02 Nov, 2017

1 commit

• b24413180   License cleanup: add SPDX GPL-2.0 license identifier to files with no license ... Browse Code »

  Many source files in the tree are missing licensing information, which
  makes it harder for compliance tools to determine the correct license.

  By default all files without license information are under the default
  license of the kernel, which is GPL version 2.

  Update the files which contain no license information with the 'GPL-2.0'
  SPDX license identifier. The SPDX identifier is a legally binding
  shorthand, which can be used instead of the full boiler plate text.

  This patch is based on work done by Thomas Gleixner and Kate Stewart and
  Philippe Ombredanne.

  How this work was done:

  Patches were generated and checked against linux-4.14-rc6 for a subset of
  the use cases:
  - file had no licensing information it it.
  - file was a */uapi/* one with no licensing information in it,
  - file was a */uapi/* one with existing licensing information,

  Further patches will be generated in subsequent months to fix up cases
  where non-standard license headers were used, and references to license
  had to be inferred by heuristics based on keywords.

  The analysis to determine which SPDX License Identifier to be applied to
  a file was done in a spreadsheet of side by side results from of the
  output of two independent scanners (ScanCode & Windriver) producing SPDX
  tag:value files created by Philippe Ombredanne. Philippe prepared the
  base worksheet, and did an initial spot review of a few 1000 files.

  The 4.13 kernel was the starting point of the analysis with 60,537 files
  assessed. Kate Stewart did a file by file comparison of the scanner
  results in the spreadsheet to determine which SPDX license identifier(s)
  to be applied to the file. She confirmed any determination that was not
  immediately clear with lawyers working with the Linux Foundation.

  Criteria used to select files for SPDX license identifier tagging was:
  - Files considered eligible had to be source code files.
  - Make and config files were included as candidates if they contained >5
  lines of source
  - File already had some variant of a license header in it (even if
  Reviewed-by: Philippe Ombredanne
  Reviewed-by: Thomas Gleixner
  Signed-off-by: Greg Kroah-Hartman

  Greg Kroah-Hartman

  2017-11-02 18:10:55 +0800  

14 Dec, 2014

1 commit

• 51f39a1f0   syscalls: implement execveat() system call ... Browse Code »

  This patchset adds execveat(2) for x86, and is derived from Meredydd
  Luff's patch from Sept 2012 (https://lkml.org/lkml/2012/9/11/528).

  The primary aim of adding an execveat syscall is to allow an
  implementation of fexecve(3) that does not rely on the /proc filesystem,
  at least for executables (rather than scripts). The current glibc version
  of fexecve(3) is implemented via /proc, which causes problems in sandboxed
  or otherwise restricted environments.

  Given the desire for a /proc-free fexecve() implementation, HPA suggested
  (https://lkml.org/lkml/2006/7/11/556) that an execveat(2) syscall would be
  an appropriate generalization.

  Also, having a new syscall means that it can take a flags argument without
  back-compatibility concerns. The current implementation just defines the
  AT_EMPTY_PATH and AT_SYMLINK_NOFOLLOW flags, but other flags could be
  added in future -- for example, flags for new namespaces (as suggested at
  https://lkml.org/lkml/2006/7/11/474).

  Related history:
  - https://lkml.org/lkml/2006/12/27/123 is an example of someone
  realizing that fexecve() is likely to fail in a chroot environment.
  - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514043 covered
  documenting the /proc requirement of fexecve(3) in its manpage, to
  "prevent other people from wasting their time".
  - https://bugzilla.redhat.com/show_bug.cgi?id=241609 described a
  problem where a process that did setuid() could not fexecve()
  because it no longer had access to /proc/self/fd; this has since
  been fixed.

  This patch (of 4):

  Add a new execveat(2) system call. execveat() is to execve() as openat()
  is to open(): it takes a file descriptor that refers to a directory, and
  resolves the filename relative to that.

  In addition, if the filename is empty and AT_EMPTY_PATH is specified,
  execveat() executes the file to which the file descriptor refers. This
  replicates the functionality of fexecve(), which is a system call in other
  UNIXen, but in Linux glibc it depends on opening "/proc/self/fd/" (and
  so relies on /proc being mounted).

