code (used for NAT) uses a value of five days for this.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
-2.4.0/net'
make: *** [_mod_net] Error 2
This is the error I get if I try to compile in the kernel or as a
module.
Did you configure the kernel with 'Full NAT'?
(CONFIG_IP_NF_NAT in the .config file).
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line
, these are standard Netlink sockets, and you can tune their receive
buffer sizes via /proc, or use the SO_RCVBUF socket option on the file
descriptor.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL
Please post networking patches to the networking developer list:
http://vger.kernel.org/vger-lists.html#netdev
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info
, with the labeling behavior for newly created objects being
controlled from a well defined policy. You probably want to avoid getting
into the situation of needing a TE relabel on a production system in any
case.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
existing access
control.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
the underlying complexity.
Good progress has already been made in this area, and more is expected.
I certainly don't think the solution is to start out by ignoring the
underlying complexity.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux
and whatever other
fantastic ideas that people might be inclined to drag out of the kitchen
sink.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
. The answer is likely to be
it depends.
This is not what the discussion is about. It's about addressing the many
points in the FAQ posted here which are likely to cause misunderstandings,
and then subsequent responses of a similar nature.
- James
--
James Morris
[EMAIL PROTECTED
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
can't protect
against software flaws, which has been a pretty fundamental and widely
understood requirement in general computing for at least a decade.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message
On Wed, 18 Apr 2007, Crispin Cowan wrote:
James Morris wrote:
On Tue, 17 Apr 2007, Alan Cox wrote:
I'm not sure if AppArmor can be made good security for the general case,
but it is a model that works in the limited http environment
(eg .htaccess) and is something people can play
read the full
thread.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
On Thu, 19 Apr 2007, Stephen Smalley wrote:
Lastly, if you want to judge AA as a jail mechanism, I think you'll find
it fails there too. So where does that leave it? An easy-to-use yet
inadequate solution for MAC or jail.
It's not easy to use.
--
James Morris
[EMAIL PROTECTED
(), lookup_one_len_kern().
Additionally, as sysfs_remove_group() does not check the return value of
the lookup before using it, a BUG_ON has been added to pinpoint the cause
of any problems potentially caused by this (and as a form of annotation).
Signed-off-by: James Morris [EMAIL PROTECTED]
---
fs/namei.c
it, a BUG_ON has been added to pinpoint the cause
of any problems potentially caused by this (and as a form of annotation).
Signed-off-by: James Morris [EMAIL PROTECTED]
---
fs/namei.c| 72 +++-
fs/sysfs/group.c |6 +++-
include
On Thu, 15 Mar 2007, Roland McGrath wrote:
This patch makes do_wait return -EPERM instead of -ECHILD if some
children were ruled out solely because security_task_wait failed.
What about using the return value from the security_task_wait hook (which
should be -EACCES) ?
- James
--
James
On Mon, 23 Apr 2007, Roland McGrath wrote:
As I said in some earlier discussion following my original patch, that
would be fine with me. I haven't coded up that variant, but it's simple
enough. Would you like to do it?
Sure.
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from
a bug with wait or ptrace or
something.
This patch makes do_wait return -EACCES (or other appropriate
error returned from security_task_wait() instead of -ECHILD if some
children were ruled out solely because security_task_wait failed.
Signed-off-by: James Morris [EMAIL PROTECTED]
---
Updated
to avoid
merge commits).
This is just one possible workflow. There are probably several better.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
On Sat, 10 Feb 2007, Andi Kleen wrote:
- lguest
* still seems heavily in development. Not sure it will be ready in time.
How would you define ready?
It's currently useful and stable, and features a lack of enterprise-class
complexity.
- James
--
James Morris
[EMAIL PROTECTED
On Mon, 12 Feb 2007, Andi Kleen wrote:
It's currently useful and stable,
How do you know?
I've been working on it for some weeks. At this stage, it's also useful
for some simple kernel hacking.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line
FWIW,
I've set up an unofficial git tree with these patches, and will try and
track changes as they're posted.
git://git.infradead.org/~jmorris/lguest-testing.git
Use the 'current' branch.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line
check.
How does this look to others?
Looks good to me.
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ
Hit a BUG() via lvm:
Scanning logical volumes
Reading all physical volumes. This may take a while...
Found volume group VolGroup00 using metadata type lvm2
Activating logical volumes
[ 75.215078] [ cut here ]
[ 75.230165] kernel BUG at mm/swap.c:442!
[
On Thu, 15 Feb 2007, James Morris wrote:
Hit a BUG() via lvm:
Also, I just disabled paravirt ops and saw the same bug, so it's not that
stuff.
