s.
>
> Add a separate NULL check to tell gcc about it as well.
>
> Signed-off-by: Arnd Bergmann
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
fixes-v5.12
--
James Morris
gt; ---
> > The code churn is unfortunate. Alternative would be to change
> > the function signature of ->route_req:
> > struct dst_entry *(*route_req)(struct sock *sk, ...
> > [ i.e., drop 'const' ]. Thoughts?
>
> Security folks - is this
replace the flowi pointers with pointers
> to the address family independent flowi_common struct.
>
> Reported-by: Herbert Xu
> Signed-off-by: Paul Moore
Acked-by: James Morris
--
James Morris
clist()")
> Reported-by: Dan Carpenter
> Signed-off-by: Paul Moore
Reviewed-by: James Morris
> ---
> net/netlabel/netlabel_unlabeled.c |2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/netlabel/netlabel_unlabeled.c
> b/ne
(skb, ct, ctinfo, NFQA_CT, NFQA_CT_INFO) < 0)
> > @@ -632,10 +627,8 @@ nfqnl_build_packet_message(struct net *net, struct
> > nfqnl_instance *queue,
> > }
> >
> > nlh->nlmsg_len = skb->len;
> > - if (seclen) {
> > - lsmcontext_init(&scaff, secdata, seclen, 0);
> > - security_release_secctx(&scaff);
> > - }
> > + if (context.len)
> > + security_release_secctx(&context);
> > return skb;
> >
> > nla_put_failure:
> > @@ -643,10 +636,8 @@ nfqnl_build_packet_message(struct net *net, struct
> > nfqnl_instance *queue,
> > kfree_skb(skb);
> > net_err_ratelimited("nf_queue: error creating packet message\n");
> > nlmsg_failure:
> > - if (seclen) {
> > - lsmcontext_init(&scaff, secdata, seclen, 0);
> > - security_release_secctx(&scaff);
> > - }
> > + if (context.len)
> > + security_release_secctx(&context);
> > return NULL;
> > }
> >
> > --
> > 2.24.1
> >
>
--
James Morris
ntainers on the
To: line or they may miss the email.
--
James Morris
ng back a secid.
> The infrastructure passes the correct entry from the lsmblob.
>
> Signed-off-by: Casey Schaufler
> Cc: netdev@vger.kernel.org
You probably need to include Netfilter maintainers specifically for this
(added them + the Netfilter list).
This also needs signoffs from LSM owners.
--
James Morris
On Tue, 27 Oct 2020, Paul Moore wrote:
> On Wed, Sep 30, 2020 at 9:44 AM Paul Moore wrote:
> > On Tue, Sep 29, 2020 at 7:09 PM James Morris wrote:
> > > I'm not keen on adding a parameter which nobody is using. Perhaps a note
> > > in the header instead?
> &g
it version.
>
> Reported-by: Roman Kiryanov
> https://android-review.googlesource.com/c/device/generic/goldfish/+/1468545/
> Signed-off-by: Jeff Vander Stoep
Reviewed-by: James Morris
--
James Morris
es the problem of
> the LSM hook callers sending the wrong secid which would be much
> worse.
>
> Reported-by: Herbert Xu
> Signed-off-by: Paul Moore
I'm not keen on adding a parameter which nobody is using. Perhaps a note
in the header instead?
--
James Morris
ger.kernel.org
I'd like to see Paul's acks on any networking related changes.
--
James Morris
x/lsm_hook_defs.h
> > @@ -243,7 +243,7 @@ LSM_HOOK(int, -EINVAL, getprocattr, struct task_struct
> > *p, char *name,
> > char **value)
> > LSM_HOOK(int, -EINVAL, setprocattr, const char *name, void *value, size_t
> > size)
> > LSM_HOOK(int, 0, ismaclabel, const char *name)
> > -LSM_HOOK(int, 0, secid_to_secctx, u32 secid, char **secdata,
> > +LSM_HOOK(int, -EOPNOTSUPP, secid_to_secctx, u32 secid, char **secdata,
> > u32 *seclen)
> > LSM_HOOK(int, 0, secctx_to_secid, const char *secdata, u32 seclen, u32
> > *secid)
> > LSM_HOOK(void, LSM_RET_VOID, release_secctx, char *secdata, u32 seclen)
> > --
> > 2.20.1
> >
>
--
James Morris
> Thank you Arnd for helping me figure out what went wrong.
