Eric Lee / smarc-fsl-linux-kernel

10 Sep, 2011

1 commit

17 Dec, 2010

1 commit

  • 350e4f31e   SELinux: define permissions for DCB netlink messages ... Browse Code »

    Commit 2f90b865 added two new netlink message types to the netlink route
    socket. SELinux has hooks to define if netlink messages are allowed to
    be sent or received, but it did not know about these two new message
    types. By default we allow such actions so noone likely noticed. This
    patch adds the proper definitions and thus proper permissions
    enforcement.

    Signed-off-by: Eric Paris

    Eric Paris
     

04 Mar, 2010

1 commit

03 Jun, 2009

1 commit

06 Mar, 2009

1 commit

06 Nov, 2008

1 commit

  • 2f99db28a   selinux: recognize netlink messages for 'ip addrlabel' ... Browse Code »

    In enforcing mode '/sbin/ip addrlabel' results in a SELinux error:
    type=SELINUX_ERR msg=audit(1225698822.073:42): SELinux: unrecognized
    netlink message type=74 for sclass=43

    The problem is missing RTM_*ADDRLABEL entries in SELinux's netlink
    message types table.

    Reported in https://bugzilla.redhat.com/show_bug.cgi?id=469423

    Signed-off-by: Michal Schmidt
    Acked-by: Stephen Smalley
    Signed-off-by: James Morris

    Michal Schmidt
     

21 Apr, 2008

1 commit

  • bfff3aa49   SELinux: nlmsgtab.c whitespace, syntax, and static declaraction cleanups ... Browse Code »

    This patch changes nlmsgtab.c to fix whitespace and syntax issues. Things that
    are fixed may include (does not not have to include)

    whitespace at end of lines
    spaces followed by tabs
    spaces used instead of tabs
    spacing around parenthesis
    locateion of { around struct and else clauses
    location of * in pointer declarations
    removal of initialization of static data to keep it in the right section
    useless {} in if statemetns
    useless checking for NULL before kfree
    fixing of the indentation depth of switch statements
    and any number of other things I forgot to mention

    Signed-off-by: Eric Paris
    Signed-off-by: James Morris

    Eric Paris
     

17 Jul, 2007

1 commit

  • 522ed7767   Audit: add TTY input auditing ... Browse Code »

    Add TTY input auditing, used to audit system administrator's actions. This is
    required by various security standards such as DCID 6/3 and PCI to provide
    non-repudiation of administrator's actions and to allow a review of past
    actions if the administrator seems to overstep their duties or if the system
    becomes misconfigured for unknown reasons. These requirements do not make it
    necessary to audit TTY output as well.

    Compared to an user-space keylogger, this approach records TTY input using the
    audit subsystem, correlated with other audit events, and it is completely
    transparent to the user-space application (e.g. the console ioctls still
    work).

    TTY input auditing works on a higher level than auditing all system calls
    within the session, which would produce an overwhelming amount of mostly
    useless audit events.

    Add an "audit_tty" attribute, inherited across fork (). Data read from TTYs
    by process with the attribute is sent to the audit subsystem by the kernel.
    The audit netlink interface is extended to allow modifying the audit_tty
    attribute, and to allow sending explanatory audit events from user-space (for
    example, a shell might send an event containing the final command, after the
    interactive command-line editing and history expansion is performed, which
    might be difficult to decipher from the TTY input alone).

    Because the "audit_tty" attribute is inherited across fork (), it would be set
    e.g. for sshd restarted within an audited session. To prevent this, the
    audit_tty attribute is cleared when a process with no open TTY file
    descriptors (e.g. after daemon startup) opens a TTY.

    See https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a
    more detailed rationale document for an older version of this patch.

    [akpm@linux-foundation.org: build fix]
    Signed-off-by: Miloslav Trmac
    Cc: Al Viro
    Cc: Alan Cox
    Cc: Paul Fulghum
    Cc: Casey Schaufler
    Cc: Steve Grubb
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Miloslav Trmac
     

03 Dec, 2006

1 commit

26 Mar, 2006

1 commit

  • 1b9a39173   Merge branch 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current ... Browse Code »

    * 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits)
    [PATCH] fix audit_init failure path
    [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format
    [PATCH] sem2mutex: audit_netlink_sem
    [PATCH] simplify audit_free() locking
    [PATCH] Fix audit operators
    [PATCH] promiscuous mode
    [PATCH] Add tty to syscall audit records
    [PATCH] add/remove rule update
    [PATCH] audit string fields interface + consumer
    [PATCH] SE Linux audit events
    [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c
    [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL
    [PATCH] Fix IA64 success/failure indication in syscall auditing.
    [PATCH] Miscellaneous bug and warning fixes
    [PATCH] Capture selinux subject/object context information.
    [PATCH] Exclude messages by message type
    [PATCH] Collect more inode information during syscall processing.
    [PATCH] Pass dentry, not just name, in fsnotify creation hooks.
    [PATCH] Define new range of userspace messages.
    [PATCH] Filter rule comparators
    ...