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL
void try_to_set_mlocked(struct pa
struct zone *zone;
unsigned long flags;
+ return;
+
if (!PageLRU(page) || PageMlocked(page))
return;
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel
00 10 00 74
3f 8b 03 a8 20 74 04 0f 0b eb fe f0 0f ba 2b 05 f0 0f ba 33 14 f0 0f ba 2b
06 ba 03
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
On Fri, 16 Feb 2007, Christoph Lameter wrote:
Andrew already has this fix which cures it for me. PG_mlocked pages can
be freed in some situations and thus we need the correct handling in the
page allocator:
Works for me.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from
On Tue, 20 Mar 2007, Tasos Parisinos wrote:
The main purpose behind the development of this module was to create an
in-kernel system of signed modules.
I suggest you read this thread:
http://lkml.org/lkml/2007/2/14/164
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send
Fix the print formatting of three unsigned long fields in
/proc/timer_list, which are currently being formatted as unsigned int.
Signed-off-by: James Morris [EMAIL PROTECTED]
---
diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c
index f82c635..59df5e8 100644
--- a/kernel/time
On Wed, 21 Mar 2007, James Morris wrote:
Fix the print formatting of three unsigned long fields in
/proc/timer_list, which are currently being formatted as unsigned int.
^^
The last bit should be 'signed long'.
--
James
/compat_net = 0
Even with this setting, you'll be hitting security_port_sid() via
connect(2) and bind(2). We need to fix it.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo
On Wed, 21 Feb 2007, Peter Zijlstra wrote:
Failing to allocate a cache entry will only harm performance.
Signed-off-by: Peter Zijlstra [EMAIL PROTECTED]
---
security/selinux/avc.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Acked-by: James Morris [EMAIL PROTECTED]
Index
On Mon, 5 Mar 2007, Venkat Yekkirala wrote:
Signed-off-by: Eric Paris [EMAIL PROTECTED]
Acked-by: Venkat Yekkirala [EMAIL PROTECTED]
What about your previous comment:
I guess you meant to do this here?
else if (err)
return err;
--
James Morris
[EMAIL
On Fri, 2 Mar 2007, Eric Paris wrote:
Signed-off-by: Eric Paris [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo
the auditing hooks as well.
Signed-off-by: Eric Paris [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
to the exit path such that all failures
(and successes) will actually get audited.
Signed-off-by: Eric Paris [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message
On Tue, 6 Mar 2007, Kanhu Rauta wrote:
I am not able to understand the behavior and struggled to resolve this
issue for last 1 week .
Can anybody help me on this regard ?
Please post a link to your code so people can see the full context.
--
James Morris
[EMAIL PROTECTED
in another 10 years? ;)
What do you suggest instead ?
(Digging into this for lguest now...)
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
TSC frequency changes,
stolen time accounting, synthetic programmable clockevent etc.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
On Thu, 8 Mar 2007, Alan Cox wrote:
Any chance of tweaking the name - it's just there is/was a chaosnet
protocol/network system and you don't want people to assume that since
its a chaosfilter its for chaosnet ?
That's exactly what I thought it was from the subject line.
- James
--
James
clocksource *c)
Return should be void, then.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http
On Wed, 9 Jan 2008, Kentaro Takeda wrote:
Common functions for TOMOYO Linux.
TOMOYO Linux uses /sys/kernel/security/tomoyo interface for configuration.
Why aren't you using securityfs for this? (It was designed for LSMs).
- James
--
James Morris
[EMAIL PROTECTED]
--
To unsubscribe from
On Wed, 9 Jan 2008, James Morris wrote:
On Wed, 9 Jan 2008, Kentaro Takeda wrote:
Common functions for TOMOYO Linux.
TOMOYO Linux uses /sys/kernel/security/tomoyo interface for configuration.
Why aren't you using securityfs for this? (It was designed for LSMs).
Doh, it is using
On Sat, 12 Jan 2008, Tetsuo Handa wrote:
Hello.
James Morris wrote:
TOMOYO Linux uses /sys/kernel/security/tomoyo interface for
configuration.
Why aren't you using securityfs for this? (It was designed for LSMs).
Doh, it is using securityfs, don't worry.
I got a mm
Please review.
Tested with SELinux in enforcing mode.
---
All instances of rw_verify_area() are followed by a call to
security_file_permission(), so just call the latter from the former.
Signed-off-by: James Morris [EMAIL PROTECTED]
---
fs/compat.c |4 ---
fs/read_write.c | 63
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
subsystem without
relying on assistance from userspace.
Signed-off-by: Paul Moore [EMAIL PROTECTED]
You sent it, so this patch needs a Signed-off-by:you, please.
