linux-toradex.git/scripts/selinux, branch v4.13-rc5 Linux kernel for Apalis and Colibri modules doc: ReSTify SELinux.txt 2017-05-18T16:31:30+00:00 Kees Cook keescook@chromium.org 2017-05-13T11:51:44+00:00 229fd05c565eb931aa7c59c9d740e2047701a4ad Adjusts for ReST markup and moves under LSM admin guide. Cc: Paul Moore <paul@paul-moore.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
Adjusts for ReST markup and moves under LSM admin guide.

Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
selinux: include sys/socket.h in host programs to have PF_MAX 2017-03-10T20:09:27+00:00 Nicolas Iooss nicolas.iooss@m4x.org 2017-03-05T14:01:52+00:00 c017c71ce09f4c7a5378fccbec6a3d7e96b0c5c2 Compiling with clang and -Wundef makes the compiler report a usage of undefined PF_MAX macro in security/selinux/include/classmap.h: In file included from scripts/selinux/mdp/mdp.c:48: security/selinux/include/classmap.h:37:31: warning: no previous extern declaration for non-static variable 'secclass_map' [-Wmissing-variable-declarations] struct security_class_mapping secclass_map[] = { ^ security/selinux/include/classmap.h:235:5: error: 'PF_MAX' is not defined, evaluates to 0 [-Werror,-Wundef] #if PF_MAX > 43 ^ In file included from scripts/selinux/genheaders/genheaders.c:17: security/selinux/include/classmap.h:37:31: warning: no previous extern declaration for non-static variable 'secclass_map' [-Wmissing-variable-declarations] struct security_class_mapping secclass_map[] = { ^ security/selinux/include/classmap.h:235:5: error: 'PF_MAX' is not defined, evaluates to 0 [-Werror,-Wundef] #if PF_MAX > 43 ^ PF_MAX is defined in include/linux/socket.h but not in include/uapi/linux/socket.h. Therefore host programs have to rely on the definition from libc's /usr/include/bits/socket.h, included by <sys/socket.h>. Fix the issue by using sys/socket.h in mdp and genheaders. When classmap.h is included by security/selinux/avc.c, it uses the kernel definition of PF_MAX, which makes the test consistent. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> Signed-off-by: Paul Moore <paul@paul-moore.com> 
Compiling with clang and -Wundef makes the compiler report a usage of
undefined PF_MAX macro in security/selinux/include/classmap.h:

    In file included from scripts/selinux/mdp/mdp.c:48:
    security/selinux/include/classmap.h:37:31: warning: no previous
    extern declaration for non-static variable 'secclass_map'
    [-Wmissing-variable-declarations]
    struct security_class_mapping secclass_map[] = {
                                  ^
    security/selinux/include/classmap.h:235:5: error: 'PF_MAX' is not
    defined, evaluates to 0 [-Werror,-Wundef]
    #if PF_MAX > 43
        ^
    In file included from scripts/selinux/genheaders/genheaders.c:17:
    security/selinux/include/classmap.h:37:31: warning: no previous
    extern declaration for non-static variable 'secclass_map'
    [-Wmissing-variable-declarations]
    struct security_class_mapping secclass_map[] = {
                                  ^
    security/selinux/include/classmap.h:235:5: error: 'PF_MAX' is not
    defined, evaluates to 0 [-Werror,-Wundef]
    #if PF_MAX > 43
        ^

PF_MAX is defined in include/linux/socket.h but not in
include/uapi/linux/socket.h. Therefore host programs have to rely on the
definition from libc's /usr/include/bits/socket.h, included by
<sys/socket.h>.

