- 11 7月, 2011 3 次提交
-
-
由 Tetsuo Handa 提交于
This patch adds support for permission checks using executable file's realpath upon execve() and symlink's target upon symlink(). Hooks are in the last patch of this pathset. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
This patch adds support for permission checks using file object's DAC attributes (e.g. owner/group) when checking file's pathnames. Hooks for passing file object's pointers are in the last patch of this pathset. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
This patch adds support for permission checks using current thread's UID/GID etc. in addition to pathnames. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 08 7月, 2011 1 次提交
-
-
由 Tetsuo Handa 提交于
/sys/kernel/security/tomoyo/.domain_status can be easily emulated using /sys/kernel/security/tomoyo/domain_policy . We can remove this interface by updating /usr/sbin/tomoyo-setprofile utility. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 01 7月, 2011 1 次提交
-
-
由 Tetsuo Handa 提交于
Commit eadd99cc "TOMOYO: Add auditing interface." by error replaced "struct tomoyo_request_info"->domain with tomoyo_domain(). Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 30 6月, 2011 10 次提交
-
-
由 Mimi Zohar 提交于
Move keys-ecryptfs.txt to Documentation/security. Signed-off-by: NMimi Zohar <zohar@us.ibm.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
Sort by alphabetic order. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
I forgot to add #ifndef in commit 0e4ae0e0 "TOMOYO: Make several options configurable.", resulting security/built-in.o: In function `tomoyo_bprm_set_creds': tomoyo.c:(.text+0x4698e): undefined reference to `tomoyo_load_policy' error. Reported-by: NStephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 James Morris 提交于
Merge branch 'for-security' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev into next
-
由 James Morris 提交于
-
git://git.kernel.org/pub/scm/virt/kvm/kvm由 Linus Torvalds 提交于
* 'kvm-updates/3.0' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: x86 emulator: fix %rip-relative addressing with immediate source operand
-
git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging由 Linus Torvalds 提交于
* 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging: i2c/pca954x: Initialize the mux to disconnected state i2c-taos-evm: Fix log messages
-
git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc由 Linus Torvalds 提交于
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc: arch/powerpc: use printk_ratelimited instead of printk_ratelimit powerpc/rtas-rtc: remove sideeffects of printk_ratelimit powerpc/pseries: remove duplicate SCSI_BNX2_ISCSI in pseries_defconfig powerpc/e500: fix breakage with fsl_rio_mcheck_exception powerpc/p1022ds: fix audio-related properties in the device tree powerpc/85xx: fix NAND_CMD_READID read bytes number
-
由 Linus Torvalds 提交于
It's not so much an error as a warning about normal Marvell crazines. So don't use KERN_ERR that ends up spamming the console even in quiet mode, it's not _that_ critical. Explained by Jeff: "Long explanation, it's a mess: Marvell took standard AHCI, and bastardized it to include a weird mode whereby PATA devices appear inside the AHCI DMA and interrupt infrastructure you're familiar with. So, PATA devices appear via pata_marvell driver, using basic legacy IDE programming interface. But SATA devices, which might also be attached to this chip, either work in under-performing mode or simply don't work at all (e.g. newer 6 Gbps devices or port multiplier attachments, NCQ, ...) On the other hand, 'ahci' driver loads and works with the chip's attached SATA devices quite beautifully, but is completely unable to drive any attached PATA devices, due to the Marvell-specific PATA-under-AHCI interface. The "masking port_map 0x7 -> 0x3" message is the ahci driver "hiding" the PATA port(s) from itself, making sure it will only drive the SATA ports it knows how to drive." Acked-by: NJeff Garzik <jgarzik@redhat.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 29 6月, 2011 25 次提交
-
-
由 Petri Gynther 提交于
pca954x power-on default is channel 0 connected. If multiple pca954x muxes are connected to the same physical I2C bus, the parent bus will see channel 0 devices behind both muxes by default. This is bad. Scenario: -- pca954x @ 0x70 -- ch 0 (I2C-bus-101) -- EEPROM @ 0x50 | I2C-bus-1 --- | -- pca954x @ 0x71 -- ch 0 (I2C-bus-111) -- EEPROM @ 0x50 1. Load I2C bus driver: creates I2C-bus-1 2. Load pca954x driver: creates virtual I2C-bus-101 and I2C-bus-111 3. Load eeprom driver 4. Try to read EEPROM @ 0x50 on I2C-bus-101. The transaction will also bleed onto I2C-bus-111 because pca954x @ 0x71 channel 0 is connected by default. Fix: Initialize pca954x to disconnected state in pca954x_probe() Signed-off-by: NPetri Gynther <pgynther@google.com> Signed-off-by: NJean Delvare <khali@linux-fr.org> Cc: stable@kernel.org
