An error occurred fetching the project authors.
  1. 29 Apr, 2008 1 commit
  2. 27 Apr, 2008 1 commit
    • Eric Paris's avatar
      SELinux: selinux/include/security.h whitespace, syntax, and other cleanups · b19d8eae
      Eric Paris authored
      This patch changes selinux/include/security.h to fix whitespace and syntax issues.  Things that
      are fixed may include (does not not have to include)
      
      whitespace at end of lines
      spaces followed by tabs
      spaces used instead of tabs
      spacing around parenthesis
      location of { around structs and else clauses
      location of * in pointer declarations
      removal of initialization of static data to keep it in the right section
      useless {} in if statemetns
      useless checking for NULL before kfree
      fixing of the indentation depth of switch statements
      no assignments in if statements
      and any number of other things I forgot to mention
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      b19d8eae
  3. 18 Apr, 2008 4 commits
  4. 07 Apr, 2008 1 commit
  5. 05 Mar, 2008 1 commit
    • Eric Paris's avatar
      LSM/SELinux: Interfaces to allow FS to control mount options · e0007529
      Eric Paris authored
      Introduce new LSM interfaces to allow an FS to deal with their own mount
      options.  This includes a new string parsing function exported from the
      LSM that an FS can use to get a security data blob and a new security
      data blob.  This is particularly useful for an FS which uses binary
      mount data, like NFS, which does not pass strings into the vfs to be
      handled by the loaded LSM.  Also fix a BUG() in both SELinux and SMACK
      when dealing with binary mount data.  If the binary mount data is less
      than one page the copy_page() in security_sb_copy_data() can cause an
      illegal page fault and boom.  Remove all NFSisms from the SELinux code
      since they were broken by past NFS changes.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      e0007529
  6. 06 Feb, 2008 1 commit
  7. 29 Jan, 2008 4 commits
  8. 16 Oct, 2007 1 commit
  9. 12 Jul, 2007 2 commits
  10. 26 Apr, 2007 3 commits
  11. 03 Dec, 2006 2 commits
  12. 26 Sep, 2006 2 commits
  13. 22 Sep, 2006 1 commit
  14. 03 May, 2006 1 commit
  15. 05 Sep, 2005 1 commit
    • Stephen Smalley's avatar
      [PATCH] selinux: Reduce memory use by avtab · 782ebb99
      Stephen Smalley authored
      This patch improves memory use by SELinux by both reducing the avtab node
      size and reducing the number of avtab nodes.  The memory savings are
      substantial, e.g.  on a 64-bit system after boot, James Morris reported the
      following data for the targeted and strict policies:
      
                  #objs  objsize   kernmem
      Targeted:
        Before:  237888       40     9.1MB
        After:    19968       24     468KB
      
      Strict:
        Before:  571680       40   21.81MB
        After:   221052       24    5.06MB
      
      The improvement in memory use comes at a cost in the speed of security
      server computations of access vectors, but these computations are only
      required on AVC cache misses, and performance measurements by James Morris
      using a number of benchmarks have shown that the change does not cause any
      significant degradation.
      
      Note that a rebuilt policy via an updated policy toolchain
      (libsepol/checkpolicy) is required in order to gain the full benefits of
      this patch, although some memory savings benefits are immediately applied
      even to older policies (in particular, the reduction in avtab node size).
      Sources for the updated toolchain are presently available from the
      sourceforge CVS tree (http://sourceforge.net/cvs/?group_id=21266), and
      tarballs are available from http://www.flux.utah.edu/~sds.
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      782ebb99
  16. 28 Jul, 2005 1 commit
    • James Morris's avatar
      [PATCH] SELinux: default labeling of MLS field · f5c1d5b2
      James Morris authored
      Implement kernel labeling of the MLS (multilevel security) field of
      security contexts for files which have no existing MLS field.  This is to
      enable upgrades of a system from non-MLS to MLS without performing a full
      filesystem relabel including all of the mountpoints, which would be quite
      painful for users.
      
      With this patch, with MLS enabled, if a file has no MLS field, the kernel
      internally adds an MLS field to the in-core inode (but not to the on-disk
      file).  This MLS field added is the default for the superblock, allowing
      per-mountpoint control over the values via fixed policy or mount options.
      
      This patch has been tested by enabling MLS without relabeling its
      filesystem, and seems to be working correctly.
      Signed-off-by: default avatarJames Morris <jmorris@redhat.com>
      Signed-off-by: default avatarStephen Smalley <sds@epoch.ncsc.mil>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      f5c1d5b2
  17. 16 Apr, 2005 1 commit
    • Linus Torvalds's avatar
      Linux-2.6.12-rc2 · 1da177e4
      Linus Torvalds authored
      Initial git repository build. I'm not bothering with the full history,
      even though we have it. We can create a separate "historical" git
      archive of that later if we want to, and in the meantime it's about
      3.2GB when imported into git - space that would just make the early
      git days unnecessarily complicated, when we don't have a lot of good
      infrastructure for it.
      
      Let it rip!
      1da177e4