>
> CC: Arnd Bergmann
> Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks")
> Signed-off-by: Anders Roxell
Note, this patch should have been sent to me and cc'd the LSM list.
Acked-by: James Morris
--
James Morris
another security
> module to take over lockdown decisions once it has initialized (including
> policy load), and to be able to access state that is currently private to the
> lockdown module, like the level.
Why not utilize stacking (restrictively), similarly to capabilities?
--
James Morris
On Fri, 4 May 2018, David Herrmann wrote:
> Hi
>
> This is v2 of the socketpair(2) LSM hook introduction.
Thanks, all applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
next-general
--
James Morris
On Wed, 25 Apr 2018, Paul Moore wrote:
> On Wed, Apr 25, 2018 at 2:44 PM, James Morris wrote:
> > On Mon, 23 Apr 2018, David Herrmann wrote:
> >> This patch series tries to close this gap and makes both behave the
> >> same. A new LSM-hook is added which allow
ck backend and maybe the hook name change,
I'll merge this unless DaveM wants it to go in via his networking tree.
--
James Morris
On Thu, 30 Nov 2017, Eric Dumazet wrote:
> On Wed, 2017-11-29 at 19:16 -0800, Casey Schaufler wrote:
> > On 11/29/2017 4:31 PM, James Morris wrote:
> > > On Wed, 29 Nov 2017, Casey Schaufler wrote:
> > >
> > > > I see that there is a proposed fix later
On Wed, 29 Nov 2017, Casey Schaufler wrote:
> I see that there is a proposed fix later in the thread, but I don't see
> the patch. Could you send it to me, so I can try it on my problem?
Forwarded off-list.
Interestingly, I didn't see the KASAN output email from Stephen here.
--
James Morris
skb)->header.h4, IPCB(skb),
> > sizeof(struct inet_skb_parm));
>
> Please try this fix for IPv4 (a similar patch will be needed for IPv6)
>
> net/ipv4/tcp_ipv4.c | 51 ++
> 1 file changed, 32 insertions(+), 19 deletions(-)
Works for me, no crashes with the testsuite running in a loop.
Tested-by: James Morris
--
James Morris
net: sk_buff rbnode reorg
...
Anyone else able to reproduce this, or have any ideas on what's happening?
- James
--
James Morris
itelist to /proc (per-task) or /sys/fs (global) ?
The per-task whitelist is inherited from the global one by default, or
from a parent process if it's been modified in the parent.
--
James Morris
!capable(CAP_NET_ADMIN) ||
!unprivileged_autoload(module_name)))
return -EPERM;
--
James Morris
not an expert on
SCTP. It would be good to see more review from networking folk.
Reviewed-by: James Morris
--
James Morris
configured.
>
> Signed-off-by: Chenbo Feng
> Acked-by: Stephen Smalley
Reviewed-by: James Morris
--
James Morris
ject,
> selinux will check if processes have the right privileges. The creation
> of eBPF object are also checked at the general bpf check hook and new
> cmd introduced to eBPF domain can also be checked there.
>
> Signed-off-by: Chenbo Feng
> Acked-by: Alexei Starovoitov
Revi
ual security module can decide which command need to be checked and
> how the cmd should be checked.
>
> Signed-off-by: Chenbo Feng
Acked-by: James Morris
--
James Morris
On Wed, 18 Oct 2017, David Miller wrote:
> Series applied.
I hadn't gotten to reviewing this patchset yet.
Please wait for more acks/reviews from LSM folk for things touching
security/, next time.
