16 Jul, 2008
1 commit
11 Jul, 2008
2 commits
-
Conflicts:
include/linux/rculist.h
kernel/rcupreempt.cSigned-off-by: Ingo Molnar
-
So, no need to kfree_skb here on the error path. In this case we can
simply return.Signed-off-by: Denis V. Lunev
Acked-by: Paul Moore
Signed-off-by: David S. Miller
28 Jun, 2008
1 commit
-
There is a missing "!" in a conditional statement which is causing entries to
be skipped when dumping the default IPv6 static label entries. This can be
demonstrated by running the following:# netlabelctl unlbl add default address:::1 \
label:system_u:object_r:unlabeled_t:s0
# netlabelctl -p unlbl list... you will notice that the entry for the IPv6 localhost address is not
displayed but does exist (works correctly, causes collisions when attempting
to add duplicate entries, etc.).Signed-off-by: Paul Moore
Signed-off-by: David S. Miller
19 May, 2008
1 commit
-
Move rcu-protected lists from list.h into a new header file rculist.h.
This is done because list are a very used primitive structure all over the
kernel and it's currently impossible to include other header files in this
list.h without creating some circular dependencies.For example, list.h implements rcu-protected list and uses rcu_dereference()
without including rcupdate.h. It actually compiles because users of
rcu_dereference() are macros. Others RCU functions could be used too but
aren't probably because of this.Therefore this patch creates rculist.h which includes rcupdates without to
many changes/troubles.Signed-off-by: Franck Bui-Huu
Acked-by: Paul E. McKenney
Acked-by: Josh Triplett
Signed-off-by: Andrew Morton
Signed-off-by: Ingo Molnar
28 Apr, 2008
1 commit
-
Previously I added sessionid output to all audit messages where it was
available but we still didn't know the sessionid of the sender of
netlink messages. This patch adds that information to netlink messages
so we can audit who sent netlink messages.Signed-off-by: Eric Paris
Signed-off-by: Al Viro
18 Apr, 2008
1 commit
-
dev_get_by_index() may return NULL if nothing is found. In
net/netlabel/netlabel_unlabeled.c::netlbl_unlabel_staticlist_gen() the
function is called, but the return value is never checked. If it returns
NULL then we'll deref a NULL pointer on the very next line.
I checked the callers, and I don't think this can actually happen today,
but code changes over time and in the future it might happen and it does
no harm to be defensive and check for the failure, so that if/when it
happens we'll fail gracefully instead of crashing.Signed-off-by: Jesper Juhl
Acked-by: Paul Moore
Signed-off-by: David S. Miller
26 Mar, 2008
1 commit
-
Introduce per-net_device inlines: dev_net(), dev_net_set().
Without CONFIG_NET_NS, no namespace other than &init_net exists.
Let's explicitly define them to help compiler optimizations.Signed-off-by: YOSHIFUJI Hideaki
18 Feb, 2008
2 commits
-
Everything that is called from netlbl_init() can be marked with
__init. This moves 620 bytes from .text section to .text.init one.Signed-off-by: Pavel Emelyanov
Acked-by: Paul Moore
Signed-off-by: David S. Miller -
Turning them to array and registration in a loop saves
80 lines of code and ~300 bytes from text section.Signed-off-by: Pavel Emelyanov
Acked-by: Paul Moore
Signed-off-by: David S. Miller
13 Feb, 2008
4 commits
-
This one is called from under this config only, so move
it in the same place.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
Some code declares variables on the stack, but uses them
under #ifdef CONFIG_IPV6, so thay become unused when ipv6
is off. Fortunately, they are used in a switch's case
branches, so the fix is rather simple.Is it OK from coding style POV to add braces inside "cases",
or should I better avoid such style and rework the patch?Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
The audit_log_start() will expand into an empty do { } while (0)
construction and the audit_ctx becomes unused.The solution: push current->audit_context into audit_log_start()
directly, since it is not required in any other place in the
calling function.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
Currently, if the call to netlbl_domhsh_search succeeds the
return result will still be NULL.Fix that, by returning the found entry (if any).
Signed-off-by: Pavel Emelyanov
Acked-by: Paul Moore
Signed-off-by: David S. Miller
06 Feb, 2008
1 commit
-
Add a new set of configuration functions to the NetLabel/LSM API so that
LSMs can perform their own configuration of the NetLabel subsystem without
relying on assistance from userspace.Signed-off-by: Paul Moore
Signed-off-by: Casey Schaufler
Reviewed-by: James Morris
Cc: Chris Wright
Cc: Stephen Smalley
Cc: Casey Schaufler
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
30 Jan, 2008
7 commits
-
This patch adds auditing support to the NetLabel static labeling mechanism.
