Linux kernel source tree https://git.amat.us/linux/atom/security?h=v2.6.29.5 2009-06-15T16:40:17Z 2009-06-15T16:40:17Z David Howells dhowells@redhat.com 2009-04-09T16:14:05Z urn:sha1:cdd7149543f4b9df682be9dca0f4a4a4f2097519 commit 34574dd10b6d0697b86703388d6d6af9cbf4bb48 upstream. When request_key() is called, without there being any standard process keyrings on which to fall back if a destination keyring is not specified, an oops is liable to occur when construct_alloc_key() calls down_write() on dest_keyring's semaphore. Due to function inlining this may be seen as an oops in down_write() as called from request_key_and_link(). This situation crops up during boot, where request_key() is called from within the kernel (such as in CIFS mounts) where nobody is actually logged in, and so PAM has not had a chance to create a session keyring and user keyrings to act as the fallback. To fix this, make construct_alloc_key() not attempt to cache a key if there is no fallback key if no destination keyring is given specifically. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-06-15T16:40:10Z Eric Paris eparis@redhat.com 2009-06-01T14:21:05Z urn:sha1:881db0622f9e7ccef8adfd5968b6fe547162ea87 This patch is not applicable to Linus's tree as the code in question has been removed for 2.6.30. I'm sending in case any of the stable maintainers would like to push to their branches (which I think anything pre 2.6.30 would like to do). Ubuntu users were experiencing a kernel panic when they enabled SELinux due to an old bug in our handling of the compatibility mode network controls, introduced Jan 1 2008 effad8df44261031a882e1a895415f7186a5098e Most distros have not used the compat_net code since the new code was introduced and so noone has hit this problem before. Ubuntu is the only distro I know that enabled that legacy cruft by default. But, I was ask to look at it and found that the above patch changed a call to avc_has_perm from if(send_perm) to if(!send_perm) in selinux_ip_postroute_iptables_compat(). The result is that users who turn on SELinux and have compat_net set can (and oftern will) BUG() in avc_has_perm_noaudit since they are requesting 0 permissions. This patch corrects that accidental bug introduction. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-05-18T23:34:54Z Paul Moore paul.moore@hp.com 2009-05-08T21:59:09Z urn:sha1:6c3823bc3abf2d10f9220cb1847060aa20cee77e [NOTE: based on 07feee8f812f7327a46186f7604df312c8c81962] This patch ensures the correct labeling of new network connection requests using Smack and NetLabel. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-05-18T23:34:53Z Paul Moore paul.moore@hp.com 2009-05-08T21:59:02Z urn:sha1:f9ab4fc0b47241807b355150dc82f826f2909a12 [NOTE: based on 389fb800ac8be2832efedd19978a2b8ced37eb61] Remove code that is no longer needed by NetLabel and/or SELinux. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-05-18T23:34:52Z Paul Moore paul.moore@hp.com 2009-05-08T21:58:56Z urn:sha1:49422544ff78bffea8049da14adf9c45d02fccd6 [NOTE: based on 389fb800ac8be2832efedd19978a2b8ced37eb61] This patch ensures the correct labeling of incoming connection requests responses via NetLabel by enabling the recent changes to NetLabel and the SELinux/Netlabel glue code. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-05-18T23:34:51Z Paul Moore paul.moore@hp.com 2009-05-08T21:58:49Z urn:sha1:1a3f6e16cb0a0ba77144d8e75ca12d98632f3884 [NOTE: based on 389fb800ac8be2832efedd19978a2b8ced37eb61] This patch provides the missing functions to properly handle the labeling of responses to incoming connection requests within SELinux. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-05-08T22:45:02Z Eugene Teo eteo@redhat.com 2009-04-13T02:04:41Z urn:sha1:841825d424ea902c3e960db0d061586d769a7fce Not upstream in 2.6.30, as the function was removed there, making this a non-issue. Node and port send checks can skip in the compat_net=1 case. This bug was introduced in commit effad8d. Signed-off-by: Eugene Teo <eugeneteo@kernel.sg> Reported-by: Dan Carpenter <error27@gmail.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-04-27T17:36:59Z Serge E. Hallyn serue@us.ibm.com 2009-04-08T21:55:58Z urn:sha1:22f45438e5e7369f7c3a384a41616affd200b840 upstream commit: 5bf37ec3e0f5eb79f23e024a7fbc8f3557c087f0 One-liner: capsh --print is broken without this patch. In certain cases, cap_prctl returns error > 0 for success. However, the 'no_change' label was always setting error to 0. As a result, for example, 'prctl(CAP_BSET_READ, N)' would always return 0. It should return 1 if a process has N in its bounding set (as by default it does). I'm keeping the no_change label even though it's now functionally the same as 'error'. Signed-off-by: Serge Hallyn <serue@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 2009-04-27T17:36:51Z Etienne Basset etienne.basset@numericable.fr 2009-03-31T21:54:11Z urn:sha1:97ecdadc284e820931f27c6345b0ff8b85792346 upstream commit: 4303154e86597885bc3cbc178a48ccbc8213875f this patch fix an oops in smack when setting a size 0 SMACK64 xattr eg attr -S -s SMACK64 -V '' somefile This oops because smk_import_entry treats a 0 length as SMK_MAXLEN Signed-off-by: Etienne Basset <etienne.basset@numericable.fr> Reviewed-by: James Morris <jmorris@namei.org> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 2009-03-04T21:36:34Z etienne etienne.basset@numericable.fr 2009-03-04T06:33:51Z urn:sha1:211a40c0870457b29100cffea0180fa5083caf96 The following patch (against 2.6.29rc5) fixes a few issues in the smack/netlabel "unlabeled host support" functionnality that was added in 2.6.29rc. It should go in before -final. 1) smack_host_label disregard a "0.0.0.0/0 @" rule (or other label), preventing 'tagged' tasks to access Internet (many systems drop packets with IP options) 2) netmasks were not handled correctly, they were stored in a way _not equivalent_ to conversion to be32 (it was equivalent for /0, /8, /16, /24, /32 masks but not other masks) 3) smack_netlbladdr prefixes (IP/mask) were not consistent (mask&IP was not done), so there could have been different list entries for the same IP prefix; if those entries had different labels, well ... 4) they were not sorted 1) 2) 3) are bugs, 4) is a more cosmetic issue. The patch : -creates a new helper smk_netlbladdr_insert to insert a smk_netlbladdr, -sorted by netmask length -use the new sorted nature of smack_netlbladdrs list to simplify smack_host_label : the first match _will_ be the more specific -corrects endianness issues in smk_write_netlbladdr & netlbladdr_seq_show Signed-off-by: <etienne.basset@numericable.fr> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>