On 02/06/2013 07:56 AM, Tommi Rantala wrote:
Hello,
I'm hitting an oops in selinux_msg_queue_msgrcv() when fuzzing with
Trinity as the root user (in a qemu VM):
NULL msg->security at that point is a bug in the ipc subsystem; SELinux
is just the messenger. Normally msg->security is set for ev
On 02/06/2013 10:21 AM, Tommi Rantala wrote:
2013/2/6 Stephen Smalley :
On 02/06/2013 07:56 AM, Tommi Rantala wrote:
Hello,
I'm hitting an oops in selinux_msg_queue_msgrcv() when fuzzing with
Trinity as the root user (in a qemu VM):
NULL msg->security at that point is a bug in
On 03/15/2013 06:54 AM, Thomas COUDRAY wrote:
Hi,
I encounter trouble that I can't explain when labelling my files.
Here are steps to reproduce (on both 3.2.37 and 3.7.3, with selinux, on
an ext4 fs):
0 - have a regular file "f", with a "before_t" security.selinux attribute
1 - reboot with selinu
On 03/15/2013 11:24 AM, Thomas COUDRAY wrote:
2013/3/15 Stephen Smalley :
f is truly a regular file and not a symlink pointing to a regular file?
f is a truly regular file.
before_t and after_t are both defined in the policy?
Only before_t was defined in the policy.
If not defined in
#x27;s file_has_perm() is doing spin_lock() on an
> uninitialised (or already locked) spinlock.
The trace looks bogus to me - I don't see how file_has_perm() could have
been called there, and file_has_perm() doesn't directly take any spin
locks.
--
Stephen Smalley
National Security Agency
--
outlive the task it points
> back to.
>
> It seems that the backpointer can be dispensed with. Nothing particularly
> seems to use it. Do you know the reason for its existence?
Looks unused now.
Similarly for some of the other security structs.
Only inode, superblock, and sock bac
On 07/05/2013 01:10 PM, Waiman Long wrote:
On 06/11/2013 07:49 AM, Stephen Smalley wrote:
On 06/10/2013 01:55 PM, Waiman Long wrote:
v4->v5:
- Fix scripts/checkpatch.pl warning.
v3->v4:
- Merge the 2 separate while loops in ebitmap_contains() into
a single one.
v2->v3:
to 64
bytes for 64-bit system to keep the overhead ratio at 1/4. This may
also improve performance a little bit by making node to node traversal
less frequent (< 2) as more bits are available in each node.
Signed-off-by: Waiman Long
Acked-by: Stephen Smalley
---
security/selinux
On 09/16/2013 01:30 PM, Dave Jones wrote:
> On a slow machine (with debugging enabled), during a yum update I get
> the soft lockup detector kicking in when it gets to reloading the selinux
> policy.
> It looks like this..
>
>
> BUG: soft lockup - CPU#2 stuck for 23s! [load_policy:19045]
> irq e
t; > [] ? rcu_irq_exit+0x68/0xb0
> > [] ? retint_restore_args+0xe/0xe
> > [] sel_write_load+0xa7/0x770
> > [] ? vfs_write+0x1c3/0x200
> > [] ? security_file_permission+0x1e/0xa0
> > [] vfs_write+0xbb/0x200
> > [] ? fget_light+0x397/0x4b0
On 09/30/2013 01:24 PM, Dave Jones wrote:
> On Mon, Sep 16, 2013 at 02:40:30PM -0400, Dave Jones wrote:
> > On a slow machine (with debugging enabled), upgrading selinux policy may
> take
> > a considerable amount of time. Long enough that the softlockup detector
> > gets triggered.
> >
> >
On 01/02/2013 11:37 AM, Casey Schaufler wrote:
On 1/2/2013 7:35 AM, Dave Jones wrote:
Along the same lines as 779302e67835fe9a6b74327e54969ba59cb3478a, xattrs
can cause big allocations, which are likely to fail under memory pressure..
Adding LSM and SELinux lists.
