linux-toradex.git/security/smack, branch v3.0.79 Linux kernel for Apalis and Colibri modules Merge branch 'master' of git://git.infradead.org/users/eparis/selinux into for-linus 2011-05-24T13:20:19+00:00 James Morris jmorris@namei.org 2011-05-24T13:20:19+00:00 b7b57551bbda1390959207f79f2038aa7adb72ae Conflicts: lib/flex_array.c security/selinux/avc.c security/selinux/hooks.c security/selinux/ss/policydb.c security/smack/smack_lsm.c Manually resolve conflicts. Signed-off-by: James Morris <jmorris@namei.org> 
Conflicts:
	lib/flex_array.c
	security/selinux/avc.c
	security/selinux/hooks.c
	security/selinux/ss/policydb.c
	security/smack/smack_lsm.c

Manually resolve conflicts.

Signed-off-by: James Morris <jmorris@namei.org>
SMACK: smack_file_lock can use the struct path 2011-04-25T22:14:45+00:00 Eric Paris eparis@redhat.com 2011-04-25T17:15:55+00:00 92f4250901476fcadc4f52ace36e453c61f5591d smack_file_lock has a struct path, so use that instead of only the dentry. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> 
smack_file_lock has a struct path, so use that instead of only the
dentry.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
LSM: separate LSM_AUDIT_DATA_DENTRY from LSM_AUDIT_DATA_PATH 2011-04-25T22:14:07+00:00 Eric Paris eparis@redhat.com 2011-04-25T17:10:27+00:00 a269434d2fb48a4d66c1d7bf821b7874b59c5b41 This patch separates and audit message that only contains a dentry from one that contains a full path. This allows us to make it harder to misuse the interfaces or for the interfaces to be implemented wrong. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> 
This patch separates and audit message that only contains a dentry from
one that contains a full path.  This allows us to make it harder to
misuse the interfaces or for the interfaces to be implemented wrong.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
LSM: split LSM_AUDIT_DATA_FS into _PATH and _INODE 2011-04-25T22:13:15+00:00 Eric Paris eparis@redhat.com 2011-04-25T16:54:27+00:00 f48b7399840b453e7282b523f535561fe9638a2d The lsm common audit code has wacky contortions making sure which pieces of information are set based on if it was given a path, dentry, or inode. Split this into path and inode to get rid of some of the code complexity. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> 
The lsm common audit code has wacky contortions making sure which pieces
of information are set based on if it was given a path, dentry, or
inode.  Split this into path and inode to get rid of some of the code
complexity.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
SECURITY: Move exec_permission RCU checks into security modules 2011-04-25T14:20:32+00:00 Andi Kleen ak@linux.intel.com 2011-04-22T00:23:19+00:00 1c9904297451f558191e211a48d8838b4bf792b0 Right now all RCU walks fall back to reference walk when CONFIG_SECURITY is enabled, even though just the standard capability module is active. This is because security_inode_exec_permission unconditionally fails RCU walks. Move this decision to the low level security module. This requires passing the RCU flags down the security hook. This way at least the capability module and a few easy cases in selinux/smack work with RCU walks with CONFIG_SECURITY=y Signed-off-by: Andi Kleen <ak@linux.intel.com> Signed-off-by: Eric Paris <eparis@redhat.com> 
Right now all RCU walks fall back to reference walk when CONFIG_SECURITY
is enabled, even though just the standard capability module is active.
This is because security_inode_exec_permission unconditionally fails
RCU walks.

Move this decision to the low level security module. This requires
passing the RCU flags down the security hook. This way at least
the capability module and a few easy cases in selinux/smack work
with RCU walks with CONFIG_SECURITY=y

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
SECURITY: Move exec_permission RCU checks into security modules 2011-04-22T23:17:29+00:00 Andi Kleen ak@linux.intel.com 2011-04-22T00:23:19+00:00 8c9e80ed276fc4b9c9fadf29d8bf6b3576112f1a Right now all RCU walks fall back to reference walk when CONFIG_SECURITY is enabled, even though just the standard capability module is active. This is because security_inode_exec_permission unconditionally fails RCU walks. Move this decision to the low level security module. This requires passing the RCU flags down the security hook. This way at least the capability module and a few easy cases in selinux/smack work with RCU walks with CONFIG_SECURITY=y Signed-off-by: Andi Kleen <ak@linux.intel.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Right now all RCU walks fall back to reference walk when CONFIG_SECURITY
is enabled, even though just the standard capability module is active.
This is because security_inode_exec_permission unconditionally fails
RCU walks.

Move this decision to the low level security module. This requires
passing the RCU flags down the security hook. This way at least
the capability module and a few easy cases in selinux/smack work
with RCU walks with CONFIG_SECURITY=y

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix common misspellings 2011-03-31T14:26:23+00:00 Lucas De Marchi lucas.demarchi@profusion.mobi 2011-03-31T01:57:33+00:00 25985edcedea6396277003854657b5f3cb31a628 Fixes generated by 'codespell' and manually reviewed. Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi> 
Fixes generated by 'codespell' and manually reviewed.

Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>
Merge branch 'master' of git://git.infradead.org/users/eparis/selinux into next 2011-03-08T00:38:10+00:00 James Morris jmorris@namei.org 2011-03-08T00:38:10+00:00 fe3fa43039d47ee4e22caf460b79b62a14937f79 






Smack: correct final mmap check comparison
2011-02-10T03:58:42+00:00

Casey Schaufler
casey@schaufler-ca.com

2011-02-10T03:58:42+00:00

75a25637bf8a1b8fbed2368c0a3ec15c66a534f1

The mmap policy enforcement checks the access of the
SMACK64MMAP subject against the current subject incorrectly.
The check as written works correctly only if the access
rules involved have the same access. This is the common
case, so initial testing did not find a problem.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>





The mmap policy enforcement checks the access of the
SMACK64MMAP subject against the current subject incorrectly.
The check as written works correctly only if the access
rules involved have the same access. This is the common
case, so initial testing did not find a problem.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>







security:smack: kill unused SMACK_LIST_MAX, MAY_ANY and MAY_ANYWRITE
2011-02-10T03:58:11+00:00

Shan Wei
shanwei@cn.fujitsu.com

2011-02-10T03:58:11+00:00

db904aa8147440b750a35d58befed38155a1abb9

Kill unused macros of SMACK_LIST_MAX, MAY_ANY and MAY_ANYWRITE.
v2: As Casey Schaufler's advice, also remove MAY_ANY.

Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>





Kill unused macros of SMACK_LIST_MAX, MAY_ANY and MAY_ANYWRITE.
v2: As Casey Schaufler's advice, also remove MAY_ANY.

Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>