* [BK PATCH] LSM changes for 2.5.49
@ 2002-11-26 22:04 Greg KH
2002-11-26 22:06 ` [PATCH] " Greg KH
0 siblings, 1 reply; 2+ messages in thread
From: Greg KH @ 2002-11-26 22:04 UTC (permalink / raw)
To: torvalds; +Cc: linux-kernel, linux-security-module
This is a resend of my previous series of LSM patches for 2.5.43 that
change the way the LSM hooks operate (now they can be compiled away into
nothing). This was proposed by Dave Miller, and he seems to like these
changes.I've also added the sys_security patch from Christoph Hellwig as
everyone agrees that the idea of sys_security is good, but the current
implementation sucks.
Please pull from:
bk://lsm.bkbits.net/linus-2.5
thanks,
greg k-h
Documentation/DocBook/lsm.tmpl | 23
arch/alpha/kernel/systbls.S | 4
arch/arm/kernel/calls.S | 4
arch/arm/kernel/ptrace.c | 6
arch/i386/kernel/entry.S | 4
arch/i386/kernel/ptrace.c | 6
arch/ia64/kernel/entry.S | 4
arch/ia64/kernel/ptrace.c | 6
arch/ppc/kernel/misc.S | 5
arch/ppc/kernel/ptrace.c | 6
arch/ppc64/kernel/misc.S | 5
arch/ppc64/kernel/ptrace.c | 6
arch/ppc64/kernel/ptrace32.c | 6
arch/ppc64/kernel/sys_ppc32.c | 16
arch/s390/kernel/entry.S | 4
arch/s390/kernel/ptrace.c | 6
arch/s390x/kernel/entry.S | 4
arch/s390x/kernel/ptrace.c | 8
arch/sparc/kernel/ptrace.c | 15
arch/sparc/kernel/systbls.S | 4
arch/sparc64/kernel/ptrace.c | 15
arch/sparc64/kernel/sys_sparc32.c | 21
arch/sparc64/kernel/systbls.S | 8
arch/um/kernel/ptrace.c | 3
arch/um/kernel/sys_call_table.c | 4
arch/x86_64/kernel/ptrace.c | 6
drivers/base/fs/class.c | 2
drivers/base/fs/intf.c | 2
drivers/pnp/interface.c | 1
fs/attr.c | 10
fs/dquot.c | 8
fs/exec.c | 32 -
fs/fcntl.c | 11
fs/file_table.c | 18
fs/inode.c | 12
fs/ioctl.c | 3
fs/locks.c | 26
fs/namei.c | 116 +---
fs/namespace.c | 46 -
fs/nfsd/export.c | 1
fs/open.c | 9
fs/proc/base.c | 9
fs/quota.c | 2
fs/read_write.c | 18
fs/readdir.c | 4
fs/stat.c | 12
fs/super.c | 18
fs/xattr.c | 14
include/asm-alpha/unistd.h | 4
include/asm-arm/unistd.h | 2
include/asm-cris/unistd.h | 2
include/asm-i386/unistd.h | 4
include/asm-ia64/unistd.h | 4
include/asm-ppc/unistd.h | 4
include/asm-ppc64/unistd.h | 4
include/asm-s390/unistd.h | 8
include/asm-s390x/unistd.h | 8
include/asm-sparc/unistd.h | 4
include/asm-sparc64/unistd.h | 4
include/asm-x86_64/unistd.h | 3
include/linux/sched.h | 40 -
include/linux/security.h | 1050 +++++++++++++++++++++++++++++++++++++-
init/do_mounts.c | 9
ipc/msg.c | 14
ipc/sem.c | 14
ipc/shm.c | 14
ipc/util.c | 4
kernel/acct.c | 4
kernel/capability.c | 22
kernel/exit.c | 18
kernel/fork.c | 28 -
kernel/kmod.c | 6
kernel/ptrace.c | 73 ++
kernel/sched.c | 45 -
kernel/signal.c | 8
kernel/sys.c | 146 +----
kernel/uid16.c | 3
mm/mmap.c | 9
mm/mprotect.c | 6
net/core/scm.c | 3
