1. 02 9月, 2009 2 次提交
  2. 01 9月, 2009 2 次提交
    • P
      selinux: Support for the new TUN LSM hooks · ed6d76e4
      Paul Moore 提交于
      Add support for the new TUN LSM hooks: security_tun_dev_create(),
      security_tun_dev_post_create() and security_tun_dev_attach().  This includes
      the addition of a new object class, tun_socket, which represents the socks
      associated with TUN devices.  The _tun_dev_create() and _tun_dev_post_create()
      hooks are fairly similar to the standard socket functions but _tun_dev_attach()
      is a bit special.  The _tun_dev_attach() is unique because it involves a
      domain attaching to an existing TUN device and its associated tun_socket
      object, an operation which does not exist with standard sockets and most
      closely resembles a relabel operation.
      Signed-off-by: NPaul Moore <paul.moore@hp.com>
      Acked-by: NEric Paris <eparis@parisplace.org>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      ed6d76e4
    • P
      lsm: Add hooks to the TUN driver · 2b980dbd
      Paul Moore 提交于
      The TUN driver lacks any LSM hooks which makes it difficult for LSM modules,
      such as SELinux, to enforce access controls on network traffic generated by
      TUN users; this is particularly problematic for virtualization apps such as
      QEMU and KVM.  This patch adds three new LSM hooks designed to control the
      creation and attachment of TUN devices, the hooks are:
      
       * security_tun_dev_create()
         Provides access control for the creation of new TUN devices
      
       * security_tun_dev_post_create()
         Provides the ability to create the necessary socket LSM state for newly
         created TUN devices
      
       * security_tun_dev_attach()
         Provides access control for attaching to existing, persistent TUN devices
         and the ability to update the TUN device's socket LSM state as necessary
      Signed-off-by: NPaul Moore <paul.moore@hp.com>
      Acked-by: NEric Paris <eparis@parisplace.org>
      Acked-by: NSerge Hallyn <serue@us.ibm.com>
      Acked-by: NDavid S. Miller <davem@davemloft.net>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      2b980dbd
  3. 24 8月, 2009 1 次提交
  4. 21 8月, 2009 2 次提交
  5. 20 8月, 2009 6 次提交
  6. 19 8月, 2009 25 次提交
  7. 18 8月, 2009 2 次提交
    • T
      genirq: Wake up irq thread after action has been installed · 69ab8494
      Thomas Gleixner 提交于
      The wake_up_process() of the new irq thread in __setup_irq() is too
      early as the irqaction is not yet fully initialized especially
      action->irq is not yet set. The interrupt thread might dereference the
      wrong irq descriptor.
      
      Move the wakeup after the action is installed and action->irq has been
      set.
      Reported-by: NMichael Buesch <mb@bu3sch.de>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Tested-by: NMichael Buesch <mb@bu3sch.de>
      69ab8494
    • I
      perf annotate: Fix segmentation fault · 15f3fa4e
      Ingo Molnar 提交于
      Linus reported this perf annotate segfault:
      
              [torvalds@nehalem git]$ perf annotate unmap_vmas
              Segmentation fault
      
             	#0  map__clone (self=<value optimized out>) at builtin-annotate.c:236
             	#1  thread__fork (self=<value optimized out>) at builtin-annotate.c:372
      
      The bug here was that builtin-annotate.c was a copy of
      builtin-report.c and a threading related fix to builtin-report.c
      didnt get propagated to builtin-annotate.c ...
      Reported-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Mike Galbraith <efault@gmx.de>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      LKML-Reference: <new-submission>
      Signed-off-by: NIngo Molnar <mingo@elte.hu>
      15f3fa4e