linux/security, branch v3.4Linux kernel source treehttps://git.amat.us/linux/atom/security?h=v3.42012-04-19T02:56:39Zsecurity: fix compile error in commoncap.c2012-04-19T02:56:39ZJonghwan Choijhbird.choi@samsung.com2012-04-18T21:23:04Zurn:sha1:51b79bee627d526199b2f6a6bef8ee0c0739b6d1
Add missing "personality.h"
security/commoncap.c: In function 'cap_bprm_set_creds':
security/commoncap.c:510: error: 'PER_CLEAR_ON_SETID' undeclared (first use in this function)
security/commoncap.c:510: error: (Each undeclared identifier is reported only once
security/commoncap.c:510: error: for each function it appears in.)
Signed-off-by: Jonghwan Choi <jhbird.choi@samsung.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
fcaps: clear the same personality flags as suid when fcaps are used2012-04-18T02:37:56ZEric Pariseparis@redhat.com2012-04-17T20:26:54Zurn:sha1:d52fc5dde171f030170a6cb78034d166b13c9445
If a process increases permissions using fcaps all of the dangerous
personality flags which are cleared for suid apps should also be cleared.
Thus programs given priviledge with fcaps will continue to have address space
randomization enabled even if the parent tried to disable it to make it
easier to attack.
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Smack: move label list initialization2012-04-18T02:02:28ZCasey Schauflercasey@schaufler-ca.com2012-04-18T01:55:46Zurn:sha1:86812bb0de1a3758dc6c7aa01a763158a7c0638a
A kernel with Smack enabled will fail if tmpfs has xattr support.
Move the initialization of predefined Smack label
list entries to the LSM initialization from the
smackfs setup. This became an issue when tmpfs
acquired xattr support, but was never correct.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Smack: build when CONFIG_AUDIT not defined2012-04-10T23:14:40ZKees Cookkeescook@chromium.org2012-04-10T20:26:44Zurn:sha1:923e9a1399b620d063cd88537c64561bc3d5f905
This fixes builds where CONFIG_AUDIT is not defined and
CONFIG_SECURITY_SMACK=y.
This got introduced by the stack-usage reducation commit 48c62af68a40
("LSM: shrink the common_audit_data data union").
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data'2012-04-03T16:49:59ZLinus Torvaldstorvalds@linux-foundation.org2012-04-02T22:48:12Zurn:sha1:b61c37f57988567c84359645f8202a7c84bc798a
It just bloats the audit data structure for no good reason, since the
only time those fields are filled are just before calling the
common_lsm_audit() function, which is also the only user of those
fields.
So just make them be the arguments to common_lsm_audit(), rather than
bloating that structure that is passed around everywhere, and is
initialized in hot paths.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
SELinux: do not allocate stack space for AVC data unless needed2012-04-03T16:49:41ZEric Pariseparis@redhat.com2012-04-03T16:38:00Zurn:sha1:3f0882c48286e7bdb0bbdec9c4bfa934e0db8e09
Instead of declaring the entire selinux_audit_data on the stack when we
start an operation on declare it on the stack if we are going to use it.
We know it's usefulness at the end of the security decision and can declare
it there.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
SELinux: remove avd from slow_avc_audit()2012-04-03T16:49:10ZEric Pariseparis@redhat.com2012-04-02T17:15:55Zurn:sha1:f8294f1144ad0630075918df4bf94075f5384604
We don't use the argument, so remove it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
SELinux: remove avd from selinux_audit_data2012-04-03T16:49:10ZEric Pariseparis@redhat.com2012-04-02T17:15:50Zurn:sha1:7f6a47cf1477ffae9cff1d6ee181e2ce6bfb2f02
We do not use it. Remove it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
LSM: shrink the common_audit_data data union2012-04-03T16:49:10ZEric Pariseparis@redhat.com2012-04-02T17:15:44Zurn:sha1:48c62af68a403ef1655546bd3e021070c8508573
After shrinking the common_audit_data stack usage for private LSM data I'm
not going to shrink the data union. To do this I'm going to move anything
larger than 2 void * ptrs to it's own structure and require it to be declared
separately on the calling stack. Thus hot paths which don't need more than
a couple pointer don't have to declare space to hold large unneeded
structures. I could get this down to one void * by dealing with the key
struct and the struct path. We'll see if that is helpful after taking care of
networking.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
LSM: shrink sizeof LSM specific portion of common_audit_data2012-04-03T16:48:40ZEric Pariseparis@redhat.com2012-04-03T16:37:02Zurn:sha1:3b3b0e4fc15efa507b902d90cea39e496a523c3b
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop. This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union. Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>