- 26 Aug, 2008 1 commit
-
-
Serge E. Hallyn authored
In August 2006 I posted a patch generating a minimal SELinux policy. This week, David P. Quigley posted an updated version of that as a patch against the kernel. It also had nice logic for auto-installing the policy. Following is David's original patch intro (preserved especially bc it has stats on the generated policies): se interested in the changes there were only two significant changes. The first is that the iteration through the list of classes used NULL as a sentinel value. The problem with this is that the class_to_string array actually has NULL entries in its table as place holders for the user space object classes. The second change was that it would seem at some point the initial sids table was NULL terminated. This is no longer the case so that iteration has to be done on array length instead of looking for NULL. Some statistics on the policy that it generates: The policy consists of 523 lines which contain no blank lines. Of those 523 lines 453 of them are class, permission, and initial sid definitions. These lines are usually little to no concern to the policy developer since they will not be adding object classes or permissions. Of the remaining 70 lines there is one type, one role, and one user statement. The remaining lines are broken into three portions. The first group are TE allow rules which make up 29 of the remaining lines, the second is assignment of labels to the initial sids which consist of 27 lines, and file system labeling statements which are the remaining 11. In addition to the policy.conf generated there is a single file_contexts file containing two lines which labels the entire system with base_t. This policy generates a policy.23 binary that is 7920 bytes. (then a few versions later...): The new policy is 587 lines (stripped of blank lines) with 476 of those lines being the boilerplate that I mentioned last time. The remaining 111 lines have the 3 lines for type, user, and role, 70 lines for the allow rules (one for each object class including user space object classes), 27 lines to assign types to the initial sids, and 11 lines for file system labeling. The policy binary is 9194 bytes. Changelog: Aug 26: Added Documentation/SELinux.txt Aug 26: Incorporated a set of comments by Stephen Smalley: 1. auto-setup SELINUXTYPE=dummy 2. don't auto-install if selinux is enabled with non-dummy policy 3. don't re-compute policy version 4. /sbin/setfiles not /usr/sbin/setfiles Aug 22: As per JMorris comments, made sure make distclean cleans up the mdp directory. Removed a check for file_contexts which is now created in the same file as the check, making it superfluous. Signed-off-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
-
- 20 Aug, 2008 1 commit
-
-
Randy Dunlap authored
Add security/inode.c functions to the kernel-api docbook. Use '%' on constants in kernel-doc notation. Fix several typos/spellos in security function descriptions. Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: James Morris <jmorris@namei.org>
-
- 14 Aug, 2008 1 commit
-
-
Vesa-Matti Kari authored
Replace "thing != NULL" comparisons with just "thing" to make the code look more uniform (mixed styles were used even in the same source file). Signed-off-by: Vesa-Matti Kari <vmkari@cc.helsinki.fi> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
-
- 06 Aug, 2008 1 commit
-
-
Vesa-Matti Kari authored
expr_isvalid() in conditional.c was off-by-one and allowed invalid expression type COND_LAST. However, it is this header file that needs to be fixed. That way the if-statement's disjunction's second component reads more naturally, "if expr type is greater than the last allowed value" ( rather than using ">=" in conditional.c): if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) Signed-off-by: Vesa-Matti Kari <vmkari@cc.helsinki.fi> Signed-off-by: James Morris <jmorris@namei.org>
-
- 05 Aug, 2008 5 commits
-
-
Casey Schaufler authored
There have been a number of requests to make the Smack LSM enforce MAC even in the face of privilege, either capability based or superuser based. This is not universally desired, however, so it seems desirable to make it optional. Further, at least one legacy OS implemented a scheme whereby only processes running with one particular label could be exempt from MAC. This patch supports these three cases. If /smack/onlycap is empty (unset or null-string) privilege is enforced in the normal way. If /smack/onlycap contains a label only processes running with that label may be MAC exempt. If the label in /smack/onlycap is the star label ("*") the semantics of the star label combine with the privilege restrictions to prevent any violations of MAC, even in the presence of privilege. Again, this will be independent of the privilege scheme. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: James Morris <jmorris@namei.org>