Fix the issue by using sys/socket.h in mdp and genheaders. When
classmap.h is included by security/selinux/avc.c, it uses the kernel
definition of PF_MAX, which makes the test consistent.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
selinux: use the kernel headers when building scripts/selinux 2016-12-21T15:39:25+00:00 Paul Moore paul@paul-moore.com 2016-12-21T15:39:25+00:00 bfc5e3a6af397dcf9c99a6c1872458e7867c4680 Commit 3322d0d64f4e ("selinux: keep SELinux in sync with new capability definitions") added a check on the defined capabilities without explicitly including the capability header file which caused problems when building genheaders for users of clang/llvm. Resolve this by using the kernel headers when building genheaders, which is arguably the right thing to do regardless, and explicitly including the kernel's capability.h header file in classmap.h. We also update the mdp build, even though it wasn't causing an error we really should be using the headers from the kernel we are building. Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org> Signed-off-by: Paul Moore <paul@paul-moore.com> 
Commit 3322d0d64f4e ("selinux: keep SELinux in sync with new capability
definitions") added a check on the defined capabilities without
explicitly including the capability header file which caused problems
when building genheaders for users of clang/llvm.  Resolve this by
using the kernel headers when building genheaders, which is arguably
the right thing to do regardless, and explicitly including the
kernel's capability.h header file in classmap.h.  We also update the
mdp build, even though it wasn't causing an error we really should
be using the headers from the kernel we are building.

Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
 selinux: explicitly declare the role "base_r" 2015-07-13T17:32:00+00:00 Laurent Bigonville bigon@bigon.be 2015-07-07T21:10:52+00:00 fda4d578ed0a7e1d116f56a15efea0e4ba78acad This fixes the compilation of policy generated by mdp with the recent version of checkpolicy. Signed-off-by: Laurent Bigonville <bigon@bigon.be> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com> 
This fixes the compilation of policy generated by mdp with the recent
version of checkpolicy.

Signed-off-by: Laurent Bigonville <bigon@bigon.be>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
kbuild: Make scripts executable 2014-08-20T14:03:45+00:00 Michal Marek mmarek@suse.cz 2014-08-20T14:02:59+00:00 06ed5c2bfacaf67039e87a213fa5d1cdde34246a The Makefiles call the respective interpreter explicitly, but this makes it easier to use the scripts manually. Signed-off-by: Michal Marek <mmarek@suse.cz> 
The Makefiles call the respective interpreter explicitly, but this makes
it easier to use the scripts manually.

Signed-off-by: Michal Marek <mmarek@suse.cz>
Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next 2014-07-19T07:39:19+00:00 James Morris james.l.morris@oracle.com 2014-07-19T07:39:19+00:00 2ccf4661f315615d018686d91d030a94001d0cc6 






selinux, kbuild: remove unnecessary $(hostprogs-y) from clean-files
2014-06-17T21:31:40+00:00

Masahiro Yamada
yamada.m@jp.panasonic.com

2014-06-17T21:31:40+00:00

aa65506f198c482b52ba6592c0023eca8b4bf8bd

Files added to hostprogs-y are cleaned. (See scripts/Makefile.clean)
Adding them to clean-files is redundant.

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>





Files added to hostprogs-y are cleaned. (See scripts/Makefile.clean)
Adding them to clean-files is redundant.

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>







kbuild: trivial - remove trailing empty lines
2014-06-09T22:04:06+00:00

Masahiro Yamada
yamada.m@jp.panasonic.com

2014-05-29T05:12:29+00:00

7eb6e340526adf14ed7cf7dfde8b9c6fc0741cfc

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>





Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>







Create Documentation/security/,
2011-05-19T22:59:38+00:00

Randy Dunlap
randy.dunlap@oracle.com

2011-05-19T22:59:38+00:00

d410fa4ef99112386de5f218dd7df7b4fca910b4

move LSM-, credentials-, and keys-related files from Documentation/
  to Documentation/security/,
add Documentation/security/00-INDEX, and
update all occurrences of Documentation/<moved_file>
  to Documentation/security/<moved_file>.





move LSM-, credentials-, and keys-related files from Documentation/
  to Documentation/security/,
add Documentation/security/00-INDEX, and
update all occurrences of Documentation/<moved_file>
  to Documentation/security/<moved_file>.







SELinux: Auto-generate security_is_socket_class
2011-03-03T20:19:43+00:00

Harry Ciao
qingtao.cao@windriver.com

2011-03-02T05:46:08+00:00

4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad

The security_is_socket_class() is auto-generated by genheaders based
on classmap.h to reduce maintenance effort when a new class is defined
in SELinux kernel. The name for any socket class should be suffixed by
"socket" and doesn't contain more than one substr of "socket".

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>





The security_is_socket_class() is auto-generated by genheaders based
on classmap.h to reduce maintenance effort when a new class is defined
in SELinux kernel. The name for any socket class should be suffixed by
"socket" and doesn't contain more than one substr of "socket".

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>