1. 18 4月, 2008 2 次提交
  2. 15 2月, 2008 1 次提交
  3. 30 1月, 2008 1 次提交
  4. 17 10月, 2007 1 次提交
  5. 22 7月, 2007 1 次提交
    • A
      [PATCH] get rid of AVC_PATH postponed treatment · 4259fa01
      Al Viro 提交于
              Selinux folks had been complaining about the lack of AVC_PATH
      records when audit is disabled.  I must admit my stupidity - I assumed
      that avc_audit() really couldn't use audit_log_d_path() because of
      deadlocks (== could be called with dcache_lock or vfsmount_lock held).
      Shouldn't have made that assumption - it never gets called that way.
      It _is_ called under spinlocks, but not those.
      
              Since audit_log_d_path() uses ab->gfp_mask for allocations,
      kmalloc() in there is not a problem.  IOW, the simple fix is sufficient:
      let's rip AUDIT_AVC_PATH out and simply generate pathname as part of main
      record.  It's trivial to do.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Acked-by: NJames Morris <jmorris@namei.org>
      4259fa01
  6. 20 7月, 2007 1 次提交
    • P
      mm: Remove slab destructors from kmem_cache_create(). · 20c2df83
      Paul Mundt 提交于
      Slab destructors were no longer supported after Christoph's
      c59def9f change. They've been
      BUGs for both slab and slub, and slob never supported them
      either.
      
      This rips out support for the dtor pointer from kmem_cache_create()
      completely and fixes up every single callsite in the kernel (there were
      about 224, not including the slab allocator definitions themselves,
      or the documentation references).
      Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
      20c2df83
  7. 12 7月, 2007 2 次提交
  8. 26 4月, 2007 1 次提交
  9. 12 2月, 2007 1 次提交
  10. 08 12月, 2006 2 次提交
  11. 05 12月, 2006 1 次提交
  12. 29 11月, 2006 1 次提交
  13. 01 5月, 2006 1 次提交
    • D
      [PATCH] support for context based audit filtering · 376bd9cb
      Darrel Goeddel 提交于
      The following patch provides selinux interfaces that will allow the audit
      system to perform filtering based on the process context (user, role, type,
      sensitivity, and clearance).  These interfaces will allow the selinux
      module to perform efficient matches based on lower level selinux constructs,
      rather than relying on context retrievals and string comparisons within
      the audit module.  It also allows for dominance checks on the mls portion
      of the contexts that are impossible with only string comparisons.
      Signed-off-by: NDarrel Goeddel <dgoeddel@trustedcs.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      376bd9cb
  14. 08 2月, 2006 1 次提交
  15. 14 1月, 2006 1 次提交
    • J
      [NET]: Use NIP6_FMT in kernel.h · 46b86a2d
      Joe Perches 提交于
      There are errors and inconsistency in the display of NIP6 strings.
      	ie: net/ipv6/ip6_flowlabel.c
      
      There are errors and inconsistency in the display of NIPQUAD strings too.
      	ie: net/netfilter/nf_conntrack_ftp.c
      
      This patch:
      	adds NIP6_FMT to kernel.h
      	changes all code to use NIP6_FMT
      	fixes net/ipv6/ip6_flowlabel.c
      	adds NIPQUAD_FMT to kernel.h
      	fixes net/netfilter/nf_conntrack_ftp.c
      	changes a few uses of "%u.%u.%u.%u" to NIPQUAD_FMT for symmetry to NIP6_FMT
      Signed-off-by: NJoe Perches <joe@perches.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      46b86a2d
  16. 05 9月, 2005 1 次提交
  17. 22 6月, 2005 1 次提交
    • D
      AUDIT: Wait for backlog to clear when generating messages. · 9ad9ad38
      David Woodhouse 提交于
      Add a gfp_mask to audit_log_start() and audit_log(), to reduce the
      amount of GFP_ATOMIC allocation -- most of it doesn't need to be 
      GFP_ATOMIC. Also if the mask includes __GFP_WAIT, then wait up to
      60 seconds for the auditd backlog to clear instead of immediately 
      abandoning the message. 
      
      The timeout should probably be made configurable, but for now it'll 
      suffice that it only happens if auditd is actually running.
      Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>
      9ad9ad38
  18. 25 5月, 2005 1 次提交
    • S
      AUDIT: Fix remaining cases of direct logging of untrusted strings by avc_audit · 37ca5389
      Stephen Smalley 提交于
      Per Steve Grubb's observation that there are some remaining cases where
      avc_audit() directly logs untrusted strings without escaping them, here
      is a patch that changes avc_audit() to use audit_log_untrustedstring()
      or audit_log_hex() as appropriate.  Note that d_name.name is nul-
      terminated by d_alloc(), and that sun_path is nul-terminated by
      unix_mkname(), so it is not necessary for the AVC to create nul-
      terminated copies or to alter audit_log_untrustedstring to take a length
      argument.  In the case of an abstract name, we use audit_log_hex() with
      an explicit length.
      Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>
      37ca5389
  19. 21 5月, 2005 2 次提交
  20. 19 5月, 2005 1 次提交
  21. 14 5月, 2005 1 次提交
  22. 11 5月, 2005 1 次提交
    • C
      Add audit_log_type · c1b773d8
      Chris Wright 提交于
      Add audit_log_type to allow callers to specify type and pid when logging.
      Convert audit_log to wrapper around audit_log_type.  Could have
      converted all audit_log callers directly, but common case is default
      of type AUDIT_KERNEL and pid 0.  Update audit_log_start to take type
      and pid values when creating a new audit_buffer.  Move sequences that
      did audit_log_start, audit_log_format, audit_set_type, audit_log_end,
      to simply call audit_log_type directly.  This obsoletes audit_set_type
      and audit_set_pid, so remove them.
      Signed-off-by: NChris Wright <chrisw@osdl.org>
      Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>
      c1b773d8
  23. 19 4月, 2005 1 次提交
    • S
      [PATCH] SELinux: fix deadlock on dcache lock · 219f0817
      Stephen Smalley 提交于
      This fixes a deadlock on the dcache lock detected during testing at IBM
      by moving the logging of the current executable information from the
      SELinux avc_audit function to audit_log_exit (via an audit_log_task_info
      helper) for processing upon syscall exit. 
      
      For consistency, the patch also removes the logging of other
      task-related information from avc_audit, deferring handling to
      audit_log_exit instead. 
      
      This allows simplification of the avc_audit code, allows the exe
      information to be obtained more reliably, always includes the comm
      information (useful for scripts), and avoids including bogus task
      information for checks performed from irq or softirq. 
      Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NJames Morris <jmorris@redhat.com>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      219f0817
  24. 17 4月, 2005 1 次提交
    • L
      Linux-2.6.12-rc2 · 1da177e4
      Linus Torvalds 提交于
      Initial git repository build. I'm not bothering with the full history,
      even though we have it. We can create a separate "historical" git
      archive of that later if we want to, and in the meantime it's about
      3.2GB when imported into git - space that would just make the early
      git days unnecessarily complicated, when we don't have a lot of good
      infrastructure for it.
      
      Let it rip!
      1da177e4