[20539.081122] trinity-chil
On 05/03/2013 10:07 AM, Waiman Long wrote:
On 04/10/2013 02:26 PM, Waiman Long wrote:
While running the high_systime workload of the AIM7 benchmark on
a 2-socket 12-core Westmere x86-64 machine running 3.8.2 kernel,
it was found that a pretty sizable amount of time was spent in the
SELinux code.
On 06/05/2013 05:15 PM, Waiman Long wrote:
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index 30f119b..100b3e6 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -213,7 +213,12 @@ netlbl_import_failure:
}
#endif /* CONFIG_NETLABEL *
igh_systime | +0.1% | +0.9% | +2.6% |
+--+---++-+
Signed-off-by: Waiman Long
Acked-by: Stephen Smalley
---
security/selinux/ss/ebitmap.c | 20 ++--
security/selinux/ss/ebitmap.h |2
roc/root.c
> +++ b/fs/proc/root.c
> @@ -129,6 +129,7 @@ void __init proc_root_init(void)
> proc_root_fs = proc_mkdir("fs", NULL);
> proc_root_driver = proc_mkdir("driver", NULL);
> proc_mkdir("fs/nfsd", NULL); /* somewhere for the nfsd
093,6 +1120,11 @@ static int smack_task_movememory(struct
> static int smack_task_kill(struct task_struct *p, struct siginfo *info,
> int sig, u32 secid)
> {
> + int rc;
> +
> + rc = cap_task_kill(p, info, sig, secid);
> + if (rc != 0
APABILITIES is not set
> # CONFIG_SECURITY_ROOTPLUG is not set
> -# CONFIG_SECURITY_SMACK is not set
> +CONFIG_SECURITY_SMACK=y
> CONFIG_XOR_BLOCKS=m
> CONFIG_ASYNC_CORE=m
> CONFIG_ASYNC_MEMCPY=m
> @@ -2396,7 +2410,9 @@ CONFIG_CRYPTO_AUTHENC=y
> # CONFIG_CRYPTO_HW is not set
>
2008-02-15
> 16:59:09.0 +0300
> +++ 25/drivers/usb/core/inode.c 2008-02-25 19:21:09.0 +0300
> @@ -728,7 +728,8 @@ static void usbfs_remove_device(struct u
> sinfo.si_errno = EPIPE;
> sinfo.si_code = SI_ASYNC
r
security=capability.
Having to specify selinux=0 smack=0 foo=0 just to get bar wouldn't be
pretty. Not that anyone would want to do that, of course...
--
Stephen Smalley
National Security Agency
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel"
On 01/07/2013 08:54 PM, Casey Schaufler wrote:
Subject: [PATCH v12 0/9] LSM: Multiple concurrent LSMs
Change the infrastructure for Linux Security Modules (LSM)s
from a single vector of hook handlers to a list based method
for handling multiple concurrent modules.
A level of indirection has bee
On Sat, 23 Dec 2000, Kurt Garloff wrote:
> I wonder how their approach compares to the RSBAC stuff, though.
> The RSBAC (by Amon Ott) has all the infrastructure available to have
> policy based access control; whenever an access decision has to be
> taken, a call via some interface is made to a
This patch removes the sclass argument from ipc_has_perm in the
SELinux module, as it can be obtained from the ipc security structure.
The use of a separate argument was a legacy of the older precondition
function handling in SELinux and is obsolete. Please apply.
Signed-off-by: Stephen Smalley
bogus task
information for checks performed from irq or softirq. Please apply.
Signed-off-by: Stephen Smalley <[EMAIL PROTECTED]>
Signed-off-by: James Morris <[EMAIL PROTECTED]>
--
kernel/auditsc.c | 28
security/selinux/
the
[gs]etprocattr hooks, although [gs]etsecurity have the benefit of
already taking a distinguishing name suffix (the part after the
security. prefix). Note also that inode_getsecurity returns the number
of bytes used/required on success.
The proposed inode_init_security hook will likewise have an
stack module.
I don't think so - different hooks are involved (inode_setxattr vs.
inode_setsecurity).
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo inf
/?group_id=21266), and tarballs are available
from http://www.flux.utah.edu/~sds.
