njust the last component of the path.\n\nThis is very useful because creating /etc/shadow is different than creating\n/etc/passwd but the kernel hooks are unable to differentiate these\noperations. We currently require that userspace realize it is doing some\ndifficult operation like that and than userspace jumps through SELinux hoops\nto get things set up correctly. This patch does not implement new\nbehavior, that is obviously contained in a seperate SELinux patch, but it\ndoes pass the needed name down to the correct LSM hook. If no such name\nexists it is fine to pass NULL.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "d2e7ad19229f982fc1eb731827d82ceac90abfb3", "tree": "98a3741b4d4b27a48b3c7ea9babe331e539416a8", "parents": [ "d03a5d888fb688c832d470b749acc5ed38e0bc1d", "0c21e3aaf6ae85bee804a325aa29c325209180fd" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 10 09:46:24 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 10 09:46:24 2011 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n\nConflicts:\n\tsecurity/smack/smack_lsm.c\n\nVerified and added fix by Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nOk\u0027d by Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b4a45f5fe8078bfc10837dbd5b98735058bc4698", "tree": "df6f13a27610a3ec7eb4a661448cd779a8f84c79", "parents": [ "01539ba2a706ab7d35fc0667dff919ade7f87d63", "b3e19d924b6eaf2ca7d22cba99a517c5171007b6" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 07 08:56:33 2011 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 07 08:56:33 2011 -0800" }, "message": "Merge branch \u0027vfs-scale-working\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/npiggin/linux-npiggin\n\n* \u0027vfs-scale-working\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/npiggin/linux-npiggin: (57 commits)\n fs: scale mntget/mntput\n fs: rename vfsmount counter helpers\n fs: implement faster dentry memcmp\n fs: prefetch inode data in dcache lookup\n fs: improve scalability of pseudo filesystems\n fs: dcache per-inode inode alias locking\n fs: dcache per-bucket dcache hash locking\n bit_spinlock: add required includes\n kernel: add bl_list\n xfs: provide simple rcu-walk ACL implementation\n btrfs: provide simple rcu-walk ACL implementation\n ext2,3,4: provide simple rcu-walk ACL implementation\n fs: provide simple rcu-walk generic_check_acl implementation\n fs: provide rcu-walk aware permission i_ops\n fs: rcu-walk aware d_revalidate method\n fs: cache optimise dentry and inode for rcu-walk\n fs: dcache reduce branches in lookup path\n fs: dcache remove d_mounted\n fs: fs_struct use seqlock\n fs: rcu-walk for path lookup\n ...\n" }, { "commit": "31e6b01f4183ff419a6d1f86177cbf4662347cec", "tree": "e215ec9af88352c55e024f784f3d9f8eb13fab85", "parents": [ "3c22cd5709e8143444a6d08682a87f4c57902df3" ], "author": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Fri Jan 07 17:49:52 2011 +1100" }, "committer": { "name": "Nick Piggin", "email": "npiggin@kernel.dk", "time": "Fri Jan 07 17:50:27 2011 +1100" }, "message": "fs: rcu-walk for path lookup\n\nPerform common cases of path lookups without any stores or locking in the\nancestor dentry elements. This is called rcu-walk, as opposed to the current\nalgorithm which is a refcount based walk, or ref-walk.\n\nThis results in far fewer atomic operations on every path element,\nsignificantly improving path lookup performance. It also avoids cacheline\nbouncing on common dentries, significantly improving scalability.\n\nThe overall design is like this:\n* LOOKUP_RCU is set in nd-\u003eflags, which distinguishes rcu-walk from ref-walk.\n* Take the RCU lock for the entire path walk, starting with the acquiring\n of the starting path (eg. root/cwd/fd-path). So now dentry refcounts are\n not required for dentry persistence.\n* synchronize_rcu is called when unregistering a filesystem, so we can\n access d_ops and i_ops during rcu-walk.\n* Similarly take the vfsmount lock for the entire path walk. So now mnt\n refcounts are not required for persistence. Also we are free to perform mount\n lookups, and to assume dentry mount points and mount roots are stable up and\n down the path.\n* Have a per-dentry seqlock to protect the dentry name, parent, and inode,\n so we can load this tuple atomically, and also check whether any of its\n members have changed.\n* Dentry lookups (based on parent, candidate string tuple) recheck the parent\n sequence after the child is found in case anything changed in the parent\n during the path walk.