Linux kernel source tree https://git.amat.us/linux/atom/security/smack?h=v3.8.2 2012-12-16T23:40:50Z 2012-12-16T23:40:50Z Linus Torvalds torvalds@linux-foundation.org 2012-12-16T23:40:50Z urn:sha1:2a74dbb9a86e8102dcd07d284135b4530a84826e Pull security subsystem updates from James Morris: "A quiet cycle for the security subsystem with just a few maintenance updates." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: Smack: create a sysfs mount point for smackfs Smack: use select not depends in Kconfig Yama: remove locking from delete path Yama: add RCU to drop read locking drivers/char/tpm: remove tasklet and cleanup KEYS: Use keyring_alloc() to create special keyrings KEYS: Reduce initial permissions on keys KEYS: Make the session and process keyrings per-thread seccomp: Make syscall skipping and nr changes more consistent key: Fix resource leak keys: Fix unreachable code KEYS: Add payload preparsing opportunity prior to key instantiate or update 2012-12-14T18:57:23Z Casey Schaufler casey@schaufler-ca.com 2012-11-02T01:14:32Z urn:sha1:e93072374112db9dc86635934ee761249be28370 There are a number of "conventions" for where to put LSM filesystems. Smack adheres to none of them. Create a mount point at /sys/fs/smackfs for mounting smackfs so that Smack can be conventional. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2012-12-14T18:57:10Z Casey Schaufler casey@schaufler-ca.com 2012-11-02T18:28:11Z urn:sha1:111fe8bd65e473d5fc6a0478cf1e2c8c6a77489a The components NETLABEL and SECURITY_NETWORK are required by Smack. Using "depends" in Kconfig hides the Smack option if the user hasn't figured out that they need to be enabled while using make menuconfig. Using select is a better choice. Because select is not recursive depends on NET and SECURITY are added. The reflects similar usage in TOMOYO and AppArmor. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2012-10-12T00:02:04Z Al Viro viro@zeniv.linux.org.uk 2012-10-11T15:42:01Z urn:sha1:808d4e3cfdcc52b19276175464f6dbca4df13b09 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-09-18T16:51:06Z Casey Schaufler casey@schaufler-ca.com 2012-08-22T18:44:03Z urn:sha1:46a2f3b9e99353cc63e15563e8abee71162330f7 The data structure allocations being done in prepare_creds are duplicated in smack_setprocattr. This results in the structure allocated in prepare_creds being orphaned and never freed. The duplicate code is removed from smack_setprocattr. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2012-09-18T16:50:52Z Rafal Krypa r.krypa@samsung.com 2012-07-11T15:49:30Z urn:sha1:449543b0436a9146b855aad39eab76ae4853e88d Add /smack/revoke-subject special file. Writing a SMACK label to this file will set the access to '-' for all access rules with that subject label. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Rafal Krypa <r.krypa@samsung.com> 2012-09-18T16:50:37Z Casey Schaufler casey@schaufler-ca.com 2012-08-10T00:46:38Z urn:sha1:c00bedb368ae02a066aed8a888afc286c1df2e60 On 12/20/2011 11:20 PM, Jarkko Sakkinen wrote: > Allow SIGCHLD to be passed to child process without > explicit policy. This will help to keep the access > control policy simple and easily maintainable with > complex applications that require use of multiple > security contexts. It will also help to keep them > as isolated as possible. > > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@intel.com> I have a slightly different version that applies to the current smack-next tree. Allow SIGCHLD to be passed to child process without explicit policy. This will help to keep the access control policy simple and easily maintainable with complex applications that require use of multiple security contexts. It will also help to keep them as isolated as possible. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> security/smack/smack_lsm.c | 37 ++++++++----------------------------- 1 files changed, 8 insertions(+), 29 deletions(-) 2012-07-30T05:04:17Z Alan Cox alan@linux.intel.com 2012-07-26T21:47:11Z urn:sha1:3b9fc37280c521b086943f9aedda767f5bf3b2d3 Consider the input case of a rule that consists entirely of non space symbols followed by a \0. Say 64 + \0 In this case strlen(data) = 64 kzalloc of subject and object are 64 byte objects sscanfdata, "%s %s %s", subject, ...) will put 65 bytes into subject. Signed-off-by: Alan Cox <alan@linux.intel.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Cc: stable@vger.kernel.org Signed-off-by: James Morris <james.l.morris@oracle.com> 2012-07-13T22:49:24Z Rafal Krypa r.krypa@samsung.com 2012-07-09T17:36:34Z urn:sha1:65ee7f45cf075adcdd6b6ef365f5a5507f1ea5c5 This patch removes empty rules (i.e. with access set to '-') from the rule list presented to user space. Smack by design never removes labels nor rules from its lists. Access for a rule may be set to '-' to effectively disable it. Such rules would show up in the listing generated when /smack/load or /smack/load2 is read. This may cause clutter if many rules were disabled. As a rule with access set to '-' is equivalent to no rule at all, they may be safely hidden from the listing. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Rafal Krypa <r.krypa@samsung.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2012-07-13T22:49:24Z Casey Schaufler casey@schaufler-ca.com 2012-06-19T02:01:36Z urn:sha1:3518721a8932b2a243f415c374aef020380efc9d Some of the bounds checking used on the /smack/access interface was lost when support for long labels was added. No kernel access checks are affected, however this is a case where /smack/access could be used incorrectly and fail to detect the error. This patch reintroduces the original checks. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>