Please add this patch to -mm for wider testing in preparation for
eventual merging for 2.6.14. Thanks.
Signed-off-by: Stephen Smalley <[EMAIL PROTECTED]>
Signed-off-by: James Morris <[EMAIL PROTECTED]>
--
On Fri, 2005-08-12 at 00:34 +0400, Alexey Dobriyan wrote:
> On Thu, Aug 11, 2005 at 03:32:24PM -0400, Stephen Smalley wrote:
> > This patch improves memory use by SELinux by both reducing the avtab
> > node size and reducing the number of avtab nodes.
>
> > +int avtab_read
This patch adds endian notations to the SELinux code.
It is relative to my prior patch, and is just an updated version of
Alexey's original patch (I hope) adjusted for the new code.
Please add it to -mm as well. Thanks.
From: Alexey Dobriyan <[EMAIL PROTECTED]>
Signed-off-by: Step
e benefit of having these checks:
http://marc.theaimsgroup.com/?l=selinux&m=111348610311179&w=2
More recently, some additional checks have been introduced:
http://marc.theaimsgroup.com/?l=bk-commits-head&m=111974870402956&w=2
http://marc.theaimsgroup.com/?l=bk-commits-head&m=111974
seeing the top-level entry
in /proc itself (as it doesn't do any kind of directory filtering).
--
Stephen Smalley <[EMAIL PROTECTED]>
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Mo
selinuxfs, and rc.sysinit
does likewise. /sbin/init performs the initial mount of selinuxfs prior
to initial policy load. Further, the existence of selinuxfs
in /proc/filesystems is used as a test of whether SELinux was enabled in
the kernel (e.g. is_selinux_enabled in libselinux).
I'm not
.
> I think it should reduce and simplify the SELinux kernel code, with less
> filesystems in the kernel, consolidating several potential projects into
> the same security filesystem.
If there are several such projects in the first place...
--
Stephen Smalley
National Security Agency
-
To
socket with an address that didn't include the optional scope id
and failing due to these checks. Please apply. To 2.6.13, if possible.
Signed-off-by: Stephen Smalley <[EMAIL PROTECTED]>
Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
security/selinux/hooks.c |4 ++--
1
dify the
state of a process in a different security context. Further, we would
need a parallel check on the getprlimit side, to control the ability of
a process in one security context to observe the state of a process in a
different security context.
--
Stephen Smalley
National Security Agency
-
To u
unfortunately can't do so on ppc right now.
Note that the selinux tests there _only_ test the SELinux checking. So
if these changes interfere with proper stacking of SELinux with
capabilities, that won't show up there.
--
Stephen Smalley
National Security Agency
-
To unsubscri
On Thu, 2005-08-25 at 09:21 -0700, Chris Wright wrote:
> * Stephen Smalley ([EMAIL PROTECTED]) wrote:
> > On Thu, 2005-08-25 at 09:38 -0500, [EMAIL PROTECTED] wrote:
> > > Ok, with the attached patch SELinux seems to work correctly. You'll
> > > probably w
.c 2005-06-17
15:48:29.0 -0400
+++ linux-2.6.13-rc6-mm2-xattr/fs/devpts/xattr_security.c 1969-12-31
19:00:00.0 -0500
@@ -1,47 +0,0 @@
-/*
- * Security xattr support for devpts.
- *
- * Author: Stephen Smalley <[EMAIL PROTECTED]>
- * Copyright (c) 2004 Red Hat, Inc
On Thu, 2005-08-25 at 13:43 -0400, Stephen Smalley wrote:
> This patch modifies the VFS setxattr, getxattr, and listxattr code to
> fall back to the security module for security xattrs if the filesystem
> does not support xattrs natively. This allows security modules to
> export the
directly use the built-in cap_
functions from commoncap.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
pre
> it's processing which may be an issue.
That one isn't so much an issue as the xattr ones and vm_enough_memory
case. But more generally, if you think about moving toward a place
where one can grant privileges to processes based solely on their
role/domain, you'll nee
e core
kernel.
