- 06 5月, 2009 3 次提交
-
-
由 Mimi Zohar 提交于
Remove integrity audit messages from __setup() Signed-off-by: NMimi Zohar <zohar@us.ibm.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Mimi Zohar 提交于
Based on a request from Eric Paris to simplify parsing, replace audit_log_format statements containing "%s" with audit_log_string(). Signed-off-by: NMimi Zohar <zohar@us.ibm.com> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Mimi Zohar 提交于
An audit subsystem change replaced AUDIT_EQUAL with Audit_equal. Update calls to security_filter_rule_init()/match() to reflect the change. Signed-off-by: NMimi Zohar <zohar@us.ibm.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 01 5月, 2009 1 次提交
-
-
由 Oleg Nesterov 提交于
I was never able to understand what should we actually do when security_task_wait() fails, but the current code doesn't look right. If ->task_wait() returns the error, we update *notask_error correctly. But then we either reap the child (despite the fact this was forbidden) or clear *notask_error (and hide the securiy policy problems). This patch assumes that "stolen by ptrace" doesn't matter. If selinux denies the child we should ignore it but make sure we report -EACCESS instead of -ECHLD if there are no other eligible children. Signed-off-by: NOleg Nesterov <oleg@redhat.com> Acked-by: NRoland McGrath <roland@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 30 4月, 2009 3 次提交
-
-
由 Oleg Nesterov 提交于
We shouldn't worry about the tracer if current is ptraced, exec() must not succeed if the tracer has no rights to trace this task after cred changing. But we should notify ->real_parent which is, well, real parent. Also, we don't need _irq to take tasklist, and we don't need parent's ->siglock to wake_up_interruptible(real_parent->signal->wait_chldexit). Since we hold tasklist, real_parent->signal must be stable. Otherwise spin_lock(siglock) is not safe too and can't help anyway. Signed-off-by: NOleg Nesterov <oleg@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 David Howells 提交于
Don't flush inherited SIGKILL during execve() in SELinux's post cred commit hook. This isn't really a security problem: if the SIGKILL came before the credentials were changed, then we were right to receive it at the time, and should honour it; if it came after the creds were changed, then we definitely should honour it; and in any case, all that will happen is that the process will be scrapped before it ever returns to userspace. Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NOleg Nesterov <oleg@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Eric Paris 提交于
We are still calling secondary_ops->sysctl even though the capabilities module does not define a sysctl operation. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 15 4月, 2009 1 次提交
-
-
由 Stephen Rothwell 提交于
Commit 3d43321b ("modules: sysctl to block module loading") introduces a modules_disabled variable that is only defined if CONFIG_MODULE_UNLOAD is enabled, despite being used in other places. This moves it up and fixes up the build. CC kernel/module.o kernel/module.c: In function 'sys_init_module': kernel/module.c:2401: error: 'modules_disabled' undeclared (first use in this function) kernel/module.c:2401: error: (Each undeclared identifier is reported only once kernel/module.c:2401: error: for each function it appears in.) make[1]: *** [kernel/module.o] Error 1 make: *** [kernel/module.o] Error 2 Signed-off-by: NPaul Mundt <lethal@linux-sh.org> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 14 4月, 2009 2 次提交
-
-
由 Etienne Basset 提交于
the following patch, add logging of Smack security decisions. This is of course very useful to understand what your current smack policy does. As suggested by Casey, it also now forbids labels with ', " or \ It introduces a '/smack/logging' switch : 0: no logging 1: log denied (default) 2: log accepted 3: log denied&accepted Signed-off-by: NEtienne Basset <etienne.basset@numericable.fr> Acked-by: NCasey Schaufler <casey@schaufler-ca.com> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Etienne Basset 提交于
This patch creates auditing functions usable by LSM to audit security events. It provides standard dumping of FS, NET, task etc ... events (code borrowed from SELinux) and provides 2 callbacks to define LSM specific auditing, which should be flexible enough to convert SELinux too. Signed-off-by: NEtienne Basset <etienne.basset@numericable.fr> Acked-by: NCasey Schaufler <casey@schaufler-ca.com> cked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 07 4月, 2009 1 次提交
