1. 01 10月, 2006 1 次提交
  2. 30 9月, 2006 4 次提交
  3. 27 9月, 2006 2 次提交
    • T
      [PATCH] inode-diet: Eliminate i_blksize from the inode structure · ba52de12
      Theodore Ts'o 提交于
      This eliminates the i_blksize field from struct inode.  Filesystems that want
      to provide a per-inode st_blksize can do so by providing their own getattr
      routine instead of using the generic_fillattr() function.
      
      Note that some filesystems were providing pretty much random (and incorrect)
      values for i_blksize.
      
      [bunk@stusta.de: cleanup]
      [akpm@osdl.org: generic_fillattr() fix]
      Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
      Signed-off-by: NAdrian Bunk <bunk@stusta.de>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      ba52de12
    • T
      [PATCH] inode_diet: Replace inode.u.generic_ip with inode.i_private · 8e18e294
      Theodore Ts'o 提交于
      The following patches reduce the size of the VFS inode structure by 28 bytes
      on a UP x86.  (It would be more on an x86_64 system).  This is a 10% reduction
      in the inode size on a UP kernel that is configured in a production mode
      (i.e., with no spinlock or other debugging functions enabled; if you want to
      save memory taken up by in-core inodes, the first thing you should do is
      disable the debugging options; they are responsible for a huge amount of bloat
      in the VFS inode structure).
      
      This patch:
      
      The filesystem or device-specific pointer in the inode is inside a union,
      which is pretty pointless given that all 30+ users of this field have been
      using the void pointer.  Get rid of the union and rename it to i_private, with
      a comment to explain who is allowed to use the void pointer.  This is just a
      cleanup, but it allows us to reuse the union 'u' for something something where
      the union will actually be used.
      
      [judith@osdl.org: powerpc build fix]
      Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
      Signed-off-by: NJudith Lebzelter <judith@osdl.org>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      8e18e294
  4. 26 9月, 2006 11 次提交
  5. 23 9月, 2006 16 次提交
    • V
      [SELINUX]: Fix bug in security_sid_mls_copy · 4eb327b5
      Venkat Yekkirala 提交于
      The following fixes a bug where random mem is being tampered with in the
      non-mls case; encountered by Jashua Brindle on a gentoo box.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Acked-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      4eb327b5
    • P
      [NetLabel]: add some missing #includes to various header files · 7a0e1d60
      Paul Moore 提交于
      Add some missing include files to the NetLabel related header files.
      Signed-off-by: NPaul Moore <paul.moore@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7a0e1d60
    • P
      [NetLabel]: uninline selinux_netlbl_inode_permission() · e448e931
      Paul Moore 提交于
      Uninline the selinux_netlbl_inode_permission() at the request of
      Andrew Morton.
      Signed-off-by: NPaul Moore <paul.moore@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e448e931
    • P
      [NetLabel]: Cleanup ebitmap_import() · 7b3bbb92
      Paul Moore 提交于
      Rewrite ebitmap_import() so it is a bit cleaner and easier to read.
      Signed-off-by: NPaul Moore <paul.moore@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7b3bbb92
    • P
      [NetLabel]: Comment corrections. · c1b14c0a
      Paul Moore 提交于
      Fix some incorrect comments.
      Signed-off-by: NPaul Moore <paul.moore@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c1b14c0a
    • P
      [NetLabel]: Correctly initialize the NetLabel fields. · 99f59ed0
      Paul Moore 提交于
      Fix a problem where the NetLabel specific fields of the sk_security_struct
      structure were not being initialized early enough in some cases.
      Signed-off-by: NPaul Moore <paul.moore@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      99f59ed0
    • A
      [SELINUX]: security/selinux/hooks.c: Make 4 functions static. · 9a673e56
      Adrian Bunk 提交于
      This patch makes four needlessly global functions static.
      Signed-off-by: NAdrian Bunk <bunk@stusta.de>
      Acked-by: NJames Morris <jmorris@namei.org>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9a673e56
    • V
      [NetLabel]: SELinux support · 7420ed23
      Venkat Yekkirala 提交于
      Add NetLabel support to the SELinux LSM and modify the
      socket_post_create() LSM hook to return an error code.  The most
      significant part of this patch is the addition of NetLabel hooks into
      the following SELinux LSM hooks:
      
       * selinux_file_permission()
       * selinux_socket_sendmsg()
       * selinux_socket_post_create()
       * selinux_socket_sock_rcv_skb()
       * selinux_socket_getpeersec_stream()
       * selinux_socket_getpeersec_dgram()
       * selinux_sock_graft()
       * selinux_inet_conn_request()
      
      The basic reasoning behind this patch is that outgoing packets are
      "NetLabel'd" by labeling their socket and the NetLabel security
      attributes are checked via the additional hook in
      selinux_socket_sock_rcv_skb().  NetLabel itself is only a labeling
      mechanism, similar to filesystem extended attributes, it is up to the
      SELinux enforcement mechanism to perform the actual access checks.
      