-
David Howells authored
Fix a potentially uninitialised variable in SELinux hooks that's given a pointer to the network address by selinux_parse_skb() passing a pointer back through its argument list. By restructuring selinux_parse_skb(), the compiler can see that the error case need not set it as the caller will return immediately. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
-
Vesa-Matti J Kari authored
Hello, Remove unneeded local variable: struct avtab_node *newnode Signed-off-by: Vesa-Matti Kari <vmkari@cc.helsinki.fi> Signed-off-by: James Morris <jmorris@namei.org>
-
Vesa-Matti J Kari authored
Trivial minor fixes that change C null character style. Signed-off-by: Vesa-Matti Kari <vmkari@cc.helsinki.fi> Signed-off-by: James Morris <jmorris@namei.org>
-
Adrian Bunk authored
This patch makes the needlessly global selinux_write_opts() static. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: James Morris <jmorris@namei.org>
-
- 01 Aug, 2008 31 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6Linus Torvalds authored
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6: [IA64] Move include/asm-ia64 to arch/ia64/include/asm
-
Tim Bird authored
This fixes a bug in operator precedence in the newly introduced vc_translate macro. Without this fix, the translation of some characters on the kernel console is garbled. This patch was copied to the e-mail list previously for testing. Now, all reports confirm that it works, so this is an official post for application. Signed-off-by: Tim Bird <tim.bird@am.sony.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
-
Jack Steiner authored
Delete 2 EXPORTs that were accidentally sent upstream. Signed-off-by: Jack Steiner <steiner@sgi.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Steven Rostedt authored
I asked legal about the licensing of ftrace.txt, and they told me that, unless the Documentation directory is specifically set up to handle non GPL licenses (which it does not appear to be), then it would be best to put ftrace.txt under the GPL. This patch adds a dual license to ftrace.txt such that it is under both the FDL and the GPL. Signed-off-by: Steven Rostedt <srostedt@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
David Howells authored
Wire up for FRV the system calls that were added in the last merge window. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
David Howells authored
Wire up system calls added in the last merge window for the MN10300 arch. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Eugeniy Meshcheryakov authored
Currently function tty_ldisc_get() tries to load an ldisc driver module only when tty_ldisc_try_get() returns -EAGAIN. This happens only if module is being unloaded. If ldisc module is not loaded tty_ldisc_try_get() returns -EINVAL and this case is not handled in tty_ldisc_get(), so request_module() is not called. Attached patch fixes this by calling request_module() if tty_ldisc_try_get() returned any error code. I discovered this when my UMTS modem stopped working with 2.6.27-rc1 because module ppp_async was not loaded. Signed-off-by: Eugeniy Meshcheryakov <eugen@debian.org> Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvmLinus Torvalds authored
* 'kvm-updates-2.6.27' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm: KVM: s390: Fix kvm on IBM System z10 KVM: Advertise synchronized mmu support to userspace KVM: Synchronize guest physical memory map to host virtual memory map KVM: Allow browsing memslots with mmu_lock KVM: Allow reading aliases with mmu_lock
-
git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/misc-2.6Linus Torvalds authored
* 'zero-len' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/misc-2.6: drivers/media, include/media: delete zero-length files
-
Benjamin Herrenschmidt authored
Some platform decide whether they support huge pages at boot time. On these, such as powerpc, HPAGE_SHIFT is a variable, not a constant, and is set to 0 when there is no such support. The patches to introduce multiple huge pages support broke that causing the kernel to crash at boot time on machines such as POWER3 which lack support for multiple page sizes. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Yoshinori Sato authored