Chris - feel free to rip out lsm.tmpl and replace it with something more
up-to-date and complete.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More m
s and permission definition to
policy/flask/security_classes and policy/flask/access_vectors and then
regenerating the kernel headers from those files, ala:
svn co http://oss.tresys.com/repos/refpolicy/trunk refpolicy
cd refpolicy/policy/flask
vi security_classes access_vectors
make
m
On Wed, 2008-01-09 at 18:56 +, David Howells wrote:
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > Right, the latter is reasonable.
> > Requires adding the class and permission definition to
> > policy/flask/security_classes and policy/flask/access_vectors
*inode)
> +{
> + struct task_security_struct *tsec = sec->security;
> + struct inode_security_struct *isec = inode->i_security;
> +
> + tsec->create_sid = isec->sid;
> + return 0;
> +}
> +
> static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
> {
> /* Since setuid only affects the current process, and
> @@ -4884,6 +4927,8 @@ static struct security_operations selinux_ops = {
> .task_alloc_security = selinux_task_alloc_security,
> .task_free_security = selinux_task_free_security,
> .task_dup_security =selinux_task_dup_security,
> + .task_kernel_act_as = selinux_task_kernel_act_as,
> + .task_create_files_as = selinux_task_create_files_as,
> .task_setuid = selinux_task_setuid,
> .task_post_setuid = selinux_task_post_setuid,
> .task_setgid = selinux_task_setgid,
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to [EMAIL PROTECTED] with
> the words "unsubscribe selinux" without quotes as the message.
--
Stephen Smalley
National Security Agency
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
On Mon, 2007-12-10 at 17:07 +, David Howells wrote:
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > > + tsec->create_sid = SECINITSID_UNLABELED;
> > > + tsec->keycreate_sid = SECINITSID_UNLABELED;
> > > + tsec->sockcreate_sid = SECINITSID_U
On Mon, 2007-12-10 at 21:08 +, David Howells wrote:
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > Otherwise, only other issue I have with this interface is it won't
> > generalize to dealing with nfsd, where we want to set the acting context
> > to a
On Mon, 2007-12-10 at 14:26 -0800, Casey Schaufler wrote:
> --- Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > On Mon, 2007-12-10 at 21:08 +, David Howells wrote:
> > > Stephen Smalley <[EMAIL PROTECTED]> wrote:
> > >
> > > > Otherw
On Mon, 2007-12-10 at 23:36 +, David Howells wrote:
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > From a config file whose pathname would be provided by libselinux (ala
> > the way in which dbusd imports contexts), or directly as a context
> > returned by a
On Mon, 2007-12-10 at 15:46 -0800, Casey Schaufler wrote:
> --- David Howells <[EMAIL PROTECTED]> wrote:
>
> > Stephen Smalley <[EMAIL PROTECTED]> wrote:
> >
> > > From a config file whose pathname would be provided by libselinux (ala
> > > the w
On Tue, 2007-12-11 at 11:26 -0800, Casey Schaufler wrote:
> --- Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > On Mon, 2007-12-10 at 14:26 -0800, Casey Schaufler wrote:
> > > --- Stephen Smalley <[EMAIL PROTECTED]> wrote:
> > >
> > > >
On Tue, 2007-12-11 at 20:42 +, David Howells wrote:
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > > That sounds too SELinux specific. How do I do it so that it works for any
> > > LSM?
> >
> > You can't. There is no LSM for users
On Tue, 2007-12-11 at 15:04 -0800, Casey Schaufler wrote:
> --- David Howells <[EMAIL PROTECTED]> wrote:
>
> > Stephen Smalley <[EMAIL PROTECTED]> wrote:
> >
> > > All your code has to do is invoke a function provided by libselinux.
> >
> >
On Wed, 2007-12-12 at 08:51 -0800, Casey Schaufler wrote:
> --- Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > On Tue, 2007-12-11 at 15:04 -0800, Casey Schaufler wrote:
> > > --- David Howells <[EMAIL PROTECTED]> wrote:
> > >
> &g
On Wed, 2007-12-12 at 18:29 +, David Howells wrote:
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > That sounds workable, although I think he will want a more specific hook
> > than security_secctx_to_secid(), or possibly a second hook call, that
> > would not
s the
> > particular cache context that a particular instance of a running daemon is
> > using.