\n* inode is also RCU protected so we can load d_inode and use the inode for\n limited things.\n* i_mode, i_uid, i_gid can be tested for exec permissions during path walk.\n* i_op can be loaded.\n\nWhen we reach the destination dentry, we lock it, recheck lookup sequence,\nand increment its refcount and mountpoint refcount. RCU and vfsmount locks\nare dropped. This is termed \"dropping rcu-walk\". If the dentry refcount does\nnot match, we can not drop rcu-walk gracefully at the current point in the\nlokup, so instead return -ECHILD (for want of a better errno). This signals the\npath walking code to re-do the entire lookup with a ref-walk.\n\nAside from the final dentry, there are other situations that may be encounted\nwhere we cannot continue rcu-walk. In that case, we drop rcu-walk (ie. take\na reference on the last good dentry) and continue with a ref-walk. Again, if\nwe can drop rcu-walk gracefully, we return -ECHILD and do the whole lookup\nusing ref-walk. But it is very important that we can continue with ref-walk\nfor most cases, particularly to avoid the overhead of double lookups, and to\ngain the scalability advantages on common path elements (like cwd and root).\n\nThe cases where rcu-walk cannot continue are:\n* NULL dentry (ie. any uncached path element)\n* parent with d_inode-\u003ei_op-\u003epermission or ACLs\n* dentries with d_revalidate\n* Following links\n\nIn future patches, permission checks and d_revalidate become rcu-walk aware. It\nmay be possible eventually to make following links rcu-walk aware.\n\nUncached path elements will always require dropping to ref-walk mode, at the\nvery least because i_mutex needs to be grabbed, and objects allocated.\n\nSigned-off-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\n" }, { "commit": "3610cda53f247e176bcbb7a7cca64bc53b12acdb", "tree": "d780bc1e405116e75a194b2f4693a6f9bbe9f58f", "parents": [ "44b8288308ac9da27eab7d7bdbf1375a568805c3" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Jan 05 15:38:53 2011 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Jan 05 15:38:53 2011 -0800" }, "message": "af_unix: Avoid socket-\u003esk NULL OOPS in stream connect security hooks.\n\nunix_release() can asynchornously set socket-\u003esk to NULL, and\nit does so without holding the unix_state_lock() on \"other\"\nduring stream connects.\n\nHowever, the reverse mapping, sk-\u003esk_socket, is only transitioned\nto NULL under the unix_state_lock().\n\nTherefore make the security hooks follow the reverse mapping instead\nof the forward mapping.\n\nReported-by: Jeremy Fitzhardinge \u003cjeremy@goop.org\u003e\nReported-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ad9c2b048b605fbc8d50526e330b88abdd631ab2", "tree": "94e74e0b37829c7f124408f4a9995240d919e009", "parents": [ "93ae86e759299718c611bc543b9b1633bf32905a" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Nov 30 11:06:47 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 01 09:12:27 2010 +1100" }, "message": "security: Fix comment of security_key_permission\n\nComment for return value of security_key_permission() has been wrong\nsince it was added in 2.6.15.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "12b3052c3ee8f508b2c7ee4ddd63ed03423409d8", "tree": "b97d0f209f363cfad94ce9d075312274e349da89", "parents": [ "6800e4c0ea3e96cf78953b8b5743381cb1bb9e37" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 15 18:36:29 2010 -0500" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Nov 15 15:40:01 2010 -0800" }, "message": "capabilities/syslog: open code cap_syslog logic to fix build failure\n\nThe addition of CONFIG_SECURITY_DMESG_RESTRICT resulted in a build\nfailure when CONFIG_PRINTK\u003dn. This is because the capabilities code\nwhich used the new option was built even though the variable in question\ndidn\u0027t exist.\n\nThe patch here fixes this by moving the capabilities checks out of the\nLSM and into the caller. All (known) LSMs should have been calling the\ncapabilities hook already so it actually makes the code organization\nbetter to eliminate the hook altogether.