linux-toradex.git/include/linux/security.h, branch v3.2-rc5 Linux kernel for Apalis and Colibri modules security: sparse fix: Move security_fixup_op to security.h 2011-09-09T23:56:33+00:00 James Morris jmorris@namei.org 2011-08-30T03:48:53+00:00 5dbe3040c74eef18e66951347eda05b153e69328 Fix sparse warning by moving declaraion to global header. Signed-off-by: James Morris <jmorris@namei.org> 
Fix sparse warning by moving declaraion to global header.

Signed-off-by: James Morris <jmorris@namei.org>
security: Fix a typo 2011-09-09T23:40:31+00:00 rongqing.li@windriver.com rongqing.li@windriver.com 2011-09-06T03:35:36+00:00 fc9ff9b7e3eaff3f49bc0fbbddfc1416212e888a Fix a typo. Signed-off-by: Roy.Li <rongqing.li@windriver.com> Signed-off-by: James Morris <jmorris@namei.org> 
Fix a typo.

Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: James Morris <jmorris@namei.org>
evm: fix build problems 2011-08-15T23:23:44+00:00 Mimi Zohar zohar@linux.vnet.ibm.com 2011-08-15T13:09:16+00:00 1e39f384bb01b0395b69cb70c2cacae65012f203 - Make the previously missing security_old_inode_init_security() stub function definition static inline. - The stub security_inode_init_security() function previously returned -EOPNOTSUPP and relied on the callers to change it to 0. The stub security/security_old_inode_init_security() functions now return 0. Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> 
- Make the previously missing security_old_inode_init_security() stub
  function definition static inline.

- The stub security_inode_init_security() function previously returned
  -EOPNOTSUPP and relied on the callers to change it to 0.  The stub
  security/security_old_inode_init_security() functions now return 0.

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
evm: building without EVM enabled fixes 2011-08-11T07:42:07+00:00 Mimi Zohar zohar@linux.vnet.ibm.com 2011-08-11T04:22:51+00:00 e1c9b23adbe86c725738402857397d7a29f9d6ef - Missing 'inline' on evm_inode_setattr() definition. Introduced by commit 817b54aa45db ("evm: add evm_inode_setattr to prevent updating an invalid security.evm"). - Missing security_old_inode_init_security() stub function definition. Caused by commit 9d8f13ba3f48 ("security: new security_inode_init_security API adds function callback"). Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> 
- Missing 'inline' on evm_inode_setattr() definition.
Introduced by commit 817b54aa45db ("evm: add evm_inode_setattr to prevent
updating an invalid security.evm").

- Missing security_old_inode_init_security() stub function definition.
Caused by commit 9d8f13ba3f48 ("security: new security_inode_init_security
API adds function callback").

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Merge branch 'next-evm' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/ima-2.6 into next 2011-08-09T00:31:03+00:00 James Morris jmorris@namei.org 2011-08-09T00:31:03+00:00 5a2f3a02aea164f4f59c0c3497772090a411b462 Conflicts: fs/attr.c Resolve conflict manually. Signed-off-by: James Morris <jmorris@namei.org> 
Conflicts:
	fs/attr.c

Resolve conflict manually.

Signed-off-by: James Morris <jmorris@namei.org>
->permission() sanitizing: don't pass flags to exec_permission() 2011-07-20T05:43:29+00:00 Al Viro viro@zeniv.linux.org.uk 2011-06-20T23:48:41+00:00 eecdd358b467405a084d400d5ec571bbdbfe97a3 pass mask instead; kill security_inode_exec_permission() since we can use security_inode_permission() instead. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
pass mask instead; kill security_inode_exec_permission() since we can use
security_inode_permission() instead.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
->permission() sanitizing: don't pass flags to ->inode_permission() 2011-07-20T05:43:26+00:00 Al Viro viro@zeniv.linux.org.uk 2011-06-20T23:38:15+00:00 e74f71eb78a4a8b9eaf1bc65f20f761648e85f76 pass that via mask instead. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
pass that via mask instead.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
security: new security_inode_init_security API adds function callback 2011-07-18T16:29:38+00:00 Mimi Zohar zohar@linux.vnet.ibm.com 2011-06-06T19:29:25+00:00 9d8f13ba3f4833219e50767b022b82cd0da930eb This patch changes the security_inode_init_security API by adding a filesystem specific callback to write security extended attributes. This change is in preparation for supporting the initialization of multiple LSM xattrs and the EVM xattr. Initially the callback function walks an array of xattrs, writing each xattr separately, but could be optimized to write multiple xattrs at once. For existing security_inode_init_security() calls, which have not yet been converted to use the new callback function, such as those in reiserfs and ocfs2, this patch defines security_old_inode_init_security(). Signed-off-by: Mimi Zohar <zohar@us.ibm.com> 
This patch changes the security_inode_init_security API by adding a
filesystem specific callback to write security extended attributes.
This change is in preparation for supporting the initialization of
multiple LSM xattrs and the EVM xattr.  Initially the callback function
walks an array of xattrs, writing each xattr separately, but could be
optimized to write multiple xattrs at once.

For existing security_inode_init_security() calls, which have not yet
been converted to use the new callback function, such as those in
reiserfs and ocfs2, this patch defines security_old_inode_init_security().