>
> Yes, but forgive me being slow, I don't see the problem.
>
>
> Casey Schaufler
> [EMAIL PROTECTED]
--
Stephen Smalley
National Security Agency
--
To unsubscribe fr
? Spat out to
> > where?
>
> Put it in /etc/init.d/cachefiles and run it at boot time. Put the
> result into /etc/cachefiles.conf. Have cachefilesd read it and pass
> it downward.
More likely, run it at build time in your .spec file to generate
cachefiles.conf, then run it again
On Wed, 2007-12-12 at 22:49 +, David Howells wrote:
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > > Have you example code for the security hook you mention? I'm not sure I
> > > understand why security_secctx_to_secid() is not sufficient.
> >
On Wed, 2007-12-12 at 22:55 +, David Howells wrote:
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > More likely, run it at build time in your .spec file to generate
> > cachefiles.conf,
>
> I don't think sticking it in cachefiles.conf is a good id
On Thu, 2007-12-13 at 15:36 +, David Howells wrote:
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > It is just a way of carving up the permission space, typically based on
> > object type, but it can essentially be arbitrary. The check in this
> > case seem
On Thu, 2007-12-13 at 17:01 +, David Howells wrote:
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > They would correspond with the operations provided by the /dev/cachefiles
> > interface, at the granularity you want to support distinctions to be made.
>
> C
the type has not changed.
>
> Potential users of this support include pam_namespace.so (directory
> polyinstantiation) and the SELinux X support (property polyinstantiation).
>
> Signed-off-by: Eamon Walsh <[EMAIL PROTECTED]>
Acked-by: Stephen Smalley <[EMAIL P
esent in the system, and gives
you the option of controlling it. Your choice as to at what granularity
to apply it.
> SELinux is designed to increase in complexity as it evolves. Making
> it simpler would conflict with the design goal of finer granularity.
>
> > >> Probably
to do it.
Note that Serge said "SELinux re-written on top of Smack", not "rewrite
Smack to be more like SELinux". I don't believe the former is even
possible, given that Smack is strictly less expressive and granular by
design. Rewriting Smack to be more like SELinux shou
ux
> > would not always show up, but would be easy and intuitive to find.
> >
> > Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
> > Acked-by: Stephen Smalley <[EMAIL PROTECTED]>
> > Signed-off-by: James Morris <[EMAIL PROTECTED]>
> > ---
> >
ermission system.
A LSM implements a security model, where that model may encompass all
processes and objects. SELinux (and Smack) in particular implement
mandatory access control and thus need to enforce consistent policy over
all processes and objects based on their security labels.
--
Stephen Sm
security/security.c b/security/security.c
> > index 0e1f1f1..16213e3 100644
> > --- a/security/security.c
> > +++ b/security/security.c
> > @@ -1079,4 +1079,9 @@ int security_key_permission(key_ref_t key_ref,
> > return security_ops->key_permission(key_ref, context, perm);
&
new policy.
Is the only real problem here the clearing of f_op? If so, we can
likely remove that from sel_remove_entries() without harm, and fix the
checks for it to use something more reliable.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
On Tue, 2007-11-20 at 15:17 +, Christoph Hellwig wrote:
> On Tue, Nov 20, 2007 at 10:05:05AM -0500, Stephen Smalley wrote:
> > > Nice, getting rid of this is a very good step formwards. Unfortunately
> > > we have another copy of this junk in
&
On Tue, 2007-11-20 at 15:17 +, Christoph Hellwig wrote:
> On Tue, Nov 20, 2007 at 10:05:05AM -0500, Stephen Smalley wrote:
> > > Nice, getting rid of this is a very good step formwards. Unfortunately
> > > we have another copy of this junk in
&
security-module-specific capabilities? CAP_MAC_OVERRIDE is specific to
Smack - other MAC modules like SELinux won't honor it. Maybe it should
be CAP_SMACK_OVERRIDE.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel
On Wed, 2007-11-21 at 09:21 -0800, Casey Schaufler wrote:
> --- Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > On Wed, 2007-11-21 at 09:48 -0600, Serge E. Hallyn wrote:
> > > Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]):
> > > > +/*
> > > >
On Mon, 2008-01-14 at 14:01 +, David Howells wrote:
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > > avc_has_perm(daemon_tsec->sid, nominated_sid,
> > >SECCLASS_CACHE, CACHE__USE_AS_OVERRIDE, NULL);
> > >
> > > And I
NULL);
>
> Rather than specifically dedicating them to the cache, I made them general.
