linux-toradex.git/scripts/selinux, branch v6.14-rc2 Linux kernel for Apalis and Colibri modules Remove stale generated 'genheaders' file 2025-02-01T03:49:17+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-02-01T03:49:17+00:00 04a3389b35357e9bf44533d20a80eb70d188adb8 This bogus stale file was added in commit 101971298be2 ("riscv: add a warning when physical memory address overflows"). It's the old location for what is now 'security/selinux/genheaders'. It looks like it got incorrectly committed back when that file was in the old location, and then rebasing kept the bogus file alive. Reported-by: Eric Biggers <ebiggers@kernel.org> Link: https://lore.kernel.org/linux-riscv/20250201020003.GA77370@sol.localdomain/ Fixes: 101971298be2 ("riscv: add a warning when physical memory address overflows") Cc: Palmer Dabbelt <palmer@rivosinc.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
This bogus stale file was added in commit 101971298be2 ("riscv: add a
warning when physical memory address overflows").  It's the old location
for what is now 'security/selinux/genheaders'.

It looks like it got incorrectly committed back when that file was in
the old location, and then rebasing kept the bogus file alive.

Reported-by: Eric Biggers <ebiggers@kernel.org>
Link: https://lore.kernel.org/linux-riscv/20250201020003.GA77370@sol.localdomain/
Fixes: 101971298be2 ("riscv: add a  warning when physical memory address overflows")
Cc: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
riscv: add a warning when physical memory address overflows 2025-01-30T02:36:09+00:00 Yunhui Cui cuiyunhui@bytedance.com 2024-08-14T06:26:25+00:00 101971298be2aa4706c8602bd81066a0f6f2ced5 The part of physical memory that exceeds the size of the linear mapping will be discarded. When the system starts up normally, a warning message will be printed to prevent confusion caused by the mismatch between the system memory and the actual physical memory. Signed-off-by: Yunhui Cui <cuiyunhui@bytedance.com> Reviewed-by: Alexandre Ghiti <alexghiti@rivosinc.com> Tested-by: Alexandre Ghiti <alexghiti@rivosinc.com> Link: https://lore.kernel.org/r/20240814062625.19794-1-cuiyunhui@bytedance.com Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com> 
The part of physical memory that exceeds the size of the linear mapping
will be discarded. When the system starts up normally, a warning message
will be printed to prevent confusion caused by the mismatch between the
system memory and the actual physical memory.

Signed-off-by: Yunhui Cui <cuiyunhui@bytedance.com>
Reviewed-by: Alexandre Ghiti <alexghiti@rivosinc.com>
Tested-by: Alexandre Ghiti <alexghiti@rivosinc.com>
Link: https://lore.kernel.org/r/20240814062625.19794-1-cuiyunhui@bytedance.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Merge tag 'reiserfs_delete' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2024-11-21T17:50:18+00:00 Linus Torvalds torvalds@linux-foundation.org 2024-11-21T17:50:18+00:00 c01f664e4ca210823b7594b50669bbd9b0a3c3b0 Pull reiserfs removal from Jan Kara: "The deprecation period of reiserfs is ending at the end of this year so it is time to remove it" * tag 'reiserfs_delete' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: reiserfs: The last commit 
Pull reiserfs removal from Jan Kara:
 "The deprecation period of reiserfs is ending at the end of this year
  so it is time to remove it"

* tag 'reiserfs_delete' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  reiserfs: The last commit
reiserfs: The last commit 2024-10-21T14:29:38+00:00 Jan Kara jack@suse.cz 2024-10-17T10:28:23+00:00 fb6f20ecb121cef4d7946f834a6ee867c4e21b4a Deprecation period of reiserfs ends with the end of this year so it is time to remove it from the kernel. Acked-by: Darrick J. Wong <djwong@kernel.org> Acked-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Jan Kara <jack@suse.cz> 
Deprecation period of reiserfs ends with the end of this year so it is
time to remove it from the kernel.

Acked-by: Darrick J. Wong <djwong@kernel.org>
Acked-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Jan Kara <jack@suse.cz>
selinux: move genheaders to security/selinux/ 2024-10-03T20:07:51+00:00 Masahiro Yamada masahiroy@kernel.org 2024-09-06T17:29:14+00:00 3b70b66e03b54428d45c3fe9b8693cffcde45bf6 This tool is only used in security/selinux/Makefile. Move it to security/selinux/ so that 'make clean' can clean it up. Please note 'make clean' does not clean scripts/ because tools under scripts/ are often used for external module builds. Obviously, genheaders is not the case here. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Paul Moore <paul@paul-moore.com> 
This tool is only used in security/selinux/Makefile.

Move it to security/selinux/ so that 'make clean' can clean it up.

Please note 'make clean' does not clean scripts/ because tools under
scripts/ are often used for external module builds. Obviously, genheaders
is not the case here.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
selinux: do not include <linux/*.h> headers from host programs 2024-10-03T19:34:24+00:00 Masahiro Yamada masahiroy@kernel.org 2024-09-06T17:29:13+00:00 541b57e313683b3d4c365fe3109fb34828b165cd The header, security/selinux/include/classmap.h, is included not only from kernel space but also from host programs. It includes <linux/capability.h> and <linux/socket.h>, which pull in more <linux/*.h> headers. This makes the host programs less portable, specifically causing build errors on macOS. Those headers are included for the following purposes: - <linux/capability.h> for checking CAP_LAST_CAP - <linux/socket.h> for checking PF_MAX These checks can be guarded by __KERNEL__ so they are skipped when building host programs. Testing them when building the kernel should be sufficient. The header, security/selinux/include/initial_sid_to_string.h, includes <linux/stddef.h> for the NULL definition, but this is not portable either. Instead, <stddef.h> should be included for host programs. Reported-by: Daniel Gomez <da.gomez@samsung.com> Closes: https://lore.kernel.org/lkml/20240807-macos-build-support-v1-6-4cd1ded85694@samsung.com/ Closes: https://lore.kernel.org/lkml/20240807-macos-build-support-v1-7-4cd1ded85694@samsung.com/ Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Paul Moore <paul@paul-moore.com> 
The header, security/selinux/include/classmap.h, is included not only
from kernel space but also from host programs.

