1. 19 Jan, 2004 40 commits
    • Andrew Morton's avatar
      [PATCH] Add SEND_MSG and RECV_MSG controls · 06fbe36f
      Andrew Morton authored
      From: James Morris <jmorris@redhat.com>
      
      This patch implements two new access controls for SELinux: SEND_MSG and
      RECV_MSG, providing mediation of network packets based on destination port
      (IPv4 only at this stage).
      06fbe36f
    • Andrew Morton's avatar
      [PATCH] selinux: improve skb audit logging · e0e9c58e
      Andrew Morton authored
      From: James Morris <jmorris@redhat.com>
      
      This patch is a rework of the skb audit logging code in SELinux.  Rather
      than relying on skb header pointers, it parses the skb for specific
      protocols (TCP and UDP for IPv4 at this stage).  This is safer for the case
      of locally generated raw packets, which can be malformed.  It also now
      takes fragmented skbs into account.  The new code allows the caller to
      parse the skb so that parsed information can be more readily re-used.
      e0e9c58e
    • Andrew Morton's avatar
      [PATCH] selinux: Makefile cleanup · bef7d803
      Andrew Morton authored
      From: Stephen Smalley <sds@epoch.ncsc.mil>
      
      Use obj-$(CONFIG_FOO) instead of `ifeq'.
      bef7d803
    • Andrew Morton's avatar
      [PATCH] selinux: Add dname to audit output when a path cannot be generated. · 605303cc
      Andrew Morton authored
      From: James Morris <jmorris@redhat.com>
      
      This patch adds dname to audit output when a path cannot be generated.
      This makes analysis of SELinux audit logs easier.
      
      Patch by Stephen Smalley <sds@epoch.ncsc.mil>.
      605303cc
    • Andrew Morton's avatar
      [PATCH] selinux: Add SO_PEERSEC socket option and getpeersec LSM hook. · da6e57a2
      Andrew Morton authored
      From: James Morris <jmorris@redhat.com>
      
      This patch adds a new option for Unix sockets, SO_PEERSEC, and an
      associated LSM hook, getpeersec.  The SELinux handler is also included.
      
      The purpose of this is to allow applications to obtain each others security
      credentials, analagously to the existing SO_PEERCRED option.
      
      Examples of use are Security Enhanced D-BUS and Security Enhanced X.
      
      This patch was previously approved in principle by David, and has been
      updated with feedback from Chris Wright and extended to cover all
      architectures.
      da6e57a2
    • Andrew Morton's avatar
      [PATCH] selinux: socket_has_perm cleanup · fa9b605f
      Andrew Morton authored
      From: James Morris <jmorris@redhat.com>
      
      This is a cleanup for the SELinux code, which converts all
      remaining appropriate socket hooks over to using socket_has_perm().
      fa9b605f
    • Andrew Morton's avatar
      [PATCH] selinux: Add node_bind control · 0129565d
      Andrew Morton authored
      From: James Morris <jmorris@redhat.com>
      
      This patch adds a new SELinux access control, node_bind, which can be used
      to restrict the local IP address to which an application may bind.
      0129565d
    • Andrew Morton's avatar
      [PATCH] selinux: Add node controls · 85941b90
      Andrew Morton authored
      From: James Morris <jmorris@redhat.com>
      
      This patch adds 'node' access controls for SELinux, which allows network
      traffic to be controlled on the basis of remote address.
      
      Like the previous patch, similar functionality was present in earlier
      SELinux implementations; this is a rework within the constraints of the LSM
      hooks present in the mainline kernel.
      85941b90
    • Andrew Morton's avatar
      [PATCH] selinux: add netif controls · db5325b1
      Andrew Morton authored
      From: James Morris <jmorris@redhat.com>
      
      This patch adds netif access controls for SELinux, which allows network
      traffic to be controlled on the basis of associated network interface.
      