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
SECURITY: Move exec_permission RCU checks into security modules 2011-04-22T23:17:29+00:00 Andi Kleen ak@linux.intel.com 2011-04-22T00:23:19+00:00 8c9e80ed276fc4b9c9fadf29d8bf6b3576112f1a Right now all RCU walks fall back to reference walk when CONFIG_SECURITY is enabled, even though just the standard capability module is active. This is because security_inode_exec_permission unconditionally fails RCU walks. Move this decision to the low level security module. This requires passing the RCU flags down the security hook. This way at least the capability module and a few easy cases in selinux/smack work with RCU walks with CONFIG_SECURITY=y Signed-off-by: Andi Kleen <ak@linux.intel.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Right now all RCU walks fall back to reference walk when CONFIG_SECURITY
is enabled, even though just the standard capability module is active.
This is because security_inode_exec_permission unconditionally fails
RCU walks.

Move this decision to the low level security module. This requires
passing the RCU flags down the security hook. This way at least
the capability module and a few easy cases in selinux/smack work
with RCU walks with CONFIG_SECURITY=y

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
userns: security: make capabilities relative to the user namespace 2011-03-24T02:47:02+00:00 Serge E. Hallyn serge@hallyn.com 2011-03-23T23:43:17+00:00 3486740a4f32a6a466f5ac931654d154790ba648 - Introduce ns_capable to test for a capability in a non-default user namespace. - Teach cap_capable to handle capabilities in a non-default user namespace. The motivation is to get to the unprivileged creation of new namespaces. It looks like this gets us 90% of the way there, with only potential uid confusion issues left. I still need to handle getting all caps after creation but otherwise I think I have a good starter patch that achieves all of your goals. Changelog: 11/05/2010: [serge] add apparmor 12/14/2010: [serge] fix capabilities to created user namespaces Without this, if user serge creates a user_ns, he won't have capabilities to the user_ns he created. THis is because we were first checking whether his effective caps had the caps he needed and returning -EPERM if not, and THEN checking whether he was the creator. Reverse those checks. 12/16/2010: [serge] security_real_capable needs ns argument in !security case 01/11/2011: [serge] add task_ns_capable helper 01/11/2011: [serge] add nsown_capable() helper per Bastian Blank suggestion 02/16/2011: [serge] fix a logic bug: the root user is always creator of init_user_ns, but should not always have capabilities to it! Fix the check in cap_capable(). 02/21/2011: Add the required user_ns parameter to security_capable, fixing a compile failure. 02/23/2011: Convert some macros to functions as per akpm comments. Some couldn't be converted because we can't easily forward-declare them (they are inline if !SECURITY, extern if SECURITY). Add a current_user_ns function so we can use it in capability.h without #including cred.h. Move all forward declarations together to the top of the #ifdef __KERNEL__ section, and use kernel-doc format. 02/23/2011: Per dhowells, clean up comment in cap_capable(). 02/23/2011: Per akpm, remove unreachable 'return -EPERM' in cap_capable. (Original written and signed off by Eric; latest, modified version acked by him) [akpm@linux-foundation.org: fix build] [akpm@linux-foundation.org: export current_user_ns() for ecryptfs] [serge.hallyn@canonical.com: remove unneeded extra argument in selinux's task_has_capability] Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Daniel Lezcano <daniel.lezcano@free.fr> Acked-by: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
- Introduce ns_capable to test for a capability in a non-default
  user namespace.
- Teach cap_capable to handle capabilities in a non-default
  user namespace.

The motivation is to get to the unprivileged creation of new
namespaces.  It looks like this gets us 90% of the way there, with
only potential uid confusion issues left.

I still need to handle getting all caps after creation but otherwise I
think I have a good starter patch that achieves all of your goals.

Changelog:
	11/05/2010: [serge] add apparmor
	12/14/2010: [serge] fix capabilities to created user namespaces
	Without this, if user serge creates a user_ns, he won't have
	capabilities to the user_ns he created.  THis is because we
	were first checking whether his effective caps had the caps
	he needed and returning -EPERM if not, and THEN checking whether
	he was the creator.  Reverse those checks.
	12/16/2010: [serge] security_real_capable needs ns argument in !security case
	01/11/2011: [serge] add task_ns_capable helper
	01/11/2011: [serge] add nsown_capable() helper per Bastian Blank suggestion
	02/16/2011: [serge] fix a logic bug: the root user is always creator of
		    init_user_ns, but should not always have capabilities to
		    it!  Fix the check in cap_capable().
	02/21/2011: Add the required user_ns parameter to security_capable,
		    fixing a compile failure.
	02/23/2011: Convert some macros to functions as per akpm comments.  Some
		    couldn't be converted because we can't easily forward-declare
		    them (they are inline if !SECURITY, extern if SECURITY).  Add
		    a current_user_ns function so we can use it in capability.h
		    without #including cred.h.  Move all forward declarations
		    together to the top of the #ifdef __KERNEL__ section, and use
		    kernel-doc format.
	02/23/2011: Per dhowells, clean up comment in cap_capable().
	02/23/2011: Per akpm, remove unreachable 'return -EPERM' in cap_capable.

(Original written and signed off by Eric;  latest, modified version
acked by him)

[akpm@linux-foundation.org: fix build]
[akpm@linux-foundation.org: export current_user_ns() for ecryptfs]
[serge.hallyn@canonical.com: remove unneeded extra argument in selinux's task_has_capability]
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Daniel Lezcano <daniel.lezcano@free.fr>
Acked-by: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>