)
+ return -ENOMEM;
This will try and allocate 2^16 pages. I guess we need a
HYPERVISOR_PAGE_ORDER ?
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
.
- James
--
James Morris
jmor...@namei.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
23:24:24 2012 -0700
selinux: fix regression in selinux_inode_setattr()
akpm: This patch is needed to fix a box-killing post-3.4 X11 regression on
my test machine.
Signed-off-by: Andrew Morton a...@linux-foundation.org
Signed-off-by: James Morris james.l.mor
already ?
- James
--
James Morris
jmor...@namei.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
: free securityfs violations file
ima: remove unused cleanup functions
ima: add policy for pseudo fs
ima: ima_initialized is set only if successful
ima: audit is compiled only when enabled
James Morris (2):
Merge branches 'next-queue' and 'next' into next
Merge commit
Smack: implement revoking all rules for a subject label
Tetsuo Handa (1):
gfp flags for security_inode_alloc()?
It's a bit of a mess :-(
--
Cheers,
Stephen Rothwells...@canb.auug.org.au
--
James Morris
jmor...@namei.org
--
To unsubscribe from this list: send
pull from more carefully.
- James
--
James Morris
jmor...@namei.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http
...@chromium.org
This doesn't apply cleanly to my -next branch.
Kees: can you think about using git to push changes to me for Yama?
--
James Morris
jmor...@namei.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More
On Mon, 19 Nov 2012, Kees Cook wrote:
On Mon, Nov 19, 2012 at 6:23 PM, James Morris jmor...@namei.org wrote:
On Mon, 19 Nov 2012, Kees Cook wrote:
Instead of locking the list during a delete, mark entries as invalid
and trigger a workqueue to clean them up. This lets us easily handle
On Tue, 20 Nov 2012, Kees Cook wrote:
Hi James,
Please pull these Yama changes for 3.8. Thanks!
Pulled, thanks.
--
James Morris
jmor...@namei.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More
Reviewed-by: Paul E. McKenney paul...@linux.vnet.ibm.com
Acked-by: Paul Moore p...@paul-moore.com
Cc: Eric Paris epa...@parisplace.org
Cc: sta...@vger.kernel.org
Signed-off-by: Andrew Morton a...@linux-foundation.org
Signed-off-by: James Morris james.l.mor...@oracle.com
diff --git
On Thu, 13 Dec 2012, Stephen Rothwell wrote:
Hi James,
On Fri, 7 Dec 2012 10:21:31 +1100 (EST) James Morris jmor...@namei.org
wrote:
On Thu, 6 Dec 2012, Linus Torvalds wrote:
Have people pulled that thing into anything else? Because quite
frankly, I think it's unsalvageable
: Make the session and process keyrings per-thread
KEYS: Reduce initial permissions on keys
KEYS: Use keyring_alloc() to create special keyrings
Merge branch 'modsign-keys-devel' into security-next-keys
James Morris (2):
Merge branch 'security-next-keys' of
git://git.kernel.org
On Mon, 1 Oct 2012, Andy Lutomirski wrote:
This fixes two issues that could cause incompatibility between
kernel versions:
- If a tracer uses SECCOMP_RET_TRACE to select a syscall number
higher than the largest known syscall, emulate the unknown
vsyscall by returning -ENOSYS. (This
ima: generic IMA action flag handling
ima: change flags container data type
Heiko Carstens (2):
samples/seccomp: fix endianness bug in LO_ARG define
samples/seccomp: fix 31 bit build on s390
James Morris (4):
Merge tag 'v3.6-rc2' into next
Merge branch 'next-ima
://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
for-linus
James Morris (1):
Merge branch 'for-Linus' of
git://git.kernel.org/.../zohar/linux-integrity into for-linus
Mimi Zohar (1):
ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall
security
, are you saying that security mechanisms are inherently easier to
configure if they're composed from a variety of distinct modules vs. a
monolithic scheme?