Make sure that you or Dan submits a policy patch to register these
classes and permissions in the policy when the kernel patch is queued
for merge.
--
Stephen Smalley
National Security Agenc
On Tue, 2008-01-15 at 16:03 +, David Howells wrote:
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > > (3) Check that the kernel may create files as a particular secid (this
> > > could be specified indirectly by specifying an inode, which would
> &
On Tue, 2008-01-15 at 10:10 -0800, Casey Schaufler wrote:
> --- David Howells <[EMAIL PROTECTED]> wrote:
>
> > Stephen Smalley <[EMAIL PROTECTED]> wrote:
> >
> > > > (3) Check that the kernel may create files as a particular secid (this
> > >
sufficiently big. This is included in the returned count. If no LSM is
> in force then an empty string will be returned.
>
> A process must have view permission on the key for this function to be
> successful.
>
> Signed-off-by: David Howells <[EMAIL
On Tue, 2007-12-18 at 19:28 -0800, Crispin Cowan wrote:
> Stephen Smalley wrote:
> >> It is if I have to maintain a special pieces of code for each possible LSM.
> >> One piece for SELinux, one piece for AppArmour, one piece for Smack, one
> >> piece
> >> fo
Looks fine to me (although your diffstat output is stale). Re-diff
against 2.6.11-mm3 is below, feel free to send along to Andrew Morton.
Acked-by: Stephen Smalley <[EMAIL PROTECTED]>
security/selinux/avc.c| 174 --
security/selinux/hooks.c
This patch alters the SELinux handling of inodes with invalid security
contexts so that a filesystem with a root inode that has an invalid
security context can still be mounted for administrative recovery
without disabling SELinux altogether. Please apply.
Signed-off-by: Stephen Smalley <[EM
This patch from Adrian Bunk makes needlessly global code static and
removes a number of unused global and static functions from SELinux.
Please apply.
Author: Adrian Bunk <[EMAIL PROTECTED]>
Signed-off-by: Stephen Smalley <[EMAIL PROTECTED]>
security/selinux/avc.c
This patch changes SELinux to audit any unrecognized netlink messages
in controlled classes rather than silently rejecting them, and to
allow them if in permissive mode. Please apply.
Signed-off-by: Stephen Smalley <[EMAIL PROTECTED]>
Signed-off-by: James Morris <[EMAIL PROTECTED]>
esper Juhl <[EMAIL PROTECTED]>
The diffs to selinux look fine to me, and the resulting kernel seems to
be operating without problem. Feel free to send along to Andrew Morton.
Acked-by: Stephen Smalley <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscri
ndian already (no that isn't the same as the earlier loop that you did
remove), so now you are converting them twice. And why is this new code
better even if you fix this omission?
--
Stephen Smalley <[EMAIL PROTECTED]>
National Security Agency
-
To unsubscribe from this list: send th
On Tue, 2005-03-22 at 10:19 -0500, Stephen Smalley wrote:
> You didn't remove the loop that already converted these values to little
s/ to / from /
> endian already (no that isn't the same as the earlier loop that you did
> remove), so now you are converting them twice. And w
TCP_SOCKET__NODE_BIND 0x0200UL
+#define TCP_SOCKET__NAME_CONNECT 0x0400UL
#define UDP_SOCKET__IOCTL 0x0001UL
#define UDP_SOCKET__READ 0x0002UL
--
Stephen Smalley <[EMAIL PROTECTED]>
National S
On Wed, 2005-03-23 at 09:40 -0500, Stephen Smalley wrote:
> This patch adds a name_connect permission check to SELinux to provide
> control over outbound TCP connections to particular ports distinct
> from the general controls over sending and receiving packets. Please
> apply.
