user/sven/linux.git/security/capability.c, branch v3.8-rc4 Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.8-rc4 2012-12-14T02:35:24Z security: introduce kernel_module_from_file hook 2012-12-14T02:35:24Z Kees Cook keescook@chromium.org 2012-10-15T21:02:07Z urn:sha1:2e72d51b4ac32989496870cd8171b3682fea1839 Now that kernel module origins can be reasoned about, provide a hook to the LSMs to make policy decisions about the module file. This will let Chrome OS enforce that loadable kernel modules can only come from its read-only hash-verified root filesystem. Other LSMs can, for example, read extended attributes for signatures, etc. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: Eric Paris <eparis@redhat.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> consitify do_mount() arguments 2012-10-12T00:02:04Z Al Viro viro@zeniv.linux.org.uk 2012-10-11T15:42:01Z urn:sha1:808d4e3cfdcc52b19276175464f6dbca4df13b09 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> userns: Teach security_path_chown to take kuids and kgids 2012-09-21T10:13:25Z Eric W. Biederman ebiederm@xmission.com 2012-06-01T22:14:19Z urn:sha1:d2b31ca644fdc8704de3367a6a56a5c958c77f53 Don't make the security modules deal with raw user space uid and gids instead pass in a kuid_t and a kgid_t so that security modules only have to deal with internal kernel uids and gids. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: James Morris <james.l.morris@oracle.com> Cc: John Johansen <john.johansen@canonical.com> Cc: Kentaro Takeda <takedakn@nttdata.co.jp> Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> split ->file_mmap() into ->mmap_addr()/->mmap_file() 2012-05-31T17:11:54Z Al Viro viro@zeniv.linux.org.uk 2012-05-30T17:30:51Z urn:sha1:e5467859f7f79b69fc49004403009dfdba3bec53 ... i.e. file-dependent and address-dependent checks. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> SELinux: rename dentry_open to file_open 2012-04-09T16:22:50Z Eric Paris eparis@redhat.com 2012-04-04T17:45:40Z urn:sha1:83d498569e9a7a4b92c4c5d3566f2d6a604f28c9 dentry_open takes a file, rename it to file_open Signed-off-by: Eric Paris <eparis@redhat.com> security: create task_free security callback 2012-02-09T22:14:51Z Kees Cook keescook@chromium.org 2011-12-21T20:17:03Z urn:sha1:1a2a4d06e1e95260c470ebe3a945f61bbe8c1fd8 The current LSM interface to cred_free is not sufficient for allowing an LSM to track the life and death of a task. This patch adds the task_free hook so that an LSM can clean up resources on task death. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <jmorris@namei.org> Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security 2012-01-15T02:36:33Z Linus Torvalds torvalds@linux-foundation.org 2012-01-15T02:36:33Z urn:sha1:c49c41a4134679cecb77362e7f6b59acb6320aa7 * 'for-linus' of git://selinuxproject.org/~jmorris/linux-security: capabilities: remove __cap_full_set definition security: remove the security_netlink_recv hook as it is equivalent to capable() ptrace: do not audit capability check when outputing /proc/pid/stat capabilities: remove task_ns_* functions capabitlies: ns_capable can use the cap helpers rather than lsm call capabilities: style only - move capable below ns_capable capabilites: introduce new has_ns_capabilities_noaudit capabilities: call has_ns_capability from has_capability capabilities: remove all _real_ interfaces capabilities: introduce security_capable_noaudit capabilities: reverse arguments to security_capable capabilities: remove the task from capable LSM hook entirely selinux: sparse fix: fix several warnings in the security server cod selinux: sparse fix: fix warnings in netlink code selinux: sparse fix: eliminate warnings for selinuxfs selinux: sparse fix: declare selinux_disable() in security.h selinux: sparse fix: move selinux_complete_init selinux: sparse fix: make selinux_secmark_refcount static SELinux: Fix RCU deref check warning in sel_netport_insert() Manually fix up a semantic mis-merge wrt security_netlink_recv(): - the interface was removed in commit fd7784615248 ("security: remove the security_netlink_recv hook as it is equivalent to capable()") - a new user of it appeared in commit a38f7907b926 ("crypto: Add userspace configuration API") causing no automatic merge conflict, but Eric Paris pointed out the issue. switch security_path_chmod() to struct path * 2012-01-07T04:16:53Z Al Viro viro@zeniv.linux.org.uk 2011-12-08T15:51:53Z urn:sha1:cdcf116d44e78c7216ba9f8be9af1cdfca7af728 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> security: remove the security_netlink_recv hook as it is equivalent to capable() 2012-01-05T23:53:01Z Eric Paris eparis@redhat.com 2012-01-03T17:25:16Z urn:sha1:fd778461524849afd035679030ae8e8873c72b81 Once upon a time netlink was not sync and we had to get the effective capabilities from the skb that was being received. Today we instead get the capabilities from the current task. This has rendered the entire purpose of the hook moot as it is now functionally equivalent to the capable() call. Signed-off-by: Eric Paris <eparis@redhat.com> switch ->path_mknod() to umode_t 2012-01-04T03:55:19Z Al Viro viro@zeniv.linux.org.uk 2011-11-21T19:58:38Z urn:sha1:04fc66e789a896e684bfdca30208e57eb832dd96 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>