Also add
Reviewed-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send
On Fri, 16 Nov 2007, Eric Paris wrote:
On Sat, 2007-11-17 at 08:42 +1100, James Morris wrote:
On Fri, 16 Nov 2007, Eric Paris wrote:
+#ifdef CONFIG_SECURITY
+ /*
+ * If a hint addr is less than mmap_min_addr change addr to be as
+ * low as possible but still greater than
*/
ret = validate_mmap_request(file, addr, len, prot, flags, pgoff,
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
that
it is not done with !CONFIG_SECURITY ?
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http
On Fri, 16 Nov 2007, Eric Paris wrote:
On Sat, 2007-11-17 at 08:47 +1100, James Morris wrote:
On Fri, 16 Nov 2007, Eric Paris wrote:
On a kernel with CONFIG_SECURITY but without an LSM which implements
security_file_mmap it is impossible for an application to mmap addresses
lower
still default this to
off so noone is going to 'accidentally' see and security checks in the
dummy hooks)
If it's off by default and generally useful across LSMs, why not just put
it in the base kernel code?
- James
--
James Morris [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line
, either.
In any case, I think the right solution is not to include security.h at
all in mm.h, as it is only being done to get a declaration for
mmap_min_addr.
How about this, instead ?
Signed-off-by: James Morris [EMAIL PROTECTED]
---
mm.h |5 -
1 file changed, 4 insertions(+), 1 deletion
queue it for -mm 2.6.25.
- James
--
James Morris
[EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org
Knutsson [EMAIL PROTECTED]
---
Added by: 8869477a49c3e99def1fcdadd6bbc407fea14b45 (Linus' tree)
Compile-tested on i386 with all[yes|mod|no]config.
Thanks, applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm
- James
--
James Morris
[EMAIL PROTECTED
been accepted.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
by myself) for the case of valid out of tree users.
The only case of this so far has been Multiadm, although there seems to be
no reason for it to stay out of tree.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body
have upstream maintain
stable kernel APIs which are naturally mismatched to the unknown
requirements of out of tree users.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More
security checks
in do_brk().
Signed-off-by: Eric Paris [EMAIL PROTECTED]
ACK
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm
--
James Morris
[EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body
which touches core networking to netdev, too, and
get an ack from one of the core developers there.
--
James Morris [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
On Wed, 21 Nov 2007, Stephen Smalley wrote:
Do not clear f_op when removing entries since it isn't safe to do.
Signed-off-by: Stephen Smalley [EMAIL PROTECTED]
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm
--
James Morris
[EMAIL PROTECTED
with mmap_min_addr set.
Signed-off-by: Eric Paris [EMAIL PROTECTED]
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm
If nobody hollers, I'll push it to Linus when the next merge window opens.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe
:
/*
* It's running now, so it might later
* exit, stop, or stop and then continue.
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info
;
/* Somebody else might have raced and expanded it already */
if (address vma-vm_start) {
unsigned long size, grow;
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL
);
+
/* decide whether we should attempt the mapping, and if so what sort of
* mapping */
ret = validate_mmap_request(file, addr, len, prot, flags, pgoff,
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel
. Then, propose a solution to the
problem and have it reviewed by core kernel folk (cc it to lkml), so that
it can be evaluated in terms of e.g. VFS correctness, maintainability etc.
That would be at least a useful first step in taking this issue seriously.
Thanks,
- James
--
James Morris
[EMAIL
On Sat, 8 Dec 2007, Sheela wrote:
Share net is not supported , Rusty is an idiot .
Signed-off-by: Sheela Sequeira [EMAIL PROTECTED]
Reviewed-by: James Morris [EMAIL PROTECTED]
- James
--
James Morris
[EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux
On Tue, 25 Dec 2007, Andrew Morton wrote:
On Thu, 20 Dec 2007 15:11:40 +1100 (EST) James Morris [EMAIL PROTECTED]
wrote:
+#ifdef CONFIG_SECURITY
+extern unsigned long mmap_min_addr;
+#endif
+
#include asm/page.h
#include asm/pgtable.h
#include asm/processor.h
).
Any clues/hints/advice/patches?
Can you post your .config ?
Also, is that the plain upstream Tcl package you're compiling, or a distro
package?
--
James Morris
[EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL
On Wed, 26 Dec 2007, [EMAIL PROTECTED] wrote:
On Wed, 26 Dec 2007 18:34:26 +1100, James Morris said:
Can you post your .config ?
The gzip'ed config as of when I quit bisecting is attached. It's probably
not directly usable unless you have a quilt tree that's positioned fairly
close
On Wed, 26 Dec 2007, James Morris wrote:
What does the following say ?
# sestatus rpm -q selinux-policy
Don't worry about that -- I reproduced it with Paul Moore's git tree:
git://git.infradead.org/users/pcmoore/lblnet-2.6_testing
(under current -mm, the e1000 driver doesn't find my
never being initialized
correctly? To my untrained eye it looks like __netdev_alloc_skb()
should be setting skb-iif (like it does for skb-dev) but it currently
doesn't.
