- 08 4月, 2008 1 次提交
-
-
由 Stephen Smalley 提交于
More cases where SELinux must not re-enter the fs code. Called from the d_instantiate security hook. Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 06 2月, 2008 1 次提交
-
-
由 Paul Moore 提交于
The security_get_policycaps() functions has a couple of bugs in it and it isn't currently used by any in-tree code, so get rid of it and all of it's bugginess. Signed-off-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NJames Morris <jmorris@localhost.localdomain>
-
- 02 2月, 2008 2 次提交
-
-
由 Eric Paris 提交于
In order to correlate audit records to an individual login add a session id. This is incremented every time a user logs in and is included in almost all messages which currently output the auid. The field is labeled ses= or oses= Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Al Viro 提交于
all callers pass something->audit_context Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
- 01 2月, 2008 1 次提交
-
-
由 Paul Moore 提交于
As pointed out by Adrian Bunk, commit 45c950e0 ("fix memory leak in netlabel code") caused a double-free when security_netlbl_sid_to_secattr() fails. This patch fixes this by removing the netlbl_secattr_destroy() call from that function since we are already releasing the secattr memory in selinux_netlbl_sock_setsid(). Signed-off-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 30 1月, 2008 5 次提交
-
-
由 Paul Moore 提交于
Now that the SELinux NetLabel "base SID" is always the netmsg initial SID we can do a big optimization - caching the SID and not just the MLS attributes. This not only saves a lot of per-packet memory allocations and copies but it has a nice side effect of removing a chunk of code. Signed-off-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Paul Moore 提交于
Rework the handling of network peer labels so that the different peer labeling subsystems work better together. This includes moving both subsystems to a single "peer" object class which involves not only changes to the permission checks but an improved method of consolidating multiple packet peer labels. As part of this work the inbound packet permission check code has been heavily modified to handle both the old and new behavior in as sane a fashion as possible. Signed-off-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Paul Moore 提交于
Add a new policy capabilities bitmap to SELinux policy version 22. This bitmap will enable the security server to query the policy to determine which features it supports. Signed-off-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Paul Moore 提交于
The current SELinux netif code requires the caller have a valid net_device struct pointer to lookup network interface information. However, we don't always have a valid net_device pointer so convert the netif code to use the ifindex values we always have as part of the sk_buff. This patch also removes the default message SID from the network interface record, it is not being used and therefore is "dead code". Signed-off-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Paul Moore 提交于
This patch adds support to the NetLabel LSM secattr struct for a secid token and a type field, paving the way for full LSM/SELinux context support and "static" or "fallback" labels. In addition, this patch adds a fair amount of documentation to the core NetLabel structures used as part of the NetLabel kernel API. Signed-off-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 26 1月, 2008 1 次提交
-
-
由 Stephen Smalley 提交于
The proc net rewrite had a side effect on selinux, leading it to mislabel the /proc/net inodes, thereby leading to incorrect denials. Fix security_genfs_sid to ignore extra leading / characters in the path supplied by selinux_proc_get_sid since we now get "//net/..." rather than "/net/...". Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 25 1月, 2008 2 次提交
-
-
由 Eamon Walsh 提交于
This patch removes the requirement that the new and related object types differ in order to polyinstantiate by MLS level. This allows MLS polyinstantiation to occur in the absence of explicit type_member rules or when the type has not changed. Potential users of this support include pam_namespace.so (directory polyinstantiation) and the SELinux X support (property polyinstantiation). Signed-off-by: NEamon Walsh <ewalsh@tycho.nsa.gov> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Joe Perches 提交于
Add missing space. Signed-off-by: NJoe Perches <joe@perches.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 22 1月, 2008 1 次提交
