1. 02 2月, 2006 1 次提交
  2. 10 9月, 2005 2 次提交
    • S
      [PATCH] Remove security_inode_post_create/mkdir/symlink/mknod hooks · a74574aa
      Stephen Smalley 提交于
      This patch removes the inode_post_create/mkdir/mknod/symlink LSM hooks as
      they are obsoleted by the new inode_init_security hook that enables atomic
      inode security labeling.
      
      If anyone sees any reason to retain these hooks, please speak now.  Also,
      is anyone using the post_rename/link hooks; if not, those could also be
      removed.
      Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      a74574aa
    • S
      [PATCH] security: enable atomic inode security labeling · 5e41ff9e
      Stephen Smalley 提交于
      The following patch set enables atomic security labeling of newly created
      inodes by altering the fs code to invoke a new LSM hook to obtain the security
      attribute to apply to a newly created inode and to set up the incore inode
      security state during the inode creation transaction.  This parallels the
      existing processing for setting ACLs on newly created inodes.  Otherwise, it
      is possible for new inodes to be accessed by another thread via the dcache
      prior to complete security setup (presently handled by the
      post_create/mkdir/...  LSM hooks in the VFS) and a newly created inode may be
      left unlabeled on the disk in the event of a crash.  SELinux presently works
      around the issue by ensuring that the incore inode security label is
      initialized to a special SID that is inaccessible to unprivileged processes
      (in accordance with policy), thereby preventing inappropriate access but
      potentially causing false denials on legitimate accesses.  A simple test
      program demonstrates such false denials on SELinux, and the patch solves the
      problem.  Similar such false denials have been encountered in real
      applications.
      
      This patch defines a new inode_init_security LSM hook to obtain the security
      attribute to apply to a newly created inode and to set up the incore inode
      security state for it, and adds a corresponding hook function implementation
      to SELinux.
      Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      5e41ff9e
  3. 17 4月, 2005 1 次提交
    • L
      Linux-2.6.12-rc2 · 1da177e4
      Linus Torvalds 提交于
      Initial git repository build. I'm not bothering with the full history,
      even though we have it. We can create a separate "historical" git
      archive of that later if we want to, and in the meantime it's about
      3.2GB when imported into git - space that would just make the early
      git days unnecessarily complicated, when we don't have a lot of good
      infrastructure for it.
      
      Let it rip!
      1da177e4