ARCH=h8300: init/main.c:781: undefined reference to `___early_initcall_end' Same problem have __start___bug_table __stop___bug_table __tracedata_start __tracedata_end __per_cpu_start __per_cpu_end When defining a symbol in vmlinux.lds, use the VMLINUX_SYMBOL macro. VMLINUX_SYMBOL adds a prefix charactor. You can't just use straight symbol names in common header files as they dont take into consideration weird arch-specific ABI conventions. in the case of Blackfin/h8300, the ABI dictates that any C-visible symbols have an underscore prefixed to them. Thus all symbols in vmlinux.lds.h need to be wrapped in VMLINUX_SYMBOL() so that each arch can put hide this magic in their own files. [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Yoshinori Sato <ysato@users.sourceforge.jp> Cc: Jeremy Fitzhardinge <jeremy@goop.org> Cc: "Mike Frysinger" <vapier.adi@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Bjorn Helgaas authored
Each resource should be printed on its own line, so start snprintf'ing at the beginning of the buffer every time through the loop. Also, use scnprintf() rather than snprintf() when building up the buffer to print. scnprintf() returns the number of characters actually written into the buffer (not including the trailing NULL). snprintf() returns the number of characters that *would be* written, assuming everything would fit in the buffer. That's nice if we want to resize the buffer to make sure everything fits, but in this case, I just want to keep from overflowing the buffer, and it's OK if the output is truncated. Using snprintf() meant that my "len" could grow to be more than the the buffer size, which makes "sizeof(buf) - len" negative, which causes this alarming WARN_ON: http://marc.info/?l=linux-kernel&m=121736480005656&w=2 More useful snprintf/scnprintf discussion: http://lwn.net/Articles/69419/Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com> Reported-by: Pete Clements <clem@clem.clem-digital.net> Cc: Rene Herman <rene.herman@keyaccess.nl> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Niels de Vos authored
Some module parameters with only one line have the '\n' at the end of the description. This is not needed nor wanted as after the description the type (i.e. int) is followed by a newline. Some modules contain a multi-line description, these are not affected by this patch. Signed-off-by: Niels de Vos <niels.devos@wincor-nixdorf.com> Acked-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: John W. Linville <linville@tuxdriver.com> Cc: Ed L. Cashin <ecashin@coraid.com> Cc: Dave Airlie <airlied@linux.ie> Cc: Roland Dreier <rolandd@cisco.com> Acked-by: Mauro Carvalho Chehab <mchehab@infradead.org> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-devLinus Torvalds authored
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev: pata_it821x: Driver updates and reworking libata.h: replace __FUNCTION__ with __func__ ata_piix: subsys 106b:00a3 is apple ich8m too libata-core: make sure that ata_force_tbl is freed in case of an error libata: update atapi disable handling pata_via: add VX800 flag; add function for fixing h/w bugs pata_ali: misplaced pci_dev_put()
-
git://oss.sgi.com:8090/xfs/xfs-pullLinus Torvalds authored
* 'for-linus' of git://oss.sgi.com:8090/xfs/xfs-pull: (64 commits) [XFS] Remove vn_revalidate calls in xfs. [XFS] Now that xfs_setattr is only used for attributes set from ->setattr [XFS] xfs_setattr currently doesn't just handle the attributes set through [XFS] fix use after free with external logs or real-time devices [XFS] A bug was found in xfs_bmap_add_extent_unwritten_real(). In a [XFS] fix compilation without CONFIG_PROC_FS [XFS] s/XFS_PURGE_INODE/IRELE/g s/VN_HOLD(XFS_ITOV())/IHOLD()/ [XFS] fix mount option parsing in remount [XFS] Disable queue flag test in barrier check. [XFS] streamline init/exit path [XFS] Fix up problem when CONFIG_XFS_POSIX_ACL is not set and yet we still [XFS] Don't assert if trying to mount with blocksize > pagesize [XFS] Don't update mtime on rename source [XFS] Allow xfs_bmbt_split() to fallback to the lowspace allocator [XFS] Restore the lowspace extent allocator algorithm [XFS] use minleft when allocating in xfs_bmbt_split() [XFS] attrmulti cleanup [XFS] Check for invalid flags in xfs_attrlist_by_handle. [XFS] Fix CI lookup in leaf-form directories [XFS] Use the generic xattr methods. ...
