linux/security/integrity, branch v3.15Linux kernel source treehttps://git.amat.us/linux/atom/security/integrity?h=v3.152014-04-12T21:49:50ZMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs2014-04-12T21:49:50ZLinus Torvaldstorvalds@linux-foundation.org2014-04-12T21:49:50Zurn:sha1:5166701b368caea89d57b14bf41cf39e819dad51
Pull vfs updates from Al Viro:
"The first vfs pile, with deep apologies for being very late in this
window.
Assorted cleanups and fixes, plus a large preparatory part of iov_iter
work. There's a lot more of that, but it'll probably go into the next
merge window - it *does* shape up nicely, removes a lot of
boilerplate, gets rid of locking inconsistencie between aio_write and
splice_write and I hope to get Kent's direct-io rewrite merged into
the same queue, but some of the stuff after this point is having
(mostly trivial) conflicts with the things already merged into
mainline and with some I want more testing.
This one passes LTP and xfstests without regressions, in addition to
usual beating. BTW, readahead02 in ltp syscalls testsuite has started
giving failures since "mm/readahead.c: fix readahead failure for
memoryless NUMA nodes and limit readahead pages" - might be a false
positive, might be a real regression..."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (63 commits)
missing bits of "splice: fix racy pipe->buffers uses"
cifs: fix the race in cifs_writev()
ceph_sync_{,direct_}write: fix an oops on ceph_osdc_new_request() failure
kill generic_file_buffered_write()
ocfs2_file_aio_write(): switch to generic_perform_write()
ceph_aio_write(): switch to generic_perform_write()
xfs_file_buffered_aio_write(): switch to generic_perform_write()
export generic_perform_write(), start getting rid of generic_file_buffer_write()
generic_file_direct_write(): get rid of ppos argument
btrfs_file_aio_write(): get rid of ppos
kill the 5th argument of generic_file_buffered_write()
kill the 4th argument of __generic_file_aio_write()
lustre: don't open-code kernel_recvmsg()
ocfs2: don't open-code kernel_recvmsg()
drbd: don't open-code kernel_recvmsg()
constify blk_rq_map_user_iov() and friends
lustre: switch to kernel_sendmsg()
ocfs2: don't open-code kernel_sendmsg()
take iov_iter stuff to mm/iov_iter.c
process_vm_access: tidy up a bit
...
Merge git://git.infradead.org/users/eparis/audit2014-04-12T19:38:53ZLinus Torvaldstorvalds@linux-foundation.org2014-04-12T19:38:53Zurn:sha1:0b747172dce6e0905ab173afbaffebb7a11d89bd
Pull audit updates from Eric Paris.
* git://git.infradead.org/users/eparis/audit: (28 commits)
AUDIT: make audit_is_compat depend on CONFIG_AUDIT_COMPAT_GENERIC
audit: renumber AUDIT_FEATURE_CHANGE into the 1300 range
audit: do not cast audit_rule_data pointers pointlesly
AUDIT: Allow login in non-init namespaces
audit: define audit_is_compat in kernel internal header
kernel: Use RCU_INIT_POINTER(x, NULL) in audit.c
sched: declare pid_alive as inline
audit: use uapi/linux/audit.h for AUDIT_ARCH declarations
syscall_get_arch: remove useless function arguments
audit: remove stray newline from audit_log_execve_info() audit_panic() call
audit: remove stray newlines from audit_log_lost messages
audit: include subject in login records
audit: remove superfluous new- prefix in AUDIT_LOGIN messages
audit: allow user processes to log from another PID namespace
audit: anchor all pid references in the initial pid namespace
audit: convert PPIDs to the inital PID namespace.
pid: get pid_t ppid of task in init_pid_ns
audit: rename the misleading audit_get_context() to audit_take_context()
audit: Add generic compat syscall support
audit: Add CONFIG_HAVE_ARCH_AUDITSYSCALL
...
get rid of pointless checks for NULL ->i_op2014-04-02T03:19:16ZAl Viroviro@zeniv.linux.org.uk2014-02-01T09:43:32Zurn:sha1:627bf81ac625f05060db033a0f3791521ad7bd79
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
audit: anchor all pid references in the initial pid namespace2014-03-20T14:11:55ZRichard Guy Briggsrgb@redhat.com2013-12-11T18:52:26Zurn:sha1:f1dc4867ff41b7bcca57fa19449d1fe7ad517ac1
Store and log all PIDs with reference to the initial PID namespace and
use the access functions task_pid_nr() and task_tgid_nr() for task->pid
and task->tgid.
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
(informed by ebiederman's c776b5d2)
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
evm: enable key retention service automatically2014-03-07T17:15:49ZDmitry Kasatkind.kasatkin@samsung.com2014-02-28T12:18:09Zurn:sha1:a3aef94b312ec51b5dfc199ef884924e60ad1b75
If keys are not enabled, EVM is not visible in the configuration menu.
It may be difficult to figure out what to do unless you really know.
Other subsystems as NFS, CIFS select keys automatically. This patch does
the same.
This patch also removes '(TRUSTED_KEYS=y || TRUSTED_KEYS=n)' dependency,
which is unnecessary. EVM does not depend on trusted keys, but on
encrypted keys. evm.h provides compile time dependency.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
ima: skip memory allocation for empty files2014-03-07T17:15:48ZDmitry Kasatkind.kasatkin@samsung.com2014-02-27T18:16:47Zurn:sha1:1d91ac6213003f525ac34da5e39cbb6612d19deb
Memory allocation is unnecessary for empty files.
This patch calculates the hash without memory allocation.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
evm: EVM does not use MD52014-03-07T17:15:47ZDmitry Kasatkind.kasatkin@samsung.com2014-02-26T15:47:46Zurn:sha1:e0420039b643a832231028000a5c0d7358b14f3b
EVM does not use MD5 HMAC. Selection of CRYPTO_MD5 can be safely removed.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
ima: return d_name.name if d_path fails2014-03-07T17:15:46ZDmitry Kasatkind.kasatkin@samsung.com2013-11-13T20:23:20Zurn:sha1:61997c4383c28fe93fb053295562ff6482ef5c07
This is a small refactoring so ima_d_path() returns dentry name
if path reconstruction fails. It simplifies callers actions
and removes code duplication.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
integrity: fix checkpatch errors2014-03-07T17:15:45ZDmitry Kasatkind.kasatkin@samsung.com2014-03-04T16:04:20Zurn:sha1:2bb930abcf39d8be243ddb4583cf013ea2a750d6
Between checkpatch changes (eg. sizeof) and inconsistencies between
Lindent and checkpatch, unfixed checkpatch errors make it difficult
to see new errors. This patch fixes them. Some lines with over 80 chars
remained unchanged to improve code readability.
The "extern" keyword is removed from internal evm.h to make it consistent
with internal ima.h.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
ima: fix erroneous removal of security.ima xattr2014-03-07T17:15:44ZDmitry Kasatkind.kasatkin@samsung.com2013-11-13T21:42:39Zurn:sha1:09b1148ef59c93d292a3355c00e9b5779b2ecad0
ima_inode_post_setattr() calls ima_must_appraise() to check if the
file needs to be appraised. If it does not then it removes security.ima
xattr. With original policy matching code it might happen that even
file needs to be appraised with FILE_CHECK hook, it might not be
for POST_SETATTR hook. 'security.ima' might be erronously removed.
This patch treats POST_SETATTR as special wildcard function and will
cause ima_must_appraise() to be true if any of the hooks rules matches.
security.ima will not be removed if any of the hooks would require
appraisal.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>