linux/security, branch v2.6.39 Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v2.6.39 2011-05-12T23:52:16Z Merge branch 'for-linus' of git://git.infradead.org/users/eparis/selinux into for-linus 2011-05-12T23:52:16Z James Morris jmorris@namei.org 2011-05-12T23:52:16Z urn:sha1:ca7d12000895ae5dfef8b8ff2648a0d50abd397c SELinux: delete debugging printks from filename_trans rule processing 2011-05-12T20:02:42Z Eric Paris eparis@redhat.com 2011-04-07T18:46:59Z urn:sha1:93826c092c385549c04af184fbebd43f36995c69 The filename_trans rule processing has some printk(KERN_ERR ) messages which were intended as debug aids in creating the code but weren't removed before it was submitted. Remove them. Reported-by: Paul Bolle <pebolle@tiscali.nl> Signed-off-by: Eric Paris <eparis@redhat.com> Merge branch 'for-linus' of git://git.infradead.org/users/eparis/selinux into for-linus 2011-05-04T01:59:34Z James Morris jmorris@namei.org 2011-05-04T01:59:34Z urn:sha1:6f239284542bae297d27355d06afbb8df23c5db9 flex_array: flex_array_prealloc takes a number of elements, not an end 2011-04-28T20:12:47Z Eric Paris eparis@redhat.com 2011-04-28T19:55:52Z urn:sha1:5d30b10bd68df007e7ae21e77d1e0ce184b53040 Change flex_array_prealloc to take the number of elements for which space should be allocated instead of the last (inclusive) element. Users and documentation are updated accordingly. flex_arrays got introduced before they had users. When folks started using it, they ended up needing a different API than was coded up originally. This swaps over to the API that folks apparently need. Based-on-patch-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Tested-by: Chris Richards <gizmo@giz-works.com> Acked-by: Dave Hansen <dave@linux.vnet.ibm.com> Cc: stable@kernel.org [2.6.38+] SELinux: pass last path component in may_create 2011-04-28T20:12:41Z Eric Paris eparis@redhat.com 2011-04-28T19:11:21Z urn:sha1:cb1e922fa104bb0bb3aa5fc6ca7f7e070f3b55e9 New inodes are created in a two stage process. We first will compute the label on a new inode in security_inode_create() and check if the operation is allowed. We will then actually re-compute that same label and apply it in security_inode_init_security(). The change to do new label calculations based in part on the last component of the path name only passed the path component information all the way down the security_inode_init_security hook. Down the security_inode_create hook the path information did not make it past may_create. Thus the two calculations came up differently and the permissions check might not actually be against the label that is created. Pass and use the same information in both places to harmonize the calculations and checks. Reported-by: Dominick Grift <domg472@gmail.com> Signed-off-by: Eric Paris <eparis@redhat.com> SELINUX: Make selinux cache VFS RCU walks safe 2011-04-26T01:16:32Z Eric Paris eparis@redhat.com 2011-04-25T20:26:29Z urn:sha1:9ade0cf440a1e5800dc68eef2e77b8d9d83a6dff Now that the security modules can decide whether they support the dcache RCU walk or not it's possible to make selinux a bit more RCU friendly. The SELinux AVC and security server access decision code is RCU safe. A specific piece of the LSM audit code may not be RCU safe. This patch makes the VFS RCU walk retry if it would hit the non RCU safe chunk of code. It will normally just work under RCU. This is done simply by passing the VFS RCU state as a flag down into the avc_audit() code and returning ECHILD there if it would have an issue. Based-on-patch-by: Andi Kleen <ak@linux.intel.com> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> SECURITY: Move exec_permission RCU checks into security modules 2011-04-22T23:17:29Z Andi Kleen ak@linux.intel.com 2011-04-22T00:23:19Z urn:sha1:8c9e80ed276fc4b9c9fadf29d8bf6b3576112f1a Right now all RCU walks fall back to reference walk when CONFIG_SECURITY is enabled, even though just the standard capability module is active. This is because security_inode_exec_permission unconditionally fails RCU walks. Move this decision to the low level security module. This requires passing the RCU flags down the security hook. This way at least the capability module and a few easy cases in selinux/smack work with RCU walks with CONFIG_SECURITY=y Signed-off-by: Andi Kleen <ak@linux.intel.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Fix common misspellings 2011-03-31T14:26:23Z Lucas De Marchi lucas.demarchi@profusion.mobi 2011-03-31T01:57:33Z urn:sha1:25985edcedea6396277003854657b5f3cb31a628 Fixes generated by 'codespell' and manually reviewed. Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi> selinux: Fix regression for Xorg 2011-03-28T23:26:30Z Stephen Smalley sds@tycho.nsa.gov 2011-03-25T14:13:43Z urn:sha1:85cd6da53a8073d3f4503f56e4ea6cddccbb1c7f Commit 6f5317e730505d5cbc851c435a2dfe3d5a21d343 introduced a bug in the handling of userspace object classes that is causing breakage for Xorg when XSELinux is enabled. Fix the bug by changing map_class() to return SECCLASS_NULL when the class cannot be mapped to a kernel object class. Reported-by: "Justin P. Mattock" <justinmattock@gmail.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> userns: rename is_owner_or_cap to inode_owner_or_capable 2011-03-24T02:47:13Z Serge E. Hallyn serge@hallyn.com 2011-03-23T23:43:26Z urn:sha1:2e1496707560ecf98e9b0604622c0990f94861d3 And give it a kernel-doc comment. [akpm@linux-foundation.org: btrfs changed in linux-next] Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Daniel Lezcano <daniel.lezcano@free.fr> Acked-by: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>