1. 23 9月, 2006 16 次提交
    • V
      [MLSXFRM]: Default labeling of socket specific IPSec policies · cb969f07
      Venkat Yekkirala 提交于
      This defaults the label of socket-specific IPSec policies to be the
      same as the socket they are set on.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cb969f07
    • V
      [MLSXFRM]: Add flow labeling · beb8d13b
      Venkat Yekkirala 提交于
      This labels the flows that could utilize IPSec xfrms at the points the
      flows are defined so that IPSec policy and SAs at the right label can
      be used.
      
      The following protos are currently not handled, but they should
      continue to be able to use single-labeled IPSec like they currently
      do.
      
      ipmr
      ip_gre
      ipip
      igmp
      sit
      sctp
      ip6_tunnel (IPv6 over IPv6 tunnel device)
      decnet
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      beb8d13b
    • V
      [MLSXFRM]: Add security context to acquire messages using PF_KEY · 4e2ba18e
      Venkat Yekkirala 提交于
      This includes the security context of a security association created
      for use by IKE in the acquire messages sent to IKE daemons using
      PF_KEY. This would allow the daemons to include the security context
      in the negotiation, so that the resultant association is unique to
      that security context.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4e2ba18e
    • S
      [MLSXFRM]: Add security context to acquire messages using netlink · 0d681623
      Serge Hallyn 提交于
      This includes the security context of a security association created
      for use by IKE in the acquire messages sent to IKE daemons using
      netlink/xfrm_user. This would allow the daemons to include the
      security context in the negotiation, so that the resultant association
      is unique to that security context.
      Signed-off-by: NSerge Hallyn <serue@us.ibm.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0d681623
    • V
      [MLSXFRM]: Flow based matching of xfrm policy and state · e0d1caa7
      Venkat Yekkirala 提交于
      This implements a seemless mechanism for xfrm policy selection and
      state matching based on the flow sid. This also includes the necessary
      SELinux enforcement pieces.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e0d1caa7
    • V
      [MLSXFRM]: Add security sid to flowi · b6340fcd
      Venkat Yekkirala 提交于
      This adds security to flow key for labeling of flows as also to allow
      for making flow cache lookups based on the security label seemless.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b6340fcd
    • V
      [MLSXFRM]: Add security sid to sock · 892c141e
      Venkat Yekkirala 提交于
      This adds security for IP sockets at the sock level. Security at the
      sock level is needed to enforce the SELinux security policy for
      security associations even when a sock is orphaned (such as in the TCP
      LAST_ACK state).
      
      This will also be used to enforce SELinux controls over data arriving
      at or leaving a child socket while it's still waiting to be accepted.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      892c141e
    • V
      [MLSXFRM]: Define new SELinux service routine · 08554d6b
      Venkat Yekkirala 提交于
      This defines a routine that combines the Type Enforcement portion of
      one sid with the MLS portion from the other sid to arrive at a new
      sid. This would be used to define a sid for a security association
      that is to be negotiated by IKE as well as for determing the sid for
      open requests and connection-oriented child sockets.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      08554d6b
    • V
      [MLSXFRM]: Granular IPSec associations for use in MLS environments · 51bd3986
      Venkat Yekkirala 提交于
      The current approach to labeling Security Associations for SELinux
      purposes uses a one-to-one mapping between xfrm policy rules and
      security associations.
      
      This doesn't address the needs of real world MLS (Multi-level System,
      traditional Bell-LaPadula) environments where a single xfrm policy
      rule (pertaining to a range, classified to secret for example) might
      need to map to multiple Security Associations (one each for
      classified, secret, top secret and all the compartments applicable to
      these security levels).
      
      This patch set addresses the above problem by allowing for the mapping
      of a single xfrm policy rule to multiple security associations, with
      each association used in the security context it is defined for. It
      also includes the security context to be used in IKE negotiation in
      the acquire messages sent to the IKE daemon so that a unique SA can be
      negotiated for each unique security context. A couple of bug fixes are
      also included; checks to make sure the SAs used by a packet match
      policy (security context-wise) on the inbound and also that the bundle
      used for the outbound matches the security context of the flow. This
      patch set also makes the use of the SELinux sid in flow cache lookups
      seemless by including the sid in the flow key itself. Also, open
      requests as well as connection-oriented child sockets are labeled
      automatically to be at the same level as the peer to allow for use of
      appropriately labeled IPSec associations.
      
