27 Aug, 2008
1 commit
-
In August 2006 I posted a patch generating a minimal SELinux policy. This
week, David P. Quigley posted an updated version of that as a patch against
the kernel. It also had nice logic for auto-installing the policy.Following is David's original patch intro (preserved especially
bc it has stats on the generated policies):se interested in the changes there were only two significant
changes. The first is that the iteration through the list of classes
used NULL as a sentinel value. The problem with this is that the
class_to_string array actually has NULL entries in its table as place
holders for the user space object classes.The second change was that it would seem at some point the initial sids
table was NULL terminated. This is no longer the case so that iteration
has to be done on array length instead of looking for NULL.Some statistics on the policy that it generates:
The policy consists of 523 lines which contain no blank lines. Of those
523 lines 453 of them are class, permission, and initial sid
definitions. These lines are usually little to no concern to the policy
developer since they will not be adding object classes or permissions.
Of the remaining 70 lines there is one type, one role, and one user
statement. The remaining lines are broken into three portions. The first
group are TE allow rules which make up 29 of the remaining lines, the
second is assignment of labels to the initial sids which consist of 27
lines, and file system labeling statements which are the remaining 11.In addition to the policy.conf generated there is a single file_contexts
file containing two lines which labels the entire system with base_t.This policy generates a policy.23 binary that is 7920 bytes.
(then a few versions later...):
The new policy is 587 lines (stripped of blank lines) with 476 of those
lines being the boilerplate that I mentioned last time. The remaining
111 lines have the 3 lines for type, user, and role, 70 lines for the
allow rules (one for each object class including user space object
classes), 27 lines to assign types to the initial sids, and 11 lines for
file system labeling. The policy binary is 9194 bytes.Changelog:
Aug 26: Added Documentation/SELinux.txt
Aug 26: Incorporated a set of comments by Stephen Smalley:
1. auto-setup SELINUXTYPE=dummy
2. don't auto-install if selinux is enabled with
non-dummy policy
3. don't re-compute policy version
4. /sbin/setfiles not /usr/sbin/setfiles
Aug 22: As per JMorris comments, made sure make distclean
cleans up the mdp directory.
Removed a check for file_contexts which is now
created in the same file as the check, making it
superfluous.Signed-off-by: Serge Hallyn
Signed-off-by: David Quigley
Signed-off-by: James Morris
20 Aug, 2008
1 commit
-
Add security/inode.c functions to the kernel-api docbook.
Use '%' on constants in kernel-doc notation.
Fix several typos/spellos in security function descriptions.Signed-off-by: Randy Dunlap
Signed-off-by: James Morris
15 Aug, 2008
1 commit
-
Replace "thing != NULL" comparisons with just "thing" to make
the code look more uniform (mixed styles were used even in the
same source file).Signed-off-by: Vesa-Matti Kari
Acked-by: Stephen Smalley
Signed-off-by: James Morris
07 Aug, 2008
1 commit
-
expr_isvalid() in conditional.c was off-by-one and allowed
invalid expression type COND_LAST. However, it is this header file
that needs to be fixed. That way the if-statement's disjunction's
second component reads more naturally, "if expr type is greater than
the last allowed value" ( rather than using ">=" in conditional.c):if (expr->expr_type expr_type > COND_LAST)
Signed-off-by: Vesa-Matti Kari
Signed-off-by: James Morris
05 Aug, 2008
5 commits
-
There have been a number of requests to make the Smack LSM
enforce MAC even in the face of privilege, either capability
based or superuser based. This is not universally desired,
however, so it seems desirable to make it optional. Further,
at least one legacy OS implemented a scheme whereby only
processes running with one particular label could be exempt
from MAC. This patch supports these three cases.If /smack/onlycap is empty (unset or null-string) privilege
is enforced in the normal way.If /smack/onlycap contains a label only processes running with
that label may be MAC exempt.If the label in /smack/onlycap is the star label ("*") the
semantics of the star label combine with the privilege
restrictions to prevent any violations of MAC, even in the
presence of privilege.Again, this will be independent of the privilege scheme.