-
-
由 Tetsuo Handa 提交于
Since TOMOYO's policy management tools does not use the "undelete domain" command, we decided to remove that command. Signed-off-by: NKentaro Takeda <takedakn@nttdata.co.jp> Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NToshiharu Harada <haradats@nttdata.co.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 03 4月, 2009 2 次提交
-
-
由 Serge E. Hallyn 提交于
Distributions face a backward compatibility problem with starting to use file capabilities. For instance, removing setuid root from ping and doing setcap cap_net_raw=pe means that booting with an older kernel or one compiled without file capabilities means ping won't work for non-root users. In order to replace the setuid root bit on a capability-unaware program, one has to set the effective, or legacy, file capability, which makes the capability effective immediately. This patch uses the legacy bit as a queue to not automatically add full privilege to a setuid-root program. So, with this patch, an ordinary setuid-root program will run with privilege. But if /bin/ping has both setuid-root and cap_net_raw in fP and fE, then ping (when run by non-root user) will not run with only cap_net_raw. Changelog: Apr 2 2009: Print a message once when such a binary is loaded, as per James Morris' suggestion. Apr 2 2009: Fix the condition to only catch uid!=0 && euid==0. Signed-off-by: NSerge E. Hallyn <serue@us.ibm.com> Acked-by: NCasey Schaufler <casey@schaufler-ca.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Kees Cook 提交于
Implement a sysctl file that disables module-loading system-wide since there is no longer a viable way to remove CAP_SYS_MODULE after the system bounding capability set was removed in 2.6.25. Value can only be set to "1", and is tested only if standard capability checks allow CAP_SYS_MODULE. Given existing /dev/mem protections, this should allow administrators a one-way method to block module loading after initial boot-time module loading has finished. Signed-off-by: NKees Cook <kees.cook@canonical.com> Acked-by: NSerge Hallyn <serue@us.ibm.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 02 4月, 2009 1 次提交
-
-
由 KaiGai Kohei 提交于
This patch enables applications to handle permissive domain correctly. Since the v2.6.26 kernel, SELinux has supported an idea of permissive domain which allows certain processes to work as if permissive mode, even if the global setting is enforcing mode. However, we don't have an application program interface to inform what domains are permissive one, and what domains are not. It means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL and so on) cannot handle permissive domain correctly. This patch add the sixth field (flags) on the reply of the /selinux/access interface which is used to make an access control decision from userspace. If the first bit of the flags field is positive, it means the required access control decision is on permissive domain, so application should allow any required actions, as the kernel doing. This patch also has a side benefit. The av_decision.flags is set at context_struct_compute_av(). It enables to check required permissions without read_lock(&policy_rwlock). Signed-off-by: NKaiGai Kohei <kaigai@ak.jp.nec.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Acked-by: NEric Paris <eparis@redhat.com> -- security/selinux/avc.c | 2 +- security/selinux/include/security.h | 4 +++- security/selinux/selinuxfs.c | 4 ++-- security/selinux/ss/services.c | 30 +++++------------------------- 4 files changed, 11 insertions(+), 29 deletions(-) Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 29 3月, 2009 26 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip由 Linus Torvalds 提交于
* 'futexes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: futex: remove the pointer math from double_unlock_hb, fix futex: remove the pointer math from double_unlock_hb futex: clean up fault logic futex: unlock before returning -EFAULT futex: use current->time_slack_ns for rt tasks too futex: add double_unlock_hb() futex: additional (get|put)_futex_key() fixes futex: update futex commentary
-
由 Linus Torvalds 提交于
