- 08 3月, 2010 1 次提交
-
-
由 Stephen Hemminger 提交于
Several places strings tables are used that should be declared const. Signed-off-by: NStephen Hemminger <shemminger@vyatta.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 05 3月, 2010 1 次提交
-
-
由 wzt.wzt@gmail.com 提交于
Fix some coding styles in security/keys/keyring.c Signed-off-by: NZhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 04 3月, 2010 1 次提交
-
-
由 wzt.wzt@gmail.com 提交于
skbuff.h is already included by netlink.h, so remove it. Signed-off-by: NZhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 03 3月, 2010 4 次提交
-
-
由 wzt.wzt@gmail.com 提交于
slab.h is unused in symtab.c, so remove it. Signed-off-by: NZhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 wzt.wzt@gmail.com 提交于
list.h is unused in netlink.c, so remove it. Signed-off-by: NZhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
Variable "atmark" is currently unused. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 wzt.wzt@gmail.com 提交于
LSM framework doesn't allow to load a security module on runtime, it must be loaded on boot time. but in security/security.c: int register_security(struct security_operations *ops) { ... if (security_ops != &default_security_ops) return -EAGAIN; ... } if security_ops == &default_security_ops, it can access to register a security module. If selinux is enabled, other security modules can't register, but if selinux is disabled on boot time, the security_ops was set to default_security_ops, LSM allows other kernel modules to use register_security() to register a not trust security module. For example: disable selinux on boot time(selinux=0). #include <linux/kernel.h> #include <linux/module.h> #include <linux/init.h> #include <linux/version.h> #include <linux/string.h> #include <linux/list.h> #include <linux/security.h> MODULE_LICENSE("GPL"); MODULE_AUTHOR("wzt"); extern int register_security(struct security_operations *ops); int (*new_register_security)(struct security_operations *ops); int rootkit_bprm_check_security(struct linux_binprm *bprm) { return 0; } struct security_operations rootkit_ops = { .bprm_check_security = rootkit_bprm_check_security, }; static int rootkit_init(void) { printk("Load LSM rootkit module.\n"); /* cat /proc/kallsyms | grep register_security */ new_register_security = 0xc0756689; if (new_register_security(&rootkit_ops)) { printk("Can't register rootkit module.\n"); return 0; } printk("Register rootkit module ok.\n"); return 0; } static void rootkit_exit(void) { printk("Unload LSM rootkit module.\n"); } module_init(rootkit_init); module_exit(rootkit_exit); Signed-off-by: NZhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 25 2月, 2010 3 次提交
-
-
由 Paul E. McKenney 提交于
Apply lockdep-ified RCU primitives to key_gc_keyring() and keyring_destroy(). Cc: David Howells <dhowells@redhat.com> Signed-off-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: laijs@cn.fujitsu.com Cc: dipankar@in.ibm.com Cc: mathieu.desnoyers@polymtl.ca Cc: josh@joshtriplett.org Cc: dvhltc@us.ibm.com Cc: niv@us.ibm.com Cc: peterz@infradead.org Cc: rostedt@goodmis.org Cc: Valdis.Kletnieks@vt.edu Cc: dhowells@redhat.com LKML-Reference: <1266887105-1528-12-git-send-email-paulmck@linux.vnet.ibm.com> Signed-off-by: NIngo Molnar <mingo@elte.hu>
-
由 Joshua Roys 提交于
This fixes corrupted CIPSO packets when SELinux categories greater than 127 are used. The bug occured on the second (and later) loops through the while; the inner for loop through the ebitmap->maps array used the same index as the NetLabel catmap->bitmap array, even though the NetLabel bitmap is twice as long as the SELinux bitmap. Signed-off-by: NJoshua Roys <joshua.roys@gtri.gatech.edu> Acked-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Xiaotian Feng 提交于
If radix_tree_preload is failed in ima_inode_alloc, we don't need radix_tree_preload_end because kernel is alread preempt enabled Signed-off-by: NXiaotian Feng <dfeng@redhat.com> Signed-off-by: NMimi Zohar <zohar@us.ibm.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 07 2月, 2010 5 次提交
-
-
由 Al Viro 提交于
Hooks: Just Say No. Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Mimi Zohar 提交于
With the movement of the ima hooks functions were renamed from *path* to *file* since they always deal with struct file. This patch renames some of the ima internal flags to make them consistent with the rest of the code. Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Mimi Zohar 提交于
