linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg KH <greg@kroah.com>
To: linux-kernel@vger.kernel.org, linux-security-module@wirex.com
Subject: [RFC] LSM changes for 2.5.38
Date: Thu, 26 Sep 2002 13:25:52 -0700	[thread overview]
Message-ID: <20020926202552.GA6908@kroah.com> (raw)

Hi,

Here are some patches against the latest 2.5 BK tree that add some
further LSM hooks and documentation to the tree.  There is also one
minor change to fs/inode.c to allow security modules more information
about newly created inodes.

These changesets can be found at bk://lsm.bkbits.net/linus-2.5 and I'll
be attaching the individual patches as responses to this email for those
who don't want to mess with bitkeeper.

If anyone has any questions or comments on these patches, please let us
know.  Otherwise I'll be sending them off to Linus in a few days.

thanks,

greg k-h


 Documentation/DocBook/Makefile        |    2 
 Documentation/DocBook/kernel-api.tmpl |    5 
 Documentation/DocBook/lsm.tmpl        |  285 +++++++++++++++++++++++++++++++++
 arch/i386/kernel/ioport.c             |   14 +
 arch/ia64/ia32/sys_ia32.c             |    7 
 fs/inode.c                            |    2 
 include/linux/ipc.h                   |    1 
 include/linux/msg.h                   |    1 
 include/linux/security.h              |  291 ++++++++++++++++++++++++++++++++++
 ipc/msg.c                             |   57 ++++++
 ipc/sem.c                             |   43 ++++-
 ipc/shm.c                             |   55 ++++++
 ipc/util.c                            |    3 
 kernel/printk.c                       |    4 
 kernel/sys.c                          |   35 ++--
 kernel/sysctl.c                       |    5 
 kernel/time.c                         |    6 
 mm/oom_kill.c                         |    6 
 mm/swapfile.c                         |   10 +
 security/capability.c                 |  210 ++++++++++++++++++++++++
 security/dummy.c                      |  210 ++++++++++++++++++++++++
 21 files changed, 1227 insertions(+), 25 deletions(-)
-----

ChangeSet@1.615, 2002-09-26 13:13:36-07:00, greg@kroah.com
  LSM: added the LSM documentation to the tree.

 Documentation/DocBook/Makefile        |    2 
 Documentation/DocBook/kernel-api.tmpl |    5 
 Documentation/DocBook/lsm.tmpl        |  285 ++++++++++++++++++++++++++++++++++
 3 files changed, 291 insertions(+), 1 deletion(-)
------

ChangeSet@1.614, 2002-09-26 13:05:47-07:00, sds@tislabs.com
  [PATCH] LSM: inode.c init modification
  
  On Thu, 19 Sep 2002, Greg KH wrote:
  
  > Yes, and explaining the fine points of inode_init() and
  > inode_alloc_security() and why they are different, might be a bit tough.
  >
  > {sigh}, well if there's no other way (and I can't think of one right
  > now), but I really don't like it...
  
  Here's a patch that attempt to support the same functionality without
  inserting hooks into filesystem-specific code.  This patch permits the
  security module to perform initialization of the inode security state
  based on the superblock information, enabling SELinux to initialize
  pipe, devpts, and shm inodes without relying on inode_precondition to
  catch them on first use.
  
  This is achieved simply by moving the initialization of inode->i_sb
  before the call to inode_alloc_security, enabling the
  inode_alloc_security hook function to perform the allocation and
  initialization for such inodes.  No new hooks are required.

 fs/inode.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)
------

ChangeSet@1.613, 2002-09-26 11:56:46-07:00, sds@tislabs.com
  [PATCH] LSM: misc hooks addition
  
  The patch below (relative to the LSM IPC hooks patch) adds the LSM hooks
  for miscellaneous system operations (module_*, sethostname, setdomainname,
  reboot, ioperm/iopl, sysctl, swapon/swapoff, syslog, settime).  It also
  replaces the hardcoded capability tests in the OOM killer code with
  appropriate calls to the LSM capable hook, preserving the original behavior
  as long as the capabilities module is enabled.

 arch/i386/kernel/ioport.c |   14 +++++-
 arch/ia64/ia32/sys_ia32.c |    7 +++
 include/linux/security.h  |  106 ++++++++++++++++++++++++++++++++++++++++++++++
 kernel/printk.c           |    4 +
 kernel/sys.c              |   35 ++++++++++-----
 kernel/sysctl.c           |    5 ++
 kernel/time.c             |    6 ++
 mm/oom_kill.c             |    6 +-
 mm/swapfile.c             |   10 ++++
 security/capability.c     |   79 ++++++++++++++++++++++++++++++++++
 security/dummy.c          |   79 ++++++++++++++++++++++++++++++++++
 11 files changed, 337 insertions(+), 14 deletions(-)
------

ChangeSet@1.612, 2002-09-26 11:56:14-07:00, sds@tislabs.com
  [PATCH] LSM: SysV IPC hooks addition
  
  The patch below adds the LSM hooks for System V IPC to the 2.5.38 kernel.

 include/linux/ipc.h      |    1 
 include/linux/msg.h      |    1 
 include/linux/security.h |  185 +++++++++++++++++++++++++++++++++++++++++++++++
 ipc/msg.c                |   57 +++++++++++++-
 ipc/sem.c                |   43 ++++++++++
 ipc/shm.c                |   55 +++++++++++++
 ipc/util.c               |    3 
 security/capability.c    |  131 +++++++++++++++++++++++++++++++++
 security/dummy.c         |  131 +++++++++++++++++++++++++++++++++
 9 files changed, 598 insertions(+), 9 deletions(-)
------


             reply	other threads:[~2002-09-26 20:22 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-09-26 20:25 Greg KH [this message]
2002-09-26 20:26 ` [RFC] LSM changes for 2.5.38 Greg KH
2002-09-26 20:27   ` Greg KH
2002-09-26 20:28     ` Greg KH
2002-09-26 20:28       ` Greg KH
2002-09-27  4:32 Christoph Hellwig
2002-09-26 22:51 ` Greg KH
2002-09-27 16:48   ` Christoph Hellwig
2002-09-27 16:55     ` Greg KH
2002-09-27 17:01       ` Christoph Hellwig
2002-09-27 17:24         ` Greg KH
2002-09-27 12:09 ` Stephen Smalley
2002-09-27 16:34   ` Greg KH
2002-09-27 16:55   ` Christoph Hellwig
2002-09-27 18:09     ` Valdis.Kletnieks
2002-09-27 18:19       ` Christoph Hellwig
2002-09-27 18:54         ` Valdis.Kletnieks
2002-09-27 18:59           ` Christoph Hellwig
2002-09-30 14:19             ` Valdis.Kletnieks
2002-09-30 14:51               ` Alan Cox
2002-10-01 16:55               ` Christoph Hellwig
2002-10-02 17:55                 ` Valdis.Kletnieks
2002-10-02 18:39                   ` Christoph Hellwig
2002-10-02 22:55                     ` Seth Arnold
2002-10-02 23:07                       ` Alan Cox
2002-09-27 19:00     ` Stephen Smalley
2002-10-01 17:06       ` Christoph Hellwig
2002-09-30  9:08 ` Chris Wright

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20020926202552.GA6908@kroah.com \
    --to=greg@kroah.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@wirex.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).