-
-
由 Paul Moore 提交于
Fix a memory leak in security_netlbl_sid_to_secattr() as reported here: * https://bugzilla.redhat.com/show_bug.cgi?id=352281Signed-off-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 08 11月, 2007 2 次提交
-
-
由 Stephen Smalley 提交于
Add more validity checks at policy load time to reject malformed policies and prevent subsequent out-of-range indexing when in permissive mode. Resolves the NULL pointer dereference reported in https://bugzilla.redhat.com/show_bug.cgi?id=357541. Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 KaiGai Kohei 提交于
The "e_iter = e_iter->next;" statement in the inner for loop is primally bug. It should be moved to outside of the for loop. Signed-off-by: NKaiGai Kohei <kaigai@kaigai.gr.jp> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 17 10月, 2007 4 次提交
-
-
由 KaiGai Kohei 提交于
This patch kills ugly warnings when the "Improve SELinux performance when ACV misses" patch. Signed-off-by: NKaiGai Kohei <kaigai@ak.jp.nec.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 KaiGai Kohei 提交于
* We add ebitmap_for_each_positive_bit() which enables to walk on any positive bit on the given ebitmap, to improve its performance using common bit-operations defined in linux/bitops.h. In the previous version, this logic was implemented using a combination of ebitmap_for_each_bit() and ebitmap_node_get_bit(), but is was worse in performance aspect. This logic is most frequestly used to compute a new AVC entry, so this patch can improve SELinux performance when AVC misses are happen. * struct ebitmap_node is redefined as an array of "unsigned long", to get suitable for using find_next_bit() which is fasted than iteration of shift and logical operation, and to maximize memory usage allocated from general purpose slab. * Any ebitmap_for_each_bit() are repleced by the new implementation in ss/service.c and ss/mls.c. Some of related implementation are changed, however, there is no incompatibility with the previous version. * The width of any new line are less or equal than 80-chars. The following benchmark shows the effect of this patch, when we access many files which have different security context one after another. The number is more than /selinux/avc/cache_threshold, so any access always causes AVC misses. selinux-2.6 selinux-2.6-ebitmap AVG: 22.763 [s] 8.750 [s] STD: 0.265 0.019 ------------------------------------------ 1st: 22.558 [s] 8.786 [s] 2nd: 22.458 [s] 8.750 [s] 3rd: 22.478 [s] 8.754 [s] 4th: 22.724 [s] 8.745 [s] 5th: 22.918 [s] 8.748 [s] 6th: 22.905 [s] 8.764 [s] 7th: 23.238 [s] 8.726 [s] 8th: 22.822 [s] 8.729 [s] Signed-off-by: NKaiGai Kohei <kaigai@ak.jp.nec.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Eric Paris 提交于
Allow policy to select, in much the same way as it selects MLS support, how the kernel should handle access decisions which contain either unknown classes or unknown permissions in known classes. The three choices for the policy flags are 0 - Deny unknown security access. (default) 2 - reject loading policy if it does not contain all definitions 4 - allow unknown security access The policy's choice is exported through 2 booleans in selinuxfs. /selinux/deny_unknown and /selinux/reject_unknown. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Yuichi Nakamura 提交于
This patch reduces memory usage of SELinux by tuning avtab. Number of hash slots in avtab was 32768. Unused slots used memory when number of rules is fewer. This patch decides number of hash slots dynamically based on number of rules. (chain length)^2 is also printed out in avtab_hash_eval to see standard deviation of avtab hash table. Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 16 8月, 2007 1 次提交
-
-
由 Steve G 提交于
Corrects an error code so that it is valid to pass to userspace. Signed-off-by: NSteve Grubb <linux_4ever@yahoo.com> Signed-off-by: NJames Morris <jmorris@halo.namei>
-
- 01 8月, 2007 1 次提交
-
-
由 Gabriel Craciunescu 提交于
Typo fixes errror -> error Signed-off-by: NGabriel Craciunescu <nix.or.die@googlemail.com> Cc: Jeff Garzik <jeff@garzik.org> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 23 7月, 2007 1 次提交
-
-
由 Jesper Juhl 提交于
Fix memory leak in security_netlbl_cache_add() Note: The Coverity checker gets credit for spotting this one. Signed-off-by: NJesper Juhl <jesper.juhl@gmail.com> Signed-off-by: NJames Morris <jmorris@namei.org> Acked-by: NStephen Smalley <sds@tycho.nsa.gov>
-
- 20 7月, 2007 1 次提交