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: smack: Add a new '-CIPSO' option to the network address label configuration netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections lsm: Remove the socket_post_accept() hook selinux: Remove the "compat_net" compatibility code netlabel: Label incoming TCP connections correctly in SELinux lsm: Relocate the IPv4 security_inet_conn_request() hooks TOMOYO: Fix a typo. smack: convert smack to standard linux lists
-
由 David Howells 提交于
Annotate struct fs_struct's usage count to indicate the restrictions upon it. It may not be incremented, except by clone(CLONE_FS), as this affects the check in check_unsafe_exec() in fs/exec.c. Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NHugh Dickins <hugh@veritas.com> Cc: stable@kernel.org Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Hugh Dickins 提交于
check_unsafe_exec() also notes whether the fs_struct is being shared by more threads than will get killed by the exec, and if so sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid. But /proc/<pid>/cwd and /proc/<pid>/root lookups make transient use of get_fs_struct(), which also raises that sharing count. This might occasionally cause a setuid program not to change euid, in the same way as happened with files->count (check_unsafe_exec also looks at sighand->count, but /proc doesn't raise that one). We'd prefer exec not to unshare fs_struct: so fix this in procfs, replacing get_fs_struct() by get_fs_path(), which does path_get while still holding task_lock, instead of raising fs->count. Signed-off-by: NHugh Dickins <hugh@veritas.com> Cc: stable@kernel.org ___ fs/proc/base.c | 50 +++++++++++++++-------------------------------- 1 file changed, 16 insertions(+), 34 deletions(-) Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Hugh Dickins 提交于
Joe Malicki reports that setuid sometimes doesn't: very rarely, a setuid root program does not get root euid; and, by the way, they have a health check running lsof every few minutes. Right, check_unsafe_exec() notes whether the files_struct is being shared by more threads than will get killed by the exec, and if so sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid. But /proc/<pid>/fd and /proc/<pid>/fdinfo lookups make transient use of get_files_struct(), which also raises that sharing count. There's a rather simple fix for this: exec's check on files->count has been redundant ever since 2.6.1 made it unshare_files() (except while compat_do_execve() omitted to do so) - just remove that check. [Note to -stable: this patch will not apply before 2.6.29: earlier releases should just remove the files->count line from unsafe_exec().] Reported-by: NJoe Malicki <jmalicki@metacarta.com> Narrowed-down-by: NMichael Itz <mitz@metacarta.com> Tested-by: NJoe Malicki <jmalicki@metacarta.com> Signed-off-by: NHugh Dickins <hugh@veritas.com> Cc: stable@kernel.org Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Hugh Dickins 提交于
2.6.26's commit fd8328be "sanitize handling of shared descriptor tables in failing execve()" moved the unshare_files() from flush_old_exec() and several binfmts to the head of do_execve(); but forgot to make the same change to compat_do_execve(), leaving a CLONE_FILES files_struct shared across exec from a 32-bit process on a 64-bit kernel. It's arguable whether the files_struct really ought to be unshared across exec; but 2.6.1 made that so to stop the loading binary's fd leaking into other threads, and a 32-bit process on a 64-bit kernel ought to behave in the same way as 32 on 32 and 64 on 64. Signed-off-by: NHugh Dickins <hugh@veritas.com> Cc: stable@kernel.org Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Ingo Molnar 提交于
-
git://jdelvare.pck.nerim.net/jdelvare-2.6由 Linus Torvalds 提交于
* 'i2c-for-linus' of git://jdelvare.pck.nerim.net/jdelvare-2.6: i2c-core: Some style cleanups i2c-piix4: Add support for the Broadcom HT1100 chipset i2c-piix4: Add support to SB800 SMBus changes i2c-pca-platform: Use defaults if no platform_data given i2c-algo-pca: Use timeout for checking the state machine i2c-algo-pca: Rework waiting for a free bus i2c-algo-pca: Add PCA9665 support i2c: Adapt debug macros for KERN_* constants i2c-davinci: Fix timeout handling i2c: Adapter timeout is in jiffies i2c: Set a default timeout value for all adapters i2c: Add missing KERN_* constants to printks i2c-algo-pcf: Handle timeout correctly i2c-algo-pcf: Style cleanups eeprom/at24: Remove EXPERIMENTAL i2c-nforce2: Add support for MCP67, MCP73, MCP78S and MCP79 i2c: Clarify which clients are auto-removed i2c: Let checkpatch shout on users of the legacy model i2c: Document the different ways to instantiate i2c devices