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d5630b9d276bd389299ffea620b7c340ab19bcf5", "tree": "4e97cadf12518fb107f9e7140fa94343bd6643f5", "parents": [ "2606fd1fa5710205b23ee859563502aa18362447" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Oct 13 16:24:48 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:50 2010 +1100" }, "message": "security: secid_to_secctx returns len when data is NULL\n\nWith the (long ago) interface change to have the secid_to_secctx functions\ndo the string allocation instead of having the caller do the allocation we\nlost the ability to query the security server for the length of the\nupcoming string. The SECMARK code would like to allocate a netlink skb\nwith enough length to hold the string but it is just too unclean to do the\nstring allocation twice or to do the allocation the first time and hold\nonto the string and slen. This patch adds the ability to call\nsecurity_secid_to_secctx() with a NULL data pointer and it will just set\nthe slen pointer.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2606fd1fa5710205b23ee859563502aa18362447", "tree": "f79becd7010a2da1a765829fce0e09327cd50531", "parents": [ "15714f7b58011cf3948cab2988abea560240c74f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Oct 13 16:24:41 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:48 2010 +1100" }, "message": "secmark: make secmark object handling generic\n\nRight now secmark has lots of direct selinux calls. Use all LSM calls and\nremove all SELinux specific knowledge. The only SELinux specific knowledge\nwe leave is the mode. The only point is to make sure that other LSMs at\nleast test this generic code before they assume it works. (They may also\nhave to make changes if they do not represent labels as strings)\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b0ae19811375031ae3b3fecc65b702a9c6e5cc28", "tree": "a765b71155fbed1ed3a3cff35c1044ad49a002ae", "parents": [ "9b3056cca09529d34af2d81305b2a9c6b622ca1b" ], "author": { "name": "KOSAKI Motohiro", "email": "kosaki.motohiro@jp.fujitsu.com", "time": "Fri Oct 15 04:21:18 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:44 2010 +1100" }, "message": "security: remove unused parameter from security_task_setscheduler()\n\nAll security modules shouldn\u0027t change sched_param parameter of\nsecurity_task_setscheduler(). This is not only meaningless, but also\nmake a harmful result if caller pass a static variable.\n\nThis patch remove policy and sched_param parameter from\nsecurity_task_setscheduler() becuase none of security module is\nusing it.\n\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: KOSAKI Motohiro \u003ckosaki.motohiro@jp.fujitsu.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b34d8915c413acb51d837a45fb8747b61f65c020", "tree": "ced5fac166324634653d84b1afe2b958b3904f4d", "parents": [ "e8a89cebdbaab14caaa26debdb4ffd493b8831af", "f33ebbe9da2c3c24664a0ad4f8fd83f293547e63" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 10 12:07:51 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 10 12:07:51 2010 -0700" }, "message": "Merge branch \u0027writable_limits\u0027 of git://decibel.fi.muni.cz/~xslaby/linux\n\n* \u0027writable_limits\u0027 of git://decibel.fi.muni.cz/~xslaby/linux:\n unistd: add __NR_prlimit64 syscall numbers\n rlimits: implement prlimit64 syscall\n rlimits: switch more rlimit syscalls to do_prlimit\n rlimits: redo do_setrlimit to more generic do_prlimit\n rlimits: add rlimit64 structure\n rlimits: do security check under task_lock\n rlimits: allow setrlimit to non-current tasks\n rlimits: split sys_setrlimit\n rlimits: selinux, do rlimits changes under task_lock\n rlimits: make sure -\u003erlim_max never grows in sys_setrlimit\n rlimits: add task_struct to update_rlimit_cpu\n rlimits: security, add task_struct to setrlimit\n\nFix up various system call number conflicts. We not only added fanotify\nsystem calls in the meantime, but asm-generic/unistd.h added a wait4\nalong with a range of reserved per-architecture system calls.\n" }, { "commit": "8c8946f509a494769a8c602b5ed189df01917d39", "tree": "dfd96bd6ca5ea6803c6d77f65ba37e04f78b2d3b", "parents": [ "5f248c9c251c60af3403902b26e08de43964ea0b", "1968f5eed54ce47bde488fd9a450912e4a2d7138" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 10 11:39:13 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 10 11:39:13 2010 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.infradead.org/users/eparis/notify\n\n* \u0027for-linus\u0027 of git://git.infradead.org/users/eparis/notify: (132 commits)\n fanotify: use both marks when possible\n fsnotify: pass both the vfsmount mark and inode mark\n fsnotify: walk the inode and vfsmount lists simultaneously\n fsnotify: rework ignored mark flushing\n fsnotify: remove global fsnotify groups lists\n fsnotify: remove group-\u003emask\n fsnotify: remove the global masks\n fsnotify: cleanup should_send_event\n