1. 25 5月, 2011 1 次提交
    • E
      xattr.h: expose string defines to userspace · 1dbe3942
      Eric Paris 提交于
      af4f1360 ("security: move LSM xattrnames to xattr.h") moved the
      XATTR_CAPS_SUFFIX define from capability.h to xattr.h.  This makes sense
      except it was previously exports to userspace but xattr.h does not export
      it to userspace.  This patch exports these headers to userspace to fix the
      ABI regression.
      
      There is some slight possibility that this will cause problems in other
      applications which used these #defines differently (wrongly) and I could
      JUST export the capabilities xattr name that we broke.  Does anyonehave an
      idea how exposing these headers could cause a problem?
      
      Below is what is being exposed to userspace, included here since it isn't
      clear exactly what is going to be made available from the patch.
      
      /* Namespaces */
      #define XATTR_OS2_PREFIX "os2."
      #define XATTR_OS2_PREFIX_LEN (sizeof (XATTR_OS2_PREFIX) - 1)
      
      #define XATTR_SECURITY_PREFIX   "security."
      #define XATTR_SECURITY_PREFIX_LEN (sizeof (XATTR_SECURITY_PREFIX) - 1)
      
      #define XATTR_SYSTEM_PREFIX "system."
      #define XATTR_SYSTEM_PREFIX_LEN (sizeof (XATTR_SYSTEM_PREFIX) - 1)
      
      #define XATTR_TRUSTED_PREFIX "trusted."
      #define XATTR_TRUSTED_PREFIX_LEN (sizeof (XATTR_TRUSTED_PREFIX) - 1)
      
      #define XATTR_USER_PREFIX "user."
      #define XATTR_USER_PREFIX_LEN (sizeof (XATTR_USER_PREFIX) - 1)
      
      /* Security namespace */
      #define XATTR_SELINUX_SUFFIX "selinux"
      #define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
      
      #define XATTR_SMACK_SUFFIX "SMACK64"
      #define XATTR_SMACK_IPIN "SMACK64IPIN"
      #define XATTR_SMACK_IPOUT "SMACK64IPOUT"
      #define XATTR_NAME_SMACK XATTR_SECURITY_PREFIX XATTR_SMACK_SUFFIX
      #define XATTR_NAME_SMACKIPIN    XATTR_SECURITY_PREFIX XATTR_SMACK_IPIN
      #define XATTR_NAME_SMACKIPOUT   XATTR_SECURITY_PREFIX XATTR_SMACK_IPOUT
      
      #define XATTR_CAPS_SUFFIX "capability"
      #define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
      Reported-by: NOzan Çaglayan <ozan@pardus.org.tr>
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Cc: Mimi Zohar <zohar@us.ibm.com>
      Cc: Serge Hallyn <serue@us.ibm.com>
      Cc: James Morris <jmorris@namei.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      1dbe3942
  2. 18 1月, 2011 1 次提交
    • C
      Subject: [PATCH] Smack: mmap controls for library containment · 7898e1f8
      Casey Schaufler 提交于
        In the embedded world there are often situations
        where libraries are updated from a variety of sources,
        for a variety of reasons, and with any number of
        security characteristics. These differences
        might include privilege required for a given library
        provided interface to function properly, as occurs
        from time to time in graphics libraries. There are
        also cases where it is important to limit use of
        libraries based on the provider of the library and
        the security aware application may make choices
        based on that criteria.
      
        These issues are addressed by providing an additional
        Smack label that may optionally be assigned to an object,
        the SMACK64MMAP attribute. An mmap operation is allowed
        if there is no such attribute.
      
        If there is a SMACK64MMAP attribute the mmap is permitted
        only if a subject with that label has all of the access
        permitted a subject with the current task label.
      
        Security aware applications may from time to time
        wish to reduce their "privilege" to avoid accidental use
        of privilege. One case where this arises is the
        environment in which multiple sources provide libraries
        to perform the same functions. An application may know
        that it should eschew services made available from a
        particular vendor, or of a particular version.
      
        In support of this a secondary list of Smack rules has
        been added that is local to the task. This list is
        consulted only in the case where the global list has
        approved access. It can only further restrict access.
        Unlike the global last, if no entry is found on the
        local list access is granted. An application can add
        entries to its own list by writing to /smack/load-self.
      