It includes <linux/capability.h> and <linux/socket.h>, which pull in
more <linux/*.h> headers. This makes the host programs less portable,
specifically causing build errors on macOS.

Those headers are included for the following purposes:

 - <linux/capability.h> for checking CAP_LAST_CAP
 - <linux/socket.h> for checking PF_MAX

These checks can be guarded by __KERNEL__ so they are skipped when
building host programs. Testing them when building the kernel should
be sufficient.

The header, security/selinux/include/initial_sid_to_string.h, includes
<linux/stddef.h> for the NULL definition, but this is not portable
either. Instead, <stddef.h> should be included for host programs.

Reported-by: Daniel Gomez <da.gomez@samsung.com>
Closes: https://lore.kernel.org/lkml/20240807-macos-build-support-v1-6-4cd1ded85694@samsung.com/
Closes: https://lore.kernel.org/lkml/20240807-macos-build-support-v1-7-4cd1ded85694@samsung.com/
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
selinux: remove runtime disable message in the install_policy.sh script 2022-09-20T18:12:25+00:00 Paul Moore paul@paul-moore.com 2022-09-20T18:11:11+00:00 2fe2fb4ce60be9005d7bfdd5665be03b8efb5b13 We are in the process of deprecating the runtime disable mechanism, let's not reference it in the scripts. Signed-off-by: Paul Moore <paul@paul-moore.com> 
We are in the process of deprecating the runtime disable mechanism,
let's not reference it in the scripts.

Signed-off-by: Paul Moore <paul@paul-moore.com>
selinux: use "grep -E" instead of "egrep" 2022-09-20T18:08:04+00:00 Greg Kroah-Hartman gregkh@linuxfoundation.org 2022-09-20T17:12:52+00:00 c969bb8dbaf2f3628927eae73e7c579a74cf1b6e The latest version of grep claims that egrep is now obsolete so the build now contains warnings that look like: egrep: warning: egrep is obsolescent; using grep -E fix this by using "grep -E" instead. Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <stephen.smalley.work@gmail.com> Cc: Eric Paris <eparis@parisplace.org> Cc: selinux@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [PM: tweak to remove vdso reference, cleanup subj line] Signed-off-by: Paul Moore <paul@paul-moore.com> 
The latest version of grep claims that egrep is now obsolete so the build
now contains warnings that look like:
	egrep: warning: egrep is obsolescent; using grep -E
fix this by using "grep -E" instead.

Cc: Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: Eric Paris <eparis@parisplace.org>
Cc: selinux@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[PM: tweak to remove vdso reference, cleanup subj line]
Signed-off-by: Paul Moore <paul@paul-moore.com>
selinux: declare data arrays const 2022-05-03T19:53:49+00:00 Christian Göttsche cgzones@googlemail.com 2022-05-02T14:43:38+00:00 ded34574d4d351ab0ca095a45496b393cef611c2 The arrays for the policy capability names, the initial sid identifiers and the class and permission names are not changed at runtime. Declare them const to avoid accidental modification. Do not override the classmap and the initial sid list in the build time script genheaders. Check flose(3) is successful in genheaders.c, otherwise the written data might be corrupted or incomplete. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> [PM: manual merge due to fuzz, minor style tweaks] Signed-off-by: Paul Moore <paul@paul-moore.com> 
The arrays for the policy capability names, the initial sid identifiers
and the class and permission names are not changed at runtime.  Declare
them const to avoid accidental modification.

Do not override the classmap and the initial sid list in the build time
script genheaders.

Check flose(3) is successful in genheaders.c, otherwise the written data
might be corrupted or incomplete.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
[PM: manual merge due to fuzz, minor style tweaks]
Signed-off-by: Paul Moore <paul@paul-moore.com>
scripts/selinux,selinux: update mdp to enable policy capabilities 2020-08-18T00:42:00+00:00 Stephen Smalley stephen.smalley.work@gmail.com 2020-08-06T18:34:18+00:00 339949be25863ac15e24659c2ab4b01185e1234a Presently mdp does not enable any SELinux policy capabilities in the dummy policy it generates. Thus, policies derived from it will by default lack various features commonly used in modern policies such as open permission, extended socket classes, network peer controls, etc. Split the policy capability definitions out into their own headers so that we can include them into mdp without pulling in other kernel headers and extend mdp generate policycap statements for the policy capabilities known to the kernel. Policy authors may wish to selectively remove some of these from the generated policy. Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 
Presently mdp does not enable any SELinux policy capabilities
in the dummy policy it generates. Thus, policies derived from
it will by default lack various features commonly used in modern
policies such as open permission, extended socket classes, network
peer controls, etc.  Split the policy capability definitions out into
their own headers so that we can include them into mdp without pulling in
other kernel headers and extend mdp generate policycap statements for the
policy capabilities known to the kernel.  Policy authors may wish to
selectively remove some of these from the generated policy.

Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>