--
James Morris
On Wed, 4 Oct 2017, Chenbo Feng wrote:
> int bpf_map_new_fd(struct bpf_map *map, int flags)
> {
> + if (security_bpf_map(map, OPEN_FMODE(flags)))
> + return -EPERM;
> +
Don't hardcode -EPERM here, return the actual error from
security_bpf_map().
> + if (security_bpf_prog(p
abstract FS struct */
> };
Looks like a spurious empty line.
--
James Morris
th an ABI version, the user can
> easily check if the current kernel support that.
Don't call it an ABI, perhaps minimum policy version (similar to
what SELinux does). Changes need to be made so that any existing
userspace still works.
--
James Morris
On Tue, 22 Aug 2017, Alexei Starovoitov wrote:
> more general question: what is the status of security/ bits?
> I'm assuming they still need to be reviewed and explicitly acked by James,
> right?
Yep, along with other core security developers where possible.
--
James Morris
is
> missing is a way to enforce a security policy for any application by its
> developer and *unprivileged user* as seccomp can do for raw syscall filtering.
>
You could mention here that the first case is Mandatory Access Control,
in general terms.
--
James Morris
; > +F: include/net/netlabel.h
> > +F: include/uapi/linux/netfilter/xt_SECMARK.h
> > +F: include/uapi/linux/netfilter/xt_CONNSECMARK.h
> > +F: net/netlabel/
> > +F: net/ipv4/cipso_ipv4.c
> > +F: net/ipv6/calipso.c
> > +F: net/netfilter/xt_CONNSECMARK.c
> > +F: net/netfilter/xt_SECMARK.c
> >
> > NETWORKING [TLS]
> > M: Ilya Lesokhin
>
>
--
James Morris
On Thu, 10 Aug 2017, Paul Moore wrote:
> From: Paul Moore
>
> Signed-off-by: Paul Moore
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
--
James Morris
e to breaking Landlock policies.
> @@ -82,6 +87,8 @@ enum bpf_arg_type {
>
> ARG_PTR_TO_CTX, /* pointer to context */
> ARG_ANYTHING, /* any (initialized) argument is ok */
> +
> + ARG_CONST_PTR_TO_HANDLE_FS, /* pointer to an abstract FS struct */
> };
Extraneous whitespace?
--
James Morris
t; Hello - Just checking in again to see if you plan on taking these
> through the security tree?
Sure, please resend.
--
James Morris
; or cleared across tunnels within the same name space? In fact,
> do our security models even support name spaces?
They don't support namespaces, and maintaining the label is critical for
SELinux, at least, which mediates security for the system as a whole.
--
James Morris
t;users, 1);
>
> atomic_inc(&(skb_shinfo(skb)->dataref));
> skb->cloned = 1;
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to [EMAIL PROTECTED]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
James Morris
<[EMAIL PROTECTED]>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
performance reasons in any case.
> 2. Copy the ->iif field in __copy_skb_header()
Seems valid.
- James
--
James Morris
<[EMAIL PROTECTED]>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
This is part of a large patchset which finally "fixes" labeled networking,
which we're hoping to get into 2.6.25.
Thread @ http://thread.gmane.org/gmane.linux.kernel.lsm/4894
The patch below is the only one which is not self-contained & impacts on
core networking code.
If anyone has any object
pt to transmit a packet that would result in sequence number
>overflow is an auditable event. The audit log entry for this event
>SHOULD include the SPI value, current date/time, Source Address,
>Destination Address, and (in IPv6) the cleartext Flow ID.
>
> Signed-of
sake of consistency.
>
> Signed-off-by: Paul Moore <[EMAIL PROTECTED]>
Acked-by: James Morris <[EMAIL PROTECTED]>
> ---
>
> include/net/xfrm.h | 33 --
> net/ipv4/ah4.c |4 +
> net/ipv4/esp4.c|1
> net/ipv6/ah6.c
ary memcpy() calls
>
> * Move common code to xfrm_audit_common_stateinfo()
>Code consolidation from the "less is more" book on software development
>
> * Proper spacing around commas in function arguments
>Minor style tweak since I was already touching the
for a single packet, e.g. individual IPsec transforms, adding unwanted
> overhead and complicating the security policy.
