An error occurred fetching the project authors.
- 12 Apr, 2004 2 commits
-
-
Andrew Morton authored
security/selinux/ss/policydb.c:1160: warning: signed size_t format, different type arg (arg 3) security/selinux/ss/policydb.c:1160: warning: signed size_t format, different type arg (arg 3)
-
Andrew Morton authored
From: James Morris <jmorris@redhat.com> The patch below adds explicit IPv6 support to SELinux. Brief description of changes: o IPv6 networking is now subject to the same controls as IPv4 (in addition to the generic socket permissions which cover all protocols), namely: bind to local node address; bind to local port; send & receive TCP/UDP and raw IP packets based on local network interface and remote node address. o Packet parsing has been extended to IPv6 packets for logging and control, and simplified for IPv4. o Support for logging of IPv6 addresses has also been added. o The kernel policy database code has been modified to support IPv6, and reworked to provide generic security policy version handling so that older policy versions will still work, making upgrading simpler. Corresponding userspace patches are available at <http://people.redhat.com/jmorris/selinux/ipv6/>, although current userspace tools will continue to function normally (but without explicit IPv6 support). For more details at the security management level, see <http://marc.theaimsgroup.com/?l=selinux&m=108068187630948&w=2> This code has been under testing and review for several weeks.
-
- 15 Mar, 2004 1 commit
-
-
Andrew Morton authored
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch extends the SELinux policy engine to support conditional policy logic based on a set of policy booleans, allowing well-formed changes to the policy to be defined within and mediated by the policy itself. The conditional policy extensions were implemented and contributed by Tresys Technology. Userland packages that support these extensions are already available from nsa.gov/selinux, and backward compatibility is provided for the prior policy version. The patch also includes a small change to enable detection of the optional MLS policy model on a SELinux system and fixes to the conditional policy extensions to allow the MLS policy to work correctly with them that were implemented and contributed by Trusted Computer Solutions.
-
- 13 Feb, 2004 1 commit
-
-
Andrew Morton authored
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch fixes a couple of bugs in the SELinux policy loading code. The first bug was reported by Magosanyi Arpad; kernel panic upon feeding the kernel a policy with an empty avtab due to cleanup code trying to free the avtab twice. The other bugs were reported by Frank Mayer; failure to properly validate certain values read from the policy.
-
- 30 Dec, 2003 1 commit
-
-
Andrew Morton authored
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch fixes the SELinux build for "make O=..." by removing the use of -include and eliminating the global.h file, adding appropriate individual #include's to the various files in the security/selinux/ss subdirectory. The compilation error was reported by Sam Ravnborg and again by Adrian Bunk.
-
- 23 Sep, 2003 1 commit
-
-
Andrew Morton authored
From: Stephen Smalley <sds@epoch.ncsc.mil> I believe that the patch below fixes the legitimate leaks in the SELinux code. In some cases, it rearranges the code (moving the allocation later to reduce the need for further cleanup or linking the object into a containing structure earlier so that the policydb_destroy will handle it upon any subsequent errors).
-
- 31 Aug, 2003 1 commit
-
-
Andrew Morton authored
From: Stephen Smalley <sds@epoch.ncsc.mil>, James Morris <jmorris@redhat.com> This patch corrects several format specifiers in the SELinux security server code.
-
- 19 Aug, 2003 1 commit
-
-
Andrew Morton authored
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch fixes a bug in the SELinux module by adding a check of the filesystem labeling behavior value obtained from the policy.
-
- 01 Aug, 2003 1 commit
-
-
Andrew Morton authored
From Stephen Smalley <sds@epoch.ncsc.mil> This has been in -mm for a few weeks and James Morris has been regression testing each release.
-