      In addition to the changes outlined above this patch also includes
      some changes to the extended bitmap (ebitmap) and multi-level security
      (mls) code to import and export SELinux TE/MLS attributes into and out
      of NetLabel.
      Signed-off-by: NPaul Moore <paul.moore@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7420ed23
    • V
      [MLSXFRM]: Fix build with SECURITY_NETWORK_XFRM disabled. · a51c64f1
      Venkat Yekkirala 提交于
      The following patch will fix the build problem (encountered by Andrew
      Morton) when SECURITY_NETWORK_XFRM is not enabled.
      
      As compared to git-net-selinux_xfrm_decode_session-build-fix.patch in
      -mm, this patch sets the return parameter sid to SECSID_NULL in
      selinux_xfrm_decode_session() and handles this value in the caller
      selinux_inet_conn_request() appropriately.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Acked-by: NJames Morris <jmorris@namei.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a51c64f1
    • V
      [MLSXFRM]: Auto-labeling of child sockets · 4237c75c
      Venkat Yekkirala 提交于
      This automatically labels the TCP, Unix stream, and dccp child sockets
      as well as openreqs to be at the same MLS level as the peer. This will
      result in the selection of appropriately labeled IPSec Security
      Associations.
      
      This also uses the sock's sid (as opposed to the isec sid) in SELinux
      enforcement of secmark in rcv_skb and postroute_last hooks.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4237c75c
    • V
      [MLSXFRM]: Default labeling of socket specific IPSec policies · cb969f07
      Venkat Yekkirala 提交于
      This defaults the label of socket-specific IPSec policies to be the
      same as the socket they are set on.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cb969f07
    • V
      [MLSXFRM]: Add flow labeling · beb8d13b
      Venkat Yekkirala 提交于
      This labels the flows that could utilize IPSec xfrms at the points the
      flows are defined so that IPSec policy and SAs at the right label can
      be used.
      
      The following protos are currently not handled, but they should
      continue to be able to use single-labeled IPSec like they currently
      do.
      
      ipmr
      ip_gre
      ipip
      igmp
      sit
      sctp
      ip6_tunnel (IPv6 over IPv6 tunnel device)
      decnet
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      beb8d13b
    • V
      [MLSXFRM]: Flow based matching of xfrm policy and state · e0d1caa7
      Venkat Yekkirala 提交于
      This implements a seemless mechanism for xfrm policy selection and
      state matching based on the flow sid. This also includes the necessary
      SELinux enforcement pieces.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e0d1caa7
    • V
      [MLSXFRM]: Add security sid to sock · 892c141e
      Venkat Yekkirala 提交于
      This adds security for IP sockets at the sock level. Security at the
      sock level is needed to enforce the SELinux security policy for
      security associations even when a sock is orphaned (such as in the TCP
      LAST_ACK state).
      
      This will also be used to enforce SELinux controls over data arriving
      at or leaving a child socket while it's still waiting to be accepted.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      892c141e
    • V
      [MLSXFRM]: Define new SELinux service routine · 08554d6b
      Venkat Yekkirala 提交于
      This defines a routine that combines the Type Enforcement portion of
      one sid with the MLS portion from the other sid to arrive at a new
      sid. This would be used to define a sid for a security association
      that is to be negotiated by IKE as well as for determing the sid for
      open requests and connection-oriented child sockets.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      08554d6b
    • V
      [MLSXFRM]: Granular IPSec associations for use in MLS environments · 51bd3986
      Venkat Yekkirala 提交于
      The current approach to labeling Security Associations for SELinux
      purposes uses a one-to-one mapping between xfrm policy rules and
      security associations.
      
      This doesn't address the needs of real world MLS (Multi-level System,
      traditional Bell-LaPadula) environments where a single xfrm policy
      rule (pertaining to a range, classified to secret for example) might
      need to map to multiple Security Associations (one each for
      classified, secret, top secret and all the compartments applicable to
      these security levels).
      
