linux/security/smack, branch v3.4

Smack: move label list initialization

2012-04-18T02:02:28Z

A kernel with Smack enabled will fail if tmpfs has xattr support. Move the initialization of predefined Smack label list entries to the LSM initialization from the smackfs setup. This became an issue when tmpfs acquired xattr support, but was never correct. Signed-off-by: Casey Schaufler Signed-off-by: James Morris

Smack: build when CONFIG_AUDIT not defined

2012-04-10T23:14:40Z

This fixes builds where CONFIG_AUDIT is not defined and CONFIG_SECURITY_SMACK=y. This got introduced by the stack-usage reducation commit 48c62af68a40 ("LSM: shrink the common_audit_data data union"). Signed-off-by: Kees Cook Acked-by: Eric Paris Signed-off-by: Linus Torvalds

lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data'

2012-04-03T16:49:59Z

It just bloats the audit data structure for no good reason, since the only time those fields are filled are just before calling the common_lsm_audit() function, which is also the only user of those fields. So just make them be the arguments to common_lsm_audit(), rather than bloating that structure that is passed around everywhere, and is initialized in hot paths. Signed-off-by: Linus Torvalds

LSM: shrink the common_audit_data data union

2012-04-03T16:49:10Z

After shrinking the common_audit_data stack usage for private LSM data I'm not going to shrink the data union. To do this I'm going to move anything larger than 2 void * ptrs to it's own structure and require it to be declared separately on the calling stack. Thus hot paths which don't need more than a couple pointer don't have to declare space to hold large unneeded structures. I could get this down to one void * by dealing with the key struct and the struct path. We'll see if that is helpful after taking care of networking. Signed-off-by: Eric Paris Signed-off-by: Linus Torvalds

LSM: shrink sizeof LSM specific portion of common_audit_data

2012-04-03T16:48:40Z

Linus found that the gigantic size of the common audit data caused a big perf hit on something as simple as running stat() in a loop. This patch requires LSMs to declare the LSM specific portion separately rather than doing it in a union. Thus each LSM can be responsible for shrinking their portion and don't have to pay a penalty just because other LSMs have a bigger space requirement. Signed-off-by: Eric Paris Signed-off-by: Linus Torvalds

security: trim security.h

2012-02-13T23:45:42Z

Trim security.h Signed-off-by: Al Viro Signed-off-by: James Morris

vfs: prefer ->dentry->d_sb to ->mnt->mnt_sb

2012-01-07T04:16:53Z

Signed-off-by: Al Viro

Smack: smackfs cipso seq read repair

2011-11-11T19:07:21Z

Commit 272cd7a8c67dd40a31ecff76a503bbb84707f757 introduced a change to the way rule lists are handled and reported in the smackfs filesystem. One of the issues addressed had to do with the termination of read requests on /smack/load. This change introduced a error in /smack/cipso, which shares some of the same list processing code. This patch updates all the file access list handling in smackfs to use the code introduced for /smack/load. Signed-off-by: Casey Schaufler

Smack: allow to access /smack/access as normal user

2011-10-20T23:07:31Z

Allow query access as a normal user removing the need for CAP_MAC_ADMIN. Give RW access to /smack/access for UGO. Do not import smack labels in access check. Signed-off-by: Jarkko Sakkinen Signed-off-by: Casey Schaufler

Smack: fix: invalid length set for the result of /smack/access

2011-10-18T16:02:57Z

Forgot to update simple_transaction_set() to take terminator character into account. Signed-off-by: Jarkko Sakkinen Signed-off-by: Casey Schaufler