ima_path_check actually deals with files! call it ima_file_check instead. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Eric Paris 提交于
ima wants to create an inode information struct (iint) when inodes are allocated. This means that at least the part of ima which does this allocation (the allocation is filled with information later) should before any inodes are created. To accomplish this we split the ima initialization routine placing the kmem cache allocator inside a security_initcall() function. Since this makes use of radix trees we also need to make sure that is initialized before security_initcall(). Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Mimi Zohar 提交于
The "Untangling ima mess, part 2 with counters" patch messed up the counters. Based on conversations with Al Viro, this patch streamlines ima_path_check() by removing the counter maintaince. The counters are now updated independently, from measuring the file, in __dentry_open() and alloc_file() by calling ima_counts_get(). ima_path_check() is called from nfsd and do_filp_open(). It also did not measure all files that should have been measured. Reason: ima_path_check() got bogus value passed as mask. [AV: mea culpa] [AV: add missing nfsd bits] Signed-off-by: NMimi Zohar <zohar@us.ibm.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
- 27 1月, 2010 1 次提交
-
-
由 Al Viro 提交于
if we'd just got success from it, vfsmount won't be NULL Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
- 14 1月, 2010 1 次提交
-
-
由 Al Viro 提交于
commit 5300990c had stepped on a rather nasty mess: definitions of ACC_MODE used to be different. Fixed the resulting breakage, converting them to variant that takes O_... value; all callers have that and it actually simplifies life (see tomoyo part of changes). Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
- 04 1月, 2010 1 次提交
-
-
由 Jiri Slaby 提交于
Don't pass current RLIMIT_RTTIME to update_rlimit_cpu() in selinux_bprm_committing_creds, since update_rlimit_cpu expects RLIMIT_CPU limit. Use proper rlim[RLIMIT_CPU].rlim_cur instead to fix that. Signed-off-by: NJiri Slaby <jirislaby@gmail.com> Acked-by: NJames Morris <jmorris@namei.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Eric Paris <eparis@parisplace.org> Cc: David Howells <dhowells@redhat.com>
-
- 23 12月, 2009 1 次提交
-
-
由 Al Viro 提交于
* pull ACC_MODE to fs.h; we have several copies all over the place * nightmarish expression calculating f_mode by f_flags deserves a helper too (OPEN_FMODE(flags)) Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
- 17 12月, 2009 10 次提交
-
-
由 Geert Uytterhoeven 提交于
As of commit ee18d64c ("KEYS: Add a keyctl to install a process's session keyring on its parent [try #6]"), CONFIG_KEYS=y fails to build on architectures that haven't implemented TIF_NOTIFY_RESUME yet: security/keys/keyctl.c: In function 'keyctl_session_to_parent': security/keys/keyctl.c:1312: error: 'TIF_NOTIFY_RESUME' undeclared (first use in this function) security/keys/keyctl.c:1312: error: (Each undeclared identifier is reported only once security/keys/keyctl.c:1312: error: for each function it appears in.) Make KEYCTL_SESSION_TO_PARENT depend on TIF_NOTIFY_RESUME until m68k, and xtensa have implemented it. Signed-off-by: NGeert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: NJames Morris <jmorris@namei.org> Acked-by: NMike Frysinger <vapier@gentoo.org>
-
由 David Howells 提交于
In NOMMU mode clamp dac_mmap_min_addr to zero to cause the tests on it to be skipped by the compiler. We do this as the minimum mmap address doesn't make any sense in NOMMU mode. mmap_min_addr and round_hint_to_min() can be discarded entirely in NOMMU mode. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 H Hartley Sweeten 提交于
init_mmap_min_addr() is a pure_initcall and should be static. Signed-off-by: NH Hartley Sweeten <hsweeten@visionengravers.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Roel Kluin 提交于
Return the PTR_ERR of the correct pointer. Signed-off-by: NRoel Kluin <roel.kluin@gmail.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Acked-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Mimi Zohar 提交于
Limit the number of imbalance messages to once per filesystem type instead of once per system boot. (it's actually slightly racy and could give you a couple per fs, but this isn't a real issue) Signed-off-by: NMimi Zohar <zohar@us.ibm.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Al Viro 提交于