I'm fine to ack this from a security pov -- any objections on the
networking side?
- James
--
James Morris
<[EMAIL PROTECTED]>
--
To unsubscribe from this list:
this datagram
> will repeat recvmsg() forever, which is a worse side effect.
>
> So, don't give different permissions between processes who share one socket.
> Otherwise, some connections/datagrams cannot be delivered to intended process.
These semantics changes are concerning, and le
selinux_ip_postroute_last(hooknum, skb, in, out, okfn, PF_INET6);
> }
>
> #endif /* IPV6 */
> -
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to [EMAIL PROTECTED]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
ock, *newsock, flags);
> if (err < 0) {
> sock_release(*newsock);
> + *newsock = NULL;
> goto done;
> }
>
If you get an error back from kernel_accept, you should not be trying to
use newsock.
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscrib
y and has
never gone anywhere :-)
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
hought mentioned at the first two netconfs, but it
> went nowhere because the more we discussed the implementation
> the more horrific it began to sound :-)
Don't forget Rusty's skb reservation patches from 1999...
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this
Both patches applied to:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordo
igned-off-by: Joy Latten <[EMAIL PROTECTED]>
Acked-by: James Morris <[EMAIL PROTECTED]>
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
problem.
I posted one possible solution a couple of years ago (skfilter):
http://lwn.net/Articles/157137/
I think there has been some recent discussion by netfilter developers
about this issue, so perhaps you could talk to them (cd'd Patrick).
- James
--
James Morris
<[EMAIL PROTECTED]>
this cause existing applications to break?
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, 13 Jul 2007, Jens Axboe wrote:
> On Fri, Jul 13 2007, Johannes Berg wrote:
> > On Thu, 2007-07-12 at 16:12 -0400, James Morris wrote:
> > > I'm seeing TCP connection stalls with current git, and a bisect found the
> > > following as a possible cause:
>
On Thu, 12 Jul 2007, David Miller wrote:
> From: James Morris <[EMAIL PROTECTED]>
> Date: Thu, 12 Jul 2007 16:12:25 -0400 (EDT)
>
> > I'm seeing TCP connection stalls with current git, and a bisect found the
> > following as a possible cause:
>
> To add to
clear if it's the patch itself or coincidental
to it.
I've looked at some tcpdumps, but may not be able to get back to them
until tomorrow or the weekend, & thought it might be useful to get the
report out now.
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe
rly populated initrd.
>
> Same goes for things like this.
>
> That's the fact of life these days, like it or not.
Same story for NFS root when using strong authentication -- something has
to be running in userland to manage that.
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To
On Mon, 9 Jul 2007, Stephen Hemminger wrote:
> Isn't it better to hook into existing netfilter infrastructure somehow?
Yes, it has been suggested several times.
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
nsure that the peers
are appropriately notified using the standard failure paths, not just
arbitrarily propagate errors to the local user.
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [E
(original cc list has wrong netdev addr)
-- Forwarded message --
Date: Mon, 9 Jul 2007 15:17:28 -0400 (EDT)
From: James Morris <[EMAIL PROTECTED]>
To: Tetsuo Handa <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Re: [RFC]
Thanks.
Acked-by: James Morris <[EMAIL PROTECTED]>
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
-- Forwarded message --
Date: Mon, 18 Jun 2007 12:05:49 -0400
From: Jeff Dike <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: Guido Guenther <[EMAIL PROTECTED]>, LKML <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Subject: [PATCH] Allow group ownership of TUN/TAP devices
I recieved from
malley <[EMAIL PROTECTED]>
> James Morris <[EMAIL PROTECTED]>
> Patch : http://lkml.org/lkml/2007/6/7/334
> Status : patch available
This patch is queued for -mm, and will be submitted for 2.6.23.
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from t
with
> CIPSO options attached which generate error messages on certain alignment
> sensitive platforms. This patch fixes this by marking these unaligned
> accesses
> with the get_unaliagned() macro.
