Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v2.6.34 2010-02-28T22:36:31Z 2010-02-28T22:36:31Z James Morris jmorris@namei.org 2010-02-28T22:36:31Z urn:sha1:b4ccebdd37ff70d349321a198f416ba737a5e833 2010-02-23T21:11:02Z wzt.wzt@gmail.com wzt.wzt@gmail.com 2010-02-23T15:15:28Z urn:sha1:189b3b1c89761054fee3438f063d7f257306e2d8 Enhance the security framework to support resetting the active security module. This eliminates the need for direct use of the security_ops and default_security_ops variables outside of security.c, so make security_ops and default_security_ops static. Also remove the secondary_ops variable as a cleanup since there is no use for that. secondary_ops was originally used by SELinux to call the "secondary" security module (capability or dummy), but that was replaced by direct calls to capability and the only remaining use is to save and restore the original security ops pointer value if SELinux is disabled by early userspace based on /etc/selinux/config. Further, if we support this directly in the security framework, then we can just use &default_security_ops for this purpose since that is now available. Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> 2010-02-07T08:07:29Z Al Viro viro@zeniv.linux.org.uk 2010-02-07T08:07:29Z urn:sha1:89068c576bf324ef6fbd50dfc745148f7def202c Hooks: Just Say No. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2010-02-04T03:20:12Z Kees Cook kees.cook@canonical.com 2010-02-03T23:36:43Z urn:sha1:002345925e6c45861f60db6f4fc6236713fd8847 This allows the LSM to distinguish between syslog functions originating from /proc/kmsg access and direct syscalls. By default, the commoncaps will now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg file descriptor. For example the kernel syslog reader can now drop privileges after opening /proc/kmsg, instead of staying privileged with CAP_SYS_ADMIN. MAC systems that implement security_syslog have unchanged behavior. Signed-off-by: Kees Cook <kees.cook@canonical.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 2010-01-14T21:23:57Z James Morris jmorris@namei.org 2010-01-13T22:33:28Z urn:sha1:8d9525048c74786205b99f3fcd05a839721edfb7 Currently, the getsecurity and setsecurity operations return zero for kernel private inodes, where xattrs are not available directly to userspace. This confuses some applications, and does not conform to the man page for getxattr(2) etc., which state that these syscalls should return ENOTSUP if xattrs are not supported or disabled. Note that in the listsecurity case, we still need to return zero as we don't know which other xattr handlers may be active. For discussion of userland confusion, see: http://www.mail-archive.com/bug-coreutils@gnu.org/msg17988.html This patch corrects the error returns so that ENOTSUP is reported to userspace as required. Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Serge Hallyn <serue@us.ibm.com> 2009-12-08T03:58:00Z Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2009-11-26T06:24:49Z urn:sha1:5d0901a3a0c39c97ca504f73d24030f63cfc9fa2 include/linux/security.h and security/capability.c are using "struct path *dir" but security/security.c was using "struct path *path" by error. This patch renames "struct path *path" to "struct path *dir". Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org> 2009-11-09T22:33:46Z Eric Paris eparis@redhat.com 2009-11-03T05:35:32Z urn:sha1:dd8dbf2e6880e30c00b18600c962d0cb5a03c555 For SELinux to do better filtering in userspace we send the name of the module along with the AVC denial when a program is denied module_request. Example output: type=SYSCALL msg=audit(11/03/2009 10:59:43.510:9) : arch=x86_64 syscall=write success=yes exit=2 a0=3 a1=7fc28c0d56c0 a2=2 a3=7fffca0d7440 items=0 ppid=1727 pid=1729 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rpc.nfsd exe=/usr/sbin/rpc.nfsd subj=system_u:system_r:nfsd_t:s0 key=(null) type=AVC msg=audit(11/03/2009 10:59:43.510:9) : avc: denied { module_request } for pid=1729 comm=rpc.nfsd kmod="net-pf-10" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> 2009-11-08T21:40:07Z John Johansen john.johansen@canonical.com 2009-11-06T01:03:20Z urn:sha1:6e65f92ff0d6f18580737321718d09035085a3fb The LSM currently requires setting a kernel parameter at boot to select a specific LSM. This adds a config option that allows specifying a default LSM that is used unless overridden with the security= kernel parameter. If the the config option is not set the current behavior of first LSM to register is used. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> 2009-10-25T04:22:48Z Mimi Zohar zohar@linux.vnet.ibm.com 2009-10-22T21:30:13Z urn:sha1:6c21a7fb492bf7e2c4985937082ce58ddeca84bd Based on discussions on LKML and LSM, where there are consecutive security_ and ima_ calls in the vfs layer, move the ima_ calls to the existing security_ hooks. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> 2009-10-11T23:56:02Z Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2009-10-04T12:49:48Z urn:sha1:8b8efb44033c7e86b3dc76f825c693ec92ae30e9 This patch allows pathname based LSM modules to check chroot() operations. This hook is used by TOMOYO. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>