-
-
由 Paul Mundt 提交于
Slab destructors were no longer supported after Christoph's c59def9f change. They've been BUGs for both slab and slub, and slob never supported them either. This rips out support for the dtor pointer from kmem_cache_create() completely and fixes up every single callsite in the kernel (there were about 224, not including the slab allocator definitions themselves, or the documentation references). Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
-
- 12 7月, 2007 3 次提交
-
-
由 Stephen Smalley 提交于
In security_get_user_sids, move the transition permission checks outside of the section holding the policy rdlock, and use the AVC to perform the checks, calling cond_resched after each one. These changes should allow preemption between the individual checks and enable caching of the results. It may however increase the overall time spent in the function in some cases, particularly in the cache miss case. The long term fix will be to take much of this logic to userspace by exporting additional state via selinuxfs, and ultimately deprecating and eliminating this interface from the kernel. Tested-by: NIngo Molnar <mingo@elte.hu> Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Eric Paris 提交于
During the LSPP testing we found that it was possible for policydb_destroy() to take 10+ seconds of kernel time to complete. Basically all policydb_destroy() does is walk some (possibly long) lists and free the memory it finds. Turning off slab debugging config options made the problem go away since the actual functions which took most of the time were (as seen by oprofile) > 121202 23.9879 .check_poison_obj > 78247 15.4864 .check_slabp were caused by that. So I decided to also add some voluntary schedule points in that code so config voluntary preempt would be enough to solve the problem. Something similar was done in places like shmem_free_pages() when we have to walk a list of memory and free it. This was tested by the LSPP group on the hardware which could reproduce the problem just loading a new policy and was found to not trigger the softlock detector. It takes just as much processing time, but the kernel doesn't spend all that time stuck doing one thing and never scheduling. Someday a better way to handle memory might make the time needed in this function a lot less, but this fixes the current issue as it stands today. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Christopher J. PeBenito 提交于
Add support to the SELinux security server for obtaining a list of classes, and for obtaining a list of permissions for a specified class. Signed-off-by: NChristopher J. PeBenito <cpebenito@tresys.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 26 4月, 2007 6 次提交
-
-
由 Stephen Smalley 提交于
At present, the userland policy loading code has to go through contortions to preserve boolean values across policy reloads, and cannot do so atomically. As this is what we always want to do for reloads, let the kernel preserve them instead. Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov> Acked-by: NKarl MacMillan <kmacmillan@mentalrootkit.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 James Carter 提交于
Make the initial SID contexts accessible to userspace via selinuxfs. An initial use of this support will be to make the unlabeled context available to libselinux for use for invalidated userspace SIDs. Signed-off-by: NJames Carter <jwcart2@tycho.nsa.gov> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Stephen Smalley 提交于
Remove userland security class and permission definitions from the kernel as the kernel only needs to use and validate its own class and permission definitions and userland definitions may change. Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Paul Moore 提交于
As suggested, move the security_skb_extlbl_sid() function out of the security server and into the SELinux hooks file. Signed-off-by: NPaul Moore <paul.moore@hp.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Paul Moore 提交于
In the beginning I named the file selinux_netlabel.h to avoid potential namespace colisions. However, over time I have realized that there are several other similar cases of multiple header files with the same name so I'm changing the name to something which better fits with existing naming conventions. Signed-off-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Paul Moore 提交于