Signed-off-by: Casey Schaufler
Reviewed-by: James Morris -
Fix a potentially uninitialised variable in SELinux hooks that's given a
pointer to the network address by selinux_parse_skb() passing a pointer back
through its argument list. By restructuring selinux_parse_skb(), the compiler
can see that the error case need not set it as the caller will return
immediately.Signed-off-by: David Howells
Signed-off-by: James Morris -
Hello,
Remove unneeded local variable:
struct avtab_node *newnode
Signed-off-by: Vesa-Matti Kari
Signed-off-by: James Morris -
Trivial minor fixes that change C null character style.
Signed-off-by: Vesa-Matti Kari
Signed-off-by: James Morris -
This patch makes the needlessly global selinux_write_opts() static.
Signed-off-by: Adrian Bunk
Signed-off-by: James Morris
02 Aug, 2008
31 commits
-
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] Move include/asm-ia64 to arch/ia64/include/asm -
This fixes a bug in operator precedence in the newly introduced vc_translate
macro. Without this fix, the translation of some characters on the
kernel console is garbled.This patch was copied to the e-mail list previously for testing. Now,
all reports confirm that it works, so this is an official post for
application.Signed-off-by: Tim Bird
Signed-off-by: David Woodhouse -
Delete 2 EXPORTs that were accidentally sent upstream.
Signed-off-by: Jack Steiner
Signed-off-by: Linus Torvalds -
I asked legal about the licensing of ftrace.txt, and they told me that,
unless the Documentation directory is specifically set up to handle non
GPL licenses (which it does not appear to be), then it would be best to
put ftrace.txt under the GPL.This patch adds a dual license to ftrace.txt such that it is under both
the FDL and the GPL.Signed-off-by: Steven Rostedt
Signed-off-by: Linus Torvalds -
Wire up for FRV the system calls that were added in the last merge window.
Signed-off-by: David Howells
Signed-off-by: Linus Torvalds -
Wire up system calls added in the last merge window for the MN10300 arch.
Signed-off-by: David Howells
Signed-off-by: Linus Torvalds -
Currently function tty_ldisc_get() tries to load an ldisc driver module
only when tty_ldisc_try_get() returns -EAGAIN. This happens only if
module is being unloaded. If ldisc module is not loaded
tty_ldisc_try_get() returns -EINVAL and this case is not handled in
tty_ldisc_get(), so request_module() is not called.Attached patch fixes this by calling request_module() if
tty_ldisc_try_get() returned any error code.I discovered this when my UMTS modem stopped working with 2.6.27-rc1
because module ppp_async was not loaded.Signed-off-by: Eugeniy Meshcheryakov
Signed-off-by: Alan Cox
Signed-off-by: Linus Torvalds -
* 'kvm-updates-2.6.27' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm:
KVM: s390: Fix kvm on IBM System z10
KVM: Advertise synchronized mmu support to userspace
KVM: Synchronize guest physical memory map to host virtual memory map
KVM: Allow browsing memslots with mmu_lock
KVM: Allow reading aliases with mmu_lock -
* 'zero-len' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/misc-2.6:
drivers/media, include/media: delete zero-length files -
Some platform decide whether they support huge pages at boot time. On
these, such as powerpc, HPAGE_SHIFT is a variable, not a constant, and is
set to 0 when there is no such support.The patches to introduce multiple huge pages support broke that causing
the kernel to crash at boot time on machines such as POWER3 which lack
support for multiple page sizes.Signed-off-by: Benjamin Herrenschmidt
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
ARCH=h8300:
init/main.c:781: undefined reference to `___early_initcall_end'
