1. 28 11月, 2016 29 次提交
  2. 24 11月, 2016 1 次提交
  3. 23 11月, 2016 2 次提交
    • J
      Merge branch 'next' of... · b075361e
      James Morris 提交于
      Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next
      b075361e
    • A
      selinux: Convert isec->lock into a spinlock · 9287aed2
      Andreas Gruenbacher 提交于
      Convert isec->lock from a mutex into a spinlock.  Instead of holding
      the lock while sleeping in inode_doinit_with_dentry, set
      isec->initialized to LABEL_PENDING and release the lock.  Then, when
      the sid has been determined, re-acquire the lock.  If isec->initialized
      is still set to LABEL_PENDING, set isec->sid; otherwise, the sid has
      been set by another task (LABEL_INITIALIZED) or invalidated
      (LABEL_INVALID) in the meantime.
      
      This fixes a deadlock on gfs2 where
      
       * one task is in inode_doinit_with_dentry -> gfs2_getxattr, holds
         isec->lock, and tries to acquire the inode's glock, and
      
       * another task is in do_xmote -> inode_go_inval ->
         selinux_inode_invalidate_secctx, holds the inode's glock, and
         tries to acquire isec->lock.
      Signed-off-by: NAndreas Gruenbacher <agruenba@redhat.com>
      [PM: minor tweaks to keep checkpatch.pl happy]
      Signed-off-by: NPaul Moore <paul@paul-moore.com>
      9287aed2
  4. 22 11月, 2016 2 次提交
    • J
      Merge remote branch 'smack/smack-for-4.10' into next · 636e4625
      James Morris 提交于
      636e4625
    • S
      selinux: keep SELinux in sync with new capability definitions · 3322d0d6
      Stephen Smalley 提交于
      When a new capability is defined, SELinux needs to be updated.
      Trigger a build error if a new capability is defined without
      corresponding update to security/selinux/include/classmap.h's
      COMMON_CAP2_PERMS.  This is similar to BUILD_BUG_ON() guards
      in the SELinux nlmsgtab code to ensure that SELinux tracks
      new netlink message types as needed.
      
      Note that there is already a similar build guard in
      security/selinux/hooks.c to detect when more than 64
      capabilities are defined, since that will require adding
      a third capability class to SELinux.
      
      A nicer way to do this would be to extend scripts/selinux/genheaders
      or a similar tool to auto-generate the necessary definitions and code
      for SELinux capability checking from include/uapi/linux/capability.h.
      AppArmor does something similar in its Makefile, although it only
      needs to generate a single table of names.  That is left as future
      work.
      Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
      [PM: reformat the description to keep checkpatch.pl happy]
      Signed-off-by: NPaul Moore <paul@paul-moore.com>
      3322d0d6
  5. 21 11月, 2016 1 次提交
    • S
      selinux: normalize input to /sys/fs/selinux/enforce · ea49d10e
      Stephen Smalley 提交于
      At present, one can write any signed integer value to
      /sys/fs/selinux/enforce and it will be stored,
      e.g. echo -1 > /sys/fs/selinux/enforce or echo 2 >
      /sys/fs/selinux/enforce. This makes no real difference
      to the kernel, since it only ever cares if it is zero or non-zero,
      but some userspace code compares it with 1 to decide if SELinux
      is enforcing, and this could confuse it. Only a process that is
      already root and is allowed the setenforce permission in SELinux
      policy can write to /sys/fs/selinux/enforce, so this is not considered
      to be a security issue, but it should be fixed.
      Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NPaul Moore <paul@paul-moore.com>
      ea49d10e
  6. 16 11月, 2016 1 次提交
    • C
      Smack: Remove unnecessary smack_known_invalid · 152f91d4
      Casey Schaufler 提交于
      The invalid Smack label ("") and the Huh ("?") Smack label
      serve the same purpose and having both is unnecessary.
      While pulling out the invalid label it became clear that
      the use of smack_from_secid() was inconsistent, so that
      is repaired. The setting of inode labels to the invalid
      label could never happen in a functional system, has
      never been observed in the wild and is not what you'd
      really want for a failure behavior in any case. That is
      removed.
      Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
      152f91d4
  7. 15 11月, 2016 4 次提交