--
James Morris
jmor...@namei.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message
On Tue, 8 Jan 2013, John Johansen wrote:
I'd say we need to see the actual use-case for Smack and Apparmor being
used together, along with at least one major distro committing to support
this.
Ubuntu is very interested in stacking
Which modules?
--
James Morris
jmor...@namei.org
into corsets designed in the
1990's.
That may be true, but we do need at least one significant user to step up
with concrete plans for deployment.
--
James Morris
jmor...@namei.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
for object class discovery
Eric Paris (2):
selinux: introduce schedule points in policydb_destroy()
security: Protection for exploiting null dereference using mmap
James Morris (1):
security: revalidate rw permissions for sys_splice and sys_vmsplice
Paul Moore (1):
SELinux: use
From: Christopher J. PeBenito [EMAIL PROTECTED]
Add support to the SELinux security server for obtaining a list of classes,
and for obtaining a list of permissions for a specified class.
Signed-off-by: Christopher J. PeBenito [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED
From: Christopher J. PeBenito [EMAIL PROTECTED]
sel_remove_bools() will also be used by the object class discovery, rename
it for more general use.
Signed-off-by: Christopher J. PeBenito [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
---
security/selinux/selinuxfs.c |9
From: Christopher J. PeBenito [EMAIL PROTECTED]
Specify the inode counter explicitly in sel_make_dir(), rather than always
using sel_last_ino.
Signed-off-by: Christopher J. PeBenito [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
---
security/selinux/selinuxfs.c | 11
, the inode of the index file
DIV 33 is the class number. The inode of the permission file % 33 is the
index of the permission for that class.
Signed-off-by: Christopher J. PeBenito [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
---
security/selinux/include/security.h |1
Revalidate read/write permissions for splice(2) and vmslice(2), in case
security policy has changed since the files were opened.
Signed-off-by: James Morris [EMAIL PROTECTED]
Signed-off-by: Jens Axboe [EMAIL PROTECTED]
Acked-by: Stephen Smalley [EMAIL PROTECTED]
---
fs/splice.c | 14
.
Signed-off-by: Eric Paris [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
---
security/selinux/ss/policydb.c |7 +++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 0ac1021..f05f97a 100644
From: Tobias Oed [EMAIL PROTECTED]
Inode numbers are unsigned long and so need to %lu as format string of printf.
Signed-off-by: Tobias Oed [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
---
security/selinux/avc.c |2 +-
1 files changed, 1 insertions(+), 1 deletions
future idea)
Acked-by: Stephen Smalley [EMAIL PROTECTED]
Signed-off-by: Eric Paris [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
---
Documentation/sysctl/vm.txt | 15 +++
include/linux/security.h | 17 -
kernel
.
Signed-off-by: Paul Moore [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
---
security/selinux/hooks.c| 21 +++--
security/selinux/netlabel.c | 34 +-
2 files changed, 24 insertions(+), 31 deletions(-)
diff --git a/security
From: Adrian Bunk [EMAIL PROTECTED]
Remove unneeded export.
Signed-off-by: Adrian Bunk [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
---
security/security.c |1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/security/security.c b/security/security.c
index
and eliminating this interface from the kernel.
Tested-by: Ingo Molnar [EMAIL PROTECTED]
Signed-off-by: Stephen Smalley [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
---
security/selinux/avc.c | 10 +---
security/selinux/hooks.c |9 ---
security/selinux
On Tue, 10 Jul 2007, Jan Engelhardt wrote:
On Jul 8 2007 22:59, James Morris wrote:
@@ -420,8 +420,12 @@ static int dummy_file_ioctl (struct file *file,
unsigned int command,
static int dummy_file_mmap (struct file *file, unsigned long reqprot,
unsigned long
than jump into a
conditional block in certain cases, define and use a
static inline bprm_clear_caps().
Signed-off-by: Serge E. Hallyn [EMAIL PROTECTED]
Good idea.
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line
On Sun, 8 Jul 2007, James Morris wrote:
Revalidate read/write permissions for splice(2) and vmslice(2), in case
security policy has changed since the files were opened.