  The filename fed to the executed program as argv[0] (or the name of the
  script fed to a script interpreter) will be of the form "/dev/fd/"
  (for an empty filename) or "/dev/fd//", effectively
  reflecting how the executable was found. This does however mean that
  execution of a script in a /proc-less environment won't work; also, script
  execution via an O_CLOEXEC file descriptor fails (as the file will not be
  accessible after exec).

  Based on patches by Meredydd Luff.

  Signed-off-by: David Drysdale
  Cc: Meredydd Luff
  Cc: Shuah Khan
  Cc: "Eric W. Biederman"
  Cc: Andy Lutomirski
  Cc: Alexander Viro
  Cc: Thomas Gleixner
  Cc: Ingo Molnar
  Cc: "H. Peter Anvin"
  Cc: Kees Cook
  Cc: Arnd Bergmann
  Cc: Rich Felker
  Cc: Christoph Hellwig
  Cc: Michael Kerrisk
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  David Drysdale

  2014-12-14 04:42:51 +0800  

20 Mar, 2014

1 commit

• 4b5884114   audit: Add generic compat syscall support ... Browse Code »

  lib/audit.c provides a generic function for auditing system calls.
  This patch extends it for compat syscall support on bi-architectures
  (32/64-bit) by adding lib/compat_audit.c.
  What is required to support this feature are:
  * add asm/unistd32.h for compat system call names
  * select CONFIG_AUDIT_ARCH_COMPAT_GENERIC

  Signed-off-by: AKASHI Takahiro
  Acked-by: Richard Guy Briggs
  Signed-off-by: Eric Paris

  AKASHI Takahiro

  2014-03-20 22:11:35 +0800  

05 May, 2011

1 commit

• aaeb012fe   audit: support the "standard" <asm-generic/unistd.h> ... Browse Code »

  Many of the syscalls mentioned in the audit code are not present
  for architectures that implement only the "standard" set of
  Linux syscalls (e.g. openat, but not open, etc.). This change
  adds proper #ifdefs for all those syscalls.

  Acked-by: Arnd Bergmann
  Signed-off-by: Chris Metcalf

  Chris Metcalf

  2011-05-05 02:41:28 +0800  

11 May, 2007

2 commits

• e54dc2431   [PATCH] audit signal recipients ... Browse Code »

  When auditing syscalls that send signals, log the pid and security
  context for each target process. Optimize the data collection by
  adding a counter for signal-related rules, and avoiding allocating an
  aux struct unless we have more than one target process. For process
  groups, collect pid/context data in blocks of 16. Move the
  audit_signal_info() hook up in check_kill_permission() so we audit
  attempts where permission is denied.

  Signed-off-by: Amy Griffis
  Signed-off-by: Al Viro

  Amy Griffis

  2007-05-11 17:38:25 +0800  
• 7f13da40e   [PATCH] add SIGNAL syscall class (v3) ... Browse Code »

  Add a syscall class for sending signals.

  Signed-off-by: Amy Griffis
  Signed-off-by: Al Viro

  Amy Griffis

  2007-05-11 17:38:25 +0800  

23 Sep, 2006

1 commit

• a83fbf635   [PATCH] fix missing ifdefs in syscall classes hookup for generic targets ... Browse Code »

  several targets have no ....at() family and m32r calls its only chown variant
  chown32(), with __NR_chown being undefined. creat(2) is also absent in some
  targets.

  Signed-off-by: Al Viro
  Signed-off-by: Linus Torvalds

  Al Viro

  2006-09-23 08:48:56 +0800  

12 Sep, 2006

1 commit

• e65e1fc2d   [PATCH] syscall class hookup for all normal targets ... Browse Code »

  Take default arch/*/kernel/audit.c to lib/, have those with special
  needs (== biarch) define AUDIT_ARCH in their Kconfig.

  Signed-off-by: Al Viro

  Al Viro

  2006-09-12 15:04:40 +0800