On Wed, 23 Jan 2008, Jan Engelhardt wrote:
> Signed-off-by: Jan Engelhardt <[EMAIL PROTECTED]>
> ---
> include/linux/security.h |2 +-
> security/keys/proc.c |4 ++--
> security/selinux/selinuxfs.c |2 +-
> 3 files changed, 4 insertions(+), 4 deletions(-)
Applied to
git:
On Wed, 23 Jan 2008, David Howells wrote:
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > Make sure that you or Dan submits a policy patch to register these
> > classes and permissions in the policy when the kernel patch is queued
> > for merge.
>
> Do I just send the attached patch to <[EMAI
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> Make sure that you or Dan submits a policy patch to register these
> classes and permissions in the policy when the kernel patch is queued
> for merge.
Do I just send the attached patch to <[EMAIL PROTECTED]>? Or do I need to
make a diff from a point
Separate caching by superblock, explicitly if necessary. This means mounts of
the same remote data with different parameters do not share cache objects for
common files. The administrator may also provide a uniquifier to further
enhance the uniqueness.
Where it is otherwise impossible to disting
The attached patch makes it possible for the NFS filesystem to make use of the
network filesystem local caching service (FS-Cache).
To be able to use this, an updated mount program is required. This can be
obtained from:
http://people.redhat.com/steved/fscache/util-linux/
To mount an NF
Display the local caching state in /proc/fs/nfsfs/volumes.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/nfs/client.c |7 ---
fs/nfs/fscache.h | 15 +++
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 92f9b
Changes to the kernel configuration defintions and to the NFS mount options to
allow the local caching support added by the previous patch to be enabled.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/Kconfig|8
fs/nfs/client.c |2 ++
fs/nfs/internal.h |1
Export a number of functions for CacheFiles's use.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/super.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/fs/super.c b/fs/super.c
index ceaf2e3..cd199ae 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -266,6 +266,7 @@
Add a function to install a monitor on the page lock waitqueue for a particular
page, thus allowing the page being unlocked to be detected.
This is used by CacheFiles to detect read completion on a page in the backing
filesystem so that it can then copy the data to the waiting netfs page.
Signed-
Fix a memory leak whereby multiple clientaddr=xxx mount options just overwrite
the duplicated client_address option pointer, without freeing the old memory.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/nfs/super.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git
Add an address space operation to write one single page of data to an inode at
a page-aligned location (thus permitting the implementation to be highly
optimised). The data source is a single page.
This is used by CacheFiles to store the contents of netfs pages into their
backing file pages.
Sup
Change all the usages of file->f_mapping in ext3_*write_end() functions to use
the mapping argument directly. This has two consequences:
(*) Consistency. Without this patch sometimes one is used and sometimes the
other is.
(*) A NULL file pointer can be passed. This feature is then made
This one-line patch fixes the missing export of copy_page introduced
by the cachefile patches. This patch is not yet upstream, but is required
for cachefile on ia64. It will be pushed upstream when cachefile goes
upstream.
Signed-off-by: Prarit Bhargava <[EMAIL PROTECTED]>
Signed-off-by: David H
Recruit a couple of page flags to aid in cache management. The following extra
flags are defined:
(1) PG_fscache (PG_private_2)
The marked page is backed by a local cache and is pinning resources in the
cache driver.
(2) PG_fscache_write (PG_owner_priv_2)
The marked page is be
Provide an add_wait_queue_tail() function to add a waiter to the back of a
wait queue instead of the front.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
include/linux/pagemap.h |7 +--
include/linux/wait.h|2 ++
kernel/wait.c | 18 ++
mm/filema
The attached patch causes read_cache_pages() to release page-private data on a
page for which add_to_page_cache() fails or the filler function fails. This
permits pages with caching references associated with them to be cleaned up.
The invalidatepage() address space op is called (indirectly) to do
Make NFSD work with detached security, using the patches that excise the
security information from task_struct to struct task_security as a base.
