aboutsummaryrefslogtreecommitdiffstats
path: root/security
Commit message (Collapse)AuthorAgeFilesLines
...
* | security: remove dead hook sb_post_pivotrootEric Paris2010-04-122-10/+0
| | | | | | | | | | | | | | Unused hook. Remove. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
* | security: remove dead hook sb_post_addmountEric Paris2010-04-122-10/+0
| | | | | | | | | | | | | | Unused hook. Remove. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
* | security: remove dead hook sb_post_remountEric Paris2010-04-122-11/+0
| | | | | | | | | | | | | | Unused hook. Remove. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
* | security: remove dead hook sb_umount_busyEric Paris2010-04-122-10/+0
| | | | | | | | | | | | | | Unused hook. Remove. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
* | security: remove dead hook sb_umount_closeEric Paris2010-04-122-10/+0
| | | | | | | | | | | | | | Unused hook. Remove. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
* | security: remove sb_check_sb hooksEric Paris2010-04-122-11/+0
| | | | | | | | | | | | | | Unused hook. Remove it. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
* | Security: Fix coding style in security/wzt.wzt@gmail.com2010-04-094-31/+31
| | | | | | | | | | | | | | Fix coding style in security/ Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: James Morris <jmorris@namei.org>
* | SMACK: remove dead cred_commit hookEric Paris2010-04-081-10/+0
| | | | | | | | | | | | | | | | This is an unused hook in SMACK so remove it. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <jmorris@namei.org>
* | selinux: always call sk_security_struct sksecEric Paris2010-04-083-36/+36
| | | | | | | | | | | | | | | | trying to grep everything that messes with a sk_security_struct isn't easy since we don't always call it sksec. Just rename everything sksec. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
* | Merge branch 'master' into nextJames Morris2010-03-314-23/+9
|\ \ | |/
| * tomoyo: fix potential use after freeDan Carpenter2010-03-151-0/+1
| | | | | | | | | | | | | | | | | | The original code returns a freed pointer. This function is expected to return NULL on errors. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
| * Merge branch 'for-next' into for-linusJiri Kosina2010-03-081-3/+3
| |\ | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: Documentation/filesystems/proc.txt arch/arm/mach-u300/include/mach/debug-macro.S drivers/net/qlge/qlge_ethtool.c drivers/net/qlge/qlge_main.c drivers/net/typhoon.c
| | * fix comment typos in avc.cJustin P. Mattock2010-02-051-3/+3
| | | | | | | | | | | | | | | Signed-off-by: Justin P. Mattock <justinmattock@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
| * | Merge branch 'for-linus' of ↵Linus Torvalds2010-03-042-20/+5
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: (52 commits) init: Open /dev/console from rootfs mqueue: fix typo "failues" -> "failures" mqueue: only set error codes if they are really necessary mqueue: simplify do_open() error handling mqueue: apply mathematics distributivity on mq_bytes calculation mqueue: remove unneeded info->messages initialization mqueue: fix mq_open() file descriptor leak on user-space processes fix race in d_splice_alias() set S_DEAD on unlink() and non-directory rename() victims vfs: add NOFOLLOW flag to umount(2) get rid of ->mnt_parent in tomoyo/realpath hppfs can use existing proc_mnt, no need for do_kern_mount() in there Mirror MS_KERNMOUNT in ->mnt_flags get rid of useless vfsmount_lock use in put_mnt_ns() Take vfsmount_lock to fs/internal.h get rid of insanity with namespace roots in tomoyo take check for new events in namespace (guts of mounts_poll()) to namespace.c Don't mess with generic_permission() under ->d_lock in hpfs sanitize const/signedness for udf nilfs: sanitize const/signedness in dealing with ->d_name.name ... Fix up fairly trivial (famous last words...) conflicts in drivers/infiniband/core/uverbs_main.c and security/tomoyo/realpath.c
| | * | get rid of ->mnt_parent in tomoyo/realpathAl Viro2010-03-031-1/+1
| | | | | | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| | * | get rid of insanity with namespace roots in tomoyoAl Viro2010-03-031-19/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | passing *any* namespace root to __d_path() as root is equivalent to just passing it {NULL, NULL}; no need to bother with finding the root of our namespace in there. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| | * | fix mnt_mountpoint abuse in smackAl Viro2010-03-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (mnt,mnt_mountpoint) pair is conceptually wrong; if you want to use it for generating pathname and for nothing else *and* if you know that vfsmount tree is unchanging, you can get away with that, but the right solution for that is (mnt,mnt_root). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | | SELinux: Reduce max avtab size to avoid page allocation failuresStephen Smalley2010-03-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reduce MAX_AVTAB_HASH_BITS so that the avtab allocation is an order 2 allocation rather than an order 4 allocation on x86_64. This addresses reports of page allocation failures: http://marc.info/?l=selinux&m=126757230625867&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=570433 Reported-by: Russell Coker <russell@coker.com.au> Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
* | | | security/ima: replace gcc specific __FUNCTION__ with __func__H Hartley Sweeten2010-03-102-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As noted by checkpatch.pl, __func__ should be used instead of gcc specific __FUNCTION__. Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com> Signed-off-by: James Morris <jmorris@namei.org>
* | | | Security: key: keyring: fix some code style issuesChihau Chau2010-03-101-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes to include <linux/uaccess.h> instead <asm/uaccess.h> and some code style issues like to put a else sentence below close brace '}' and to replace a tab instead of some space characters. Signed-off-by: Chihau Chau <chihau@gmail.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
* | | | Merge branch 'next-queue' into nextJames Morris2010-03-099-18/+9
|\ \ \ \ | |/ / / |/| | |
| * | | selinux: const strings in tablesStephen Hemminger2010-03-083-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Several places strings tables are used that should be declared const. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | Security: Fix some coding styles in security/keys/keyring.cwzt.wzt@gmail.com2010-03-051-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix some coding styles in security/keys/keyring.c Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | Selinux: Remove unused headers skbuff.h in selinux/nlmsgtab.cwzt.wzt@gmail.com2010-03-041-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | skbuff.h is already included by netlink.h, so remove it. Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | Selinux: Remove unused headers slab.h in selinux/ss/symtab.cwzt.wzt@gmail.com2010-03-031-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | slab.h is unused in symtab.c, so remove it. Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | Selinux: Remove unused headers list.h in selinux/netlink.cwzt.wzt@gmail.com2010-03-031-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | list.h is unused in netlink.c, so remove it. Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | TOMOYO: Remove unused variables.Tetsuo Handa2010-03-031-7/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Variable "atmark" is currently unused. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
| * | | Security: Add __init to register_security to disable load a security module ↵wzt.wzt@gmail.com2010-03-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | on runtime LSM framework doesn't allow to load a security module on runtime, it must be loaded on boot time. but in security/security.c: int register_security(struct security_operations *ops) { ... if (security_ops != &default_security_ops) return -EAGAIN; ... } if security_ops == &default_security_ops, it can access to register a security module. If selinux is enabled, other security modules can't register, but if selinux is disabled on boot time, the security_ops was set to default_security_ops, LSM allows other kernel modules to use register_security() to register a not trust security module. For example: disable selinux on boot time(selinux=0). #include <linux/kernel.h> #include <linux/module.h> #include <linux/init.h> #include <linux/version.h> #include <linux/string.h> #include <linux/list.h> #include <linux/security.h> MODULE_LICENSE("GPL"); MODULE_AUTHOR("wzt"); extern int register_security(struct security_operations *ops); int (*new_register_security)(struct security_operations *ops); int rootkit_bprm_check_security(struct linux_binprm *bprm) { return 0; } struct security_operations rootkit_ops = { .bprm_check_security = rootkit_bprm_check_security, }; static int rootkit_init(void) { printk("Load LSM rootkit module.\n"); /* cat /proc/kallsyms | grep register_security */ new_register_security = 0xc0756689; if (new_register_security(&rootkit_ops)) { printk("Can't register rootkit module.\n"); return 0; } printk("Register rootkit module ok.\n"); return 0; } static void rootkit_exit(void) { printk("Unload LSM rootkit module.\n"); } module_init(rootkit_init); module_exit(rootkit_exit); Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: James Morris <jmorris@namei.org>