      Description of changes:
      
      A "sid" member has been added to the flow cache key resulting in the
      sid being available at all needed locations and the flow cache lookups
      automatically using the sid. The flow sid is derived from the socket
      on the outbound and the SAs (unlabeled where an SA was not used) on
      the inbound.
      
      Outbound case:
      1. Find policy for the socket.
      
      2. OLD: Find an SA that matches the policy.
       NEW: Find an SA that matches BOTH the policy and the flow/socket.
         This is necessary since not every SA that matches the policy
         can be used for the flow/socket. Consider policy range Secret-TS,
         and SAs each for Secret and TS. We don't want a TS socket to
         use the Secret SA. Hence the additional check for the SA Vs. flow/socket.
      
      3. NEW: When looking thru bundles for a policy, make sure the
              flow/socket can use the bundle. If a bundle is not found,
              create one, calling for IKE if necessary. If using IKE,
              include the security context in the acquire message to the IKE
              daemon.
      
      Inbound case:
      1. OLD: Find policy for the socket.
       NEW: Find policy for the incoming packet based on the sid of the
            SA(s) it used or the unlabeled sid if no SAs were
            used. (Consider a case where a socket is "authorized" for two
            policies (unclassified-confidential, secret-top_secret). If the
            packet has come in using a secret SA, we really ought to be
            using the latter policy (secret-top_secret).)
      
      2. OLD: BUG: No check to see if the SAs used by the packet agree with
                   the policy sec_ctx-wise.
      
                   (It was indicated in selinux_xfrm_sock_rcv_skb() that
                    this was being accomplished by
                    (x->id.spi == tmpl->id.spi || !tmpl->id.spi) in xfrm_state_ok,
      	      but it turns out tmpl->id.spi
                    would normally be zero (unless xfrm policy rules specify one
                    at the template level, which they usually don't).
       NEW: The socket is checked for access to the SAs used (based on the
            sid of the SAs) in selinux_xfrm_sock_rcv_skb().
      
      Forward case:
       This would be Step 1 from the Inbound case, followed by Steps 2 and 3
      from the Outbound case.
      
      Outstanding items/issues:
      
      - Timewait acknowledgements and such are generated in the
        current/upstream implementation using a NULL socket resulting in the
        any_socket sid (SYSTEM_HIGH) to be used. This problem is not addressed
        by this patch set.
      
      This patch: Add new flask definitions to SELinux
      
      Adds a new avperm "polmatch" to arbitrate flow/state access to a xfrm
      policy rule.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      51bd3986
    • L
      Merge git://git.infradead.org/~dwmw2/hdroneline · e6e5fee1
      Linus Torvalds 提交于
      * git://git.infradead.org/~dwmw2/hdroneline:
        [HEADERS] One line per header in Kbuild files to reduce conflicts
      