      Similar functionality was present in earlier SELinux implementations; this
      is a rework within the constraints of the LSM hooks present in the mainline
      kernel.
      db5325b1
    • Andrew Morton's avatar
      [PATCH] selinux: Add resource limit control · d99684fd
      Andrew Morton authored
      From: James Morris <jmorris@redhat.com>
      
      This patch adds controls to the SELinux module over the setting and
      inheritance of resource limits.  With these controls, the ability to set
      hard limits can be limited to specific processes such as login, and when an
      untrusted process invokes a more trusted program, soft limits can be reset,
      thereby avoiding failures in the trusted program due to malicious setting
      of the soft limit by the untrusted process.  Roland McGrath provided input
      and feedback on the patch, which was implemented by Stephen Smalley
      <sds@epoch.ncsc.mil>.
      d99684fd
    • Andrew Morton's avatar
      [PATCH] trident: use pr_debug instead of home-brewed TRDBG · 13a2158c
      Andrew Morton authored
      From: Muli Ben-Yehuda <mulix@mulix.org>
      
      Yet another sound/oss/trident cleanup patch.  This one replace the TRDBG
      debugging macro with the standard pr_debug.  Patch is from Eugene Teo
      <eugene.teo@eugeneteo.net>, slightly modified by me to apply against
      2.6.0-rc1-mm1 with the other cleanup patches applied.
      13a2158c
    • Andrew Morton's avatar
      [PATCH] trident OSS sound driver fixes · 0d7bcc30
      Andrew Morton authored
      From: Muli Ben-Yehuda <mulix@mulix.org>
      
      - switch lock_set_fmt() and unlock_set_fmt() from macros to inline
        functions.  Macros that call return() are EVIL.
      
      - simplify lock_set_fmt() and implement it via test_and_set_bit() rather
        than a spinlock protecting an int.
      
      - fix a bug wherein we would do an up() on a semaphore that hasn't been
        down()ed if a signal happened after timeout in trident_write().
      
      - fix a bug where we would not release the open_sem on OOM.
      
      - make the arguments for prog_dmabuf clearer (int -> enum), and add two
        wrapper functions around it, one for record and one for playback.  
      
      - fix a bug where we would call VALIDATE_STATE after lock_kernel().  Since
        VALIDATE_STATE does 'return' if validation fails, bad things can happen. 
        Thanks to Dawson Engler <engler@stanford.edu> and the Stanford checker for
        spotting.
      
      - remove the calls to lock_kernel() from trident_release() and
        trident_mmap().  trident_release() appears to be covered by the open_sem,
        and trident_mmap() is covered by state->sem.
      
      - s/TRUE/1/, s/FALSE/0/
      0d7bcc30
    • Andrew Morton's avatar
      [PATCH] reindent trident OSS sound driver · cb2b15d1
      Andrew Morton authored
      From: Muli Ben-Yehuda <mulix@mulix.org>
      
      Reindent the trident OSS sound driver
      cb2b15d1
    • Andrew Morton's avatar
      [PATCH] MODULE_ALIAS for freevxfs · 0f026a8c
      Andrew Morton authored
      From: Christoph Hellwig <hch@lst.de>
      
      Now that modutils don't have built-in aliases anymore this is needed to
      make mount -t vxfs autload the module.
      0f026a8c
    • Andrew Morton's avatar
      [PATCH] parintk_ratelimit fix · 3ca28d64
      Andrew Morton authored
      From: Anton Blanchard <anton@samba.org>
      3ca28d64
    • Andrew Morton's avatar
      [PATCH] generalise net_ratelimit (printk_ratelimit) · 11a61205
      Andrew Morton authored
      From: Anton Blanchard <anton@samba.org>
      
      Generate a global printk rate-limiting function, printk_ratelimit().
      
      Also, use it in the page allocator warning code.  Also add a dump_stack to
      that code.
      