Same problem have
__start___bug_table
__stop___bug_table
__tracedata_start
__tracedata_end
__per_cpu_start
__per_cpu_endWhen defining a symbol in vmlinux.lds, use the VMLINUX_SYMBOL macro.
VMLINUX_SYMBOL adds a prefix charactor.You can't just use straight symbol names in common header files as they
dont take into consideration weird arch-specific ABI conventions. in the
case of Blackfin/h8300, the ABI dictates that any C-visible symbols have
an underscore prefixed to them. Thus all symbols in vmlinux.lds.h need to
be wrapped in VMLINUX_SYMBOL() so that each arch can put hide this magic
in their own files.[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Yoshinori Sato
Cc: Jeremy Fitzhardinge
Cc: "Mike Frysinger"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Each resource should be printed on its own line, so start snprintf'ing
at the beginning of the buffer every time through the loop.Also, use scnprintf() rather than snprintf() when building up the
buffer to print. scnprintf() returns the number of characters actually
written into the buffer (not including the trailing NULL).snprintf() returns the number of characters that *would be* written,
assuming everything would fit in the buffer. That's nice if we want to
resize the buffer to make sure everything fits, but in this case, I
just want to keep from overflowing the buffer, and it's OK if the
output is truncated.Using snprintf() meant that my "len" could grow to be more than the
the buffer size, which makes "sizeof(buf) - len" negative, which causes
this alarming WARN_ON:
http://marc.info/?l=linux-kernel&m=121736480005656&w=2More useful snprintf/scnprintf discussion:
http://lwn.net/Articles/69419/Signed-off-by: Bjorn Helgaas
Reported-by: Pete Clements
Cc: Rene Herman
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Some module parameters with only one line have the '\n' at the end of the
description. This is not needed nor wanted as after the description the
type (i.e. int) is followed by a newline.Some modules contain a multi-line description, these are not affected
by this patch.Signed-off-by: Niels de Vos
Acked-by: Randy Dunlap
Cc: John W. Linville
Cc: Ed L. Cashin
Cc: Dave Airlie
Cc: Roland Dreier
Acked-by: Mauro Carvalho Chehab
Cc: Jeff Garzik
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
pata_it821x: Driver updates and reworking
libata.h: replace __FUNCTION__ with __func__
ata_piix: subsys 106b:00a3 is apple ich8m too
libata-core: make sure that ata_force_tbl is freed in case of an error
libata: update atapi disable handling
pata_via: add VX800 flag; add function for fixing h/w bugs
pata_ali: misplaced pci_dev_put() -
* 'for-linus' of git://oss.sgi.com:8090/xfs/xfs-pull: (64 commits)
[XFS] Remove vn_revalidate calls in xfs.
[XFS] Now that xfs_setattr is only used for attributes set from ->setattr
[XFS] xfs_setattr currently doesn't just handle the attributes set through
[XFS] fix use after free with external logs or real-time devices
[XFS] A bug was found in xfs_bmap_add_extent_unwritten_real(). In a
[XFS] fix compilation without CONFIG_PROC_FS
[XFS] s/XFS_PURGE_INODE/IRELE/g s/VN_HOLD(XFS_ITOV())/IHOLD()/
[XFS] fix mount option parsing in remount
[XFS] Disable queue flag test in barrier check.
[XFS] streamline init/exit path
[XFS] Fix up problem when CONFIG_XFS_POSIX_ACL is not set and yet we still
[XFS] Don't assert if trying to mount with blocksize > pagesize
[XFS] Don't update mtime on rename source
[XFS] Allow xfs_bmbt_split() to fallback to the lowspace allocator
[XFS] Restore the lowspace extent allocator algorithm
[XFS] use minleft when allocating in xfs_bmbt_split()
[XFS] attrmulti cleanup
[XFS] Check for invalid flags in xfs_attrlist_by_handle.
[XFS] Fix CI lookup in leaf-form directories
[XFS] Use the generic xattr methods.
... -
Add a reverse dependency of CONFIG_SGI_XP upon CONFIG_SGI_GRU to Kconfig.
