1. 23 1月, 2016 1 次提交
    • A
      wrappers for ->i_mutex access · 5955102c
      Al Viro 提交于
      parallel to mutex_{lock,unlock,trylock,is_locked,lock_nested},
      inode_foo(inode) being mutex_foo(&inode->i_mutex).
      
      Please, use those for access to ->i_mutex; over the coming cycle
      ->i_mutex will become rwsem, with ->lookup() done with it held
      only shared.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      5955102c
  2. 04 1月, 2016 1 次提交
    • A
      selinuxfs: switch to memdup_user_nul() · 8365a719
      Al Viro 提交于
      Nothing in there gives a damn about the buffer alignment - it
      just parses its contents.  So the use of get_zeroed_page()
      doesn't buy us anything - might as well had been kmalloc(),
      which makes that code equivalent to open-coded memdup_user_nul()
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      8365a719
  3. 25 12月, 2015 1 次提交
  4. 22 10月, 2015 1 次提交
  5. 11 9月, 2015 1 次提交
  6. 01 7月, 2015 1 次提交
  7. 16 4月, 2015 1 次提交
  8. 26 3月, 2015 1 次提交
  9. 26 1月, 2015 1 次提交
  10. 04 11月, 2014 1 次提交
  11. 10 3月, 2014 1 次提交
    • N
      selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · 52a4c640
      Nikolay Aleksandrov 提交于
      security_xfrm_policy_alloc can be called in atomic context so the
      allocation should be done with GFP_ATOMIC. Add an argument to let the
      callers choose the appropriate way. In order to do so a gfp argument
      needs to be added to the method xfrm_policy_alloc_security in struct
      security_operations and to the internal function
      selinux_xfrm_alloc_user. After that switch to GFP_ATOMIC in the atomic
      callers and leave GFP_KERNEL as before for the rest.
      The path that needed the gfp argument addition is:
      security_xfrm_policy_alloc -> security_ops.xfrm_policy_alloc_security ->
      all users of xfrm_policy_alloc_security (e.g. selinux_xfrm_policy_alloc) ->
      selinux_xfrm_alloc_user (here the allocation used to be GFP_KERNEL only)
      
      Now adding a gfp argument to selinux_xfrm_alloc_user requires us to also
      add it to security_context_to_sid which is used inside and prior to this
      patch did only GFP_KERNEL allocation. So add gfp argument to
      security_context_to_sid and adjust all of its callers as well.
      
      CC: Paul Moore <paul@paul-moore.com>
      CC: Dave Jones <davej@redhat.com>
      CC: Steffen Klassert <steffen.klassert@secunet.com>
      CC: Fan Du <fan.du@windriver.com>
      CC: David S. Miller <davem@davemloft.net>
      CC: LSM list <linux-security-module@vger.kernel.org>
      CC: SELinux list <selinux@tycho.nsa.gov>
      Signed-off-by: NNikolay Aleksandrov <nikolay@redhat.com>
      Acked-by: NPaul Moore <paul@paul-moore.com>
      Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com>
      52a4c640
  12. 06 2月, 2014 1 次提交
  13. 26 7月, 2013 1 次提交
    • C
      Add SELinux policy capability for always checking packet and peer classes. · 2be4d74f
      Chris PeBenito 提交于
      Currently the packet class in SELinux is not checked if there are no
      SECMARK rules in the security or mangle netfilter tables.  Some systems
      prefer that packets are always checked, for example, to protect the system
      should the netfilter rules fail to load or if the nefilter rules
      were maliciously flushed.
      
      Add the always_check_network policy capability which, when enabled, treats
      SECMARK as enabled, even if there are no netfilter SECMARK rules and
      treats peer labeling as enabled, even if there is no Netlabel or
      labeled IPSEC configuration.
      
      Includes definition of "redhat1" SELinux policy capability, which
      exists in the SELinux userpace library, to keep ordering correct.
      
