An error occurred fetching the project authors.
  1. 12 Apr, 2004 2 commits
    • Andrew Morton's avatar
      [PATCH] policydb printk warnings · c40853f2
      Andrew Morton authored
      security/selinux/ss/policydb.c:1160: warning: signed size_t format, different type arg (arg 3)
      security/selinux/ss/policydb.c:1160: warning: signed size_t format, different type arg (arg 3)
      c40853f2
    • Andrew Morton's avatar
      [PATCH] selinux: add IPv6 support · 5e752b7e
      Andrew Morton authored
      From: James Morris <jmorris@redhat.com>
      
      The patch below adds explicit IPv6 support to SELinux.
      
      Brief description of changes:
      
      o IPv6 networking is now subject to the same controls as IPv4 (in
        addition to the generic socket permissions which cover all protocols),
        namely: bind to local node address; bind to local port; send & receive
        TCP/UDP and raw IP packets based on local network interface and remote
        node address.
      
      o Packet parsing has been extended to IPv6 packets for logging and
        control, and simplified for IPv4.
      
      o Support for logging of IPv6 addresses has also been added.
      
      o The kernel policy database code has been modified to support IPv6, and
        reworked to provide generic security policy version handling so that
        older policy versions will still work, making upgrading simpler.
      
      Corresponding userspace patches are available at
      <http://people.redhat.com/jmorris/selinux/ipv6/>, although current
      userspace tools will continue to function normally (but without explicit
      IPv6 support).
      
      For more details at the security management level, see
      <http://marc.theaimsgroup.com/?l=selinux&m=108068187630948&w=2>
      
      This code has been under testing and review for several weeks.
      5e752b7e
  2. 15 Mar, 2004 1 commit
    • Andrew Morton's avatar
      [PATCH] selinux: Conditional policy extension and MLS detection support · e5c539b8
      Andrew Morton authored
      From: Stephen Smalley <sds@epoch.ncsc.mil>
      
      This patch extends the SELinux policy engine to support conditional policy
      logic based on a set of policy booleans, allowing well-formed changes to
      the policy to be defined within and mediated by the policy itself.
      
      The conditional policy extensions were implemented and contributed by
      Tresys Technology.
      
      Userland packages that support these extensions are already available from
      nsa.gov/selinux, and backward compatibility is provided for the prior
      policy version.
      
      The patch also includes a small change to enable detection of the optional
      MLS policy model on a SELinux system and fixes to the conditional policy
      extensions to allow the MLS policy to work correctly with them that were
      implemented and contributed by Trusted Computer Solutions.
      e5c539b8
  3. 13 Feb, 2004 1 commit
    • Andrew Morton's avatar
      [PATCH] selinux: Fix bugs in policy loading code · 17f4a982
      Andrew Morton authored
      From: Stephen Smalley <sds@epoch.ncsc.mil>
      
      This patch fixes a couple of bugs in the SELinux policy loading code.  The
      first bug was reported by Magosanyi Arpad; kernel panic upon feeding the
      kernel a policy with an empty avtab due to cleanup code trying to free the
      avtab twice.  The other bugs were reported by Frank Mayer; failure to
      properly validate certain values read from the policy.
      17f4a982
  4. 30 Dec, 2003 1 commit
    • Andrew Morton's avatar
      [PATCH] Fix SELinux build for "make O=..." · f1f4662e
      Andrew Morton authored
      From: Stephen Smalley <sds@epoch.ncsc.mil>
      
      This patch fixes the SELinux build for "make O=..." by removing the use of
      -include and eliminating the global.h file, adding appropriate individual
      #include's to the various files in the security/selinux/ss subdirectory.
      The compilation error was reported by Sam Ravnborg and again by Adrian
      Bunk.
      f1f4662e
  5. 23 Sep, 2003 1 commit
    • Andrew Morton's avatar
      [PATCH] SELinux leak fixes · 07c9e4a4
      Andrew Morton authored
      From: Stephen Smalley <sds@epoch.ncsc.mil>
      
      I believe that the patch below fixes the legitimate leaks in the SELinux
      code.  In some cases, it rearranges the code (moving the allocation later
      to reduce the need for further cleanup or linking the object into a
      containing structure earlier so that the policydb_destroy will handle it
      upon any subsequent errors).
      07c9e4a4
  6. 31 Aug, 2003 1 commit
    • Andrew Morton's avatar
      [PATCH] Fix SELinux format specifiers · 2a1c7412
      Andrew Morton authored
      From: Stephen Smalley <sds@epoch.ncsc.mil>, James Morris <jmorris@redhat.com>
      
      This patch corrects several format specifiers in the SELinux security server
      code.
      2a1c7412
  7. 19 Aug, 2003 1 commit
    • Andrew Morton's avatar
      [PATCH] SELinux check behavior value · ff95eddd
      Andrew Morton authored
      From: Stephen Smalley <sds@epoch.ncsc.mil>
      
      This patch fixes a bug in the SELinux module by adding a check of the
      filesystem labeling behavior value obtained from the policy.
      ff95eddd
  8. 01 Aug, 2003 1 commit
    • Andrew Morton's avatar
      [PATCH] selinux merge · 7bbf0e05
      Andrew Morton authored
      From Stephen Smalley <sds@epoch.ncsc.mil>
      
      This has been in -mm for a few weeks and James Morris has been
      regression testing each release.
      7bbf0e05