Signed-off-by: Dean Nelson
Signed-off-by: Linus Torvalds -
Add a dependency of CONFIG_SGI_XP upon CONFIG_NET to Kconfig.
Signed-off-by: Dean Nelson
Signed-off-by: Linus Torvalds -
My commit 2b2a1ff64afbadac842bbc58c5166962cf4f7664 introduced a regression
(sorry about that) for the odd case of exit_signal=0 (e.g. clone_flags=0).
This is not a normal use, but it's used by a case in the glibc test suite.Dying with exit_signal=0 sends no signal, but it's supposed to wake up a
parent's blocked wait*() calls (unlike the delayed_group_leader case).
This fixes tracehook_notify_death() and its caller to distinguish a
"signal 0" wakeup from the delayed_group_leader case (with no wakeup).Signed-off-by: Roland McGrath
Tested-by: Serge Hallyn
Signed-off-by: Linus Torvalds -
* 'for-linus' of git://neil.brown.name/md:
md: raid10: wake up frozen array
md: do not count blocked devices as spares
md: do not progress the resync process if the stripe was blocked
md: delay notification of 'active_idle' to the recovery thread
md: fix merge error
md: move async_tx_issue_pending_all outside spin_lock_irq -
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2:
[PATCH] ocfs2: Release mutex in error handling code
[PATCH] ocfs2: Fix oops when racing files truncates with writes into an mmap region
[PATCH 2/2] ocfs2: Fix race between mount and recovery
[PATCH 1/2] ocfs2: Add counter in struct ocfs2_dinode to track journal replays
[PATCH] configfs: Convenience macros for attribute definition.
[PATCH] configfs: Pin configfs subsystems separately from new config_items.
[PATCH] configfs: Fix open directory making rmdir() fail
[PATCH] configfs: Lock new directory inodes before removing on cleanup after failure
[PATCH] configfs: Prevent userspace from creating new entries under attaching directories
[PATCH] configfs: Fix failing symlink() making rmdir() fail
[PATCH] configfs: Fix symlink() to a removing item
[PATCH] configfs: Include linux/err.h in linux/configfs.h -
…/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
locking: fix mutex @key parameter kernel-doc notation -
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixes:
kbuild: scripts/ver_linux: don't set PATH
Kconfig/init: change help text to match default value
kbuild: genksyms: Include extern information in dumps
kbuild: genksyms parser: fix the __attribute__ rule
kbuild: scripts/genksyms/lex.l: add %option noinput
kconfig: scripts/kconfig/zconf.l: add %option noinput
kbuild: fix O=... build of um -
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
md: the bitmap code needs to use blk_plug_device_unlocked()
block: add a blk_plug_device_unlocked() that grabs the queue lock -
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jwessel/linux-2.6-kgdb:
kgdb: fix gdb serial thread queries
kgdb: fix kgdb_validate_break_address to perform a mem write
kgdb: remove the requirement for CONFIG_FRAME_POINTER -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
ALSA: ASoC: Export dapm_reg_event() fully
ALSA: ASoC: Update Poodle to current ASoC API
ALSA: asoc: restrict sample rate and size in Freescale MPC8610 sound drivers
ALSA: sound/soc/pxa/tosa.c: removed duplicated include -
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (46 commits)
tcp: MD5: Fix IPv6 signatures
skbuff: add missing kernel-doc for do_not_encrypt
net/ipv4/route.c: fix build error
tcp: MD5: Fix MD5 signatures on certain ACK packets
ipv6: Fix ip6_xmit to send fragments if ipfragok is true
ipvs: Move userspace definitions to include/linux/ip_vs.h
netdev: Fix lockdep warnings in multiqueue configurations.