      The SELinux userpace portion of this was merged last year, but this kernel
      change fell on the floor.
      Signed-off-by: NChris PeBenito <cpebenito@tresys.com>
      Signed-off-by: NEric Paris <eparis@redhat.com>
      2be4d74f
  14. 23 2月, 2013 1 次提交
  15. 09 10月, 2012 1 次提交
    • K
      mm: kill vma flag VM_RESERVED and mm->reserved_vm counter · 314e51b9
      Konstantin Khlebnikov 提交于
      A long time ago, in v2.4, VM_RESERVED kept swapout process off VMA,
      currently it lost original meaning but still has some effects:
      
       | effect                 | alternative flags
      -+------------------------+---------------------------------------------
      1| account as reserved_vm | VM_IO
      2| skip in core dump      | VM_IO, VM_DONTDUMP
      3| do not merge or expand | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAP
      4| do not mlock           | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAP
      
      This patch removes reserved_vm counter from mm_struct.  Seems like nobody
      cares about it, it does not exported into userspace directly, it only
      reduces total_vm showed in proc.
      
      Thus VM_RESERVED can be replaced with VM_IO or pair VM_DONTEXPAND | VM_DONTDUMP.
      
      remap_pfn_range() and io_remap_pfn_range() set VM_IO|VM_DONTEXPAND|VM_DONTDUMP.
      remap_vmalloc_range() set VM_DONTEXPAND | VM_DONTDUMP.
      
      [akpm@linux-foundation.org: drivers/vfio/pci/vfio_pci.c fixup]
      Signed-off-by: NKonstantin Khlebnikov <khlebnikov@openvz.org>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Carsten Otte <cotte@de.ibm.com>
      Cc: Chris Metcalf <cmetcalf@tilera.com>
      Cc: Cyrill Gorcunov <gorcunov@openvz.org>
      Cc: Eric Paris <eparis@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Hugh Dickins <hughd@google.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: James Morris <james.l.morris@oracle.com>
      Cc: Jason Baron <jbaron@redhat.com>
      Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
      Cc: Matt Helsley <matthltc@us.ibm.com>
      Cc: Nick Piggin <npiggin@kernel.dk>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Robert Richter <robert.richter@amd.com>
      Cc: Suresh Siddha <suresh.b.siddha@intel.com>
      Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Cc: Venkatesh Pallipadi <venki@google.com>
      Acked-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      314e51b9
  16. 21 9月, 2012 1 次提交
  17. 23 7月, 2012 1 次提交
  18. 30 5月, 2012 1 次提交
  19. 10 4月, 2012 4 次提交
    • E
      SELinux: if sel_make_bools errors don't leave inconsistent state · 154c50ca
      Eric Paris 提交于
      We reset the bool names and values array to NULL, but do not reset the
      number of entries in these arrays to 0.  If we error out and then get back
      into this function we will walk these NULL pointers based on the belief
      that they are non-zero length.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      cc: stable@kernel.org
      154c50ca
    • E
      SELinux: remove needless sel_div function · 92ae9e82
      Eric Paris 提交于
      I'm not really sure what the idea behind the sel_div function is, but it's
      useless.  Since a and b are both unsigned, it's impossible for a % b < 0.
      That means that part of the function never does anything.  Thus it's just a
      normal /.  Just do that instead.  I don't even understand what that operation
      was supposed to mean in the signed case however....
      
      If it was signed:
      sel_div(-2, 4) == ((-2 / 4) - ((-2 % 4) < 0))
      		  ((0)      - ((-2)     < 0))
      		  ((0)      - (1))
      		  (-1)
      
      What actually happens:
      sel_div(-2, 4) == ((18446744073709551614 / 4) - ((18446744073709551614 % 4) < 0))
      		  ((4611686018427387903)      - ((2 < 0))
      		  (4611686018427387903        - 0)
      		  ((unsigned int)4611686018427387903)
      		  (4294967295)
      