Up until this patch the functions which have provided NetLabel support to SELinux have been integrated into the SELinux security server, which for various reasons is not really ideal. This patch makes an effort to extract as much of the NetLabel support from the security server as possibile and move it into it's own file within the SELinux directory structure. Signed-off-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 27 2月, 2007 2 次提交
-
-
由 Stephen Smalley 提交于
Always initialize *scontext and *scontext_len in security_sid_to_context. (via http://lkml.org/lkml/2007/2/23/135) Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Eric Paris 提交于
Below is a patch which demotes many printk lines to KERN_DEBUG from KERN_INFO. It should help stop the spamming of logs with messages in which users are not interested nor is there any action that users should take. It also promotes some KERN_INFO to KERN_ERR such as when there are improper attempts to register/unregister security modules. A similar patch was discussed a while back on list: http://marc.theaimsgroup.com/?t=116656343500003&r=1&w=2 This patch addresses almost all of the issues raised. I believe the only advice not taken was in the demoting of messages related to undefined permissions and classes. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> security/selinux/hooks.c | 20 ++++++++++---------- security/selinux/ss/avtab.c | 2 +- security/selinux/ss/policydb.c | 6 +++--- security/selinux/ss/sidtab.c | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 15 2月, 2007 1 次提交
-
-
由 Tim Schmielau 提交于
After Al Viro (finally) succeeded in removing the sched.h #include in module.h recently, it makes sense again to remove other superfluous sched.h includes. There are quite a lot of files which include it but don't actually need anything defined in there. Presumably these includes were once needed for macros that used to live in sched.h, but moved to other header files in the course of cleaning it up. To ease the pain, this time I did not fiddle with any header files and only removed #includes from .c-files, which tend to cause less trouble. Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha, arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig, allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all configs in arch/arm/configs on arm. I also checked that no new warnings were introduced by the patch (actually, some warnings are removed that were emitted by unnecessarily included header files). Signed-off-by: NTim Schmielau <tim@physik3.uni-rostock.de> Acked-by: NRussell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 12 2月, 2007 1 次提交
-
-
由 Robert P. J. Day 提交于
Replace appropriate pairs of "kmem_cache_alloc()" + "memset(0)" with the corresponding "kmem_cache_zalloc()" call. Signed-off-by: NRobert P. J. Day <rpjday@mindspring.com> Cc: "Luck, Tony" <tony.luck@intel.com> Cc: Andi Kleen <ak@muc.de> Cc: Roland McGrath <roland@redhat.com> Cc: James Bottomley <James.Bottomley@steeleye.com> Cc: Greg KH <greg@kroah.com> Acked-by: NJoel Becker <Joel.Becker@oracle.com> Cc: Steven Whitehouse <swhiteho@redhat.com> Cc: Jan Kara <jack@ucw.cz> Cc: Michael Halcrow <mhalcrow@us.ibm.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Cc: Chris Wright <chrisw@sous-sol.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 27 1月, 2007 1 次提交
-
-
由 Venkat Yekkirala 提交于
This patch is an incremental fix to the flow_cache_genid patch for selinux that breaks the build of 2.6.20-rc6 when xfrm is not configured. Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 24 1月, 2007 1 次提交
-
-
由 Venkat Yekkirala 提交于
Currently, old flow cache entries remain valid even after a reload of SELinux policy. This patch increments the flow cache generation id on policy (re)loads so that flow cache entries are revalidated as needed. Thanks to Herbet Xu for pointing this out. See: http://marc.theaimsgroup.com/?l=linux-netdev&m=116841378704536&w=2 There's also a general issue as well as a solution proposed by David Miller for when flow_cache_genid wraps. I might be submitting a separate patch for that later. I request that this be applied to 2.6.20 since it's a security relevant fix. Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 09 1月, 2007 1 次提交
-
-
由 Paul Moore 提交于
The spinlock protecting the update of the "sksec->nlbl_state" variable is not currently softirq safe which can lead to problems. This patch fixes this by changing the spin_{un}lock() functions into spin_{un}lock_bh() functions. Signed-off-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-