>
> Signed-off-by: Paul Moore <[EMAIL PROTECTED]>
Acked-by: James Morris &l
code where it make sense.
>
> Signed-off-by: Paul Moore <[EMAIL PROTECTED]>
Acked-by: James Morris <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
I've applied this patch to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-davem
Dave, feel free to pull from that branch.
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the
unt for free. I also rediffed the patch against
> the latest miller tree. Is the idea or patch in any way flawed or
> unacceptable to people at the moment?
>
> Anyone willing to step up an re-ack the patch to get it moving into the
> tree?
Looks good to me.
Acked-by: Jam
-- Forwarded message --
Date: Mon, 14 May 2007 08:15:50 -0700 (PDT)
From: Curtis Doty <[EMAIL PROTECTED]>
To: Linux Kernel <[EMAIL PROTECTED]>
Subject: oops in net/ipv4/icmp.c:icmp_send() with icmp_errors_use_inbound_ifaddr
Summary: On a multi-homed box, after turning on
/proc/sys/
Could be an upstream kernel issue lurking.
-- Forwarded message --
Date: Fri, 20 Apr 2007 22:21:26 +0200
From: Mark Stier <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: FYI: Xen or kernel bug?
Hello,
tcp_vegas produces division by zero kernel oopses in dom0 when running
a Xe
e !IFF_LOOPBACK check was there
in the first place.
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, 13 Apr 2007, Joy Latten wrote:
>
> Signed-off-by: Joy Latten <[EMAIL PROTECTED]>
Acked-by: James Morris <[EMAIL PROTECTED]>
>
>
> diff -urpN linux-2.6.20/net/xfrm/xfrm_user.c
> linux-2.6.20.patch/net/xfrm/xfrm_user.c
> --- linux-2.6.20/net/
was made worse by Brian Braunstein's patch to keep
> net_device.dev_addr and tun.dev_addr in sync.
>
> Signed-off-by: Rusty Russell <[EMAIL PROTECTED]>
Acked-by: James Morris <[EMAIL PROTECTED]>
>
> diff -r fd8c40f4f533 drivers/net/tun.c
> --- a/drivers/net/tun.c
ll of the patches i'm dealing with are upstream.
It seems my understanding wasn't clear on the overall workflow. If the
consensus is to stay with this scheme, then please disregard my previous
post.
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send t
ecure_dccp_sequence_number() functions, we can
> use the high resolution time services, providing nanosec resolution.
>
> I've also done two kmalloc()/kzalloc() conversions.
>
> Signed-off-by: Eric Dumazet <[EMAIL PROTECTED]>
Looks good to me.
Acked-by: James Morris <[
ainline as appropriate. Then, they can be incorporated into
distro devel kernels when they update their kernels, or backported to
stable distro kernels as already reviewed & tested upstream patches.
If there are any objections, please respond.
- James
--
James Morris
<[EMAIL PROTECTED]>
On Mon, 26 Mar 2007, Joy Latten wrote:
>
> Sending again since one of the email addresses was incorrect.
>
>
>
> Ok, I have made improvements based on James' and Eric's comments.
>
Acked-by: James Morris <[EMAIL PROTECTED]>
> +
On Mon, 26 Mar 2007, James Morris wrote:
> On Mon, 26 Mar 2007, Joy Latten wrote:
>
> > Signed-off-by: Joy Latten<[EMAIL PROTECTED]>
>
> This looks ok to me, although I have a couple of minor issues (which
> should probably not stop it being merged):
>
&g
alue of 'err' is implicitly inverted several times in this function
(and similarly in the state flush one). Something like
ret = (fn() != 0);
might be better.
> +}
> + for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) {
Tab damage?
-
ogy holds up, as rm is a per-file deletion
operation, and it is the shell which expands the wildcard for you.
A 'flush' has a semantic implication that all entries will be removed, and
it should be atomic and either succeed or fail at that granularity.
- James
--
James Mo
his up and test it if there are no objections.
I'd suggest making the permission loop a noop if CONFIG_SECURITY=n, via a
static inline function.
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message t
.