      Neither makes a whole ton of sense to me.  So I'm getting rid of the
      function entirely.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      92ae9e82
    • E
      SELinux: loosen DAC perms on reading policy · 72e8c859
      Eric Paris 提交于
      There is no reason the DAC perms on reading the policy file need to be root
      only.  There are selinux checks which should control this access.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      72e8c859
    • E
      SELinux: allow seek operations on the file exposing policy · 47a93a5b
      Eric Paris 提交于
      sesearch uses:
      lseek(3, 0, SEEK_SET)                   = -1 ESPIPE (Illegal seek)
      
      Make that work.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      47a93a5b
  20. 01 4月, 2012 1 次提交
  21. 06 1月, 2012 3 次提交
  22. 16 11月, 2011 1 次提交
  23. 10 9月, 2011 3 次提交
  24. 02 8月, 2011 2 次提交
  25. 24 7月, 2011 1 次提交
    • T
      VFS : mount lock scalability for internal mounts · 423e0ab0
      Tim Chen 提交于
      For a number of file systems that don't have a mount point (e.g. sockfs
      and pipefs), they are not marked as long term. Therefore in
      mntput_no_expire, all locks in vfs_mount lock are taken instead of just
      local cpu's lock to aggregate reference counts when we release
      reference to file objects.  In fact, only local lock need to have been
      taken to update ref counts as these file systems are in no danger of
      going away until we are ready to unregister them.
      
      The attached patch marks file systems using kern_mount without
      mount point as long term.  The contentions of vfs_mount lock
      is now eliminated.  Before un-registering such file system,
      kern_unmount should be called to remove the long term flag and
      make the mount point ready to be freed.
      Signed-off-by: NTim Chen <tim.c.chen@linux.intel.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      423e0ab0
  26. 27 5月, 2011 1 次提交
    • K
      selinux: fix case of names with whitespace/multibytes on /selinux/create · 0f7e4c33
      Kohei Kaigai 提交于
      I submit the patch again, according to patch submission convension.
      
      This patch enables to accept percent-encoded object names as forth
      argument of /selinux/create interface to avoid possible bugs when we
      give an object name including whitespace or multibutes.
      
      E.g) if and when a userspace object manager tries to create a new object
       named as "resolve.conf but fake", it shall give this name as the forth
       argument of the /selinux/create. But sscanf() logic in kernel space
       fetches only the part earlier than the first whitespace.
       In this case, selinux may unexpectedly answer a default security context
       configured to "resolve.conf", but it is bug.
      
      Although I could not test this patch on named TYPE_TRANSITION rules
      actually, But debug printk() message seems to me the logic works
      correctly.
      I assume the libselinux provides an interface to apply this logic
      transparently, so nothing shall not be changed from the viewpoint of
      application.
      Signed-off-by: NKaiGai Kohei <kohei.kaigai@emea.nec.com>
      Signed-off-by: NEric Paris <eparis@redhat.com>
      0f7e4c33
  27. 20 5月, 2011 1 次提交
  28. 12 5月, 2011 1 次提交
    • G
      SELINUX: add /sys/fs/selinux mount point to put selinuxfs · 7a627e3b
      Greg Kroah-Hartman 提交于
      In the interest of keeping userspace from having to create new root
      filesystems all the time, let's follow the lead of the other in-kernel
      filesystems and provide a proper mount point for it in sysfs.
      
      For selinuxfs, this mount point should be in /sys/fs/selinux/
      
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: James Morris <jmorris@namei.org>
      Cc: Eric Paris <eparis@parisplace.org>
      Cc: Lennart Poettering <mzerqung@0pointer.de>
      Cc: Daniel J Walsh <dwalsh@redhat.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
      [include kobject.h - Eric Paris]
      [use selinuxfs_obj throughout - Eric Paris]
      Signed-off-by: NEric Paris <eparis@redhat.com>
      7a627e3b
  29. 10 4月, 2011 1 次提交
  30. 02 4月, 2011 1 次提交
  31. 07 1月, 2011 2 次提交