fanotify: use the mark in handler functions\n audit: use the mark in handler functions\n dnotify: use the mark in handler functions\n inotify: use the mark in handler functions\n fsnotify: send fsnotify_mark to groups in event handling functions\n fsnotify: Exchange list heads instead of moving elements\n fsnotify: srcu to protect read side of inode and vfsmount locks\n fsnotify: use an explicit flag to indicate fsnotify_destroy_mark has been called\n fsnotify: use _rcu functions for mark list traversal\n fsnotify: place marks on object in order of group memory address\n vfs/fsnotify: fsnotify_close can delay the final work in fput\n fsnotify: store struct file not struct path\n ...\n\nFix up trivial delete/modify conflict in fs/notify/inotify/inotify.c.\n" }, { "commit": "ea0d3ab239fba48d6e998b19c28d78f765963007", "tree": "c1e20273bf121a4f404ca7ac2a012161b0e0201e", "parents": [ "3e62cbb8436f6c0cb799c8b7f106de7f662a7b8d" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jun 02 13:24:43 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:33:40 2010 +1000" }, "message": "LSM: Remove unused arguments from security_path_truncate().\n\nWhen commit be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d \"introduce new LSM hooks\nwhere vfsmount is available.\" was proposed, regarding security_path_truncate(),\nonly \"struct file *\" argument (which AppArmor wanted to use) was removed.\nBut length and time_attrs arguments are not used by TOMOYO nor AppArmor.\nThus, let\u0027s remove these arguments.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Nick Piggin \u003cnpiggin@suse.de\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c4ec54b40d33f8016fea970a383cc584dd0e6019", "tree": "8e8865170cf340d1e79dc379f56417588715b2c8", "parents": [ "d14f1729483fad3a8817fbbcbd017678b7d1ad26" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Dec 17 21:24:34 2009 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jul 28 09:59:01 2010 -0400" }, "message": "fsnotify: new fsnotify hooks and events types for access decisions\n\nintroduce a new fsnotify hook, fsnotify_perm(), which is called from the\nsecurity code. This hook is used to allow fsnotify groups to make access\ncontrol decisions about events on the system. We also must change the\ngeneric fsnotify function to return an error code if we intend these hooks\nto be in any way useful.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "8fd00b4d7014b00448eb33cf0590815304769798", "tree": "f97cc5b4401dd038e539dae7ad66066383012866", "parents": [ "2f7989efd4398d92b8adffce2e07dd043a0895fe" ], "author": { "name": "Jiri Slaby", "email": "jirislaby@gmail.com", "time": "Wed Aug 26 18:41:16 2009 +0200" }, "committer": { "name": "Jiri Slaby", "email": "jirislaby@gmail.com", "time": "Fri Jul 16 09:48:45 2010 +0200" }, "message": "rlimits: security, add task_struct to setrlimit\n\nAdd task_struct to task_setrlimit of security_operations to be able to set\nrlimit of task other than current.\n\nSigned-off-by: Jiri Slaby \u003cjirislaby@gmail.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0ffbe2699cda6afbe08501098dff8a8c2fe6ae09", "tree": "81b1a2305d16c873371b65c5a863c0268036cefe", "parents": [ "4e5d6f7ec3833c0da9cf34fa5c53c6058c5908b6", "7ebd467551ed6ae200d7835a84bbda0dcadaa511" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 10:56:07 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 10:56:07 2010 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "05b90496f2f366b9d3eea468351888ddf010782a", "tree": "5c6b3c5167d4577043e74bb8590a6a4ed48c0bdf", "parents": [ "3011a344cdcda34cdbcb40c3fb3d1a6e89954abb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:15:25 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 12 12:19:19 2010 +1000" }, "message": "security: remove dead hook acct\n\nUnused hook. Remove.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3011a344cdcda34cdbcb40c3fb3d1a6e89954abb", "tree": "43db9abc5f96cd8ec31a4a24f0d52dae76680a1c", "parents": [ "6307f8fee295b364716d28686df6e69c2fee751a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:15:19 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 12 12:19:18 2010 +1000" }, "message": "security: remove dead hook key_session_to_parent\n\nUnused hook. Remove.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6307f8fee295b364716d28686df6e69c2fee751a", "tree": "da2d51edcca32dd71c2a3a6f74bf56e88a60293f", "parents": [ "06ad187e280e725e356c62c3a30ddcd01564f8be" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:15:13 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 12 12:19:18 2010 +1000" }, "message": "security: remove dead hook task_setgroups\n\nUnused hook. Remove.