* | | | Merge branch 'next' into for-linusJames Morris2010-03-0125-1665/+1937
|\ \ \ \ | |/ / / |/| | |
| * | | SELinux: Make selinux_kernel_create_files_as() shouldn't just always return 0David Howells2010-02-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make selinux_kernel_create_files_as() return an error when it gets one, rather than unconditionally returning 0. Without this, cachefiles doesn't return an error if the SELinux policy doesn't let it create files with the label of the directory at the base of the cache. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | TOMOYO: Protect find_task_by_vpid() with RCU.Tetsuo Handa2010-02-261-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Holding tasklist_lock is no longer sufficient for find_task_by_vpid(). Explicit rcu_read_lock() is required. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> -- security/tomoyo/common.c | 4 ++++ 1 file changed, 4 insertions(+) Signed-off-by: James Morris <jmorris@namei.org>
| * | | Security: add static to security_ops and default_security_ops variablewzt.wzt@gmail.com2010-02-243-18/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enhance the security framework to support resetting the active security module. This eliminates the need for direct use of the security_ops and default_security_ops variables outside of security.c, so make security_ops and default_security_ops static. Also remove the secondary_ops variable as a cleanup since there is no use for that. secondary_ops was originally used by SELinux to call the "secondary" security module (capability or dummy), but that was replaced by direct calls to capability and the only remaining use is to save and restore the original security ops pointer value if SELinux is disabled by early userspace based on /etc/selinux/config. Further, if we support this directly in the security framework, then we can just use &default_security_ops for this purpose since that is now available. Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
| * | | selinux: libsepol: remove dead code in check_avtab_hierarchy_callback()KaiGai Kohei2010-02-221-4/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch revert the commit of 7d52a155e38d5a165759dbbee656455861bf7801 which removed a part of type_attribute_bounds_av as a dead code. However, at that time, we didn't find out the target side boundary allows to handle some of pseudo /proc/<pid>/* entries with its process's security context well. Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> -- security/selinux/ss/services.c | 43 ++++++++++++++++++++++++++++++++++++--- 1 files changed, 39 insertions(+), 4 deletions(-) Signed-off-by: James Morris <jmorris@namei.org>
| * | | TOMOYO: Remove __func__ from tomoyo_is_correct_path/domainTetsuo Handa2010-02-174-32/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | __func__ is used for only debug printk(). We can remove it. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
| * | | security: fix a couple of sparse warningsJames Morris2010-02-161-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a couple of sparse warnings for callers of context_struct_to_string, which takes a *u32, not an *int. These cases are harmless as the values are not used. Signed-off-by: James Morris <jmorris@namei.org> Acked-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
| * | | TOMOYO: Remove unneeded parameter.Tetsuo Handa2010-02-163-38/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tomoyo_path_perm() tomoyo_path2_perm() and tomoyo_check_rewrite_permission() always receive tomoyo_domain(). We can move it from caller to callee. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
| * | | TOMOYO: Use shorter names.Tetsuo Handa2010-02-165-299/+250
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use shorter name to reduce newlines needed for 80 columns limit. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
| * | | TOMOYO: Use enum for index numbers.Tetsuo Handa2010-02-161-45/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use enum to declare index numbers. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
| * | | TOMOYO: Add garbage collector.Tetsuo Handa2010-02-157-54/+436
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds garbage collector support to TOMOYO. Elements are protected by "struct srcu_struct tomoyo_ss". Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | TOMOYO: Add refcounter on domain structure.Tetsuo Handa2010-02-153-16/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add refcounter to "struct tomoyo_domain_info" since garbage collector needs to determine whether this struct is referred by "struct cred"->security or not. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | TOMOYO: Merge headers.Tetsuo Handa2010-02-158-397/+351