This patch clashes with changes which came in via Jens (who I'll submit
the patch via once it's fixed).
I'll send
This is an updated set of 2.6.23 SELinux changes, rebased tested against
current git. The vmsplice patch has been dropped from this and will be
resubmitted via Jens. Also added an ack from Chris Wright for the mmap
null dereference hooks (which I'd forgotten to add to my tree some time
On Thu, 12 Jul 2007, David Patrick Quigley wrote:
From: David P. Quigley [EMAIL PROTECTED]
Revalidate the write permissions for fallocate(2), in case security policy has
changed since the files were opened.
Signed-off-by: David P. Quigley [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL
Revalidate read/write permissions for splice(2) and vmslice(2), in case
security policy has changed since the files were opened.
Acked-by: Stephen Smalley [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
---
Updated version against latest Linus git. Jens, I dropped your initial
On Fri, 13 Jul 2007, Michal Piotrowski wrote:
My system is too secure, I can not login :)
Do you have CONFIG_NETLABEL=y ?
If so, please try disabling it.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body
,..)) of
audit_log_format
doesn't give us a warning.
Compile tested only.
Signed-off-by: Tobias Oed [EMAIL PROTECTED]
Thanks, tested applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line
in a domain where all accesses are allowed and logged); and it
would also be of limited usefulness because of the aforementioned problems
with learning mode security policy.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body
in directories labeled as public_html_t (or whatever).
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read
find /usr/src/linux | xargs setfattr -n user.foo -v bar
On my system, it takes about 1.2 seconds to label a fully checked out
kernel source tree with ~23,000 files in this manner, on a stock standard
ext3 filesystem with a SATA drive.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe
, you've performed your labeling up front, and don't have to
effectively relabel each file each time on each access, which is what
you're really doing with pathname labeling.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel
when you
mv directories, either.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http
On Fri, 15 Jun 2007, Seth Arnold wrote:
The time for restorecon is probably best imagined as a kind of 'du' that
also updates extended attributes as it does its work. It'd be very
difficult to improve on this.
restorecon can most definitely be improved.
- James
--
James Morris
[EMAIL
On Fri, 15 Jun 2007, Casey Schaufler wrote:
--- James Morris [EMAIL PROTECTED] wrote:
On my system, it takes about 1.2 seconds to label a fully checked out
kernel source tree with ~23,000 files in this manner
That's an eternity for that many files to be improperly labeled
On Sun, 17 Jun 2007, Michal Piotrowski wrote:
SELinux
Subject: very high non-preempt latency in context_struct_compute_av()
References : http://lkml.org/lkml/2007/6/4/78
Submitter : Ingo Molnar [EMAIL PROTECTED]
Handled-By : Stephen Smalley [EMAIL PROTECTED]
James Morris
== PROC_SUPER_MAGIC) ||
+ (inode-i_sb-s_magic == SYSFS_MAGIC)) {
+ return 1; /*can't measure */
+ }
I'm pretty sure you should skip measurement for many more pseudo
filesystems than this.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send
not work is a fairly significant consideration, I
would imagine.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
of a technical issue, right?
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http
could use to escape?
And why isn't this documented clearly, with the implications fully
explained? - David Wagner, http://www.cs.berkeley.edu/~daw/
Indeed.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body
and then provide feedback on
this, in good faith.
The underlying issues only came up again in response to an inflammatory
post by Lars. If you want to avoid discussions of AppArmor's design, then
I suggest taking it up with those who initiate them.
- James
--
James Morris
[EMAIL PROTECTED
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
and root_plug modules have been
converted to kernel parameters.
The SECURITY_FRAMEWORK_VERSION macro has also been removed.
Signed-off-by: James Morris [EMAIL PROTECTED]
---
Please review let me know if anything is broken.