-
由 Jean Delvare 提交于
* Print all error and information messages even when debugging is disabled. * Don't use adapter device to log messages before it is ready. Signed-off-by: NJean Delvare <khali@linux-fr.org> Cc: stable@kernel.org
-
由 Avi Kivity 提交于
%rip-relative addressing is relative to the first byte of the next instruction, so we need to add %rip only after we've fetched any immediate bytes. Based on original patch by Li Xin <xin.li@intel.com>. Signed-off-by: NAvi Kivity <avi@redhat.com> Acked-by: NLi Xin <xin.li@intel.com> Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>
-
由 Christian Dietrich 提交于
Since printk_ratelimit() shouldn't be used anymore (see comment in include/linux/printk.h), replace it with printk_ratelimited. Signed-off-by: NChristian Dietrich <christian.dietrich@informatik.uni-erlangen.de> Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
-
由 Christian Dietrich 提交于
Don't use printk_ratelimit() as an additional condition for returning on an error. Because when the ratelimit is reached, printk_ratelimit will return 0 and e.g. in rtas_get_boot_time won't check for an error condition. Signed-off-by: NChristian Dietrich <christian.dietrich@informatik.uni-erlangen.de> Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
-
由 John Johansen 提交于
AppArmor is masking the capabilities returned by capget against the capabilities mask in the profile. This is wrong, in complain mode the profile has effectively all capabilities, as the profile restrictions are not being enforced, merely tested against to determine if an access is known by the profile. This can result in the wrong behavior of security conscience applications like sshd which examine their capability set, and change their behavior accordingly. In this case because of the masked capability set being returned sshd fails due to DAC checks, even when the profile is in complain mode. Kernels affected: 2.6.36 - 3.0. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
The pointer returned from tracehook_tracer_task() is only valid inside the rcu_read_lock. However the tracer pointer obtained is being passed to aa_may_ptrace outside of the rcu_read_lock critical section. Mover the aa_may_ptrace test into the rcu_read_lock critical section, to fix this. Kernels affected: 2.6.36 - 3.0 Reported-by: NOleg Nesterov <oleg@redhat.com> Cc: stable@kernel.org Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 Tetsuo Handa 提交于
To be able to start using enforcing mode from the early stage of boot sequence, this patch adds support for activating access control without calling external policy loader program. This will be useful for systems where operations which can lead to the hijacking of the boot sequence are needed before loading the policy. For example, you can activate immediately after loading the fixed part of policy which will allow only operations needed for mounting a partition which contains the variant part of policy and verifying (e.g. running GPG check) and loading the variant part of policy. Since you can start using enforcing mode from the beginning, you can reduce the possibility of hijacking the boot sequence. This patch makes several variables configurable on build time. This patch also adds TOMOYO_loader= and TOMOYO_trigger= kernel command line option to boot the same kernel in two different init systems (BSD-style init and systemd). Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
To be able to start using enforcing mode from the early stage of boot sequence, this patch adds support for built-in policy configuration (and next patch adds support for activating access control without calling external policy loader program). Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
Show statistics such as last policy update time and last policy violation time in addition to memory usage. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
Gather string constants to one file in order to make the object size smaller. Use unsigned type where appropriate. read()/write() returns ssize_t. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
Currently TOMOYO holds SRCU lock upon open() and releases it upon close() because list elements stored in the "struct tomoyo_io_buffer" instances are accessed until close() is called. However, such SRCU usage causes lockdep to complain about leaving the kernel with SRCU lock held. This patch solves the warning by holding/releasing SRCU upon each read()/write(). This patch is doing something similar to calling kfree() without calling synchronize_srcu(), by selectively deferring kfree() by keeping track of the "struct tomoyo_io_buffer" instances. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