      Later, we need to switch net_ratelimit() over to use printk_ratelimit().
      11a61205
    • Andrew Morton's avatar
      [PATCH] Amiga Buddha/CatWeasel IDE · 2b45d70f
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      Buddha/CatWeasel IDE: Make sure the core IDE driver doesn't try to request the
      MMIO ports a second time, since this will fail.
      2b45d70f
    • Andrew Morton's avatar
      [PATCH] M68k Documentation · 49176262
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      M68k Documentation: framebuffer.txt no longer exists in the m68k directory
      (from Nikita Melnikov)
      49176262
    • Andrew Morton's avatar
      [PATCH] Genrtc warning · 83373b7a
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      Genrtc: Move code to kill warning if CONFIG_PROC_FS is disabled
      83373b7a
    • Andrew Morton's avatar
      [PATCH] Cirrusfb extern inline · 8a6a146f
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      Cirrusfb: Replace `extern inline' by `static inline'
      8a6a146f
    • Andrew Morton's avatar
      [PATCH] M68k extern inline · 916448aa
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      M68k core: Replace (variants of) `extern inline' by `static inline'
      916448aa
    • Andrew Morton's avatar
      [PATCH] M68k thread_info · e8086cbd
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      M68k: Fix (unused) definition of init_thread_info (from Roman Zippel)
      e8086cbd
    • Andrew Morton's avatar
      [PATCH] M68k thread · f8164382
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      M68k: Don't forget to initialize the thread_info member in INIT_THREAD() (from
      Roman Zippel)
      f8164382
    • Andrew Morton's avatar
      [PATCH] M68k has no VGA/MDA · cdf3cc10
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      M68k has no VGA or MDA consoles
      cdf3cc10
    • Andrew Morton's avatar
      [PATCH] Amiga core C99 · f3dbe96e
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      Amiga core: Use C99 struct initializers
      f3dbe96e
    • Andrew Morton's avatar
      [PATCH] M68k asm/system.h · bd72a68e
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      M68k: Add missing #ifdef __KERNEL / #endif (from Christian T. Steigies)
      bd72a68e
    • Andrew Morton's avatar
      [PATCH] Mac II VIA · 1623d448
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      Mac II VIA: Don't include <asm/init.h> directly
      1623d448
    • Andrew Morton's avatar
      [PATCH] Amiga debug fix · 1431c775
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      Amiga: Fix `debug=mem' (record all kernel messages in ChipRAM):
      virt_to_phys() no longer works for Zorro II memory space, we must use
      ZTWO_PADDR()
      1431c775
    • Andrew Morton's avatar
      [PATCH] Zorro sysfs/driver model · 65e5c502
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      Zorro bus: Add support for sysfs and the new driver model
      65e5c502
    • Andrew Morton's avatar
      [PATCH] Amiga Gayle E-Matrix 530 IDE · db5ed140
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      Amiga Gayle IDE: Add support for the IDE interface on the M-Tech E-Matrix 530
      expansion card
      db5ed140
    • Andrew Morton's avatar
      [PATCH] Amiga Gayle IDE cleanup · 94253347
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      Amiga Gayle IDE: Kill old test code for the IDE doubler
      94253347
    • Andrew Morton's avatar
      [PATCH] Mac ADB · d4557334
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      ADB: Disable the ADB clock code when CONFIG_ADB is not selected (from Matthias
      Urlichs).
      d4557334
    • Andrew Morton's avatar
      [PATCH] Macfb setup · 300e83c1
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      Macfb: Update setup routine (from Matthias Urlichs)
      300e83c1
    • Andrew Morton's avatar
      [PATCH] Mac ADB IOP fix · 5dcf5e6b
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      Mac ADB IOP: Fix improperly initialized request struct in the reset code,
      causing a bogus pointer (from Matthias Urlichs)
      5dcf5e6b
    • Andrew Morton's avatar
      [PATCH] Sun-3 ID PROM C99 · 701819b6
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      Sun-3 ID PROM: Use C99 struct initializers
      701819b6
    • Andrew Morton's avatar
      [PATCH] Q40 interrupts C99 · 01b3fcc7
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      Q40 interrupts: Use C99 struct initializers
      01b3fcc7
    • Andrew Morton's avatar
      [PATCH] MVME16x RTC C99 · 50b53813
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      MVME16x RTC: Use C99 struct initializers
      50b53813
    • Andrew Morton's avatar
      [PATCH] M68k math emu C99 · 30f7bbd3
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      M68k math emulator: Use C99 struct initializers
      30f7bbd3
    • Andrew Morton's avatar
      [PATCH] M68k symbol exports · 3e53488a
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      M68k: Export missing symbols (from Matthias Urlichs)
      3e53488a
    • Andrew Morton's avatar
      [PATCH] BVME6000 RTC C99 · 5ddecbec
      Andrew Morton authored
      From: Geert Uytterhoeven <geert@linux-m68k.org>
      
      BVME6000 RTC: Use C99 struct initializers
      5ddecbec