Signed-off-by: Paul Moore
Signed-off-by: James Morris -
Most trusted OSs, with the exception of Linux, have the ability to specify
static security labels for unlabeled networks. This patch adds this ability to
the NetLabel packet labeling framework.If the NetLabel subsystem is called to determine the security attributes of an
incoming packet it first checks to see if any recognized NetLabel packet
labeling protocols are in-use on the packet. If none can be found then the
unlabled connection table is queried and based on the packets incoming
interface and address it is matched with a security label as configured by the
administrator using the netlabel_tools package. The matching security label is
returned to the caller just as if the packet was explicitly labeled using a
labeling protocol.Signed-off-by: Paul Moore
Signed-off-by: James Morris -
In order to do any sort of IP header inspection of incoming packets we need to
know which address family, AF_INET/AF_INET6/etc., it belongs to and since the
sk_buff structure does not store this information we need to pass along the
address family separate from the packet itself.Signed-off-by: Paul Moore
Signed-off-by: James Morris -
This patch adds support to the NetLabel LSM secattr struct for a secid token
and a type field, paving the way for full LSM/SELinux context support and
"static" or "fallback" labels. In addition, this patch adds a fair amount
of documentation to the core NetLabel structures used as part of the
NetLabel kernel API.Signed-off-by: Paul Moore
Signed-off-by: James Morris -
Currently we use two separate spinlocks to protect both the hash/mapping table
and the default entry. This could be considered a bit foolish because it adds
complexity without offering any real performance advantage. This patch
removes the dedicated default spinlock and protects the default entry with the
hash/mapping table spinlock.Signed-off-by: Paul Moore
Signed-off-by: James Morris -
The NetLabel/LSM domain hash table search function used an argument to specify
if the default entry should be returned if an exact match couldn't be found in
the hash table. This is a bit against the kernel's style so make two separate
functions to represent the separate behaviors.Signed-off-by: Paul Moore
Signed-off-by: James Morris -
This patch removes some unneeded RCU read locks as we can treat the reads as
"safe" even without RCU. It also converts the NetLabel configuration refcount
from a spinlock protected u32 into atomic_t to be more consistent with the rest
of the kernel.Signed-off-by: Paul Moore
Signed-off-by: James Morris
21 Dec, 2007
1 commit
-
Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
26 Oct, 2007
1 commit
-
This fixes some awkward, and perhaps even problematic, RCU lock usage in the
NetLabel code as well as some other related trivial cleanups found when
looking through the RCU locking. Most of the changes involve removing the
redundant RCU read locks wrapping spinlocks in the case of a RCU writer.Signed-off-by: Paul Moore
Signed-off-by: David S. Miller
11 Oct, 2007
1 commit
-
This change allows the generic attribute interface to be used within
the netfilter subsystem where this flag was initially introduced.The byte-order flag is yet unused, it's intended use is to
allow automatic byte order convertions for all atomic types.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller
08 Aug, 2007
1 commit
-
The LSM domain mapping head table pointer was not being referenced via the RCU
safe dereferencing function, rcu_dereference(). This patch adds those missing
calls to the NetLabel code.This has been tested using recent linux-2.6 git kernels with no visible
regressions.Signed-off-by: Paul Moore
Signed-off-by: David S. Miller
02 Aug, 2007
1 commit
-
The security_secid_to_secctx() function returns memory that must be freed
by a call to security_release_secctx() which was not always happening. This
patch fixes two of these problems (all that I could find in the kernel source
at present).Signed-off-by: Paul Moore
Acked-by: Stephen Smalley
Signed-off-by: James Morris
19 Jul, 2007
1 commit
-
Create a new NetLabel KAPI interface, netlbl_enabled(), which reports on the
current runtime status of NetLabel based on the existing configuration. LSMs
that make use of NetLabel, i.e. SELinux, can use this new function to determine
if they should perform NetLabel access checks. This patch changes the
NetLabel/SELinux glue code such that SELinux only enforces NetLabel related
access checks when netlbl_enabled() returns true.At present NetLabel is considered to be enabled when there is at least one
labeled protocol configuration present. The result is that by default NetLabel
is considered to be disabled, however, as soon as an administrator configured
a CIPSO DOI definition NetLabel is enabled and SELinux starts enforcing
NetLabel related access controls - including unlabeled packet controls.This patch also tries to consolidate the multiple "#ifdef CONFIG_NETLABEL"
blocks into a single block to ease future review as recommended by Linus.Signed-off-by: Paul Moore
Signed-off-by: James Morris
17 Jul, 2007
1 commit
-
Add TTY input auditing, used to audit system administrator's actions. This is
required by various security standards such as DCID 6/3 and PCI to provide
non-repudiation of administrator's actions and to allow a review of past
actions if the administrator seems to overstep their duties or if the system
becomes misconfigured for unknown reasons. These requirements do not make it
necessary to audit TTY output as well.Compared to an user-space keylogger, this approach records TTY input using the
audit subsystem, correlated with other audit events, and it is completely
transparent to the user-space application (e.g. the console ioctls still
work).TTY input auditing works on a higher level than auditing all system calls
within the session, which would produce an overwhelming amount of mostly
useless audit events.Add an "audit_tty" attribute, inherited across fork (). Data read from TTYs
by process with the attribute is sent to the audit subsystem by the kernel.