Perhaps a better semantic would be to fail the entire flush operation if
one of the security checks failed. e.g. loop through for permissions
first, then if all ok, loop through for deletion.
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line &qu
Paul Moore <[EMAIL PROTECTED]>
Acked-by: James Morris <[EMAIL PROTECTED]>
> ---
> net/ipv4/cipso_ipv4.c |5 +
> 1 file changed, 5 insertions(+)
>
> Index: net-2.6_bugfix_2/net/ipv4/cipso_ipv4.c
> ===
x27;s all ready, merge into [2] (or export & apply to avoid
merge commits).
This is just one possible workflow. There are probably several better.
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body
rediculous and complicated.
>
> Any ideas?
Only slightly less complicated: user calls recvmsg() once with a new flag
MSG_FLUSH, which causes the queue to be flushed, then resubmits ?
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsu
are established... oh well, just thinking out loud... :-)
I think the solution, if this actually the problem, is for the userland
code to maintain the SAs.
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev&qu
return sk->sk_prot->compat_getsockopt(sk, level, optname,
> optval, optlen);
> return sk->sk_prot->getsockopt(sk, level, optname, optval, optlen);
Acked-by: James Morris <[EMAIL PROTECTED]>
--
James Morris
&l
optval, optlen);
> return sk->sk_prot->getsockopt(sk, level, optname, optval, optlen);
> }
> EXPORT_SYMBOL(compat_sock_common_getsockopt);
>
> Is that intentional to make protocol writers assign both if they want
> compat_setsockopt? :P
It's a bug
shed, and the larval SA keeps resending until it
times out.
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
hook to the exit path such that all failures
> (and successes) will actually get audited.
>
> Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
Acked-by: James Morris <[EMAIL PROTECTED]>
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the lin
tch adds the auditing hooks as well.
>
> Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
Acked-by: James Morris <[EMAIL PROTECTED]>
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a messa
On Fri, 2 Mar 2007, Eric Paris wrote:
> Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
Acked-by: James Morris <[EMAIL PROTECTED]>
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a me
On Mon, 5 Mar 2007, Venkat Yekkirala wrote:
> >
> > Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
> Acked-by: Venkat Yekkirala <[EMAIL PROTECTED]>
What about your previous comment:
"I guess you meant to do this here?
else if (err)
re
mapping verification code returns.
>
> Signed-off-by: Paul Moore <[EMAIL PROTECTED]>
[removed redhat-lspp, which is subscriber only]
Acked-by: James Morris <[EMAIL PROTECTED]>
> ---
> net/ipv4/cipso_ipv4.c |7 ---
> 1 file changed, 4 insertions(+), 3
Where appropriate, convert references to xtime.tv_sec to the
get_seconds() helper function.
Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
Please review & apply if ok.
include/net/tcp.h|4 ++--
net/ipv4/route.c |2 +-
net/ipv4/tcp_input.c |6 +
On Wed, 21 Feb 2007, Peter Zijlstra wrote:
> Failing to allocate a cache entry will only harm performance.
>
> Signed-off-by: Peter Zijlstra <[EMAIL PROTECTED]>
> ---
> security/selinux/avc.c |2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Acked-by: James
On Fri, 16 Feb 2007, Elad Lahav wrote:
> I wrote a function that is equivalent to udp_sendmsg, but uses ip_append_page
> to attach data to an skb. The function is implemented as follows:
Why?
Where is the code?
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this li
On Mon, 5 Feb 2007, James Morris wrote:
> On Sun, 4 Feb 2007, David Miller wrote:
>
> > Something like this (untested) on the ipv4 side, for example:
>
> Looks like it should work. Will do some testing.
Appears to work well, with a slight delay on the first packet as expec
On Sun, 4 Feb 2007, David Miller wrote:
> Something like this (untested) on the ipv4 side, for example:
Looks like it should work. Will do some testing.
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of
erally derivative of
the kernel, but it doesn't make much sense to have only a couple of
symbols exported as GPL, so probably keep it the way you already have it.
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev&q
1 - 100 of 380 matches
Mail list logo