-
Dean Nelson authored
Add a reverse dependency of CONFIG_SGI_XP upon CONFIG_SGI_GRU to Kconfig. Signed-off-by: Dean Nelson <dcn@sgi.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Dean Nelson authored
Add a dependency of CONFIG_SGI_XP upon CONFIG_NET to Kconfig. Signed-off-by: Dean Nelson <dcn@sgi.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Roland McGrath authored
My commit 2b2a1ff6 introduced a regression (sorry about that) for the odd case of exit_signal=0 (e.g. clone_flags=0). This is not a normal use, but it's used by a case in the glibc test suite. Dying with exit_signal=0 sends no signal, but it's supposed to wake up a parent's blocked wait*() calls (unlike the delayed_group_leader case). This fixes tracehook_notify_death() and its caller to distinguish a "signal 0" wakeup from the delayed_group_leader case (with no wakeup). Signed-off-by: Roland McGrath <roland@redhat.com> Tested-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://neil.brown.name/mdLinus Torvalds authored
* 'for-linus' of git://neil.brown.name/md: md: raid10: wake up frozen array md: do not count blocked devices as spares md: do not progress the resync process if the stripe was blocked md: delay notification of 'active_idle' to the recovery thread md: fix merge error md: move async_tx_issue_pending_all outside spin_lock_irq
-
git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2Linus Torvalds authored
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2: [PATCH] ocfs2: Release mutex in error handling code [PATCH] ocfs2: Fix oops when racing files truncates with writes into an mmap region [PATCH 2/2] ocfs2: Fix race between mount and recovery [PATCH 1/2] ocfs2: Add counter in struct ocfs2_dinode to track journal replays [PATCH] configfs: Convenience macros for attribute definition. [PATCH] configfs: Pin configfs subsystems separately from new config_items. [PATCH] configfs: Fix open directory making rmdir() fail [PATCH] configfs: Lock new directory inodes before removing on cleanup after failure [PATCH] configfs: Prevent userspace from creating new entries under attaching directories [PATCH] configfs: Fix failing symlink() making rmdir() fail [PATCH] configfs: Fix symlink() to a removing item [PATCH] configfs: Include linux/err.h in linux/configfs.h
-
Linus Torvalds authored
Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: locking: fix mutex @key parameter kernel-doc notation
-
git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixesLinus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixes: kbuild: scripts/ver_linux: don't set PATH Kconfig/init: change help text to match default value kbuild: genksyms: Include extern information in dumps kbuild: genksyms parser: fix the __attribute__ rule kbuild: scripts/genksyms/lex.l: add %option noinput kconfig: scripts/kconfig/zconf.l: add %option noinput kbuild: fix O=... build of um
-
git://git.kernel.dk/linux-2.6-blockLinus Torvalds authored
* 'for-linus' of git://git.kernel.dk/linux-2.6-block: md: the bitmap code needs to use blk_plug_device_unlocked() block: add a blk_plug_device_unlocked() that grabs the queue lock
-
git://git.kernel.org/pub/scm/linux/kernel/git/jwessel/linux-2.6-kgdbLinus Torvalds authored
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jwessel/linux-2.6-kgdb: kgdb: fix gdb serial thread queries kgdb: fix kgdb_validate_break_address to perform a mem write kgdb: remove the requirement for CONFIG_FRAME_POINTER
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: ALSA: ASoC: Export dapm_reg_event() fully ALSA: ASoC: Update Poodle to current ASoC API ALSA: asoc: restrict sample rate and size in Freescale MPC8610 sound drivers ALSA: sound/soc/pxa/tosa.c: removed duplicated include
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (46 commits) tcp: MD5: Fix IPv6 signatures skbuff: add missing kernel-doc for do_not_encrypt net/ipv4/route.c: fix build error tcp: MD5: Fix MD5 signatures on certain ACK packets ipv6: Fix ip6_xmit to send fragments if ipfragok is true ipvs: Move userspace definitions to include/linux/ip_vs.h netdev: Fix lockdep warnings in multiqueue configurations. netfilter: xt_hashlimit: fix race between htable_destroy and htable_gc netfilter: ipt_recent: fix race between recent_mt_destroy and proc manipulations netfilter: nf_conntrack_tcp: decrease timeouts while data in unacknowledged irda: replace __FUNCTION__ with __func__ nsc-ircc: default to dongle type 9 on IBM hardware bluetooth: add quirks for a few hci_usb devices hysdn: remove the packed attribute from PofTimStamp_tag isdn: use the common ascii hex helpers tg3: adapt tg3 to use reworked PCI PM code atm: fix direct casts of pointers to u32 in the InterPhase driver atm: fix const assignment/discard warnings in the ATM networking driver net: use the common ascii hex helpers random32: seeding improvement ...