net/decnet/af_decnet.c | 4
net/unix/af_unix.c | 1
security/Config.help | 7
security/Config.in | 2
security/Kconfig | 15
security/Makefile | 10
security/capability.c | 658 ++++++++++++-----------
security/dummy.c | 14
security/security.c | 18
89 files changed, 1899 insertions(+), 970 deletions(-)
-----
ChangeSet@1.892, 2002-11-26 11:29:49-08:00, greg@kroah.com
Merge kroah.com:/home/greg/linux/BK/bleeding_edge-2.5
into kroah.com:/home/greg/linux/BK/lsm-2.5
arch/ppc/kernel/misc.S | 1 +
fs/file_table.c | 6 +++---
fs/proc/base.c | 3 ++-
include/linux/sched.h | 10 ++++++----
init/do_mounts.c | 3 ++-
kernel/exit.c | 6 +++---
kernel/fork.c | 7 +++----
kernel/sched.c | 15 +++++----------
kernel/sys.c | 48 +++++++++++++++++-------------------------------
9 files changed, 42 insertions(+), 57 deletions(-)
------
ChangeSet@1.842.44.4, 2002-11-25 20:10:47-08:00, greg@kroah.com
LSM: put CONFIG_SECURITY back into the Kconfig file (was lost in the merge)
security/Kconfig | 15 +++++++++++++--
1 files changed, 13 insertions(+), 2 deletions(-)
------
ChangeSet@1.842.44.3, 2002-11-25 20:09:46-08:00, greg@kroah.com
LSM: Move the definition of capable() into sched.h if CONFIG_SECURITY is set to help
make the #include nightmare more managable.
include/linux/sched.h | 6 ++++--
include/linux/security.h | 1 -
2 files changed, 4 insertions(+), 3 deletions(-)
------
ChangeSet@1.842.44.2, 2002-11-25 19:57:47-08:00, greg@kroah.com
LSM: fix up some needed header file #includes
drivers/pnp/interface.c | 1 +
fs/nfsd/export.c | 1 +
net/unix/af_unix.c | 1 +
3 files changed, 3 insertions(+)
------
ChangeSet@1.842.44.1, 2002-11-24 15:31:02-08:00, greg@kroah.com
Merge
arch/alpha/kernel/systbls.S | 2
arch/arm/kernel/calls.S | 2
arch/arm/kernel/ptrace.c | 3
arch/i386/kernel/entry.S | 2
arch/i386/kernel/ptrace.c | 3
arch/ia64/kernel/entry.S | 2
arch/ia64/kernel/ptrace.c | 3
arch/ppc/kernel/misc.S | 2
arch/ppc/kernel/ptrace.c | 3
arch/ppc64/kernel/misc.S | 1
arch/ppc64/kernel/ptrace.c | 3
arch/ppc64/kernel/ptrace32.c | 3
arch/s390/kernel/entry.S | 2
arch/s390/kernel/ptrace.c | 3
arch/s390x/kernel/entry.S | 2
arch/s390x/kernel/ptrace.c | 4
arch/sparc/kernel/ptrace.c | 12 +
arch/sparc/kernel/systbls.S | 2
arch/sparc64/kernel/ptrace.c | 12 +
arch/sparc64/kernel/sys_sparc32.c | 7
arch/sparc64/kernel/systbls.S | 4
arch/um/kernel/sys_call_table.c | 2
arch/x86_64/kernel/ptrace.c | 3
fs/attr.c | 5
fs/dquot.c | 4
fs/exec.c | 16 -
fs/file_table.c | 6
fs/inode.c | 6
fs/locks.c | 13 -
fs/namei.c | 58 ++----
fs/namespace.c | 23 +-
fs/open.c | 3
fs/proc/base.c | 3
fs/read_write.c | 6
fs/stat.c | 6
fs/super.c | 6
include/asm-alpha/unistd.h | 2
include/asm-i386/unistd.h | 2
include/asm-ia64/unistd.h | 2
include/asm-ppc/unistd.h | 2