      This patch set addresses the above problem by allowing for the mapping
      of a single xfrm policy rule to multiple security associations, with
      each association used in the security context it is defined for. It
      also includes the security context to be used in IKE negotiation in
      the acquire messages sent to the IKE daemon so that a unique SA can be
      negotiated for each unique security context. A couple of bug fixes are
      also included; checks to make sure the SAs used by a packet match
      policy (security context-wise) on the inbound and also that the bundle
      used for the outbound matches the security context of the flow. This
      patch set also makes the use of the SELinux sid in flow cache lookups
      seemless by including the sid in the flow key itself. Also, open
      requests as well as connection-oriented child sockets are labeled
      automatically to be at the same level as the peer to allow for use of
      appropriately labeled IPSec associations.
      
      Description of changes:
      
      A "sid" member has been added to the flow cache key resulting in the
      sid being available at all needed locations and the flow cache lookups
      automatically using the sid. The flow sid is derived from the socket
      on the outbound and the SAs (unlabeled where an SA was not used) on
      the inbound.
      
      Outbound case:
      1. Find policy for the socket.
      
      2. OLD: Find an SA that matches the policy.
       NEW: Find an SA that matches BOTH the policy and the flow/socket.
         This is necessary since not every SA that matches the policy
         can be used for the flow/socket. Consider policy range Secret-TS,
         and SAs each for Secret and TS. We don't want a TS socket to
         use the Secret SA. Hence the additional check for the SA Vs. flow/socket.
      
      3. NEW: When looking thru bundles for a policy, make sure the
              flow/socket can use the bundle. If a bundle is not found,
              create one, calling for IKE if necessary. If using IKE,
              include the security context in the acquire message to the IKE
              daemon.
      
      Inbound case:
      1. OLD: Find policy for the socket.
       NEW: Find policy for the incoming packet based on the sid of the
            SA(s) it used or the unlabeled sid if no SAs were
            used. (Consider a case where a socket is "authorized" for two
            policies (unclassified-confidential, secret-top_secret). If the
            packet has come in using a secret SA, we really ought to be
            using the latter policy (secret-top_secret).)
      
      2. OLD: BUG: No check to see if the SAs used by the packet agree with
                   the policy sec_ctx-wise.
      
                   (It was indicated in selinux_xfrm_sock_rcv_skb() that
                    this was being accomplished by
                    (x->id.spi == tmpl->id.spi || !tmpl->id.spi) in xfrm_state_ok,
      	      but it turns out tmpl->id.spi
                    would normally be zero (unless xfrm policy rules specify one
                    at the template level, which they usually don't).
       NEW: The socket is checked for access to the SAs used (based on the
            sid of the SAs) in selinux_xfrm_sock_rcv_skb().
      
      Forward case:
       This would be Step 1 from the Inbound case, followed by Steps 2 and 3
      from the Outbound case.
      
      Outstanding items/issues:
      
      - Timewait acknowledgements and such are generated in the
        current/upstream implementation using a NULL socket resulting in the
        any_socket sid (SYSTEM_HIGH) to be used. This problem is not addressed
        by this patch set.
      
      This patch: Add new flask definitions to SELinux
      
      Adds a new avperm "polmatch" to arbitrate flow/state access to a xfrm
      policy rule.
      Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      51bd3986
  6. 21 9月, 2006 1 次提交
  7. 03 8月, 2006 1 次提交
    • C
      [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch · dc49c1f9
      Catherine Zhang 提交于
      From: Catherine Zhang <cxzhang@watson.ibm.com>
      
      This patch implements a cleaner fix for the memory leak problem of the
      original unix datagram getpeersec patch.  Instead of creating a
      security context each time a unix datagram is sent, we only create the
      security context when the receiver requests it.
      
      This new design requires modification of the current
      unix_getsecpeer_dgram LSM hook and addition of two new hooks, namely,
      secid_to_secctx and release_secctx.  The former retrieves the security
      context and the latter releases it.  A hook is required for releasing
      the security context because it is up to the security module to decide
      how that's done.  In the case of Selinux, it's a simple kfree
      operation.
      Acked-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dc49c1f9
  8. 01 8月, 2006 2 次提交
  9. 15 7月, 2006 1 次提交
  10. 11 7月, 2006 1 次提交