Kill the 'update' argument of ima_path_check(), kill dead code in ima. Current rules: ima counters are bumped at the same time when the file switches from put_filp() fodder to fput() one. Which happens exactly in two places - alloc_file() and __dentry_open(). Nothing else needs to do that at all. Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Eric Paris 提交于
ima_inode_free() has some funky #define just to confuse the crap out of me. void ima_iint_delete(struct inode *inode) and then things actually call ima_inode_free() and nothing calls ima_iint_delete(). Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Eric Paris 提交于
We currently have a lot of duplicated code around ima file counts. Clean that all up. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NSerge Hallyn <serue@us.ibm.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Eric Paris 提交于
iints are supposed to be allocated when an inode is allocated (during security_inode_alloc()) But we have code which will attempt to allocate an iint during measurement calls. If we couldn't allocate the iint and we cared, we should have died during security_inode_alloc(). Not make the code more complex and less efficient. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Eric Paris 提交于
ima_inode_alloc returns 0 and 1, but the LSM hooks expects an errno. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
- 04 12月, 2009 1 次提交
-
-
由 André Goddard Rosa 提交于
That is "success", "unknown", "through", "performance", "[re|un]mapping" , "access", "default", "reasonable", "[con]currently", "temperature" , "channel", "[un]used", "application", "example","hierarchy", "therefore" , "[over|under]flow", "contiguous", "threshold", "enough" and others. Signed-off-by: NAndré Goddard Rosa <andre.goddard@gmail.com> Signed-off-by: NJiri Kosina <jkosina@suse.cz>
-
- 25 11月, 2009 1 次提交
-
-
由 Tetsuo Handa 提交于
TOMOYO 1.7.1 has recursive directory matching operator support. I want to add it to TOMOYO for Linux 2.6.33 . ---------- [PATCH] TOMOYO: Add recursive directory matching operator support. This patch introduces new operator /\{dir\}/ which matches '/' + 'One or more repetitions of dir/' (e.g. /dir/ /dir/dir/ /dir/dir/dir/ ). Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: NJohn Johansen <john.johansen@canonical.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 24 11月, 2009 2 次提交
-
-
由 Serge E. Hallyn 提交于
As far as I know, all distros currently ship kernels with default CONFIG_SECURITY_FILE_CAPABILITIES=y. Since having the option on leaves a 'no_file_caps' option to boot without file capabilities, the main reason to keep the option is that turning it off saves you (on my s390x partition) 5k. In particular, vmlinux sizes came to: without patch fscaps=n: 53598392 without patch fscaps=y: 53603406 with this patch applied: 53603342 with the security-next tree. Against this we must weigh the fact that there is no simple way for userspace to figure out whether file capabilities are supported, while things like per-process securebits, capability bounding sets, and adding bits to pI if CAP_SETPCAP is in pE are not supported with SECURITY_FILE_CAPABILITIES=n, leaving a bit of a problem for applications wanting to know whether they can use them and/or why something failed. It also adds another subtly different set of semantics which we must maintain at the risk of severe security regressions. So this patch removes the SECURITY_FILE_CAPABILITIES compile option. It drops the kernel size by about 50k over the stock SECURITY_FILE_CAPABILITIES=y kernel, by removing the cap_limit_ptraced_target() function. Changelog: Nov 20: remove cap_limit_ptraced_target() as it's logic was ifndef'ed. Signed-off-by: NSerge E. Hallyn <serue@us.ibm.com> Acked-by: NAndrew G. Morgan" <morgan@kernel.org> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Eric Paris 提交于
