1. 14 7月, 2015 1 次提交
    • J
      selinux: extended permissions for ioctls · fa1aa143
      Jeff Vander Stoep 提交于
      Add extended permissions logic to selinux. Extended permissions
      provides additional permissions in 256 bit increments. Extend the
      generic ioctl permission check to use the extended permissions for
      per-command filtering. Source/target/class sets including the ioctl
      permission may additionally include a set of commands. Example:
      
      allowxperm <source> <target>:<class> ioctl unpriv_app_socket_cmds
      auditallowxperm <source> <target>:<class> ioctl priv_gpu_cmds
      
      Where unpriv_app_socket_cmds and priv_gpu_cmds are macros
      representing commonly granted sets of ioctl commands.
      
      When ioctl commands are omitted only the permissions are checked.
      This feature is intended to provide finer granularity for the ioctl
      permission that may be too imprecise. For example, the same driver
      may use ioctls to provide important and benign functionality such as
      driver version or socket type as well as dangerous capabilities such
      as debugging features, read/write/execute to physical memory or
      access to sensitive data. Per-command filtering provides a mechanism
      to reduce the attack surface of the kernel, and limit applications
      to the subset of commands required.
      
      The format of the policy binary has been modified to include ioctl
      commands, and the policy version number has been incremented to
      POLICYDB_VERSION_XPERMS_IOCTL=30 to account for the format
      change.
      
      The extended permissions logic is deliberately generic to allow
      components to be reused e.g. netlink filters
      Signed-off-by: NJeff Vander Stoep <jeffv@google.com>
      Acked-by: NNick Kralevich <nnk@google.com>
      Signed-off-by: NPaul Moore <pmoore@redhat.com>
      fa1aa143
  2. 20 6月, 2014 2 次提交
  3. 06 1月, 2012 1 次提交
  4. 19 12月, 2011 1 次提交
  5. 10 9月, 2011 1 次提交
  6. 24 1月, 2011 1 次提交
  7. 01 12月, 2010 1 次提交
  8. 21 10月, 2010 1 次提交
  9. 02 8月, 2010 5 次提交
  10. 15 8月, 2008 1 次提交
  11. 05 8月, 2008 1 次提交
  12. 21 4月, 2008 2 次提交
  13. 19 4月, 2008 1 次提交
  14. 18 4月, 2008 1 次提交
  15. 08 11月, 2007 1 次提交
  16. 17 10月, 2007 1 次提交
  17. 31 10月, 2005 1 次提交
  18. 05 9月, 2005 2 次提交
  19. 26 6月, 2005 1 次提交
  20. 17 4月, 2005 1 次提交
    • L
      Linux-2.6.12-rc2 · 1da177e4
      Linus Torvalds 提交于
      Initial git repository build. I'm not bothering with the full history,
      even though we have it. We can create a separate "historical" git
      archive of that later if we want to, and in the meantime it's about
      3.2GB when imported into git - space that would just make the early
      git days unnecessarily complicated, when we don't have a lot of good
      infrastructure for it.
      
      Let it rip!
      1da177e4