Each time NFSD wants a new security descriptor (to do NFS4 recovery or just to
do NFS operations), a task_security record is derived from NFSD's *object
Add a 'kernel_service' object class to SELinux and give this object class two
access vectors: 'use_as_override' and 'create_files_as'.
The first vector is used to grant a process the right to nominate an alternate
process security ID for the kernel to use as an override for the SELinux
subjective
Allow kernel services to override LSM settings appropriate to the actions
performed by a task by duplicating a security record, modifying it and then
using task_struct::act_as to point to it when performing operations on behalf
of a task.
This is used, for example, by CacheFiles which has to trans
Pre-add additional non-caching classes that are in the SELinux upstream
repository, but not in the upstream kernel so they don't get in the fscache
class patch.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
security/selinux/include/av_perm_to_string.h |5 +
security/selinux/includ
secid_to_secctx() LSM hook. This patch also includes the SELinux
implementation for this hook.
Signed-off-by: Paul Moore <[EMAIL PROTECTED]>
Acked-by: Stephen Smalley <[EMAIL PROTECTED]>
---
include/linux/security.h | 13 +
security/dummy.c |6 ++
security/security
Change current->fs[ug]id to current_fs[ug]id() so that fsgid and fsuid can be
separated from the task_struct.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
arch/ia64/kernel/perfmon.c|4 ++--
arch/powerpc/platforms/cell/spufs/inode.c |4 ++--
drivers/isdn/capi/capif
Add a keyctl() function to get the security label of a key.
The following is added to Documentation/keys.txt:
(*) Get the LSM security context attached to a key.
long keyctl(KEYCTL_GET_SECURITY, key_serial_t key, char *buffer,
size_t buflen)
This function retur
David Howells <[EMAIL PROTECTED]> wrote:
> (2) PG_fscache_write (PG_owner_priv_2)
>
> The marked page is being written to the local cache. The page may not be
> modified whilst this is in progress.
Oops. wait_on_page_owner_priv_2() should use PG_owner_priv_2 rather than
PG_private_2
Increase the size of a payload that can be used to instantiate a key in
add_key() and keyctl_instantiate_key(). This permits huge CIFS SPNEGO blobs to
be passed around. The limit is raised to 1MB. If kmalloc() can't allocate a
buffer of sufficient size, vmalloc() will be tried instead.
Signed-o
Allow the callout data to be passed as a blob rather than a string for internal
kernel services that call any request_key_*() interface other than
request_key(). request_key() itself still takes a NUL-terminated string.
The functions that change are:
request_key_with_auxdata()
re
These patches add local caching for network filesystems such as NFS.
The patches can roughly be broken down into a number of sets:
(*) 01-keys-inc-payload.diff
(*) 02-keys-search-keyring.diff
(*) 03-keys-callout-blob.diff
Three patches to the keyring code made to help the CIFS peop
Check the starting keyring as part of the search to (a) see if that is what
we're searching for, and (b) to check it is still valid for searching.
The scenario: User in process A does things that cause things to be
created in its process session keyring. The user then does an su to
another user
And this is done. Thanks.
--Subrata
> I would also add some license statements before checking in.
>
> --Subrata
>
> > Hi Serge,
> >
> > Troubled you a lot. The following output is OK with me:
> >
> > <<>>
> > tag=Filecaps stime=1201094408
> > cmdline="filecapstest.sh"
> > contacts=""
> > ana
I would also add some license statements before checking in.
--Subrata
> Hi Serge,
>
> Troubled you a lot. The following output is OK with me:
>
> <<>>
> tag=Filecaps stime=1201094408
> cmdline="filecapstest.sh"
> contacts=""
> analysis=exit
> initiation_status="ok"
> <<>>
> incrementing stop
>
Hi Serge,
Troubled you a lot. The following output is OK with me:
<<>>
tag=Filecaps stime=1201094408
cmdline="filecapstest.sh"
contacts=""
analysis=exit
initiation_status="ok"
<<>>
incrementing stop
setcap not installed. Please install libcap from
ftp://ftp.kernel.org/pub/linux/libs/security/linu
31 matches
Mail list logo