-
由 Linus Torvalds 提交于
* 'devel' of master.kernel.org:/home/rmk/linux-2.6-arm: (422 commits) [ARM] 5435/1: fix compile warning in sanity_check_meminfo() [ARM] 5434/1: ARM: OMAP: Fix mailbox compile for 24xx [ARM] pxa: fix the bad assumption that PCMCIA sockets always start with 0 [ARM] pxa: fix Colibri PXA300 and PXA320 LCD backlight pins imxfb: Fix TFT mode i.MX21/27: remove ifdef CONFIG_FB_IMX imxfb: add clock support mxc: add arch_reset() function clkdev: add possibility to get a clock based on the device name i.MX1: remove fb support from mach-imx [ARM] pxa: build arch/arm/plat-pxa/mfp.c only when PXA3xx or ARCH_MMP defined Gemini: Add support for Teltonika RUT100 Gemini: gpiolib based GPIO support v2 MAINTAINERS: add myself as Gemini architecture maintainer ARM: Add Gemini architecture v3 [ARM] OMAP: Fix compile for omap2_init_common_hw() MAINTAINERS: Add myself as Faraday ARM core variant maintainer ARM: Add support for FA526 v2 [ARM] acorn,ebsa110,footbridge,integrator,sa1100: Convert asm/io.h to linux/io.h [ARM] collie: fix two minor formatting nits ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/arjan/linux-2.6-async-for-30由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/arjan/linux-2.6-async-for-30: fastboot: remove duplicate unpack_to_rootfs() ide/net: flip the order of SATA and network init async: remove the temporary (2.6.29) "async is off by default" code Fix up conflicts in init/initramfs.c manually
-
git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/blackfin-2.6由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/blackfin-2.6: Blackfin arch: be less noisy when gets a gpio conflict after kernel has booted Blackfin arch: add RSI's definitions to bf514 and bf516 Blackfin arch: add link-time asserts to make sure on-chip regions dont overflow Blackfin arch: sport spi needs 6 gpio pins Blackfin arch: add sport-spi related resource stuff to board file Blackfin arch: Blacklist Hibernate (PM_SUSPEND_MEM) on BF561 as well Blackfin arch: Privide BF537-STAMP platform data of ADP5520 Multifunction driver Blackfin arch: enable the platfrom PATA driver with CF Cards Blackfin arch: clean up sports header file Blackfin arch: convert BF5{18,27,48}_FAMILY to CONFIG_BF{51,52,54}x Blackfin arch: bf51x processors also have 8 timers Blackfin arch: add a check to make sure only Blackfin GPIOs may generate IRQs Blackfin arch: update default kernel configuration Blackfin arch: include linux headers that this one uses definitions from fro sport drivers
-
由 Linus Torvalds 提交于
Merge branch 'percpu-cpumask-x86-for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'percpu-cpumask-x86-for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (682 commits) percpu: fix spurious alignment WARN in legacy SMP percpu allocator percpu: generalize embedding first chunk setup helper percpu: more flexibility for @dyn_size of pcpu_setup_first_chunk() percpu: make x86 addr <-> pcpu ptr conversion macros generic linker script: define __per_cpu_load on all SMP capable archs x86: UV: remove uv_flush_tlb_others() WARN_ON percpu: finer grained locking to break deadlock and allow atomic free percpu: move fully free chunk reclamation into a work percpu: move chunk area map extension out of area allocation percpu: replace pcpu_realloc() with pcpu_mem_alloc() and pcpu_mem_free() x86, percpu: setup reserved percpu area for x86_64 percpu, module: implement reserved allocation and use it for module percpu variables percpu: add an indirection ptr for chunk page map access x86: make embedding percpu allocator return excessive free space percpu: use negative for auto for pcpu_setup_first_chunk() arguments percpu: improve first chunk initial area map handling percpu: cosmetic renames in pcpu_setup_first_chunk() percpu: clean up percpu constants x86: un-__init fill_pud/pmd/pte x86: remove vestigial fix_ioremap prototypes ... Manually merge conflicts in arch/ia64/kernel/irq_ia64.c
-
由 Zhenwen Xu 提交于
Some lines over 80. The printk(KERN_ERR ... ) should be dev_err. And some blankspace should be deleted. Signed-off-by: NZhenwen Xu <helight.xu@gmail.com> Signed-off-by: NJean Delvare <khlai@linux-fr.org>
-
由 Flavio Leitner 提交于
Add support for the Broadcom HT1100 LD chipset (SMBus function.) Signed-off-by: NFlavio Leitner <fbl@redhat.com> Signed-off-by: NJean Delvare <khali@linux-fr.org>
