user/sven/linux-bitkeeper.git/security/selinux, branch masterLinux Kernel BitKeeper Historyhttps://git.stealer.net/cgit.cgi/user/sven/linux-bitkeeper.git/atom?h=master2005-04-01T04:33:21Z[SELINUX]: Fix for removal of i_sock2005-04-01T04:33:21ZStephen D. Smalleysds@tycho.nsa.gov2005-04-01T04:33:21Zurn:sha1:900cf636c1d2300b92ee3c015d4b9b453abe853c
This patch against -bk eliminates the use of i_sock by SELinux as it
appears to have been removed recently, breaking the build of SELinux in
-bk. Simply replacing the i_sock test with an S_ISSOCK test would be
unsafe in the SELinux code, as the latter will also return true for the
inodes of socket files in the filesystem, not just the actual socket
objects IIUC. Hence this patch reworks the SELinux code to avoid the
need to apply such a test in the first place, part of which was
obsoleted anyway by earlier changes to SELinux. Please apply.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[PATCH] SELinux: add name_connect permission check2005-03-28T11:21:26ZStephen D. Smalleysds@tycho.nsa.gov2005-03-28T11:21:26Zurn:sha1:a987ce8f834689c425d4ab656a32576ff379242c
This patch adds a name_connect permission check to SELinux to provide
control over outbound TCP connections to particular ports distinct from the
general controls over sending and receiving packets.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] SELinux: audit unrecognized netlink messages2005-03-28T11:21:10ZStephen D. Smalleysds@tycho.nsa.gov2005-03-28T11:21:10Zurn:sha1:da47ed8be39b7169ced8e16d383a8c56f0e47a29
This patch changes SELinux to audit any unrecognized netlink messages in
controlled classes rather than silently rejecting them, and to allow them
if in permissive mode. Please apply.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] SELinux: allow mounting of filesystems with invalid root inode context2005-03-28T11:20:54ZStephen D. Smalleysds@tycho.nsa.gov2005-03-28T11:20:54Zurn:sha1:f7e524ba8a83a15b7bb4d8eaf3d6bcbadc14611b
This patch alters the SELinux handling of inodes with invalid security
contexts so that a filesystem with a root inode that has an invalid
security context can still be mounted for administrative recovery without
disabling SELinux altogether.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] SELinux: make code static and remove unused code2005-03-28T11:20:37ZStephen D. Smalleysds@tycho.nsa.gov2005-03-28T11:20:37Zurn:sha1:be71daf429f7a8a77f810c5dea4d99d6b4734c65
This patch from Adrian Bunk makes needlessly global code static and removes
a number of unused global and static functions from SELinux. Please apply.
Author: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] selinux needs inet2005-03-13T08:27:15ZAndrew Mortonakpm@osdl.org2005-03-13T08:27:15Zurn:sha1:517445fced0a284900acb6b51201034c968ac3db
security/built-in.o(.text+0xe2fc): In function `selinux_socket_bind':
: undefined reference to `sysctl_local_port_range'
Acked-by: James Morris <jmorris@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] SELinux: fix selinux_setprocattr2005-03-10T00:28:59ZStephen D. Smalleysds@tycho.nsa.gov2005-03-10T00:28:59Zurn:sha1:dc3149bd0e300d0fcd245aef94cbbd71bc7ec0ab
This patch changes the selinux_setprocattr hook function (which handles
writes to nodes in the /proc/pid/attr directory) to ignore an optional
terminating newline at the end of the value, and to handle a value
beginning with a newline or a null in the same manner as a zero length
value (clearing the attribute for the process and resetting it to using the
default policy behavior). This change is to address the divergence from
POSIX in the existing API, as POSIX says that write(2) with a zero count
will return zero with no other effect, as well as to simplify use of the
API from scripts (although that isn't recommended).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] SELinux: pass requested protection to security_file_mmap/mprotect hooks2005-03-10T00:28:29ZStephen D. Smalleysds@tycho.nsa.gov2005-03-10T00:28:29Zurn:sha1:65e05719ebd5107c82b40f8d2f2dba0964cac61f
This patch adds a reqprot parameter to the security_file_mmap and
security_file_mprotect hooks that is the original requested protection
value prior to any modification for read-implies-exec, and changes the
SELinux module to allow a mode of operation (controllable via a
checkreqprot setting) where it applies checks based on that protection
value rather than the protection that will be applied by the kernel,
effectively restoring SELinux's original behavior prior to the introduction
of the read-implies-exec logic in the mainline kernel. The patch also
disables execmem and execmod checking entirely on PPC32, as the PPC32 ELF
ABI presently requires RWE segments per Ulrich Drepper.
At present, the read-implies-exec logic causes SELinux to see every
mmap/mprotect read request by legacy binaries or binaries marked with
PT_GNU_STACK RWE as a read|execute request, which tends to distort policy
even if it reflects what is ultimately possible. The checkreqprot setting
allows one to set the desired behavior for SELinux, so either the current
behavior or the original behavior is possible. The checkreqprot value has
a compile-time configurable default value and can also be set via boot
parameter or at runtime via /selinux/checkreqprot if allowed by policy.
Thanks to Chris Wright, James Morris, and Colin Walters for comments on an
earlier version of the patch.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] SELinux: enhanced MLS support2005-03-10T00:28:14Zdgoeddel@trustedcs.comdgoeddel@trustedcs.com2005-03-10T00:28:14Zurn:sha1:d75f9d53dcd74638f4650a41179b78afd56641c2
This patch replaces the original experimental Multi-Level Security (MLS)
implementation in SELinux with an enhanced MLS implementation contributed
by Trusted Computer Solutions (TCS).
The enhanced MLS implementation replaces the hardcoded MLS logic with a
flexible constraint-based system and replaces the compile-time option for
MLS support with a policy load-time enable based on whether MLS support was
enabled in the policy when it was built.
The latter change allows a single kernel and policy toolchain to support
both MLS and non-MLS policies. Compatibility is still provided as usual
for existing policies.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] make RLIMIT_CPU/SIGXCPU per-process2005-03-08T02:17:44ZRoland McGrathroland@redhat.com2005-03-08T02:17:44Zurn:sha1:9046dd435b58f6118d9fa5a9ab2e51ba4e0e9c93
POSIX requires that the RLIMIT_CPU resource limit that generates SIGXCPU be
counted on a per-process basis. Currently, Linux implements this for
individual threads. This patch fixes the semantics to conform with POSIX.
The essential machinery for the process CPU limit is is tied into the new
posix-timers code for process CPU clocks and timers.
Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>