linux/security/capability.c, branch v2.6.37

capabilities/syslog: open code cap_syslog logic to fix build failure

2010-11-15T23:40:01Z

The addition of CONFIG_SECURITY_DMESG_RESTRICT resulted in a build failure when CONFIG_PRINTK=n. This is because the capabilities code which used the new option was built even though the variable in question didn't exist. The patch here fixes this by moving the capabilities checks out of the LSM and into the caller. All (known) LSMs should have been calling the capabilities hook already so it actually makes the code organization better to eliminate the hook altogether. Signed-off-by: Eric Paris Acked-by: James Morris Signed-off-by: Linus Torvalds

secmark: make secmark object handling generic

2010-10-20T23:12:48Z

Right now secmark has lots of direct selinux calls. Use all LSM calls and remove all SELinux specific knowledge. The only SELinux specific knowledge we leave is the mode. The only point is to make sure that other LSMs at least test this generic code before they assume it works. (They may also have to make changes if they do not represent labels as strings) Signed-off-by: Eric Paris Acked-by: Paul Moore Acked-by: Patrick McHardy Signed-off-by: James Morris

Merge branch 'writable_limits' of git://decibel.fi.muni.cz/~xslaby/linux

2010-08-10T19:07:51Z

* 'writable_limits' of git://decibel.fi.muni.cz/~xslaby/linux: unistd: add __NR_prlimit64 syscall numbers rlimits: implement prlimit64 syscall rlimits: switch more rlimit syscalls to do_prlimit rlimits: redo do_setrlimit to more generic do_prlimit rlimits: add rlimit64 structure rlimits: do security check under task_lock rlimits: allow setrlimit to non-current tasks rlimits: split sys_setrlimit rlimits: selinux, do rlimits changes under task_lock rlimits: make sure ->rlim_max never grows in sys_setrlimit rlimits: add task_struct to update_rlimit_cpu rlimits: security, add task_struct to setrlimit Fix up various system call number conflicts. We not only added fanotify system calls in the meantime, but asm-generic/unistd.h added a wait4 along with a range of reserved per-architecture system calls.

Security: capability: code style issue

2010-08-02T05:35:00Z

This fix a little code style issue deleting a space between a function name and a open parenthesis. Signed-off-by: Chihau Chau Acked-by: Andrew G. Morgan Signed-off-by: James Morris

LSM: Remove unused arguments from security_path_truncate().

2010-08-02T05:33:40Z

When commit be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d "introduce new LSM hooks where vfsmount is available." was proposed, regarding security_path_truncate(), only "struct file *" argument (which AppArmor wanted to use) was removed. But length and time_attrs arguments are not used by TOMOYO nor AppArmor. Thus, let's remove these arguments. Signed-off-by: Tetsuo Handa Acked-by: Nick Piggin Signed-off-by: James Morris

rlimits: security, add task_struct to setrlimit

2010-07-16T07:48:45Z

Add task_struct to task_setrlimit of security_operations to be able to set rlimit of task other than current. Signed-off-by: Jiri Slaby Acked-by: Eric Paris Acked-by: James Morris

LSM: Add __init to fixup function.

2010-05-16T23:27:20Z

register_security() became __init function. So do verify() and security_fixup_ops(). Signed-off-by: Tetsuo Handa Signed-off-by: James Morris

security: remove dead hook acct

2010-04-12T02:19:19Z

Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris

security: remove dead hook key_session_to_parent

2010-04-12T02:19:18Z

Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris

security: remove dead hook task_setgroups

2010-04-12T02:19:18Z

Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris