- 28 Jun, 2011 10 commits
-
-
Tetsuo Handa authored
TOMOYO wants to use /proc/self/ rather than /proc/$PID/ if $PID matches current thread's process ID in order to prevent current thread from accessing other process's information unless needed. But since procfs can be mounted on various locations (e.g. /proc/ /proc2/ /p/ /tmp/foo/100/p/ ), TOMOYO cannot tell that whether the numeric part in the string returned by __d_path() represents process ID or not. Therefore, to be able to convert from $PID to self no matter where procfs is mounted, this patch changes pathname representations for filesystems which do not support rename() operation (e.g. proc, sysfs, securityfs). Examples: /proc/self/mounts => proc:/self/mounts /sys/kernel/security/ => sys:/kernel/security/ /dev/pts/0 => devpts:/0 Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
-
Tetsuo Handa authored
Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments, for TOMOYO cannot distinguish between environments outside the container and environments inside the container since LXC environments are created using pivot_root(). To address this problem, this patch introduces policy namespace. Each policy namespace has its own set of domain policy, exception policy and profiles, which are all independent of other namespaces. This independency allows users to develop policy without worrying interference among namespaces. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
-
Tetsuo Handa authored
ACL group allows administrator to globally grant not only "file read" permission but also other permissions. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
-
Tetsuo Handa authored
Add /sys/kernel/security/tomoyo/audit interface. This interface generates audit logs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse audit logs for appending to /sys/kernel/security/tomoyo/domain_policy interface. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
-
Tetsuo Handa authored
Remove global preference from profile structure in order to make code simpler. Due to this structure change, printk() warnings upon policy violation are temporarily disabled. They will be replaced by /sys/kernel/security/tomoyo/audit by next patch. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
-
Tetsuo Handa authored
Convert "allow_..." style directives to "file ..." style directives. By converting to the latter style, we can pack policy like "file read/write/execute /path/to/file". Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
-
Tetsuo Handa authored
Use structure for passing ACL line, in preparation for supporting policy namespace and conditional parameters. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
-
Tetsuo Handa authored
Use common structure for ACL with "struct list_head" + "atomic_t". Use array/struct where possible. Remove is_group from "struct tomoyo_name_union"/"struct tomoyo_number_union". Pass "struct file"->private_data rather than "struct file". Update some of comments. Bring tomoyo_same_acl_head() from common.h to domain.c . Bring tomoyo_invalid()/tomoyo_valid() from common.h to util.c . Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
-
Tetsuo Handa authored
Update (or temporarily remove) comments. Remove or replace some of #define lines. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
-
Tetsuo Handa authored
In order to synchronize with TOMOYO 1.8's syntax, (1) Remove special handling for allow_read/write permission. (2) Replace deny_rewrite/allow_rewrite permission with allow_append permission. (3) Remove file_pattern keyword. (4) Remove allow_read permission from exception policy. (5) Allow creating domains in enforcing mode without calling supervisor. (6) Add permission check for opening directory for reading. (7) Add permission check for stat() operation. (8) Make "cat < /sys/kernel/security/tomoyo/self_domain" behave as if "cat /sys/kernel/security/tomoyo/self_domain". Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
-
- 27 Jun, 2011 7 commits
-
-
Roberto Sassu authored
The function ecryptfs_keyring_auth_tok_for_sig() has been modified in order to search keys of both 'user' and 'encrypted' types. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Acked-by: Gianluca Ramunno <ramunno@polito.it> Acked-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
Roberto Sassu authored
The 'encrypted' key type defines its own payload format which contains a symmetric key randomly generated that cannot be used directly to mount an eCryptfs filesystem, because it expects an authentication token structure. This patch introduces the new format 'ecryptfs' that allows to store an authentication token structure inside the encrypted key payload containing a randomly generated symmetric key, as the same for the format 'default'. More details about the usage of encrypted keys with the eCryptfs filesystem can be found in the file 'Documentation/keys-ecryptfs.txt'. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Acked-by: Gianluca Ramunno <ramunno@polito.it> Acked-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
Roberto Sassu authored
Some eCryptfs specific definitions, such as the current version and the authentication token structure, are moved to the new include file 'include/linux/ecryptfs.h', in order to be available for all kernel subsystems. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Acked-by: Gianluca Ramunno <ramunno@polito.it> Acked-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
Roberto Sassu authored
This patch introduces a new parameter, called 'format', that defines the format of data stored by encrypted keys. The 'default' format identifies encrypted keys containing only the symmetric key, while other formats can be defined to support additional information. The 'format' parameter is written in the datablob produced by commands 'keyctl print' or 'keyctl pipe' and is integrity protected by the HMAC. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Acked-by: Gianluca Ramunno <ramunno@polito.it> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
Roberto Sassu authored
Some debug messages have been added in the function datablob_parse() in order to better identify errors returned when dealing with 'encrypted' keys. Changelog from version v4: - made the debug messages more understandable Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Acked-by: Gianluca Ramunno <ramunno@polito.it> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
Roberto Sassu authored
Valid key type prefixes for the parameter 'key-type' are: 'trusted' and 'user'. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Acked-by: Gianluca Ramunno <ramunno@polito.it> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
Roberto Sassu authored
Do not dump the master key if an error is encountered during the request. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Acked-by: Gianluca Ramunno <ramunno@polito.it> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
- 14 Jun, 2011 1 commit
-
-
David Howells authored
Don't return EAGAIN to keyctl_assume_authority() to indicate that a key could not be found (ENOKEY is only returned if a negative key is found). Instead return ENOKEY in both cases. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
-
- 09 Jun, 2011 2 commits
-
-
eparis@redhat authored
We recently found that in some configurations SELinux was blocking the ability for cgroupfs to be mounted. The reason for this is because cgroupfs creates files and directories during the get_sb() call and also uses lookup_one_len() during that same get_sb() call. This is a problem since the security subsystem cannot initialize the superblock and the inodes in that filesystem until after the get_sb() call returns. Thus we leave the inodes in an unitialized state during get_sb(). For the vast majority of filesystems this is not an issue, but since cgroupfs uses lookup_on_len() it does search permission checks on the directories in the path it walks. Since the inode security state is not set up SELinux does these checks as if the inodes were 'unlabeled.' Many 'normal' userspace process do not have permission to interact with unlabeled inodes. The solution presented here is to do the permission checks of path walk and inode creation as the kernel rather than as the task that called mount. Since the kernel has permission to read/write/create unlabeled inodes the get_sb() call will complete successfully and the SELinux code will be able to initialize the superblock and those inodes created during the get_sb() call. This appears to be the same solution used by other filesystems such as devtmpfs to solve the same issue and should thus have no negative impact on other LSMs which currently work. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Paul Menage <menage@google.com> Signed-off-by: James Morris <jmorris@namei.org>
-
James Morris authored
-
- 08 Jun, 2011 20 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6Linus Torvalds authored
* 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6: PM / Runtime: Fix loops in pm_runtime_clk_notify() PM / Intel IOMMU: Fix init_iommu_pm_ops() for CONFIG_PM unset
-
Linus Torvalds authored
This tries to make the 'struct inode' accesses denser in the data cache by moving a commonly accessed field (i_security) closer to other fields that are accessed often. It also makes 'i_state' just an 'unsigned int' rather than 'unsigned long', since we only use a few bits of that field, and moves it next to the existing 'i_flags' so that we potentially get better structure layout (although depending on config options, i_flags may already have packed in the same word as i_lock, so this improves packing only for the case of spinlock debugging) Out 'struct inode' is still way too big, and we should probably move some other fields around too (the acl fields in particular) for better data cache access density. Other fields (like the inode hash) are likely to be entirely irrelevant under most loads. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Linus Torvalds authored
This is a rather hot function that is called with a potentially NULL "struct common_audit_data" pointer argument. And in that case it has to provide and initialize its own dummy common_audit_data structure. However, all the _common_ cases already pass it a real audit-data structure, so that uncommon NULL case not only creates a silly run-time test, more importantly it causes that function to have a big stack frame for the dummy variable that isn't even used in the common case! So get rid of that stupid run-time behavior, and make the (few) functions that currently call with a NULL pointer just call a new helper function instead (naturally called inode_has_perm_noapd(), since it has no adp argument). This makes the run-time test be a static code generation issue instead, and allows for a much denser stack since none of the common callers need the dummy structure. And a denser stack not only means less stack space usage, it means better cache behavior. So we have a win-win-win from this simplification: less code executed, smaller stack footprint, and better cache behavior. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6Linus Torvalds authored
* 'usb-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: (28 commits) MAINTAINERS: add a maintainer to Gadget Framework USB: serial: add another 4N-GALAXY.DE PID to ftdi_sio driver Revert "USB: option: add ID for ZTE MF 330" drivers/usb/host/ohci-pxa27x.c: add missing clk_put USB: CONFIG_USB_GADGET_DUALSPEED is not user-configurable USB: dummy-hcd needs the has_tt flag usb-storage: redo incorrect reads usb/renesas_usbhs: free uep on removal usb/s3c-hsudc: fix error path usb/pxa25x_udc: cleanup the LUBBOCK err path usb/mv_udc_core: fix compile usb: gadget: include <linux/prefetch.h> to fix compiling error USB: s3c-hsotg: Tone down debugging usb: remove bad dput after dentry_unhash USB: core: Tolerate protocol stall during hub and port status read musb: fix prefetch build failure USB: cdc-acm: Adding second ACM channel support for Nokia E7 and C7 usb-gadget: unlock data->lock mutex on error path in ep_write() USB: option Add blacklist for ZTE K3765-Z (19d2:2002) option: add Prolink PH300 modem IDs ...
-
Felipe Balbi authored
I'll be continuing the amazing work Dave has done with the Gadget Framework. Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
git://git.secretlab.ca/git/linux-2.6Linus Torvalds authored
* 'spi/merge' of git://git.secretlab.ca/git/linux-2.6: spi/rtc-m41t93: Use spi_get_drvdata() for SPI devices spi/omap2: fix uninitialized variable
-
git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: cifs: trivial: add space in fsc error message cifs: silence printk when establishing first session on socket CIFS ACL support needs CONFIG_KEYS, so depend on it possible memory corruption in cifs_parse_mount_options() cifs: make CIFS depend on CRYPTO_ECB cifs: fix the kernel release version in the default security warning message
-
Greg Kroah-Hartman authored
This is needed to get the following MAINTAINERS patch to apply properly. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Steffen Sledz authored
E.g. newer CAN 2.0 A/B <=> USB 2.0 converters report idProduct=f3c2. Signed-off-by: Steffen Sledz <sledz@dresearch-fe.de> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Geert Uytterhoeven authored
One new offender detected by the recently increased type checking in platform_get_drvdata(): drivers/rtc/rtc-m41t93.c: In function ‘m41t93_remove’: drivers/rtc/rtc-m41t93.c:192: warning: passing argument 1 of ‘platform_get_drvdata’ from incompatible pointer type Use spi_get_drvdata() instead of platform_get_drvdata(), cfr. commit 42fea15d ("spi/rtc-{ds1390,ds3234,m41t94}: Use spi_get_drvdata() for SPI devices") Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
-
git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xenLinus Torvalds authored
* 'stable/bug.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen: xen: off by one errors in multicalls.c xen: use the trigger info we already have to choose the irq handler
-
Jeff Layton authored
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
-
Linus Torvalds authored
Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: perf: Fix comments in include/linux/perf_event.h perf: Comment /proc/sys/kernel/perf_event_paranoid to be part of user ABI perf python: Fix argument name list of read_on_cpu() perf evlist: Don't die if sample_{id_all|type} is invalid perf python: Use exception to propagate errors perf evlist: Remove dependency on debug routines perf, cgroups: Fix up for new API
-
git://git.secretlab.ca/git/linux-2.6Linus Torvalds authored
* 'gpio/merge' of git://git.secretlab.ca/git/linux-2.6: gpio/samsung: make Kconfig options def_bool gpio/exynos4: Fix incorrect mapping of gpio pull-up macro to register setting GPIO: OMAP: add locking around calls to _set_gpio_triggering GPIO: OMAP: fix setting IRQWAKEN bits for OMAP4 GPIO: OMAP: fix section mismatch warnings gpio: Fix gpio-exynos4 build fails in mainline
-
git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6Linus Torvalds authored
* 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6: [media] soc_camera: preserve const attribute [media] uvc_entity: initialize return value [media] media: Fix media device minor registration [media] Make nchg variable signed because the code compares this variable against negative values [media] omap3isp: fix compiler warning [media] v4l: Fix media_entity_to_video_device macro argument name [media] ivtv: Internally separate encoder & decoder standard setting [media] ivtvfb: Add sanity check to ivtvfb_pan_display() [media] ivtvfb: use display information in info not in var for panning [media] ivtv: Make two ivtv_msleep_timeout calls uninterruptable [media] anysee: return EOPNOTSUPP for unsupported I2C messages [media] gspca - ov519: Set the default frame rate to 15 fps [media] gspca - stv06xx: Set a lower default value of gain for hdcs sensors [media] gspca: Remove coarse_expo_autogain.h [media] gspca - ov519: Change the ovfx2 bulk transfer size [media] gspca - ov519: Fix a regression for ovfx2 webcams
-
git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6Linus Torvalds authored
* 'drm-radeon-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: drm/radeon/kms: disable hdmi audio by default drm/radeon/kms: fix for radeon on systems >4GB without hardware iommu drm/radeon/kms: set family for use in parser.
-
Grant Likely authored
Merge branch 'for_3.0/gpio-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-omap-pm into gpio/merge
-
Linus Torvalds authored
The flush_to_ldisc() work entry has special logic to notice when it has seen the original tail of the data queue, and it avoids continuing the flush if it sees that _original_ tail rather than the current tail. This logic can trigger in case somebody is constantly adding new data to the tty while the flushing is active - and the intent is to avoid excessive CPU usage while flushing the tty, especially as we used to do this from a softirq context which made it non-preemptible. However, since we no longer re-arm the work-queue from within itself (because that causes other trouble: see commit a5660b41 "tty: fix endless work loop when the buffer fills up"), this just leads to possible hung tty's (most easily seen in SMP and with a test-program that floods a pty with data - nobody seems to have reported this for any real-life situation yet). And since the workqueue isn't done from timers and softirq's any more, it's doubtful whether the CPU useage issue is really relevant any more. So just remove the logic entirely, and see if anybody ever notices. Alternatively, we might want to re-introduce the "re-arm the work" for just this case, but then we'd have to re-introduce the delayed work model or some explicit timer, which really doesn't seem worth it for this. Reported-and-tested-by: Guillaume Chazarain <guichaz@gmail.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Felipe Balbi <balbi@ti.com> Cc: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Alex Deucher authored
The current RE'd code causes blank screens and display problems on a lot of systems. So disable it by default for now. It can still be enabled by setting the audio parameter to 1. E.g.: radeon.audio=1 Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=38010 https://bugs.freedesktop.org/show_bug.cgi?id=27731 https://bugs.freedesktop.org/show_bug.cgi?id=35970 https://bugs.freedesktop.org/show_bug.cgi?id=26195 and many other reported problems. Signed-off-by: Alex Deucher <alexdeucher@gmail.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
-
Daniel Haid authored
On my x86_64 system with >4GB of ram and swiotlb instead of a hardware iommu (because I have a VIA chipset), the call to pci_set_dma_mask (see below) with 40bits returns an error. But it seems that the radeon driver is designed to have need_dma32 = true exactly if pci_set_dma_mask is called with 32 bits and false if it is called with 40 bits. I have read somewhere that the default are 32 bits. So if the call fails I suppose that need_dma32 should be set to true. And indeed the patch fixes the problem I have had before and which I had described here: http://choon.net/forum/read.php?21,106131,115940Acked-by: Alex Deucher <alexdeucher@gmail.com> cc: stable@kernel.org Signed-off-by: Dave Airlie <airlied@redhat.com>
-