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "06ad187e280e725e356c62c3a30ddcd01564f8be", "tree": "5406ae3382d62971ed8b981533075657aa18d16b", "parents": [ "43ed8c3b4573d5f5cd314937fee63b4ab046ac5f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:15:08 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 12 12:19:17 2010 +1000" }, "message": "security: remove dead hook task_setgid\n\nUnused hook. Remove.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "43ed8c3b4573d5f5cd314937fee63b4ab046ac5f", "tree": "bb3f094daa6f0c3f49c4c47fb5ac1c80a26e9698", "parents": [ "0968d0060a3c885e53d453380266c7792a55d302" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:15:02 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 12 12:19:16 2010 +1000" }, "message": "security: remove dead hook task_setuid\n\nUnused hook. Remove.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0968d0060a3c885e53d453380266c7792a55d302", "tree": "b8511f3bf4aa4cfb21421ab5dde8346f0119dbe3", "parents": [ "9d5ed77dadc66a72b40419c91df942adfa55a102" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:14:56 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 12 12:19:15 2010 +1000" }, "message": "security: remove dead hook cred_commit\n\nUnused hook. Remove.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9d5ed77dadc66a72b40419c91df942adfa55a102", "tree": "eb55062edf757a7b7fe707adda7178181f8a4427", "parents": [ "91a9420f5826db482030c21eca8c507271bbc441" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:14:50 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 12 12:19:15 2010 +1000" }, "message": "security: remove dead hook inode_delete\n\nUnused hook. Remove.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "91a9420f5826db482030c21eca8c507271bbc441", "tree": "e5e400622884c8c0cd373c51ee4a3822c853aaa5", "parents": [ "3db291017753e539af64c8bab373785f34e43ed2" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:14:45 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 12 12:18:32 2010 +1000" }, "message": "security: remove dead hook sb_post_pivotroot\n\nUnused hook. Remove.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3db291017753e539af64c8bab373785f34e43ed2", "tree": "e6759c7dea1774465b6bf2860a0c2f283c0b34fa", "parents": [ "82dab10453d65ad9ca551de5b8925673ca05c7e9" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:14:39 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 12 12:18:31 2010 +1000" }, "message": "security: remove dead hook sb_post_addmount\n\nUnused hook. Remove.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "82dab10453d65ad9ca551de5b8925673ca05c7e9", "tree": "942bf24adb67b534fa3080dbbfa1ffe33b7c16bd", "parents": [ "4b61d12c84293ac061909f27f567c1905e4d90e3" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:14:33 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 12 12:18:30 2010 +1000" }, "message": "security: remove dead hook sb_post_remount\n\nUnused hook. Remove.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4b61d12c84293ac061909f27f567c1905e4d90e3", "tree": "dfab10311d1b6be7667600307c72379c6779d32d", "parents": [ "231923bd0e06cba69f7c2028f4a68602b8d22160" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:14:27 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 12 12:18:30 2010 +1000" }, "message": "security: remove dead hook sb_umount_busy\n\nUnused hook. Remove.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "231923bd0e06cba69f7c2028f4a68602b8d22160", "tree": "91e3864e87f3de86de8ad0ed55a829cbdf797545", "parents": [ "353633100d8d684ac0acae4ce93fb833f92881f4" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:14:21 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 12 12:18:29 2010 +1000" }, "message": "security: remove dead hook sb_umount_close\n\nUnused hook. Remove.