      Manual (trivial) conflict resolution in include/asm-s390/Kbuild
      e6e5fee1
    • L
      Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2 · 3e59ddff
      Linus Torvalds 提交于
      * 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2:
        ocfs2: Remove overzealous BUG_ON()
        ocfs2: Don't print on unknown remote blocking call
        ocfs2: Remove EXPERIMENTAL dependency
        ocfs2: implement directory read-ahead
        ocfs2: properly update i_mtime on buffered write
        ocfs2: Fix directory link count checks in ocfs2_link()
        ocfs2: move nlink check in ocfs2_mknod()
        ocfs2: Fix heartbeat sector calculation
        [PATCH] fs/ocfs2/ioctl.c should #include "ioctl.h"
        ocfs2: add ext2 attributes
        configfs: Prevent duplicate subsystem names.
      3e59ddff
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 6bbd9b6d
      Linus Torvalds 提交于
      * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (64 commits)
        [BLOCK] dm-crypt: trivial comment improvements
        [CRYPTO] api: Deprecate crypto_digest_* and crypto_alg_available
        [CRYPTO] padlock: Convert padlock-sha to use crypto_hash
        [CRYPTO] users: Use crypto_comp and crypto_has_*
        [CRYPTO] api: Add crypto_comp and crypto_has_*
        [CRYPTO] users: Use crypto_hash interface instead of crypto_digest
        [SCSI] iscsi: Use crypto_hash interface instead of crypto_digest
        [CRYPTO] digest: Remove old HMAC implementation
        [CRYPTO] doc: Update documentation for hash and me
        [SCTP]: Use HMAC template and hash interface
        [IPSEC]: Use HMAC template and hash interface
        [CRYPTO] tcrypt: Use HMAC template and hash interface
        [CRYPTO] hmac: Add crypto template implementation
        [CRYPTO] digest: Added user API for new hash type
        [CRYPTO] api: Mark parts of cipher interface as deprecated
        [PATCH] scatterlist: Add const to sg_set_buf/sg_init_one pointer argument
        [CRYPTO] drivers: Remove obsolete block cipher operations
        [CRYPTO] users: Use block ciphers where applicable
        [SUNRPC] GSS: Use block ciphers where applicable
        [IPSEC] ESP: Use block ciphers where applicable
        ...
      6bbd9b6d
    • L
      Merge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6 · a489d159
      Linus Torvalds 提交于
      * 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6: (44 commits)
        [S390] hypfs crashes with invalid mount option.
        [S390] cio: subchannel evaluation function operates without lock
        [S390] cio: always query all paths on path verification.
        [S390] cio: update path groups on logical CHPID changes.
        [S390] cio: subchannels in no-path state.
        [S390] Replace nopav-message on VM.
        [S390] set modalias for ccw bus uevents.
        [S390] Get rid of DBG macro.
        [S390] Use alternative user-copy operations for new hardware.
        [S390] Make user-copy operations run-time configurable.
        [S390] Cleanup in signal handling code.
        [S390] Cleanup in page table related code.
        [S390] Linux API for writing z/VM APPLDATA Monitor records.
        [S390] xpram off by one error.
        [S390] Remove kexec experimental flag.
        [S390] cleanup appldata.
        [S390] fix typo in vmcp.
        [S390] Kernel stack overflow handling.
        [S390] qdio slsb processing state.
        [S390] Missing initialization in common i/o layer.
        ...
      a489d159
    • L
      Merge git://git.infradead.org/mtd-2.6 · a48178a2
      Linus Torvalds 提交于
      * git://git.infradead.org/mtd-2.6:
        Remove accidentally-added include/linux/utsrelease.h
        Revert "[MTD] blkdev helper code: fix printk format warning"
        [MTD] Add SSFDC (SmartMedia) read-only translation layer
        [MTD] pmc551 pci cleanup
        [MTD] pmc551 use kzalloc
        [MTD] pmc551 whitespace cleanup
        [MTD] Remove iq80310 map driver
        [MTD NAND] Fix in typo ndfc.c causing wrong ECC layout
        [MTD] physmap: add power management support
        ioremap balanced with iounmap for drivers/mtd subsystem
        [MTD] Switch to pci_get_device and do ref counting
        [MTD] blkdev helper code: fix printk format warning
        [MTD] Fix ixp4xx partition parsing.
        [JFFS2] Remove unneeded ifdefs from jffs2_fs_i.h
        [MTD NAND] Remove old code in au1550nd.c
        [MTD] Unlock NOR flash automatically where necessary
      a48178a2
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc · 14d1adfc
      Linus Torvalds 提交于
      * git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: (114 commits)
        [POWERPC] Fix ohare IDE irq workaround on old powermacs
        [POWERPC] EEH: Power4 systems sometimes need multiple resets.
        [POWERPC] Include <asm/mmu.h> in arch/powerpc/sysdev/fsl_soc.h for phys_addr_t.
        [POWERPC] Demacrofy arch/powerpc/platforms/maple/pci.c
        [POWERPC] Maple U3 HT - reject inappropriate config space access
        [POWERPC] Fix IPIC pending register assignments
        [POWERPC] powerpc: fix building gdb against asm/ptrace.h
        [POWERPC] Remove DISCONTIGMEM cruft from page.h
        [POWERPC] Merge iSeries i/o operations with the rest
        [POWERPC] 40x: Fix debug status register defines
        [POWERPC] Fix compile error in sbc8560
        [POWERPC] EEH: support MMIO enable recovery step
        [POWERPC] EEH: enable MMIO/DMA on frozen slot
        [POWERPC] EEH: code comment cleanup
        [POWERPC] EEH: balance pcidev_get/put calls
        [POWERPC] PPC: Fix xmon stack frame address in backtrace
        [POWERPC] Add AT_PLATFORM value for Xilinx Virtex-4 FX
        [POWERPC] Start arch/powerpc/boot code reorganization
        [POWERPC] Define of_read_ulong helper
        [POWERPC] iseries: eliminate a couple of warnings
        ...
      14d1adfc
    • D
      734a5628
  2. 22 9月, 2006 24 次提交