Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.9.134 2016-08-19T00:01:15+00:00 2016-08-19T00:01:15+00:00 William Roberts william.c.roberts@intel.com 2016-08-15T19:42:12+00:00 urn:sha1:348a0db9e69e4c214bf5d7677f17cb99cdc47db0 Remove the SECURITY_SELINUX_POLICYDB_VERSION_MAX Kconfig option Per: https://github.com/SELinuxProject/selinux/wiki/Kernel-Todo This was only needed on Fedora 3 and 4 and just causes issues now, so drop it. The MAX and MIN should just be whatever the kernel can support. Signed-off-by: William Roberts <william.c.roberts@intel.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2016-06-27T19:06:16+00:00 Huw Davies huw@codeweavers.com 2016-06-27T19:06:16+00:00 urn:sha1:a04e71f631fa3d2fd2aa0404c11484739d1e9073 This makes it possible to route the error to the appropriate labelling engine. CALIPSO is far less verbose than CIPSO when encountering a bogus packet, so there is no need for a CALIPSO error handler. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2016-04-26T19:41:43+00:00 Stephen Smalley sds@tycho.nsa.gov 2016-04-08T17:52:00+00:00 urn:sha1:8e4ff6f228e4722cac74db716e308d1da33d744f Distinguish capability checks against a target associated with the init user namespace versus capability checks against a target associated with a non-init user namespace by defining and using separate security classes for the latter. This is needed to support e.g. Chrome usage of user namespaces for the Chrome sandbox without needing to allow Chrome to also exercise capabilities on targets in the init user namespace. Suggested-by: Dan Walsh <dwalsh@redhat.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com> 2016-04-14T15:24:50+00:00 Prarit Bhargava prarit@redhat.com 2016-04-14T14:40:57+00:00 urn:sha1:0fd71a620be8648486a126fccadf9f7c2a818676 security_get_bool_value(int bool) argument "bool" conflicts with in-kernel macros such as BUILD_BUG(). This patch changes this to index which isn't a type. Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Eric Paris <eparis@parisplace.org> Cc: James Morris <james.l.morris@oracle.com> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Andrew Perepechko <anserper@ya.ru> Cc: Jeff Vander Stoep <jeffv@google.com> Cc: selinux@tycho.nsa.gov Cc: Eric Paris <eparis@redhat.com> Cc: Paul Moore <pmoore@redhat.com> Cc: David Howells <dhowells@redhat.com> Signed-off-by: Prarit Bhargava <prarit@redhat.com> Acked-by: David Howells <dhowells@redhat.com> [PM: wrapped description for checkpatch.pl, use "selinux:..." as subj] Signed-off-by: Paul Moore <paul@paul-moore.com> 2016-04-05T20:11:56+00:00 Jeff Vander Stoep jeffv@google.com 2016-04-05T20:06:27+00:00 urn:sha1:61d612ea731e57dc510472fb746b55cdc017f371 Utilize existing kernel_read_file hook on kernel module load. Add module_load permission to the system class. Enforces restrictions on kernel module origin when calling the finit_module syscall. The hook checks that source type has permission module_load for the target type. Example for finit_module: allow foo bar_file:system module_load; Similarly restrictions are enforced on kernel module loading when calling the init_module syscall. The hook checks that source type has permission module_load with itself as the target object because the kernel module is sourced from the calling process. Example for init_module: allow foo foo:system module_load; Signed-off-by: Jeff Vander Stoep <jeffv@google.com> [PM: fixed return value of selinux_kernel_read_file()] Signed-off-by: Paul Moore <paul@paul-moore.com> 2016-04-05T20:10:55+00:00 Paul Moore paul@paul-moore.com 2016-03-28T19:16:53+00:00 urn:sha1:4b57d6bcd94034e2eb168bdec2474e3b2b848e44 There really is no need for LABEL_MISSING as we really only care if the inode's label is INVALID or INITIALIZED. Also adjust the revalidate code to reload the label whenever the label is not INITIALIZED so we are less sensitive to label state in the future. Signed-off-by: Paul Moore <paul@paul-moore.com> 2015-12-24T16:09:41+00:00 Andrew Perepechko anserper@ya.ru 2015-12-24T16:09:41+00:00 urn:sha1:f9df6458218f4fe8a1c3bf0af89c1fa9eaf0db39 Make validatetrans decisions available through selinuxfs. "/validatetrans" is added to selinuxfs for this purpose. This functionality is needed by file system servers implemented in userspace or kernelspace without the VFS layer. Writing "$oldcontext $newcontext $tclass $taskcontext" to /validatetrans is expected to return 0 if the transition is allowed and -EPERM otherwise. Signed-off-by: Andrew Perepechko <anserper@ya.ru> CC: andrew.perepechko@seagate.com Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com> 2015-12-24T16:09:40+00:00 Andreas Gruenbacher agruenba@redhat.com 2015-12-24T16:09:40+00:00 urn:sha1:6f3be9f562e3027c77bc4482ccf2cea8600a7f74 Add a hook to invalidate an inode's security label when the cached information becomes invalid. Add the new hook in selinux: set a flag when a security label becomes invalid. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Reviewed-by: James Morris <james.l.morris@oracle.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com> 2015-10-21T21:44:25+00:00 Rasmus Villemoes linux@rasmusvillemoes.dk 2015-10-21T21:44:25+00:00 urn:sha1:44be2f65d979291ffb2a47112449507ffe1f9726 There seems to be a little confusion as to whether the scontext_len parameter of security_context_to_sid() includes the nul-byte or not. Reading security_context_to_sid_core(), it seems that the expectation is that it does not (both the string copying and the test for scontext_len being zero hint at that). Introduce the helper security_context_str_to_sid() to do the strlen() call and fix all callers. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com> 2015-08-15T03:29:57+00:00 James Morris james.l.morris@oracle.com 2015-08-15T03:29:57+00:00 urn:sha1:3e5f206c00f73f535c914eedc8b91f424c5a14ab