user/sven/linux.git/include/linux/security.h, branch v3.2.45 Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.2.45 2012-01-04T00:12:19Z security: Fix security_old_inode_init_security() when CONFIG_SECURITY is not set 2012-01-04T00:12:19Z Jan Kara jack@suse.cz 2012-01-03T12:14:29Z urn:sha1:30e053248da178cf6154bb7e950dc8713567e3fa Commit 1e39f384bb01 ("evm: fix build problems") makes the stub version of security_old_inode_init_security() return 0 when CONFIG_SECURITY is not set. But that makes callers such as reiserfs_security_init() assume that security_old_inode_init_security() has set name, value, and len arguments properly - but security_old_inode_init_security() left them uninitialized which then results in interesting failures. Revert security_old_inode_init_security() to the old behavior of returning EOPNOTSUPP since both callers (reiserfs and ocfs2) handle this just fine. [ Also fixed the S_PRIVATE(inode) case of the actual non-stub security_old_inode_init_security() function to return EOPNOTSUPP for the same reason, as pointed out by Mimi Zohar. It got incorrectly changed to match the new function in commit fb88c2b6cbb1: "evm: fix security/security_old_init_security return code". - Linus ] Reported-by: Jorge Bastos <mysql.jorge@decimal.pt> Acked-by: James Morris <jmorris@namei.org> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> security: sparse fix: Move security_fixup_op to security.h 2011-09-09T23:56:33Z James Morris jmorris@namei.org 2011-08-30T03:48:53Z urn:sha1:5dbe3040c74eef18e66951347eda05b153e69328 Fix sparse warning by moving declaraion to global header. Signed-off-by: James Morris <jmorris@namei.org> security: Fix a typo 2011-09-09T23:40:31Z rongqing.li@windriver.com rongqing.li@windriver.com 2011-09-06T03:35:36Z urn:sha1:fc9ff9b7e3eaff3f49bc0fbbddfc1416212e888a Fix a typo. Signed-off-by: Roy.Li <rongqing.li@windriver.com> Signed-off-by: James Morris <jmorris@namei.org> evm: fix build problems 2011-08-15T23:23:44Z Mimi Zohar zohar@linux.vnet.ibm.com 2011-08-15T13:09:16Z urn:sha1:1e39f384bb01b0395b69cb70c2cacae65012f203 - Make the previously missing security_old_inode_init_security() stub function definition static inline. - The stub security_inode_init_security() function previously returned -EOPNOTSUPP and relied on the callers to change it to 0. The stub security/security_old_inode_init_security() functions now return 0. Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> evm: building without EVM enabled fixes 2011-08-11T07:42:07Z Mimi Zohar zohar@linux.vnet.ibm.com 2011-08-11T04:22:51Z urn:sha1:e1c9b23adbe86c725738402857397d7a29f9d6ef - Missing 'inline' on evm_inode_setattr() definition. Introduced by commit 817b54aa45db ("evm: add evm_inode_setattr to prevent updating an invalid security.evm"). - Missing security_old_inode_init_security() stub function definition. Caused by commit 9d8f13ba3f48 ("security: new security_inode_init_security API adds function callback"). Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> Merge branch 'next-evm' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/ima-2.6 into next 2011-08-09T00:31:03Z James Morris jmorris@namei.org 2011-08-09T00:31:03Z urn:sha1:5a2f3a02aea164f4f59c0c3497772090a411b462 Conflicts: fs/attr.c Resolve conflict manually. Signed-off-by: James Morris <jmorris@namei.org> ->permission() sanitizing: don't pass flags to exec_permission() 2011-07-20T05:43:29Z Al Viro viro@zeniv.linux.org.uk 2011-06-20T23:48:41Z urn:sha1:eecdd358b467405a084d400d5ec571bbdbfe97a3 pass mask instead; kill security_inode_exec_permission() since we can use security_inode_permission() instead. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> ->permission() sanitizing: don't pass flags to ->inode_permission() 2011-07-20T05:43:26Z Al Viro viro@zeniv.linux.org.uk 2011-06-20T23:38:15Z urn:sha1:e74f71eb78a4a8b9eaf1bc65f20f761648e85f76 pass that via mask instead. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> security: new security_inode_init_security API adds function callback 2011-07-18T16:29:38Z Mimi Zohar zohar@linux.vnet.ibm.com 2011-06-06T19:29:25Z urn:sha1:9d8f13ba3f4833219e50767b022b82cd0da930eb This patch changes the security_inode_init_security API by adding a filesystem specific callback to write security extended attributes. This change is in preparation for supporting the initialization of multiple LSM xattrs and the EVM xattr. Initially the callback function walks an array of xattrs, writing each xattr separately, but could be optimized to write multiple xattrs at once. For existing security_inode_init_security() calls, which have not yet been converted to use the new callback function, such as those in reiserfs and ocfs2, this patch defines security_old_inode_init_security(). Signed-off-by: Mimi Zohar <zohar@us.ibm.com> SECURITY: Move exec_permission RCU checks into security modules 2011-04-22T23:17:29Z Andi Kleen ak@linux.intel.com 2011-04-22T00:23:19Z urn:sha1:8c9e80ed276fc4b9c9fadf29d8bf6b3576112f1a Right now all RCU walks fall back to reference walk when CONFIG_SECURITY is enabled, even though just the standard capability module is active. This is because security_inode_exec_permission unconditionally fails RCU walks. Move this decision to the low level security module. This requires passing the RCU flags down the security hook. This way at least the capability module and a few easy cases in selinux/smack work with RCU walks with CONFIG_SECURITY=y Signed-off-by: Andi Kleen <ak@linux.intel.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>