Documentation/kernel-parameters.txt | 17 +++
security
On Sun, 24 Jun 2007, Chris Wright wrote:
* James Morris ([EMAIL PROTECTED]) wrote:
-module_param_named(disable, capability_disable, int, 0);
-MODULE_PARM_DESC(disable, To disable capabilities module set disable =
1);
+
+static int __init capability_disable_setup(char *str
: avtab_search_node (context_struct_compute_av)
What do the 0DNs fields mean and what did you use to create this trace?
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo
this, so it'll depend on exactly which patches you have
applied).
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
for 130ms in the kernel.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
On Tue, 5 Jun 2007, Michal Piotrowski wrote:
SELinux
Subject: very high non-preempt latency in context_struct_compute_av()
References : http://lkml.org/lkml/2007/6/4/78
Submitter : Ingo Molnar [EMAIL PROTECTED]
Handled-By : Stephen Smalley [EMAIL PROTECTED]
James Morris
better.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
On Tue, 5 Jun 2007, Eric Paris wrote:
+extern int mmap_protect_memory;
This should be an unsigned long.
I wonder if the default should be for this value to be zero (i.e. preserve
existing behavior). It could break binaries, albeit potentially insecure
ones.
- James
--
James Morris
[EMAIL
,
+ .proc_handler = proc_dointvec,
proc_doulongvec_minmax
(I can fix this in my tree rather than a resend just for this, if
there are some acks no other problems).
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body
value to
64KB as suggested. If already set, the existing value will be used.
Acked-by: Stephen Smalley [EMAIL PROTECTED]
Acked-by: Eric Paris [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
---
security/selinux/hooks.c | 17 +
1 files changed, 17 insertions(+), 0
. With the patch it's 100%, totally smooth! Thanks!
Tested-by: Ingo Molnar [EMAIL PROTECTED]
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel
and root_plug modules are now specified at
boot.
The SECURITY_FRAMEWORK_VERSION macro has also been removed.
Signed-off-by: James Morris [EMAIL PROTECTED]
---
Changes:
- retain capability.disable kernel param name
Documentation/kernel-parameters.txt | 17 +++
security/Kconfig
is example code, and should do the typical
thing, which I thought would be __setup.
I can easily change it if needed.
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info
the same time as loading a module.
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org
.
The mere fact
that SELinux cannot be built as a module is a rather weak argument for
disabling LSM modules as a whole, so please don't.
That's not the argument. Please review the thread.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux
a statically linked interface.
This would also allow us to unexport the LSM symbols and reduce the API
abuse by third-party modules.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More
: allmodconfig, lsm=y,cap=n,
selinux=y,cap=n etc.
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http
).
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Don't enable minimum mmap checking by default in SELinux, as it may break
existing applications which do not have updated policy.
We will be able to enable it by default later, once we have code to handle
new permissions which are not present in the user's policy.
Signed-off-by: James Morris
Move mmap_min_addr sysctl to /proc/sys/vm, as suggested by Andrew Morton.
Signed-off-by: James Morris [EMAIL PROTECTED]
---
Documentation/sysctl/kernel.txt | 14 --
Documentation/sysctl/vm.txt | 15 +++
kernel/sysctl.c | 20
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
/mmap_min_addr to
65536.
Repeat: I think you should have used /proc/sys/vm/ for that tunable.
Andrew, I sent patches for these earlier. Possibly lost somewhere?
http://marc.info/?l=linux-kernelm=118304565827673w=2
http://marc.info/?l=linux-kernelm=118304566015586w=2
--
James Morris
[EMAIL
On Thu, 28 Jun 2007, Alexey Dobriyan wrote:
On Thu, Jun 28, 2007 at 11:41:38AM -0400, James Morris wrote:
Move mmap_min_addr sysctl to /proc/sys/vm, as suggested by Andrew Morton.
Probably too late, since it's userspace visible. Everyone using
/proc/sys/kernel/mmap_min_addr in scrips
://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read
.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
but
not to others. That's not a hole.
I don't know what else you'd call it.
Would you mind providing some concrete examples of how such a model would
be useful?
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message
to /views/sysadmin/etc/shadow
where the objects referenced by the paths are identical and visible to the
subject along both paths, in keeping with your description of policy may
allow access to some locations but not to others ?
