Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v3.18.15 2014-04-23T01:42:27+00:00 2014-04-23T01:42:27+00:00 Richard Guy Briggs rgb@redhat.com 2014-04-23T01:31:56+00:00 urn:sha1:3a101b8de0d39403b2c7e5c23fd0b005668acf48 Register a netlink per-protocol bind fuction for audit to check userspace process capabilities before allowing a multicast group connection. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-01-14T23:16:59+00:00 Paul Moore pmoore@redhat.com 2013-01-14T07:12:13+00:00 urn:sha1:6f96c142f77c96a34ac377a3616ee7abcd77fb4d Add a new permission to align with the new TUN multiqueue support, "tun_socket:attach_queue". The corresponding SELinux reference policy patch is show below: diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors index 28802c5..a0664a1 100644 --- a/policy/flask/access_vectors +++ b/policy/flask/access_vectors @@ -827,6 +827,9 @@ class kernel_service class tun_socket inherits socket +{ + attach_queue +} class x_pointer inherits x_device Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: Eric Paris <eparis@parisplace.org> Tested-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-07-18T20:42:44+00:00 Linus Torvalds torvalds@linux-foundation.org 2012-07-18T20:42:44+00:00 urn:sha1:e2f3b78557ff11f58d836e016900c3210f4fb1c1 Pull SELinux regression fixes from James Morris. Andrew Morton has a box that hit that open perms problem. I also renamed the "epollwakeup" selinux name for the new capability to be "block_suspend", to match the rename done by commit d9914cf66181 ("PM: Rename CAP_EPOLLWAKEUP to CAP_BLOCK_SUSPEND"). * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: SELinux: do not check open perms if they are not known to policy SELinux: include definition of new capabilities 2012-07-16T01:40:31+00:00 Eric Paris eparis@redhat.com 2012-07-06T18:13:29+00:00 urn:sha1:64919e60915c5151b3dd4c8d2d9237a115ca990c The kernel has added CAP_WAKE_ALARM and CAP_EPOLLWAKEUP. We need to define these in SELinux so they can be mediated by policy. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2011-03-03T20:19:43+00:00 Harry Ciao qingtao.cao@windriver.com 2011-03-02T05:46:08+00:00 urn:sha1:4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad The security_is_socket_class() is auto-generated by genheaders based on classmap.h to reduce maintenance effort when a new class is defined in SELinux kernel. The name for any socket class should be suffixed by "socket" and doesn't contain more than one substr of "socket". Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> 2011-02-25T20:40:00+00:00 Eric Paris eparis@redhat.com 2011-02-25T20:39:20+00:00 urn:sha1:47ac19ea429aee561f66e9cd05b908e8ffbc498a These permissions are not used and can be dropped in the kernel definitions. Suggested-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> 2010-11-28T21:35:12+00:00 Serge E. Hallyn serge@hallyn.com 2010-11-25T17:11:32+00:00 urn:sha1:ce6ada35bdf710d16582cc4869c26722547e6f11 Privileged syslog operations currently require CAP_SYS_ADMIN. Split this off into a new CAP_SYSLOG privilege which we can sanely take away from a container through the capability bounding set. With this patch, an lxc container can be prevented from messing with the host's syslog (i.e. dmesg -c). Changelog: mar 12 2010: add selinux capability2:cap_syslog perm Changelog: nov 22 2010: . port to new kernel . add a WARN_ONCE if userspace isn't using CAP_SYSLOG Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Andrew G. Morgan <morgan@kernel.org> Acked-By: Kees Cook <kees.cook@canonical.com> Cc: James Morris <jmorris@namei.org> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: "Christopher J. PeBenito" <cpebenito@tresys.com> Cc: Eric Paris <eparis@parisplace.org> Signed-off-by: James Morris <jmorris@namei.org> 2010-10-20T23:12:58+00:00 Eric Paris eparis@redhat.com 2010-10-13T21:50:25+00:00 urn:sha1:cee74f47a6baba0ac457e87687fdcf0abd599f0a There is interest in being able to see what the actual policy is that was loaded into the kernel. The patch creates a new selinuxfs file /selinux/policy which can be read by userspace. The actual policy that is loaded into the kernel will be written back out to userspace. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> 2010-08-02T05:35:09+00:00 Eric Paris eparis@redhat.com 2010-07-23T15:44:15+00:00 urn:sha1:b424485abe2b16580a178b469917a7b6ee0c152a execmod "could" show up on non regular files and non chr files. The current implementation would actually make these checks against non-existant bits since the code assumes the execmod permission is same for all file types. To make this line up for chr files we had to define execute_no_trans and entrypoint permissions. These permissions are unreachable and only existed to to make FILE__EXECMOD and CHR_FILE__EXECMOD the same. This patch drops those needless perms as well. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> 2010-08-02T05:35:08+00:00 Eric Paris eparis@redhat.com 2010-07-23T15:44:09+00:00 urn:sha1:49b7b8de46d293113a0a0bb026ff7bd833c73367 kernel can dynamically remap perms. Drop the open lookup table and put open in the common file perms. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>