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "353633100d8d684ac0acae4ce93fb833f92881f4", "tree": "d45effdd09f5ef2f2c44bbcfcca8751cc5cdbd7d", "parents": [ "c1a7368a6f0b18b10fdec87972da680ebdf03794" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 07 15:14:15 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Apr 12 12:18:28 2010 +1000" }, "message": "security: remove sb_check_sb hooks\n\nUnused hook. Remove it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5a0e3ad6af8660be21ca98a971cd00f331318c05", "tree": "5bfb7be11a03176a87296a43ac6647975c00a1d1", "parents": [ "ed391f4ebf8f701d3566423ce8f17e614cde9806" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 24 17:04:11 2010 +0900" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Mar 30 22:02:32 2010 +0900" }, "message": "include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h\n\npercpu.h is included by sched.h and module.h and thus ends up being\nincluded when building most .c files. percpu.h includes slab.h which\nin turn includes gfp.h making everything defined by the two files\nuniversally available and complicating inclusion dependencies.\n\npercpu.h -\u003e slab.h dependency is about to be removed. Prepare for\nthis change by updating users of gfp and slab facilities include those\nheaders directly instead of assuming availability. As this conversion\nneeds to touch large number of source files, the following script is\nused as the basis of conversion.\n\n http://userweb.kernel.org/~tj/misc/slabh-sweep.py\n\nThe script does the followings.\n\n* Scan files for gfp and slab usages and update includes such that\n only the necessary includes are there. ie. if only gfp is used,\n gfp.h, if slab is used, slab.h.\n\n* When the script inserts a new include, it looks at the include\n blocks and try to put the new include such that its order conforms\n to its surrounding. It\u0027s put in the include block which contains\n core kernel includes, in the same order that the rest are ordered -\n alphabetical, Christmas tree, rev-Xmas-tree or at the end if there\n doesn\u0027t seem to be any matching order.\n\n* If the script can\u0027t find a place to put a new include (mostly\n because the file doesn\u0027t have fitting include block), it prints out\n an error message indicating which .h file needs to be added to the\n file.\n\nThe conversion was done in the following steps.\n\n1. The initial automatic conversion of all .c files updated slightly\n over 4000 files, deleting around 700 includes and adding ~480 gfp.h\n and ~3000 slab.h inclusions. The script emitted errors for ~400\n files.\n\n2. Each error was manually checked. Some didn\u0027t need the inclusion,\n some needed manual addition while adding it to implementation .h or\n embedding .c file was more appropriate for others. This step added\n inclusions to around 150 files.\n\n3. The script was run again and the output was compared to the edits\n from #2 to make sure no file was left behind.\n\n4. Several build tests were done and a couple of problems were fixed.\n e.g. lib/decompress_*.c used malloc/free() wrappers around slab\n APIs requiring slab.h to be added manually.\n\n5. The script was run on all .h files but without automatically\n editing them as sprinkling gfp.h and slab.h inclusions around .h\n files could easily lead to inclusion dependency hell. Most gfp.h\n inclusion directives were ignored as stuff from gfp.h was usually\n wildly available and often used in preprocessor macros. Each\n slab.h inclusion directive was examined and added manually as\n necessary.\n\n6. percpu.h was updated not to include slab.h.\n\n7. Build test were done on the following configurations and failures\n were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my\n distributed build env didn\u0027t work with gcov compiles) and a few\n more options had to be turned off depending on archs to make things\n build (like ipr on powerpc/64 which failed due to missing writeq).\n\n * x86 and x86_64 UP and SMP allmodconfig and a custom test config.\n * powerpc and powerpc64 SMP allmodconfig\n * sparc and sparc64 SMP allmodconfig\n * ia64 SMP allmodconfig\n * s390 SMP allmodconfig\n * alpha SMP allmodconfig\n * um on x86_64 SMP allmodconfig\n\n8. percpu.h modifications were reverted so that it could be applied as\n a separate patch and serve as bisection point.\n\nGiven the fact that I had only a couple of failures from tests on step\n6, I\u0027m fairly confident about the coverage of this conversion patch.\nIf there is a breakage, it\u0027s likely to be something in one of the arch\nheaders which should be easily discoverable easily on most builds of\nthe specific arch.