The audit netlink interface is extended to allow modifying the audit_tty
attribute, and to allow sending explanatory audit events from user-space (for
example, a shell might send an event containing the final command, after the
interactive command-line editing and history expansion is performed, which
might be difficult to decipher from the TTY input alone).Because the "audit_tty" attribute is inherited across fork (), it would be set
e.g. for sshd restarted within an audited session. To prevent this, the
audit_tty attribute is cleared when a process with no open TTY file
descriptors (e.g. after daemon startup) opens a TTY.See https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a
more detailed rationale document for an older version of this patch.[akpm@linux-foundation.org: build fix]
Signed-off-by: Miloslav Trmac
Cc: Al Viro
Cc: Alan Cox
Cc: Paul Fulghum
Cc: Casey Schaufler
Cc: Steve Grubb
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
09 Jun, 2007
1 commit
-
The current NetLabel code has some redundant APIs which allow both
"struct socket" and "struct sock" types to be used; this may have made
sense at some point but it is wasteful now. Remove the functions that
operate on sockets and convert the callers. Not only does this make
the code smaller and more consistent but it pushes the locking burden
up to the caller which can be more intelligent about the locks. Also,
perform the same conversion (socket to sock) on the SELinux/NetLabel
glue code where it make sense.Signed-off-by: Paul Moore
Acked-by: James Morris
Signed-off-by: David S. Miller
08 Jun, 2007
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
26 Apr, 2007
1 commit
-
Up until this patch the functions which have provided NetLabel support to
SELinux have been integrated into the SELinux security server, which for
various reasons is not really ideal. This patch makes an effort to extract as
much of the NetLabel support from the security server as possibile and move it
into it's own file within the SELinux directory structure.Signed-off-by: Paul Moore
Signed-off-by: James Morris
01 Mar, 2007
1 commit
-
Signed-off-by: Patrick McHardy
Acked-by: Paul Moore
Signed-off-by: David S. Miller
11 Feb, 2007
1 commit
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
09 Jan, 2007
1 commit
-
The current netlbl_cipsov4_add_common() function has two problems which are
fixed with this patch. The first is an off-by-one bug where it is possibile to
overflow the doi_def->tags[] array. The second is a bug where the same
doi_def->tags[] array was not always fully initialized, which caused sporadic
failures.Signed-off-by: Paul Moore
Signed-off-by: James Morris
23 Dec, 2006
2 commits
-
Back when the original NetLabel patches were being changed to use Netlink
attributes correctly some code was accidentially dropped which set all of the
undefined CIPSOv4 level and category mappings to a sentinel value. The result
is the mappings data in the kernel contains bogus mappings which always map to
zero. This patch restores the old/correct behavior by initializing the mapping
data to the correct sentinel value.Signed-off-by: Paul Moore
Signed-off-by: James Morris -
There are a couple of cases where the user input for a CIPSOv4 DOI add
operation was not being done soon enough; the result was unexpected behavior
which was resulting in oops/panics/lockups on some platforms. This patch moves
the existing input validation code earlier in the code path to protect against
bogus user input.Signed-off-by: Paul Moore
Signed-off-by: James Morris
03 Dec, 2006
3 commits
-
The original NetLabel category bitmap was a straight char bitmap which worked
fine for the initial release as it only supported 240 bits due to limitations
in the CIPSO restricted bitmap tag (tag type 0x01). This patch converts that
straight char bitmap into an extensibile/sparse bitmap in order to lay the
foundation for other CIPSO tag types and protocols.This patch also has a nice side effect in that all of the security attributes
passed by NetLabel into the LSM are now in a format which is in the host's
native byte/bit ordering which makes the LSM specific code much simpler; look
at the changes in security/selinux/ss/ebitmap.c as an example.Signed-off-by: Paul Moore
Signed-off-by: James Morris -
The audit_enabled flag is used to signal when syscall auditing is to be
performed. While NetLabel uses a Netlink interface instead of syscalls, it is
reasonable to consider the NetLabel Netlink interface as a form of syscall so
pay attention to the audit_enabled flag when generating audit messages in
NetLabel.Signed-off-by: Paul Moore
Signed-off-by: James Morris -
Right now the NetLabel code always jumps into the CIPSOv4 layer to determine if
a CIPSO IP option is present. However, we can do this check directly in the
NetLabel code by making use of the CIPSO_V4_OPTEXIST() macro which should save
us a function call in the common case of not having a CIPSOv4 option present.Signed-off-by: Paul Moore
Signed-off-by: James Morris