&g
)
> ---
> | preempt count: 0002 ]
> | 2-level deep critical section nesting:
>
> .. [] __do_IRQ+0xef/0x180
> .[] .. ( <= do_IRQ+0x56/0xa0)
> .. [] print_traces+0x10/0x40
> .[] .. ( <= dump_stack+0x17/0x20)
--
Stephen Smalley &
at will allow auditing based on object identity and the requested mode
separate from any particular LSM.
--
Stephen Smalley <[EMAIL PROTECTED]>
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PRO
This patch against 2.6.11-rc2-mm2 regenerates the SELinux module headers
to define the execmod permission for character device files in order to
provide proper auditing of such checks on /dev/zero. Please apply.
Signed-off-by: Stephen Smalley <[EMAIL PROTECTED]>
Signed-off-by: James
This patch against 2.6.11-rc2-mm2 changes SELinux to display any
permission values that could not be mapped to names as a hex value when
generating an audit message. Please apply.
Signed-off-by: Stephen Smalley <[EMAIL PROTECTED]>
Signed-off-by: James Morris <[EMAIL PROTECTED]>
. This would only occur if the process had write
permission to a suid file but lacked setattr permission to it. Please
apply.
Signed-off-by: Stephen Smalley <[EMAIL PROTECTED]>
Signed-off-by: James Morris <[EMAIL PROTECTED]>
security/selinux/hooks.c |3 +++
1 files changed,
On Fri, 2005-02-04 at 13:14, Chris Wright wrote:
> * Stephen Smalley ([EMAIL PROTECTED]) wrote:
> > This patch against 2.6.11-rc3 fixes the selinux_inode_setattr hook
> > function to honor the ATTR_FORCE flag, skipping any permission checking
> > in that case. Otherwise,
en the inode will ultimately
have its security label set upon the d_instantiate() call (via
security_d_instantiate() -> selinux_d_instantiate()), and be
subsequently checked for opens/reads/writes via the
selinux_inode_permission() and selinux_file_permission() hook functions.
--
Stephen
ago,
and in any event, the patents in question have expired AFAICS.
--
Stephen Smalley <[EMAIL PROTECTED]>
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info a
On Tue, 2005-03-01 at 01:32 +0100, Alexander Nyberg wrote:
> There's a leak here in the first error path.
>
> Found by the Coverity tool.
>
> Signed-off-by: Alexander Nyberg <[EMAIL PROTECTED]>
Acked-by: Stephen Smalley <[EMAIL PROTECTED]>
--
Stephen Smal
On Tue, 2005-03-01 at 01:32 +0100, Alexander Nyberg wrote:
> The 'bad' label will call function that unconditionally dereferences
> the NULL pointer.
>
> Found by the Coverity tool
>
> Signed-off-by: Alexander Nyberg <[EMAIL PROTECTED]>
Acked-by:
t; > infrastructure to allow the filesystem to perform its own access control.
>
> OK, thanks. I'll assume that the other three patches are unchanged.
>
> I don't think we've heard from the SELinux team regarding these patches?
>
> (See http://www.zip.com.au/~ak
The checkreqprot value has a compile-time configurable
default value and can also be set via boot parameter or at runtime via
/selinux/checkreqprot if allowed by policy. Thanks to Chris Wright,
James Morris, and Colin Walters for comments on an earlier version of
the patch.
Signed-off-by: Stephen Sm
On Mon, 2005-03-07 at 16:14 -0800, Andrew Morton wrote:
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
> >
> > +__setup("checkreqprot=", checkreqprot_setup);
>
> Can we have an update to Documentation/kernel-parameters.txt, please?
Ok, how does the patch belo
1 - 100 of 584 matches
Mail list logo