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nGuess-its-ok-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Lee Schermerhorn \u003cLee.Schermerhorn@hp.com\u003e\n" }, { "commit": "189b3b1c89761054fee3438f063d7f257306e2d8", "tree": "8099352fa731fca91b95d862ac0d7199f21ca54d", "parents": [ "2ae3ba39389b51d8502123de0a59374bec899c4d" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Tue Feb 23 23:15:28 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Feb 24 08:11:02 2010 +1100" }, "message": "Security: add static to security_ops and default_security_ops variable\n\nEnhance the security framework to support resetting the active security\nmodule. This eliminates the need for direct use of the security_ops and\ndefault_security_ops variables outside of security.c, so make security_ops\nand default_security_ops static. Also remove the secondary_ops variable as\na cleanup since there is no use for that. secondary_ops was originally used by\nSELinux to call the \"secondary\" security module (capability or dummy),\nbut that was replaced by direct calls to capability and the only\nremaining use is to save and restore the original security ops pointer\nvalue if SELinux is disabled by early userspace based on /etc/selinux/config.\nFurther, if we support this directly in the security framework, then we can\njust use \u0026default_security_ops for this purpose since that is now available.\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "002345925e6c45861f60db6f4fc6236713fd8847", "tree": "d7849eafe1755116597166bbebf43e2bee86cb76", "parents": [ "0719aaf5ead7555b7b7a4a080ebf2826a871384e" ], "author": { "name": "Kees Cook", "email": "kees.cook@canonical.com", "time": "Wed Feb 03 15:36:43 2010 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 04 14:20:12 2010 +1100" }, "message": "syslog: distinguish between /proc/kmsg and syscalls\n\nThis allows the LSM to distinguish between syslog functions originating\nfrom /proc/kmsg access and direct syscalls. By default, the commoncaps\nwill now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg\nfile descriptor. For example the kernel syslog reader can now drop\nprivileges after opening /proc/kmsg, instead of staying privileged with\nCAP_SYS_ADMIN. MAC systems that implement security_syslog have unchanged\nbehavior.\n\nSigned-off-by: Kees Cook \u003ckees.cook@canonical.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2457552d1e6f3183cd93f81c49a8da5fe8bb0e42", "tree": "7ca46caa910012d75617700e4083b3657053cb31", "parents": [ "19439d05b88dafc4e55d9ffce84ccc27cf8b2bcc", "6ccf80eb15ccaca4d3f1ab5162b9ded5eecd9971" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 18 09:56:22 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 18 09:56:22 2010 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "0ed731859e24cd6e3ec058cf2b49b2a0df80e86b", "tree": "d3af7dc11eb8de2ed96d4153c19449f0a46dd54c", "parents": [ "f737d95ddfea4df68a36ffc9231db4bf34b06d13" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Jan 06 09:23:54 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 11 08:53:23 2010 +1100" }, "message": "LSM: Update comment on security_sock_rcv_skb\n\nIt is not permitted to do sleeping operation inside security_sock_rcv_skb().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\n\n--\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6e1415467614e854fee660ff6648bd10fa976e95", "tree": "2ae2e2f51eff0629bc0e26a97eac85483a7ba56f", "parents": [ "dd880fbe8e4792d1185a5101dc751f49eab0a509" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Dec 15 19:27:45 2009 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 17 09:25:19 2009 +1100" }, "message": "NOMMU: Optimise away the {dac_,}mmap_min_addr tests\n\nIn NOMMU mode clamp dac_mmap_min_addr to zero to cause the tests on it to be\nskipped by the compiler. We do this as the minimum mmap address doesn\u0027t make\nany sense in NOMMU mode.\n\nmmap_min_addr and round_hint_to_min() can be discarded entirely in NOMMU mode.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dd8dbf2e6880e30c00b18600c962d0cb5a03c555", "tree": "24835aaf40cec5ceb2aeecccde9240ee173f70f1", "parents": [ "6e65f92ff0d6f18580737321718d09035085a3fb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 03 16:35:32 2009 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 10 09:33:46 2009 +1100" }, "message": "security: report the module name to security_module_request\n\nFor SELinux to do better filtering in userspace we send the name of the\nmodule along with the AVC denial when a program is denied module_request.