netfilter: xt_hashlimit: fix race between htable_destroy and htable_gc
netfilter: ipt_recent: fix race between recent_mt_destroy and proc manipulations
netfilter: nf_conntrack_tcp: decrease timeouts while data in unacknowledged
irda: replace __FUNCTION__ with __func__
nsc-ircc: default to dongle type 9 on IBM hardware
bluetooth: add quirks for a few hci_usb devices
hysdn: remove the packed attribute from PofTimStamp_tag
isdn: use the common ascii hex helpers
tg3: adapt tg3 to use reworked PCI PM code
atm: fix direct casts of pointers to u32 in the InterPhase driver
atm: fix const assignment/discard warnings in the ATM networking driver
net: use the common ascii hex helpers
random32: seeding improvement
... -
* 'release' of git://lm-sensors.org/kernel/mhoffman/hwmon-2.6:
hwmon: needs new maintainer
hwmon: (lm85) Simplify device initialization function
hwmon: (lm85) Misc cleanups
hwmon: (lm85) Don't write back cached values
hwmon: (lm85) Drop dead code
hwmon: (lm85) Coding-style cleanups
hwmon: (lm75) add new-style driver binding
hwmon: (lm75) cleanup/reorg
hwmon: (adt7473) clarify an awkward bit of code
hwmon: (adt7473) Remove unused defines
hwmon: (dme1737) fix voltage scaling
hwmon: (dme1737) probe all addresses
hwmon: (dme1737) demacrofy for readability -
It doesn't hold the queue lock, so it's both racey on the queue flags
and thus spews a warning.Signed-off-by: Jens Axboe
-
blk_plug_device() must be called with the queue lock held, so callers
often just grab and release the lock for that purpose. Add a helper
that does just that.Signed-off-by: Jens Axboe
-
* git://git.infradead.org/mtd-2.6:
[MTD] [NAND] drivers/mtd/nand/nandsim.c: fix printk warnings
[MTD] [NAND] Blackfin NFC Driver: Cleanup the error exit path of bf5xx_nand_probe function
[MTD] [NAND] Blackfin NFC Driver: use standard dev_err() rather than printk()
[MTD] [NAND] Blackfin NFC Driver: enable Blackfin nand HWECC support by default
[MTD] [NAND] Blackfin NFC Driver: add proper devinit/devexit markings to probe/remove functions
[MTD] [NAND] Blackfin NFC Driver: add support for the ECC layout the Blackfin bootrom uses
[MTD] [NAND] Blackfin NFC Driver: fix bug - hw ecc calc by making sure we extract 11 bits from each register instead of 10
[MTD] [NAND] Blackfin NFC Driver: fix bug - do not clobber the status from the first 256 bytes if operating on 512 pages
[MTD] [NAND] diskonchip.c fix sparse endian warnings
[MTD] [NAND] drivers/mtd/nand/nandsim.c needs div64.h
[JFFS2] Fix allocation of summary buffer
Fix rename of at91_nand -> atmel_nand
[MTD] [NOR] drivers/mtd/chips/jedec_probe.c: fix Am29DL800BB device ID
[MTD] MTD_DEBUG always does compile-time typechecks
[MTD] DataFlash: bugfix, binary page sizes now handled
[MTD] [NAND] fsl_elbc_nand.c: fix printk warning
[MTD] [NAND] nandsim: support random page read command
[MTD] [NAND] fix subpage read for small page NAND -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:
[PATCH] pass struct path * to do_add_mount()
[PATCH] switch mtd and dm-table to lookup_bdev()
[patch 3/4] vfs: remove unused nameidata argument of may_create()
[PATCH] devpts: switch to IDA
[PATCH 2/2] proc: switch inode number allocation to IDA
[PATCH 1/2] proc: fix inode number bogorithmetic
[PATCH] fix bdev leak in block_dev.c do_open()
[PATCH] fix races and leaks in vfs_quota_on() users
[PATCH] clean dup2() up a bit
[PATCH] merge locate_fd() and get_unused_fd()
[PATCH] ipv4_static_sysctl_init() should be under CONFIG_SYSCTL
Re: BUG at security/selinux/avc.c:883 (was: Re: linux-next: Tree
