- 12 Apr, 2004 40 commits
-
-
Andrew Morton authored
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch changes an error message printk'd by security_compute_sid to use the audit framework instead. These errors reflect situations where a security transition would normally occur due to policy, but the resulting security context is not valid. The patch also changes the code to always call the audit framework rather than only doing so when permissive as this was causing problems with testing policy, and does some code cleanup.
-
Andrew Morton authored
From: James Morris <jmorris@redhat.com> This patch makes the IPv6 code work with the audit framework, following the merge of both.
-
Andrew Morton authored
From: Rik Faith <faith@redhat.com> This patch provides a low-overhead system-call auditing framework for Linux that is usable by LSM components (e.g., SELinux). This is an update of the patch discussed in this thread: http://marc.theaimsgroup.com/?t=107815888100001&r=1&w=2 In brief, it provides for netlink-based logging of audit records that have been generated in other parts of the kernel (e.g., SELinux) as well as the ability to audit system calls, either independently (using simple filtering) or as a compliment to the audit record that another part of the kernel generated. The main goals were to provide system call auditing with 1) as low overhead as possible, and 2) without duplicating functionality that is already provided by SELinux (and/or other security infrastructures). This framework will work "stand-alone", but is not designed to provide, e.g., CAPP functionality without another security component in place. This updated patch includes changes from feedback I have received, including the ability to compile without CONFIG_NET (and better use of tabs, so use -w if you diff against the older patch). Please see http://people.redhat.com/faith/audit/ for an early example user-space client (auditd-0.4.tar.gz) and instructions on how to try it. My future intentions at the kernel level include improving filtering (e.g., syscall personality/exit codes) and syscall support for more architectures. First, though, I'm going to work on documentation, a (real) audit daemon, and patches for other user-space tools so that people can play with the framework and understand how it can be used with and without SELinux. Update: Light-weight Auditing Framework receive filter fixes From: Rik Faith <faith@redhat.com> Since audit_receive_filter() is only called with audit_netlink_sem held, it cannot race with either audit_del_rule() or audit_add_rule(), so the list_for_each_entry_rcu()s may be replaced by list_for_each_entry()s, and the rcu_read_{un,}lock()s removed. A fix for this is part of the attached patch. Other features of the attached patch are: 1) generalized the ability to test for inequality 2) added syscall exit status reporting and testing 3) added ability to report and test first 4 syscall arguments (this adds a large amount of flexibility for little cost; not implemented or tested on ppc64) 4) added ability to report and test personality User-space demo program enhanced for new fields and inequality testing: http://people.redhat.com/faith/audit/auditd-0.5.tar.gz
-
Andrew Morton authored
This patch removes a harmless duplicate assignment from the IPv6 code.
-
Andrew Morton authored
From: James Morris <jmorris@redhat.com> The patch below adds explicit IPv6 support to SELinux. Brief description of changes: o IPv6 networking is now subject to the same controls as IPv4 (in addition to the generic socket permissions which cover all protocols), namely: bind to local node address; bind to local port; send & receive TCP/UDP and raw IP packets based on local network interface and remote node address. o Packet parsing has been extended to IPv6 packets for logging and control, and simplified for IPv4. o Support for logging of IPv6 addresses has also been added. o The kernel policy database code has been modified to support IPv6, and reworked to provide generic security policy version handling so that older policy versions will still work, making upgrading simpler. Corresponding userspace patches are available at <http://people.redhat.com/jmorris/selinux/ipv6/>, although current userspace tools will continue to function normally (but without explicit IPv6 support). For more details at the security management level, see <http://marc.theaimsgroup.com/?l=selinux&m=108068187630948&w=2> This code has been under testing and review for several weeks.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> reiserfs-writepage-ordered-race needs a minor update to include your latest __block_write_full_page fixes for the direct_read_under bug Daniel was hitting.
-
Andrew Morton authored
fs/reiserfs/journal.c: In function `reiserfs_end_persistent_transaction': fs/reiserfs/journal.c:2616: warning: unused variable `s' Make the functions static inline so that typechecking is enabled if !CONFIG_REISERFS_CHECK.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> block_write_full_page() might see and lock clean metadata buffers, which leads to journal-1777 messages. Change the message to ignore bh locked.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> Some latency improvements for the reiserfs data=ordered code from Takashi.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> reiserfs_unmap_buffer should clean and wait on all buffers. This fixes a leak under fsx workloads.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> Add reiserfs support for laptop mode.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> reiserfs_file_write makes a hole one block too large if it is the first thing in the file.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> Fix reiserfs_writepage so it doesn't race with data=ordered writes. This still has a pending fix to redirty the page when it finds a locked buffer. Waiting for Andrew to finish sorting that out on ext3 first.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> Repacking a tail might leave a journal handle attached to an unmapped buffer. If that buffer gets dirtied again (via mmap for example), the reiserfs data=ordered code might try to write the dirty unmapped buffer to disk. The fix is to make sure we remove the journal handle when we unmap buffers.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> Enable preallocation for reiserfs_file_write when the write size is smaller than the default preallocation size.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> Make sure to hold the BKL while ending a transaction in the error path or reiserfs_prepare_write.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> reiserfs data=ordered support.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> reiserfs logging rework, making things much faster for small transactions. metadata buffers are dirtied when they are safe to write, so normal kernel mechanisms can contribute to log cleaning.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> reiserfs cleanup, get rid of old debugging code.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> reiserfs support for nested transactions. This originally came from Peter Braam for 2.4.x and was ported forward by Jeff Mahoney.