\n\nExample output:\n\ntype\u003dSYSCALL msg\u003daudit(11/03/2009 10:59:43.510:9) : arch\u003dx86_64 syscall\u003dwrite success\u003dyes exit\u003d2 a0\u003d3 a1\u003d7fc28c0d56c0 a2\u003d2 a3\u003d7fffca0d7440 items\u003d0 ppid\u003d1727 pid\u003d1729 auid\u003dunset uid\u003droot gid\u003droot euid\u003droot suid\u003droot fsuid\u003droot egid\u003droot sgid\u003droot fsgid\u003droot tty\u003d(none) ses\u003dunset comm\u003drpc.nfsd exe\u003d/usr/sbin/rpc.nfsd subj\u003dsystem_u:system_r:nfsd_t:s0 key\u003d(null)\ntype\u003dAVC msg\u003daudit(11/03/2009 10:59:43.510:9) : avc: denied { module_request } for pid\u003d1729 comm\u003drpc.nfsd kmod\u003d\"net-pf-10\" scontext\u003dsystem_u:system_r:nfsd_t:s0 tcontext\u003dsystem_u:system_r:kernel_t:s0 tclass\u003dsystem\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8b8efb44033c7e86b3dc76f825c693ec92ae30e9", "tree": "8cf43afc59f88f36a86f3a8165770bccec28b3c3", "parents": [ "89eda06837094ce9f34fae269b8773fcfd70f046" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Oct 04 21:49:48 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Oct 12 10:56:02 2009 +1100" }, "message": "LSM: Add security_path_chroot().\n\nThis patch allows pathname based LSM modules to check chroot() operations.\n\nThis hook is used by TOMOYO.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "89eda06837094ce9f34fae269b8773fcfd70f046", "tree": "dc11701c68ebcc8346d7567cfb53b9c7327ef445", "parents": [ "941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Oct 04 21:49:47 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Oct 12 10:56:00 2009 +1100" }, "message": "LSM: Add security_path_chmod() and security_path_chown().\n\nThis patch allows pathname based LSM modules to check chmod()/chown()\noperations. Since notify_change() does not receive \"struct vfsmount *\",\nwe add security_path_chmod() and security_path_chown() to the caller of\nnotify_change().\n\nThese hooks are used by TOMOYO.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8d65af789f3e2cf4cfbdbf71a0f7a61ebcd41d38", "tree": "121df3bfffc7853ac6d2c514ad514d4a748a0933", "parents": [ "c0d0787b6d47d9f4d5e8bd321921104e854a9135" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Wed Sep 23 15:57:19 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Sep 24 07:21:04 2009 -0700" }, "message": "sysctl: remove \"struct file *\" argument of -\u003eproc_handler\n\nIt\u0027s unused.\n\nIt isn\u0027t needed -- read or write flag is already passed and sysctl\nshouldn\u0027t care about the rest.\n\nIt _was_ used in two places at arch/frv for some reason.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Ralf Baechle \u003cralf@linux-mips.org\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1ee65e37e904b959c24404139f5752edc66319d5", "tree": "587c1ef70ae7ee41a7b9b531161a4ef5689838f7", "parents": [ "b1ab7e4b2a88d3ac13771463be8f302ce1616cfc" ], "author": { "name": "David P. Quigley", "email": "dpquigl@tycho.nsa.gov", "time": "Thu Sep 03 14:25:57 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 10 10:11:24 2009 +1000" }, "message": "LSM/SELinux: inode_{get,set,notify}secctx hooks to access LSM security context information.\n\nThis patch introduces three new hooks. The inode_getsecctx hook is used to get\nall relevant information from an LSM about an inode. The inode_setsecctx is\nused to set both the in-core and on-disk state for the inode based on a context\nderived from inode_getsecctx.The final hook inode_notifysecctx will notify the\nLSM of a change for the in-core state of the inode in question. These hooks are\nfor use in the labeled NFS code and addresses concerns of how to set security\non an inode in a multi-xattr LSM. For historical reasons Stephen Smalley\u0027s\nexplanation of the reason for these hooks is pasted below.\n\nQuote Stephen Smalley\n\ninode_setsecctx: Change the security context of an inode. Updates the\nin core security context managed by the security module and invokes the\nfs code as needed (via __vfs_setxattr_noperm) to update any backing\nxattrs that represent the context. Example usage: NFS server invokes\nthis hook to change the security context in its incore inode and on the\nbacking file system to a value provided by the client on a SETATTR\noperation.\n\ninode_notifysecctx: Notify the security module of what the security\ncontext of an inode should be. Initializes the incore security context\nmanaged by the security module for this inode. Example usage: NFS\nclient invokes this hook to initialize the security context in its\nincore inode to the value provided by the server for the file when the\nserver returned the file\u0027s attributes to the client.\n\nSigned-off-by: David P. Quigley \u003cdpquigl@tycho.nsa.gov\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "be1d6a5f55b30042c57bdfbe7cb4761ed081def0" }