- 19 Jan, 2004 40 commits
-
-
Andrew Morton authored
From: James Morris <jmorris@redhat.com> This patch implements two new access controls for SELinux: SEND_MSG and RECV_MSG, providing mediation of network packets based on destination port (IPv4 only at this stage).
-
Andrew Morton authored
From: James Morris <jmorris@redhat.com> This patch is a rework of the skb audit logging code in SELinux. Rather than relying on skb header pointers, it parses the skb for specific protocols (TCP and UDP for IPv4 at this stage). This is safer for the case of locally generated raw packets, which can be malformed. It also now takes fragmented skbs into account. The new code allows the caller to parse the skb so that parsed information can be more readily re-used.
-
Andrew Morton authored
From: Stephen Smalley <sds@epoch.ncsc.mil> Use obj-$(CONFIG_FOO) instead of `ifeq'.
-
Andrew Morton authored
From: James Morris <jmorris@redhat.com> This patch adds dname to audit output when a path cannot be generated. This makes analysis of SELinux audit logs easier. Patch by Stephen Smalley <sds@epoch.ncsc.mil>.
-
Andrew Morton authored
From: James Morris <jmorris@redhat.com> This patch adds a new option for Unix sockets, SO_PEERSEC, and an associated LSM hook, getpeersec. The SELinux handler is also included. The purpose of this is to allow applications to obtain each others security credentials, analagously to the existing SO_PEERCRED option. Examples of use are Security Enhanced D-BUS and Security Enhanced X. This patch was previously approved in principle by David, and has been updated with feedback from Chris Wright and extended to cover all architectures.
-
Andrew Morton authored
From: James Morris <jmorris@redhat.com> This is a cleanup for the SELinux code, which converts all remaining appropriate socket hooks over to using socket_has_perm().
-
Andrew Morton authored
From: James Morris <jmorris@redhat.com> This patch adds a new SELinux access control, node_bind, which can be used to restrict the local IP address to which an application may bind.
-
Andrew Morton authored
From: James Morris <jmorris@redhat.com> This patch adds 'node' access controls for SELinux, which allows network traffic to be controlled on the basis of remote address. Like the previous patch, similar functionality was present in earlier SELinux implementations; this is a rework within the constraints of the LSM hooks present in the mainline kernel.
-
Andrew Morton authored
From: James Morris <jmorris@redhat.com> This patch adds netif access controls for SELinux, which allows network traffic to be controlled on the basis of associated network interface. Similar functionality was present in earlier SELinux implementations; this is a rework within the constraints of the LSM hooks present in the mainline kernel.
-
Andrew Morton authored
From: James Morris <jmorris@redhat.com> This patch adds controls to the SELinux module over the setting and inheritance of resource limits. With these controls, the ability to set hard limits can be limited to specific processes such as login, and when an untrusted process invokes a more trusted program, soft limits can be reset, thereby avoiding failures in the trusted program due to malicious setting of the soft limit by the untrusted process. Roland McGrath provided input and feedback on the patch, which was implemented by Stephen Smalley <sds@epoch.ncsc.mil>.
-
Andrew Morton authored
From: Muli Ben-Yehuda <mulix@mulix.org> Yet another sound/oss/trident cleanup patch. This one replace the TRDBG debugging macro with the standard pr_debug. Patch is from Eugene Teo <eugene.teo@eugeneteo.net>, slightly modified by me to apply against 2.6.0-rc1-mm1 with the other cleanup patches applied.
-
Andrew Morton authored
From: Muli Ben-Yehuda <mulix@mulix.org> - switch lock_set_fmt() and unlock_set_fmt() from macros to inline functions. Macros that call return() are EVIL. - simplify lock_set_fmt() and implement it via test_and_set_bit() rather than a spinlock protecting an int. - fix a bug wherein we would do an up() on a semaphore that hasn't been down()ed if a signal happened after timeout in trident_write(). - fix a bug where we would not release the open_sem on OOM. - make the arguments for prog_dmabuf clearer (int -> enum), and add two wrapper functions around it, one for record and one for playback. - fix a bug where we would call VALIDATE_STATE after lock_kernel(). Since VALIDATE_STATE does 'return' if validation fails, bad things can happen. Thanks to Dawson Engler <engler@stanford.edu> and the Stanford checker for spotting. - remove the calls to lock_kernel() from trident_release() and trident_mmap(). trident_release() appears to be covered by the open_sem, and trident_mmap() is covered by state->sem. - s/TRUE/1/, s/FALSE/0/
-
Andrew Morton authored
From: Muli Ben-Yehuda <mulix@mulix.org> Reindent the trident OSS sound driver
-
Andrew Morton authored
From: Christoph Hellwig <hch@lst.de> Now that modutils don't have built-in aliases anymore this is needed to make mount -t vxfs autload the module.
-
Andrew Morton authored
From: Anton Blanchard <anton@samba.org>
-
Andrew Morton authored
From: Anton Blanchard <anton@samba.org> Generate a global printk rate-limiting function, printk_ratelimit(). Also, use it in the page allocator warning code. Also add a dump_stack to that code. Later, we need to switch net_ratelimit() over to use printk_ratelimit().
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> Buddha/CatWeasel IDE: Make sure the core IDE driver doesn't try to request the MMIO ports a second time, since this will fail.
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> M68k Documentation: framebuffer.txt no longer exists in the m68k directory (from Nikita Melnikov)
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> Genrtc: Move code to kill warning if CONFIG_PROC_FS is disabled
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> Cirrusfb: Replace `extern inline' by `static inline'
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> M68k core: Replace (variants of) `extern inline' by `static inline'
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> M68k: Fix (unused) definition of init_thread_info (from Roman Zippel)
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> M68k: Don't forget to initialize the thread_info member in INIT_THREAD() (from Roman Zippel)
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> M68k has no VGA or MDA consoles
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> Amiga core: Use C99 struct initializers
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> M68k: Add missing #ifdef __KERNEL / #endif (from Christian T. Steigies)
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> Mac II VIA: Don't include <asm/init.h> directly
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> Amiga: Fix `debug=mem' (record all kernel messages in ChipRAM): virt_to_phys() no longer works for Zorro II memory space, we must use ZTWO_PADDR()
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> Zorro bus: Add support for sysfs and the new driver model
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> Amiga Gayle IDE: Add support for the IDE interface on the M-Tech E-Matrix 530 expansion card
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> Amiga Gayle IDE: Kill old test code for the IDE doubler
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> ADB: Disable the ADB clock code when CONFIG_ADB is not selected (from Matthias Urlichs).
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> Macfb: Update setup routine (from Matthias Urlichs)
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> Mac ADB IOP: Fix improperly initialized request struct in the reset code, causing a bogus pointer (from Matthias Urlichs)
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> Sun-3 ID PROM: Use C99 struct initializers
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> Q40 interrupts: Use C99 struct initializers
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> MVME16x RTC: Use C99 struct initializers
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> M68k math emulator: Use C99 struct initializers
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> M68k: Export missing symbols (from Matthias Urlichs)
-
Andrew Morton authored
From: Geert Uytterhoeven <geert@linux-m68k.org> BVME6000 RTC: Use C99 struct initializers
-