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Gather structures and constants scattered around security/tomoyo/ directory. This is for preparation for adding garbage collector since garbage collector needs to know structures and constants which TOMOYO uses. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | TOMOYO: Add refcounter on string data.Tetsuo Handa2010-02-155-40/+77
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add refcounter to "struct tomoyo_name_entry" and replace tomoyo_save_name() with tomoyo_get_name()/tomoyo_put_name() pair so that we can kfree() when garbage collector is added. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | TOMOYO: Reduce lines by using common path for addition and deletion.Tetsuo Handa2010-02-113-226/+183
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since the codes for adding an entry and removing an entry are similar, we can save some lines by using "if (is_delete) { ... } else { ... }" branches. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | selinux: fix memory leak in sel_make_boolsXiaotian Feng2010-02-091-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In sel_make_bools, kernel allocates memory for bool_pending_names[i] with security_get_bools. So if we just free bool_pending_names, those memories for bool_pending_names[i] will be leaked. This patch resolves dozens of following kmemleak report after resuming from suspend: unreferenced object 0xffff88022e4c7380 (size 32): comm "init", pid 1, jiffies 4294677173 backtrace: [<ffffffff810f76b5>] create_object+0x1a2/0x2a9 [<ffffffff810f78bb>] kmemleak_alloc+0x26/0x4b [<ffffffff810ef3eb>] __kmalloc+0x18f/0x1b8 [<ffffffff811cd511>] security_get_bools+0xd7/0x16f [<ffffffff811c48c0>] sel_write_load+0x12e/0x62b [<ffffffff810f9a39>] vfs_write+0xae/0x10b [<ffffffff810f9b56>] sys_write+0x4a/0x6e [<ffffffff81011b82>] system_call_fastpath+0x16/0x1b [<ffffffffffffffff>] 0xffffffffffffffff Signed-off-by: Xiaotian Feng <dfeng@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | TOMOYO: Extract bitfieldTetsuo Handa2010-02-084-96/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since list elements are rounded up to kmalloc() size rather than sizeof(int), saving one byte by using bitfields is no longer helpful. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | syslog: clean up needless commentKees Cook2010-02-051-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop my typoed comment as it is both unhelpful and redundant. Signed-off-by: Kees Cook <kees.cook@canonical.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | syslog: use defined constants instead of raw numbersKees Cook2010-02-042-12/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Right now the syslog "type" action are just raw numbers which makes the source difficult to follow. This patch replaces the raw numbers with defined constants for some level of sanity. Signed-off-by: Kees Cook <kees.cook@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | syslog: distinguish between /proc/kmsg and syscallsKees Cook2010-02-044-7/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows the LSM to distinguish between syslog functions originating from /proc/kmsg access and direct syscalls. By default, the commoncaps will now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg file descriptor. For example the kernel syslog reader can now drop privileges after opening /proc/kmsg, instead of staying privileged with CAP_SYS_ADMIN. MAC systems that implement security_syslog have unchanged behavior. Signed-off-by: Kees Cook <kees.cook@canonical.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | selinux: allow MLS->non-MLS and vice versa upon policy reloadGuido Trentalancia2010-02-049-59/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow runtime switching between different policy types (e.g. from a MLS/MCS policy to a non-MLS/non-MCS policy or viceversa). Signed-off-by: Guido Trentalancia <guido@trentalancia.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
| * | | selinux: load the initial SIDs upon every policy loadGuido Trentalancia2010-02-041-4/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Always load the initial SIDs, even in the case of a policy reload and not just at the initial policy load. This comes particularly handy after the introduction of a recent patch for enabling runtime switching between different policy types, although this patch is in theory independent from that feature. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>