-
Andrew Morton authored
ext3 transaction batching has been ineffective since the scheduler changes forced us to replace the yield() with a schedule(). Using schedule_timeout(1) fixes it up again. Benchmarking is positive with wither a 1 or 10 millisecond delay in there, so there appears to be no need to play around with HZ.
-
Andrew Morton authored
From: Kurt Garloff <garloff@suse.de> A patch to parse the elf binaries for a PT_GNU_STACK section to set the stack non-executable if possible. Most parts have been shamelessly stolen from Ingo Molnar's more ambitious stackshield http://people.redhat.com/mingo/exec-shield/exec-shield-2.6.4-C9 The toolchain has meanwhile support for marking the binaries with a PT_GNU_STACK section wwithout x bit as needed. If no such section is found, we leave the stack to whatever the arch defaults to. If there is one, we explicitly disabled the VM_EXEC bit if no x bit is found, otherwise explicitly enable.
-
Andrew Morton authored
- s/__inline__/inline/ - Remove lots of extraneous andi-was-here trailing whitespace
-
Andrew Morton authored
From: "Paul E. McKenney" <paulmck@us.ibm.com> The attached patch improves the documentation of the _rcu list primitives.
-
Andrew Morton authored
From: "Luiz Fernando N. Capitulino" <lcapitulino@prefeitura.sp.gov.br> IBM LAN Adapter/A driver depends on mca-legacy.
-
Andrew Morton authored
From: "Luiz Fernando N. Capitulino" <lcapitulino@prefeitura.sp.gov.br> drivers/net/wan/cycx_drv.c: In function `load_cyc2x': drivers/net/wan/cycx_drv.c:430: warning: unsigned int format, long unsigned int arg (arg 3)
-
Andrew Morton authored
From: Pavel Machek <pavel@ucw.cz> This function will break with -mregparm, so mark it asmlinkage.
-
Andrew Morton authored
From: "Luiz Fernando N. Capitulino" <lcapitulino@prefeitura.sp.gov.br> drivers/media/dvb/frontends/tda1004x.c:191: warning: `errno' defined but not used
-
Andrew Morton authored
From: "Luiz Fernando N. Capitulino" <lcapitulino@prefeitura.sp.gov.br> sound/isa/wavefront/wavefront_synth.c:1923: warning: `errno' defined but not used
-
Andrew Morton authored
With CONFIG_LBD=n: fs/open.c: In function `vfs_statfs_native': fs/open.c:67: warning: comparison is always true due to limited range of data type fs/open.c:70: warning: comparison is always true due to limited range of data type
-
Andrew Morton authored
From: Olaf Kirch <okir@suse.de> The attached patch fixes a problem with the 32bit statfs call on NFS file systems. Some NFS servers return a value of -1 for the f_files and f_ffree. The current code would think this is a 64bit value that cannot be converted to 32bits. Consequently, the system call would always fail. The patch adds two special if() to detect a value of -1 for f_files and f_ffree.
-
Andrew Morton authored
From: Trond Myklebust <trond.myklebust@fys.uio.no> Fixes the Oops reported by Paul Blazejowski. Bug turned out to be in the page overflow checking for READDIRPLUS.
-
Andrew Morton authored
From: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
-
Andrew Morton authored
From: Gerd Knorr <kraxel@bytesex.org> This is a update for the cx88 driver. There are *lots* of changes: * vbi support was added. * plenty of fixes for audio support (there are still problems through). * new cards added. * serveral minor tweaks.
-
Andrew Morton authored
From: Gerd Knorr <kraxel@bytesex.org> This patch updates the documentation for the v4l drivers.
-
Andrew Morton authored
From: Gerd Knorr <kraxel@bytesex.org> This patch updates the bttv driver. Changes: (1) several card-specific tweaks. (2) make software vs. hardware i2c configurable per TV card. (3) reinitialize image parameters after chip reset. (4) make bttv quite by default on frame drops. (5) new insmod option: "debug_latency=1" to enable frame drop debug messages. bttv is quite sensitive to irq latencies, especially when capturing both video and vbi. There are several reports about problems due to this, I don't see that on my machines through. (5) dumps a stracktrace if the driver thinks the frame drop is is caused by high latencies as experiment, lets see whenever that helps ...
-
Andrew Morton authored
drivers/built-in.o(.text+0x32912b): In function `dsp_buffer_init': drivers/media/video/saa7134/saa7134-oss.c:77: undefined reference to `videobuf_dma_init'
-
Andrew Morton authored
From: Gerd Knorr <kraxel@bytesex.org> This is a update for the saa7134 driver. Changes: * add cropping support. * fix Makefile to build the saa6752hs module. * fix locking bug in oss dsp driver. * infrared remote keytable update. * some card-specific fixes.
-
Andrew Morton authored
From: Gerd Knorr <kraxel@bytesex.org> Trivial patch, $subject says all, just a new keytable.
-
Andrew Morton authored
From: Gerd Knorr <kraxel@bytesex.org> This patch allows to use switch to the second external input of the msp34xx chips. Also has some minor cleanups and more verbose debug info.
-