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list
. There is no confinement beyond
that.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
).
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
. The
distinction may be hair splitting in the current context, but
could be significant later if the thread continues.
What's important is that traditional DAC stores the security attributes
of the object with the object. Call them what you want, it matters not.
- James
--
James Morris
[EMAIL PROTECTED
Revalidate read/write permissions for splice(2) and vmslice(2), in case
security policy has changed since the files were opened.
Signed-off-by: James Morris [EMAIL PROTECTED]
Acked-by: Stephen Smalley [EMAIL PROTECTED]
---
Please review. Note that this brings the splice code into line
On Wed, 30 May 2007, Andrew Morton wrote:
On Wed, 30 May 2007 09:15:01 +0200
Jens Axboe [EMAIL PROTECTED] wrote:
On Tue, May 29 2007, James Morris wrote:
Revalidate read/write permissions for splice(2) and vmslice(2), in case
security policy has changed since the files were opened
/netlabel_mgmt.h |5 +++
security/selinux/hooks.c | 21 ++--
security/selinux/netlabel.c | 49
7 files changed, 141 insertions(+), 31 deletions(-)
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
reported by Michal Piotrowski here:
* http://lkml.org/lkml/2007/7/12/362
Signed-off-by: Paul Moore [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
---
include/net/netlabel.h |6 +++
net/netlabel/netlabel_cipso_v4.c |5 +++
net/netlabel/netlabel_kapi.c | 21
.
Signed-off-by: Paul Moore [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
---
security/selinux/hooks.c| 21 +++--
security/selinux/netlabel.c | 41 -
2 files changed, 31 insertions(+), 31 deletions(-)
diff --git
.
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
.
Or we just apply the patch and see who yells :)
It's already pretty clear.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo
the cost and
responsibility of doing that and not expect others to do so as well.
I don't see how this is even slightly difficult to understand.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL
provide a link to the source code, so we can understand how you're
using the API.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
On Thu, 19 Jul 2007, James Morris wrote:
On Thu, 19 Jul 2007, Jim Kovaric wrote:
IBMs TAMOS (Tivoli Access Manager for Operating systems) contains a
loadable module,
which is an out of tree module, and registers itself as a security
module during the TAMOS startup
process
On Tue, 8 May 2007, Rusty Russell wrote:
1) Bridging via host is broken: we need to set promisc bit in MAC
address published by the host so the guest sends us everything.
Thanks James Morris for the report (I don't use bridging).
2) Lguest network device uses 0 to mean noone
gets it the right way.
Signed-off-by: Casey Schaufler ca...@schaufler-ca.com
Signed-off-by: James Morris james.l.mor...@oracle.com
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 3f7682a..eefbd10 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack
On Wed, 14 Aug 2013, John Johansen wrote:
This pull contains the previously posted apparmorfs interface file
extensions, and the conversion to RCU locking for profile lists.
Thanks, pulled.
--
James Morris
jmor...@namei.org
--
To unsubscribe from this list: send the line unsubscribe linux
On Tue, 10 Sep 2013, David Howells wrote:
James Morris jmor...@namei.org wrote:
This missed the merge for 3.12. Do you want me to queue the changes
up,
or do you want to send a pull request again after -rc1 ?
Can you queue them up now in your 'next' branch?
Nope, new
The schedule for this year's Linux Security Summit in New Orleans is now
published:
http://kernsec.org/wiki/index.php/Linux_Security_Summit_2013#Schedule
The keynote will be presented by Ted Ts'o. Refereed talks include:
o Embedded Linux Security (David Safford, IBM)
o Extending AppArmor
a helper function to determine seclabel
Revert SELinux: do not handle seclabel as a special flag
security: remove erroneous comment about capabilities.o link ordering
James Morris (3):
Merge branch 'master' of git://git.infradead.org/users/pcmoore/selinux
into ra-next
301 - 400 of 2193 matches
Mail list logo