-
git://lm-sensors.org/kernel/mhoffman/hwmon-2.6Linus Torvalds authored
* 'release' of git://lm-sensors.org/kernel/mhoffman/hwmon-2.6: hwmon: needs new maintainer hwmon: (lm85) Simplify device initialization function hwmon: (lm85) Misc cleanups hwmon: (lm85) Don't write back cached values hwmon: (lm85) Drop dead code hwmon: (lm85) Coding-style cleanups hwmon: (lm75) add new-style driver binding hwmon: (lm75) cleanup/reorg hwmon: (adt7473) clarify an awkward bit of code hwmon: (adt7473) Remove unused defines hwmon: (dme1737) fix voltage scaling hwmon: (dme1737) probe all addresses hwmon: (dme1737) demacrofy for readability
-
Jens Axboe authored
It doesn't hold the queue lock, so it's both racey on the queue flags and thus spews a warning. Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
-
Jens Axboe authored
blk_plug_device() must be called with the queue lock held, so callers often just grab and release the lock for that purpose. Add a helper that does just that. Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
-
git://git.infradead.org/mtd-2.6Linus Torvalds authored
* git://git.infradead.org/mtd-2.6: [MTD] [NAND] drivers/mtd/nand/nandsim.c: fix printk warnings [MTD] [NAND] Blackfin NFC Driver: Cleanup the error exit path of bf5xx_nand_probe function [MTD] [NAND] Blackfin NFC Driver: use standard dev_err() rather than printk() [MTD] [NAND] Blackfin NFC Driver: enable Blackfin nand HWECC support by default [MTD] [NAND] Blackfin NFC Driver: add proper devinit/devexit markings to probe/remove functions [MTD] [NAND] Blackfin NFC Driver: add support for the ECC layout the Blackfin bootrom uses [MTD] [NAND] Blackfin NFC Driver: fix bug - hw ecc calc by making sure we extract 11 bits from each register instead of 10 [MTD] [NAND] Blackfin NFC Driver: fix bug - do not clobber the status from the first 256 bytes if operating on 512 pages [MTD] [NAND] diskonchip.c fix sparse endian warnings [MTD] [NAND] drivers/mtd/nand/nandsim.c needs div64.h [JFFS2] Fix allocation of summary buffer Fix rename of at91_nand -> atmel_nand [MTD] [NOR] drivers/mtd/chips/jedec_probe.c: fix Am29DL800BB device ID [MTD] MTD_DEBUG always does compile-time typechecks [MTD] DataFlash: bugfix, binary page sizes now handled [MTD] [NAND] fsl_elbc_nand.c: fix printk warning [MTD] [NAND] nandsim: support random page read command [MTD] [NAND] fix subpage read for small page NAND
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: [PATCH] pass struct path * to do_add_mount() [PATCH] switch mtd and dm-table to lookup_bdev() [patch 3/4] vfs: remove unused nameidata argument of may_create() [PATCH] devpts: switch to IDA [PATCH 2/2] proc: switch inode number allocation to IDA [PATCH 1/2] proc: fix inode number bogorithmetic [PATCH] fix bdev leak in block_dev.c do_open() [PATCH] fix races and leaks in vfs_quota_on() users [PATCH] clean dup2() up a bit [PATCH] merge locate_fd() and get_unused_fd() [PATCH] ipv4_static_sysctl_init() should be under CONFIG_SYSCTL Re: BUG at security/selinux/avc.c:883 (was: Re: linux-next: Tree
-