Historically we've seen cases where permissions are requested for classes where they do not exist. In particular we have seen CIFS forget to set i_mode to indicate it is a directory so when we later check something like remove_name we have problems since it wasn't defined in tclass file. This used to result in a avc which included the permission 0x2000 or something. Currently the kernel will deny the operations (good thing) but will not print ANY information (bad thing). First the auditdeny field is no extended to include unknown permissions. After that is fixed the logic in avc_dump_query to output this information isn't right since it will remove the permission from the av and print the phrase "<NULL>". This takes us back to the behavior before the classmap rewrite. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 21 11月, 2009 3 次提交
-
-
由 Eric Dumazet 提交于
To help grep games, rename iif to skb_iif Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric W. Biederman 提交于
Now that sys_sysctl is an emulation on top of proc sys all sysctl operations look like normal filesystem operations and we don't need to use the special sysctl hook to authenticate them. Acked-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
-
由 Eric W. Biederman 提交于
With the change of sys_sysctl going through the internal proc mount we no longer need to handle security_sysctl in tomoyo as we have valid pathnames for all sysctl accesses. There is one slight caveat to that in that all of the paths from the internal mount look like "/sys/net/ipv4/ip_local_port_range" instead of "/proc/sys/net/ipv4/ip_local_port_range" so tomoyo needs to add the "/proc" portion manually when resolving to full path names to get what it expects. This change teaches tomoyo perform that modification. Acked-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: NJohn Johansen <john.johansen@canonical.com> Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
-
- 19 11月, 2009 2 次提交
-
-
由 Mimi Zohar 提交于
While running fsstress tests on the NFSv4 mounted ext3 and ext4 filesystem, the following call trace was generated on the nfs server machine. Replace GFP_KERNEL with GFP_NOFS in ima_iint_insert() to avoid a potential deadlock. ================================= [ INFO: inconsistent lock state ] 2.6.31-31.el6.x86_64 #1 --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-W} usage. kswapd2/75 [HC0[0]:SC0[0]:HE1:SE1] takes: (jbd2_handle){+.+.?.}, at: [<ffffffff811edd5e>] jbd2_journal_start+0xfe/0x13f {RECLAIM_FS-ON-W} state was registered at: [<ffffffff81091e40>] mark_held_locks+0x65/0x99 [<ffffffff81091f31>] lockdep_trace_alloc+0xbd/0xf5 [<ffffffff81126fdd>] kmem_cache_alloc+0x40/0x185 [<ffffffff812344d7>] ima_iint_insert+0x3d/0xf1 [<ffffffff812345b0>] ima_inode_alloc+0x25/0x44 [<ffffffff811484ac>] inode_init_always+0xec/0x271 [<ffffffff81148682>] alloc_inode+0x51/0xa1 [<ffffffff81148700>] new_inode+0x2e/0x94 [<ffffffff811b2f08>] ext4_new_inode+0xb8/0xdc9 [<ffffffff811be611>] ext4_create+0xcf/0x175 [<ffffffff8113e2cd>] vfs_create+0x82/0xb8 [<ffffffff8113f337>] do_filp_open+0x32c/0x9ee [<ffffffff811309b9>] do_sys_open+0x6c/0x12c [<ffffffff81130adc>] sys_open+0x2e/0x44 [<ffffffff81011e42>] system_call_fastpath+0x16/0x1b [<ffffffffffffffff>] 0xffffffffffffffff irq event stamp: 90371 hardirqs last enabled at (90371): [<ffffffff8112708d>] kmem_cache_alloc+0xf0/0x185 hardirqs last disabled at (90370): [<ffffffff81127026>] kmem_cache_alloc+0x89/0x185 softirqs last enabled at (89492): [<ffffffff81068ecf>] __do_softirq+0x1bf/0x1eb softirqs last disabled at (89477): [<ffffffff8101312c>] call_softirq+0x1c/0x30 other info that might help us debug this: 2 locks held by kswapd2/75: #0: (shrinker_rwsem){++++..}, at: [<ffffffff810f98ba>] shrink_slab+0x44/0x177 #1: (&type->s_umount_key#25){++++..}, at: [<ffffffff811450ba>] Reported-by: NMuni P. Beerakam <mbeeraka@in.ibm.com> Reported-by: NAmit K. Arora <amitarora@in.ibm.com> Cc: stable@kernel.org Signed-off-by: NMimi Zohar <zohar@us.ibm.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Eric W. Biederman 提交于
For consistency drop & in front of every proc_handler. Explicity taking the address is unnecessary and it prevents optimizations like stubbing the proc_handlers to NULL. Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Joe Perches <joe@perches.com> Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
-
- 12 11月, 2009 2 次提交
-
-
由 Tetsuo Handa 提交于
ctl_name field was removed. Always use procname field. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
-
由 Eric W. Biederman 提交于
Now that sys_sysctl is a generic wrapper around /proc/sys .ctl_name and .strategy members of sysctl tables are dead code. Remove them. Cc: David Howells <dhowells@redhat.com> Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
-