-
由 Shane Huang 提交于
Add support for the AMD SB800 Family series of products. Major changes include the changes to addressing the SMBus registers at different location from the locations in the previous compatible parts from AMD such as SB400/SB600/SB700. For SB800, the main features and register definitions of SMBus and other interfaces are still compatible with the previous products with the only change being in how to access the internal registers for these blocks. Signed-off-by: NShane Huang <shane.huang@amd.com> Signed-off-by: NJean Delvare <khali@linux-fr.org>
-
由 Wolfram Sang 提交于
Signed-off-by: NWolfram Sang <w.sang@pengutronix.de> Signed-off-by: NJean Delvare <khali@linux-fr.org>
-
由 Wolfram Sang 提交于
We now timeout also if the state machine does not change within the given time. For that, the driver-specific completion-functions are extended to return true or false depending on the timeout. This then gets checked in the algorithm. Signed-off-by: NWolfram Sang <w.sang@pengutronix.de> Signed-off-by: NJean Delvare <khali@linux-fr.org>
-
由 Wolfram Sang 提交于
Waiting for a free bus now accepts the timeout value in jiffies and does proper checking using time_before. Signed-off-by: NWolfram Sang <w.sang@pengutronix.de> Signed-off-by: NJean Delvare <khali@linux-fr.org>
-
由 Marco Aurelio da Costa 提交于
Add support for the PCA9665 I2C controller. Signed-off-by: NWolfram Sang <w.sang@pengutronix.de> Signed-off-by: NJean Delvare <khali@linux-fr.org>
-
由 Frank Seidel 提交于
According to kerneljanitors todo list all printk calls (beginning a new line) should have an according KERN_* constant. Those are the changes to the debug macros in the i2c subsystem to meet this requirement. Also changing no-debug statements to raw printks again. Signed-off-by: NFrank Seidel <frank@f-seidel.de> Signed-off-by: NJean Delvare <khali@linux-fr.org> Tested-by: NWolfram Sang <w.sang@pengutronix.de>
-
由 Jean Delvare 提交于
Properly set the adapter timeout value in jiffies, and then use that value in the driver, rather than a hard-coded constant. Signed-off-by: NJean Delvare <khali@linux-fr.org> Tested-by: NTroy Kisky <troy.kisky@boundarydevices.com> Cc: Kevin Hilman <khilman@mvista.com>
-
由 Jean Delvare 提交于
i2c_adapter.timeout is in jiffies. Fix all drivers which thought otherwise. It didn't really matter as long as the value was only used inside the driver, but soon i2c-core will use it too so it must have the proper unit. Note: for the i2c-mpc driver, this fixes a bug in polling mode. Timeout would trigger after 1 jiffy, which is most probably not what the author wanted. Signed-off-by: NJean Delvare <khali@linux-fr.org> Cc: Clifford Wolf <clifford@clifford.at> Acked-by: NSean MacLennan <smaclennan@pikatech.com> Cc: Stefan Roese <sr@denx.de> Acked-by: NLennert Buytenhek <kernel@wantstofly.org> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Grant Likely <grant.likely@secretlab.ca> Acked-by: NMark A. Greer <mgreer@mvista.com>
-
由 Jean Delvare 提交于
Setting a default timeout value on a per-algo basis doesn't make any sense. Move the default value setting to i2c-core. Individual adapter drivers can specify a different (non-zero) value if they wish. Also express the timeout value in a way which results in the same duration regarless of the value of HZ. Signed-off-by: NJean Delvare <khali@linux-fr.org> Acked-by: NWolfram Sang <w.sang@pengutronix.de>
-
由 Frank Seidel 提交于
According to kerneljanitors todo list all printk calls (beginning a new line) should have an according KERN_* constant. Those are the missing pieces here for the i2c subsystem. Signed-off-by: NFrank Seidel <frank@f-seidel.de> Signed-off-by: NJean Delvare <khali@linux-fr.org>
-
由 Roel Kluin 提交于
With a postfix decrement these timeouts reach -1 rather than 0, but after the loop it is tested whether they have become 0. As pointed out by Jean Delvare, the msg_num should be tested before the timeout. With the current order, you could exit with a timeout error while all the messages were successfully transferred. Signed-off-by: NRoel Kluin <roel.kluin@gmail.com> Signed-off-by: NJean Delvare <khali@linux-fr.org> Acked-by: NEric Brower <ebrower@gmail.com>
-
由 Roel Kluin 提交于
cleanup whitespace, fix comments and remove the unused STUB_I2C. Signed-off-by: NRoel Kluin <roel.kluin@gmail.com> Signed-off-by: NJean Delvare <khali@linux-fr.org> Acked-by: NEric Brower <ebrower@gmail.com>
-