1. 16 11月, 2011 6 次提交
  2. 29 10月, 2011 1 次提交
  3. 23 10月, 2011 2 次提交
  4. 21 10月, 2011 1 次提交
  5. 19 10月, 2011 2 次提交
  6. 14 10月, 2011 1 次提交
  7. 13 10月, 2011 7 次提交
    • J
      Smack: fix for /smack/access output, use string instead of byte · f8859d98
      Jarkko Sakkinen 提交于
      Small fix for the output of access SmackFS file. Use string
      is instead of byte. Makes it easier to extend API if it is
      needed.
      Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@intel.com>
      f8859d98
    • J
      Smack: domain transition protections (v3) · 84088ba2
      Jarkko Sakkinen 提交于
      Protections for domain transition:
      
      - BPRM unsafe flags
      - Secureexec
      - Clear unsafe personality bits.
      - Clear parent death signal
      Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@intel.com>
      84088ba2
    • C
      Smack: Provide information for UDS getsockopt(SO_PEERCRED) · 975d5e55
      Casey Schaufler 提交于
      This patch is targeted for the smack-next tree.
      
      This patch takes advantage of the recent changes for performance
      and points the packet labels on UDS connect at the output label of
      the far side. This makes getsockopt(...SO_PEERCRED...) function
      properly. Without this change the getsockopt does not provide any
      information.
      Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
      975d5e55
    • C
      Smack: Clean up comments · ce8a4321
      Casey Schaufler 提交于
      There are a number of comments in the Smack code that
      are either malformed or include code. This patch cleans
      them up.
      Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
      ce8a4321
    • C
      Smack: Repair processing of fcntl · 531f1d45
      Casey Schaufler 提交于
      Al Viro pointed out that the processing of fcntl done
      by Smack appeared poorly designed. He was right. There
      are three things that required change. Most obviously,
      the list of commands that really imply writing is limited
      to those involving file locking and signal handling.
      The initialization if the file security blob was
      incomplete, requiring use of a heretofore unused LSM hook.
      Finally, the audit information coming from a helper
      masked the identity of the LSM hook. This patch corrects
      all three of these defects.
      
      This is targeted for the smack-next tree pending comments.
      Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
      531f1d45
    • C
      Smack: Rule list lookup performance · 272cd7a8
      Casey Schaufler 提交于
      This patch is targeted for the smack-next tree.
      
      Smack access checks suffer from two significant performance
      issues. In cases where there are large numbers of rules the
      search of the single list of rules is wasteful. Comparing the
      string values of the smack labels is less efficient than a
      numeric comparison would.
      
      These changes take advantage of the Smack label list, which
      maintains the mapping of Smack labels to secids and optional
      CIPSO labels. Because the labels are kept perpetually, an
      access check can be done strictly based on the address of the
      label in the list without ever looking at the label itself.
      Rather than keeping one global list of rules the rules with
      a particular subject label can be based off of that label
      list entry. The access check need never look at entries that
      do not use the current subject label.
      
      This requires that packets coming off the network with
      CIPSO direct Smack labels that have never been seen before
      be treated carefully. The only case where they could be
      delivered is where the receiving socket has an IPIN star
      label, so that case is explicitly addressed.
      
      On a system with 39,800 rules (200 labels in all permutations)
      a system with this patch runs an access speed test in 5% of
      the time of the old version. That should be a best case
      improvement. If all of the rules are associated with the
      same subject label and all of the accesses are for processes
      with that label (unlikely) the improvement is about 30%.
      Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
      272cd7a8
    • J
      Smack: check permissions from user space (v2) · 828716c2
      Jarkko Sakkinen 提交于
      Adds a new file into SmackFS called 'access'. Wanted
      Smack permission is written into /smack/access.
      After that result can be read from the opened file.
      If access applies result contains 1 and otherwise
      0. File access is protected from race conditions
      by using simple_transaction_get()/set() API.
      
      Fixes from the previous version:
      - Removed smack.h changes, refactoring left-over
      from previous version.
      - Removed #include <linux/smack.h>, refactoring
      left-over from previous version.
      Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@intel.com>
      Signed-off-by: NCasey Schaufler <cschaufler@cschaufler-intel.(none)>
      828716c2
  8. 12 10月, 2011 2 次提交
  9. 28 9月, 2011 1 次提交
  10. 27 9月, 2011 1 次提交
  11. 26 9月, 2011 3 次提交
  12. 21 9月, 2011 4 次提交
  13. 19 9月, 2011 1 次提交
    • T
      TOMOYO: Allow specifying domain transition preference. · 6bce98ed
      Tetsuo Handa 提交于
      I got an opinion that it is difficult to use exception policy's domain
      transition control directives because they need to match the pathname specified
      to "file execute" directives. For example, if "file execute /bin/\*\-ls\-cat"
      is given, corresponding domain transition control directive needs to be like
      "no_keep_domain /bin/\*\-ls\-cat from any".
      
      If we can specify like below, it will become more convenient.
      
        file execute /bin/ls keep exec.realpath="/bin/ls" exec.argv[0]="ls"
        file execute /bin/cat keep exec.realpath="/bin/cat" exec.argv[0]="cat"
        file execute /bin/\*\-ls\-cat child
        file execute /usr/sbin/httpd <apache> exec.realpath="/usr/sbin/httpd" exec.argv[0]="/usr/sbin/httpd"
      
      In above examples, "keep" works as if keep_domain is specified, "child" works
      as if "no_reset_domain" and "no_initialize_domain" and "no_keep_domain" are
      specified, "<apache>" causes domain transition to <apache> domain upon
      successful execve() operation.
      
      Moreover, we can also allow transition to different domains based on conditions
      like below example.
      
        <kernel> /usr/sbin/sshd
        file execute /bin/bash <kernel> /usr/sbin/sshd //batch-session exec.argc=2 exec.argv[1]="-c"
        file execute /bin/bash <kernel> /usr/sbin/sshd //root-session task.uid=0
        file execute /bin/bash <kernel> /usr/sbin/sshd //nonroot-session task.uid!=0
      Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      6bce98ed
  14. 16 9月, 2011 1 次提交
  15. 15 9月, 2011 7 次提交