TOMOYO wants to use /proc/self/ rather than /proc/$PID/ if $PID matches current thread's process ID in order to prevent current thread from accessing other process's information unless needed. But since procfs can be mounted on various locations (e.g. /proc/ /proc2/ /p/ /tmp/foo/100/p/ ), TOMOYO cannot tell that whether the numeric part in the string returned by __d_path() represents process ID or not. Therefore, to be able to convert from $PID to self no matter where procfs is mounted, this patch changes pathname representations for filesystems which do not support rename() operation (e.g. proc, sysfs, securityfs). Examples: /proc/self/mounts => proc:/self/mounts /sys/kernel/security/ => sys:/kernel/security/ /dev/pts/0 => devpts:/0 Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments, for TOMOYO cannot distinguish between environments outside the container and environments inside the container since LXC environments are created using pivot_root(). To address this problem, this patch introduces policy namespace. Each policy namespace has its own set of domain policy, exception policy and profiles, which are all independent of other namespaces. This independency allows users to develop policy without worrying interference among namespaces. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
ACL group allows administrator to globally grant not only "file read" permission but also other permissions. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
Add /sys/kernel/security/tomoyo/audit interface. This interface generates audit logs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse audit logs for appending to /sys/kernel/security/tomoyo/domain_policy interface. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
Remove global preference from profile structure in order to make code simpler. Due to this structure change, printk() warnings upon policy violation are temporarily disabled. They will be replaced by /sys/kernel/security/tomoyo/audit by next patch. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
Convert "allow_..." style directives to "file ..." style directives. By converting to the latter style, we can pack policy like "file read/write/execute /path/to/file". Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
Use structure for passing ACL line, in preparation for supporting policy namespace and conditional parameters. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
Use common structure for ACL with "struct list_head" + "atomic_t". Use array/struct where possible. Remove is_group from "struct tomoyo_name_union"/"struct tomoyo_number_union". Pass "struct file"->private_data rather than "struct file". Update some of comments. Bring tomoyo_same_acl_head() from common.h to domain.c . Bring tomoyo_invalid()/tomoyo_valid() from common.h to util.c . Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
Update (or temporarily remove) comments. Remove or replace some of #define lines. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
In order to synchronize with TOMOYO 1.8's syntax, (1) Remove special handling for allow_read/write permission. (2) Replace deny_rewrite/allow_rewrite permission with allow_append permission. (3) Remove file_pattern keyword. (4) Remove allow_read permission from exception policy. (5) Allow creating domains in enforcing mode without calling supervisor. (6) Add permission check for opening directory for reading. (7) Add permission check for stat() operation. (8) Make "cat < /sys/kernel/security/tomoyo/self_domain" behave as if "cat /sys/kernel/security/tomoyo/self_domain". Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Michael Neuling 提交于
Remove duplicate assignment of SCSI_BNX2_ISCSI in pseries_defconfig introduced by: 37e0c21e powerpc/pseries: Enable iSCSI support for a number of cards causes warning: arch/powerpc/configs/pseries_defconfig:151:warning: override: reassigning to symbol SCSI_BNX2_ISCSI Signed-off-by: NMichael Neuling <mikey@neuling.org> Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/keithp/linux-2.6由 Linus Torvalds 提交于
* 'drm-intel-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/keithp/linux-2.6: drm/i915: Use chipset-specific irq installers drm/i915: forcewake fix after reset drm/i915: add Ivy Bridge page flip support drm/i915: split page flip queueing into per-chipset functions
-
由 Linus Torvalds 提交于
Merge branch 'driver-core-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6 * 'driver-core-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6: Connector: Correctly set the error code in case of success when dispatching receive callbacks Connector: Set the CN_NETLINK_USERS correctly pti: PTI semantics fix in pti_tty_cleanup. pti: ENXIO error case memory leak PTI fix. pti: double-free security PTI fix drivers:misc: ti-st: fix skipping of change remote baud drivers/base/platform.c: don't mark platform_device_register_resndata() as __init_or_module st_kim: Handle case of no device found for ID 0 firmware: fix GOOGLE_SMI kconfig dependency warning
-