linux/security, branch v2.6.16

[PATCH] selinux: tracer SID fix

2006-03-11T17:19:34Z

Fix SELinux to not reset the tracer SID when the child is already being traced, since selinux_ptrace is also called by proc for access checking outside of the context of a ptrace attach. Signed-off-by: Stephen Smalley Acked-by: James Morris Acked-by: Chris Wright Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

[PATCH] selinux: require AUDIT

2006-02-08T00:12:33Z

Make SELinux depend on AUDIT as it requires the basic audit support to log permission denials at all. Note that AUDITSYSCALL remains optional for SELinux, although it can be useful in providing further information upon denials. Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

[PATCH] selinux: require SECURITY_NETWORK

2006-02-05T19:06:52Z

Make SELinux depend on SECURITY_NETWORK (which depends on SECURITY), as it requires the socket hooks for proper operation even in the local case. Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

[PATCH] Fix keyctl usage of strnlen_user()

2006-02-03T16:32:10Z

In the small window between strnlen_user() and copy_from_user() userspace could alter the terminating `\0' character. Signed-off-by: Davi Arnaut Cc: David Howells Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

[PATCH] selinux: remove security struct magic number fields and tests

2006-02-01T16:53:19Z

Remove the SELinux security structure magic number fields and tests, along with some unnecessary tests for NULL security pointers. These fields and tests are leftovers from the early attempts to support SELinux as a loadable module during LSM development. Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

[PATCH] selinux: change file_alloc_security to use GFP_KERNEL

2006-02-01T16:53:18Z

This patch changes the SELinux file_alloc_security function to use GFP_KERNEL rather than GFP_ATOMIC; the use of GFP_ATOMIC appears to be a remnant of when this function was being called with the files_lock spinlock held, and is no longer necessary. Please apply. Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

[PATCH] selinux: fix and cleanup mprotect checks

2006-02-01T16:53:18Z

Fix the SELinux mprotect checks on executable mappings so that they are not re-applied when the mapping is already executable as well as cleaning up the code. This avoids a situation where e.g. an application is prevented from removing PROT_WRITE on an already executable mapping previously authorized via execmem permission due to an execmod denial. Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

Don't try to "validate" a non-existing timeval.

2006-01-31T18:16:55Z

settime() with a NULL timeval is silly but legal. Noticed by Dave Jones Signed-off-by: Linus Torvalds

[PATCH] Unlinline a bunch of other functions

2006-01-15T02:27:06Z

Remove the "inline" keyword from a bunch of big functions in the kernel with the goal of shrinking it by 30kb to 40kb Signed-off-by: Arjan van de Ven Signed-off-by: Ingo Molnar Acked-by: Jeff Garzik Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

[NET]: Use NIP6_FMT in kernel.h

2006-01-13T22:29:07Z

There are errors and inconsistency in the display of NIP6 strings. ie: net/ipv6/ip6_flowlabel.c There are errors and inconsistency in the display of NIPQUAD strings too. ie: net/netfilter/nf_conntrack_ftp.c This patch: adds NIP6_FMT to kernel.h changes all code to use NIP6_FMT fixes net/ipv6/ip6_flowlabel.c adds NIPQUAD_FMT to kernel.h fixes net/netfilter/nf_conntrack_ftp.c changes a few uses of "%u.%u.%u.%u" to NIPQUAD_FMT for symmetry to NIP6_FMT Signed-off-by: Joe Perches Signed-off-by: David S. Miller