-iif will be zeroed during skb allocation, then set during
netif_receive_skb().
- James
--
James Morris
[EMAIL
On Wed, 26 Dec 2007, Andrew Morton wrote:
(under current -mm, the e1000 driver doesn't find my ethernet card the
tcl tests won't run without an external interface).
You might need to enable CONFIG_E1000E.
Indeed, it works for me.
- James
--
James Morris
[EMAIL PROTECTED
);
+ if (rc)
+ return rc;
+
+ *ppos += count;
Use simple_read_from_buffer().
- James
--
James Morris
[EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
On Fri, 28 Dec 2007, KaiGai Kohei wrote:
+ snprintf(tmp, sizeof(tmp),
+ cap_entry == cap_entries[0] ? 0x%08x : %u,
+ cap_entry-code);
+ len = strlen(tmp);
You don't need to call strlen(), just use scnprintf() and grab the return
value.
- James
--
James
);
+ if (!f_caps[i])
Ditto.
Another issue is that securityfs depends on CONFIG_SECURITY, which might
be undesirable, given that capabilities are a standard feature.
- James
--
James Morris
[EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body
initramfs.
Stephen Smalley confirmed on 2007-07-19 that this hook was originally
used by SELinux but can now be safely removed:
http://marc.info/?l=linux-kernelm=118485683612916w=2
Thanks.
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm
--
James
in __copy_skb_header()
Seems valid.
- James
--
James Morris
[EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org
?
I prefer procfs or sysfs instead.
Sysfs makes more sense, as this information is system-wide and does not
relate to specific processes.
--
James Morris
[EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More
On Thu, 25 Oct 2007, [EMAIL PROTECTED] wrote:
Convert the selinux sysctl pathname computation code into a standalone
function.
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
Reviewed-by: James Morris [EMAIL PROTECTED]
--
James Morris
+++--
1 files changed, 7 insertions(+), 6 deletions(-)
This version suppresses the warning without ugly ifdefs.
Thanks, Stephen.
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-linus
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send
.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
maintenance, as your code
will be visible in the tree.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read
capability_exit and general modular bits for security/capability.c.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read
;
}
Why manually copy these fields after a kmemdup?
What about the task backpointer? (i.e. tsec2-task)
--
James Morris
[EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
.
Sparc needs further alteration as it refers to UID GID in sclow.S via asm
offsets.
Signed-off-by: David Howells [EMAIL PROTECTED]
Reviewed-by: James Morris [EMAIL PROTECTED]
(SELinux stuff mostly).
--
James Morris
[EMAIL PROTECTED]
--
To unsubscribe from this list: send the line
On Fri, 8 Feb 2008, David Howells wrote:
Change current-fs[ug]id to current_fs[ug]id() so that fsgid and fsuid can be
separated from the task_struct.
Signed-off-by: David Howells [EMAIL PROTECTED]
Reviewed-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED
SECCLASS_KERNEL_SERVICE 69
I just pushed a patch to Linus from Stephen which uses this class number;
you'll likely need to bump it to 70.
--
James Morris
[EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message
]
Applied -- will push to Linus unless the netfilter folk do it first.
- James
--
James Morris
[EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
/shpedoikal/linux.git tpmdd-v3.7-rc3
I get massive merge conflicts pulling this into my -next branch.
--
James Morris
jmor...@namei.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http
this?
Nope, my 'master' tracks Linus.
Use the -next branch.
See http://kernsec.org/wiki/index.php/Kernel_Repository
--
James Morris
jmor...@namei.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info
://vger.kernel.org/majordomo-info.html
--
James Morris
jmor...@namei.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org
at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
--
James Morris
jmor...@namei.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http
. Other LSMs can, for example,
read extended attributes for signatures, etc.
Signed-off-by: Kees Cook keesc...@chromium.org
Acked-by: Serge E. Hallyn serge.hal...@canonical.com
Acked-by: Eric Paris epa...@redhat.com
Acked-by: Mimi Zohar zo...@us.ibm.com
Acked-by: James Morris james.l.mor
Kasatkin dmitry.kasat...@intel.com
Signed-off-by: Mimi Zohar zo...@linux.vnet.ibm.com
Signed-off-by: James Morris james.l.mor...@oracle.com
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 8180add..6ee8826 100644
--- a/security/integrity/ima/ima.h
+++ b
/pub/scm/linux/kernel/git/jmorris/linux-security.git
for-linus
Gang Wei (1):
driver/char/tpm: fix regression causesd by ppi
James Morris (2):
Merge branch 'tpmdd-fixes-v3.6' of git://github.com/shpedoikal/linux into
for-linus
Merge branch 'tpmdd-next-v3.6' of git://github.com
1 - 100 of 2193 matches
Mail list logo