        The changes appear large as they involve refactoring
        the list handling to accomodate there being more
        than one rule list.
      Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
      7898e1f8
  3. 08 12月, 2010 1 次提交
    • J
      Smack: Transmute labels on specified directories · 5c6d1125
      Jarkko Sakkinen 提交于
      In a situation where Smack access rules allow processes
      with multiple labels to write to a directory it is easy
      to get into a situation where the directory gets cluttered
      with files that the owner can't deal with because while
      they could be written to the directory a process at the
      label of the directory can't write them. This is generally
      the desired behavior, but when it isn't it is a real
      issue.
      
      This patch introduces a new attribute SMACK64TRANSMUTE that
      instructs Smack to create the file with the label of the directory
      under certain circumstances.
      
      A new access mode, "t" for transmute, is made available to
      Smack access rules, which are expanded from "rwxa" to "rwxat".
      If a file is created in a directory marked as transmutable
      and if access was granted to perform the operation by a rule
      that included the transmute mode, then the file gets the
      Smack label of the directory instead of the Smack label of the
      creating process.
      
      Note that this is equivalent to creating an empty file at the
      label of the directory and then having the other process write
      to it. The transmute scheme requires that both the access rule
      allows transmutation and that the directory be explicitly marked.
      Signed-off-by: NJarkko Sakkinen <ext-jarkko.2.sakkinen@nokia.com>
      Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
      5c6d1125
  4. 02 12月, 2010 1 次提交
    • C
      This patch adds a new security attribute to Smack called · 676dac4b
      Casey Schaufler 提交于
      SMACK64EXEC. It defines label that is used while task is
      running.
      
      Exception: in smack_task_wait() child task is checked
      for write access to parent task using label inherited
      from the task that forked it.
      
      Fixed issues from previous submit:
      - SMACK64EXEC was not read when SMACK64 was not set.
      - inode security blob was not updated after setting
        SMACK64EXEC
      - inode security blob was not updated when removing
        SMACK64EXEC
      676dac4b
  5. 02 8月, 2010 1 次提交
  6. 22 5月, 2010 1 次提交
  7. 17 12月, 2009 1 次提交
    • C
      sanitize xattr handler prototypes · 431547b3
      Christoph Hellwig 提交于
      Add a flags argument to struct xattr_handler and pass it to all xattr
      handler methods.  This allows using the same methods for multiple
      handlers, e.g. for the ACL methods which perform exactly the same action
      for the access and default ACLs, just using a different underlying
      attribute.  With a little more groundwork it'll also allow sharing the
      methods for the regular user/trusted/secure handlers in extN, ocfs2 and
      jffs2 like it's already done for xfs in this patch.
      
      Also change the inode argument to the handlers to a dentry to allow
      using the handlers mechnism for filesystems that require it later,
      e.g. cifs.
      
      [with GFS2 bits updated by Steven Whitehouse <swhiteho@redhat.com>]
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Reviewed-by: NJames Morris <jmorris@namei.org>
      Acked-by: NJoel Becker <joel.becker@oracle.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      431547b3
  8. 10 9月, 2009 1 次提交
  9. 29 4月, 2008 1 次提交
  10. 06 2月, 2008 1 次提交
  11. 12 2月, 2007 1 次提交
  12. 10 10月, 2006 1 次提交
    • B
      [PATCH] Introduce vfs_listxattr · 659564c8
      Bill Nottingham 提交于
      This patch moves code out of fs/xattr.c:listxattr into a new function -
      vfs_listxattr. The code for vfs_listxattr was originally submitted by Bill
      Nottingham <notting@redhat.com> to Unionfs.
      
      Sorry about that.  The reason for this submission is to make the
      listxattr code in fs/xattr.c a little cleaner (as well as to clean up
      some code in Unionfs.)
      
      Currently, Unionfs has vfs_listxattr defined in its code.  I think
      that's very ugly, and I'd like to see it (re)moved.  The logical place
      to put it, is along side of all the other vfs_*xattr functions.
      
      Overall, I think this patch is benefitial for both kernel.org kernel and
      Unionfs.
      Signed-off-by: NJosef "Jeff" Sipek <jsipek@cs.sunysb.edu>
      Acked-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      659564c8
  13. 11 1月, 2006 2 次提交
  14. 17 4月, 2005 1 次提交
    • L
      Linux-2.6.12-rc2 · 1da177e4
      Linus Torvalds 提交于
      Initial git repository build. I'm not bothering with the full history,
      even though we have it. We can create a separate "historical" git
      archive of that later if we want to, and in the meantime it's about
      3.2GB when imported into git - space that would just make the early
      git days unnecessarily complicated, when we don't have a lot of good
      infrastructure for it.
      
      Let it rip!
      1da177e4