    Fixed trivial conflict in security/selinux/hooks.c

    Linus Torvalds
     

21 Mar, 2006

3 commits

30 Aug, 2005

1 commit

19 Jun, 2005

1 commit

  • c7fb64db0   [NETLINK]: Neighbour table configuration and statistics via rtnetlink ... Browse Code »

    To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
    NLM_F_DUMP flag set. Every neighbour table configuration is
    spread over multiple messages to avoid running into message
    size limits on systems with many interfaces. The first message
    in the sequence transports all not device specific data such as
    statistics, configuration, and the default parameter set.
    This message is followed by 0..n messages carrying device
    specific parameter sets.

    Although the ordering should be sufficient, NDTA_NAME can be
    used to identify sequences. The initial message can be identified
    by checking for NDTA_CONFIG. The device specific messages do
    not contain this TLV but have NDTPA_IFINDEX set to the
    corresponding interface index.

    To change neighbour table attributes, send RTM_SETNEIGHTBL
    with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
    NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
    otherwise. Device specific parameter sets can be changed by
    setting NDTPA_IFINDEX to the interface index of the corresponding
    device.

    Signed-off-by: Thomas Graf
    Signed-off-by: David S. Miller

    Thomas Graf
     

18 May, 2005

1 commit

14 May, 2005

1 commit

  • c04049939   AUDIT: Add message types to audit records ... Browse Code »

    This patch adds more messages types to the audit subsystem so that audit
    analysis is quicker, intuitive, and more useful.

    Signed-off-by: Steve Grubb
    ---
    I forgot one type in the big patch. I need to add one for user space
    originating SE Linux avc messages. This is used by dbus and nscd.

    -Steve
    ---
    Updated to 2.6.12-rc4-mm1.
    -dwmw2

    Signed-off-by: David Woodhouse

    Steve Grubb
     

06 May, 2005

1 commit

  • c2f0c7c35   The attached patch addresses the problem with getting the audit daemon ... Browse Code »

    shutdown credential information. It creates a new message type
    AUDIT_TERM_INFO, which is used by the audit daemon to query who issued the
    shutdown.

    It requires the placement of a hook function that gathers the information. The
    hook is after the DAC & MAC checks and before the function returns. Racing
    threads could overwrite the uid & pid - but they would have to be root and
    have policy that allows signalling the audit daemon. That should be a
    manageable risk.

    The userspace component will be released later in audit 0.7.2. When it
    receives the TERM signal, it queries the kernel for shutdown information.
    When it receives it, it writes the message and exits. The message looks
    like this:

    type=DAEMON msg=auditd(1114551182.000) auditd normal halt, sending pid=2650
    uid=525, auditd pid=1685

    Signed-off-by: Steve Grubb
    Signed-off-by: David Woodhouse

    Steve Grubb
     

01 May, 2005

1 commit

  • b207a290e   [PATCH] SELinux: add finer grained permissions to Netlink audit processing ... Browse Code »

    This patch provides finer grained permissions for the audit family of
    Netlink sockets under SELinux.

    1. We need a way to differentiate between privileged and unprivileged
    reads of kernel data maintained by the audit subsystem. The AUDIT_GET
    operation is unprivileged: it returns the current status of the audit
    subsystem (e.g. whether it's enabled etc.). The AUDIT_LIST operation
    however returns a list of the current audit ruleset, which is considered
    privileged by the audit folk. To deal with this, a new SELinux
    permission has been implemented and applied to the operation:
    nlmsg_readpriv, which can be allocated to appropriately privileged
    domains. Unprivileged domains would only be allocated nlmsg_read.

    2. There is a requirement for certain domains to generate audit events
    from userspace. These events need to be collected by the kernel,
    collated and transmitted sequentially back to the audit daemon. An
    example is user level login, an auditable event under CAPP, where
    login-related domains generate AUDIT_USER messages via PAM which are
    relayed back to auditd via the kernel. To prevent handing out
    nlmsg_write permissions to such domains, a new permission has been
    added, nlmsg_relay, which is intended for this type of purpose: data is
    passed via the kernel back to userspace but no privileged information is
    written to the kernel.

    Also, AUDIT_LOGIN messages are now valid only for kernel->user messaging,
    so this value has been removed from the SELinux nlmsgtab (which is only
    used to check user->kernel messages).

    Signed-off-by: James Morris
    Signed-off-by: Stephen Smalley
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    James Morris
     

17 Apr, 2005

2 commits

  • 388c69789   [PATCH] SELinux: fix bug in Netlink message type detection ... Browse Code »

    This patch fixes a bug in the SELinux Netlink message type detection code,
    where the wrong constant was being used in a case statement. The incorrect
    value is not valid for this class of object so it would not have been
    reached, and fallen through to a default handler for all Netlink messages.

    Signed-off-by: James Morris
    Signed-off-by: Stephen Smalley
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    James Morris
     
  • 1da177e4c   Linux-2.6.12-rc2 ... Browse Code »

    Initial git repository build. I'm not bothering with the full history,
    even though we have it. We can create a separate "historical" git
    archive of that later if we want to, and in the meantime it's about
    3.2GB when imported into git - space that would just make the early
    git days unnecessarily complicated, when we don't have a lot of good
    infrastructure for it.

    Let it rip!

    Linus Torvalds