include/asm-ppc64/unistd.h | 2
include/asm-s390/unistd.h | 4
include/asm-s390x/unistd.h | 4
include/asm-sparc/unistd.h | 2
include/asm-sparc64/unistd.h | 2
include/linux/sched.h | 8
init/do_mounts.c | 3
ipc/msg.c | 7
ipc/sem.c | 7
ipc/shm.c | 7
ipc/util.c | 2
kernel/capability.c | 11 -
kernel/exit.c | 6
kernel/fork.c | 7
kernel/kmod.c | 3
kernel/ptrace.c | 69 ++++++++
kernel/sched.c | 15 -
kernel/signal.c | 4
kernel/sys.c | 48 ++---
mm/mmap.c | 3
mm/mprotect.c | 3
security/capability.c | 323 +++++++++++++++++++-------------------
security/dummy.c | 7
63 files changed, 409 insertions(+), 383 deletions(-)
------
ChangeSet@1.786.99.3, 2002-10-29 15:02:47-08:00, greg@kroah.com
LSM: remove last remanants of sys_security missed by last patch.
kernel/sys.c | 1 -
security/capability.c | 7 -------
2 files changed, 8 deletions(-)
------
ChangeSet@1.786.99.2, 2002-10-29 14:04:23-08:00, hch@infradead.org
[PATCH] remove sys_security
I've been auditing the LSM stuff a bit more..
They have registered an implemented a syscall, sys_security
that does nothing but switch into the individual modules
based on the first argument, i.e. it's ioctl() switching
on the security module instead of device node. Yuck.
Patch below removes it (no intree users), maybe selinux/etc
folks should send their actual syscall for review instead..
Documentation/DocBook/lsm.tmpl | 23 -----------------------
arch/alpha/kernel/systbls.S | 2 +-
arch/arm/kernel/calls.S | 2 +-
arch/i386/kernel/entry.S | 2 +-
arch/ia64/kernel/entry.S | 2 +-
arch/ppc/kernel/misc.S | 2 +-
arch/ppc64/kernel/misc.S | 4 ++--
arch/s390/kernel/entry.S | 2 +-
arch/s390x/kernel/entry.S | 2 +-
arch/sparc/kernel/systbls.S | 2 +-
arch/sparc64/kernel/systbls.S | 4 ++--
arch/um/kernel/sys_call_table.c | 2 --
include/asm-alpha/unistd.h | 2 +-
include/asm-arm/unistd.h | 2 +-
include/asm-cris/unistd.h | 2 +-
include/asm-i386/unistd.h | 2 +-
include/asm-ia64/unistd.h | 2 +-
include/asm-ppc/unistd.h | 2 +-
include/asm-ppc64/unistd.h | 2 +-
include/asm-s390/unistd.h | 4 +++-
include/asm-s390x/unistd.h | 4 +++-
include/asm-sparc/unistd.h | 2 +-
include/asm-sparc64/unistd.h | 2 +-
include/asm-x86_64/unistd.h | 3 +--
include/linux/security.h | 17 -----------------
security/dummy.c | 7 -------
security/security.c | 18 ------------------
27 files changed, 28 insertions(+), 92 deletions(-)
------
ChangeSet@1.786.99.1, 2002-10-29 13:30:34-08:00, greg@kroah.com
Merge kroah.com:/home/greg/linux/BK/bleeding_edge-2.5
into kroah.com:/home/greg/linux/BK/lsm-2.5
fs/open.c | 3 +--
fs/super.c | 6 +++---
kernel/fork.c | 7 +++----
mm/mmap.c | 3 +--
4 files changed, 8 insertions(+), 11 deletions(-)
------
ChangeSet@1.786.71.1, 2002-10-25 14:52:30-07:00, greg@kroah.com
Merge kroah.com:/home/greg/linux/BK/bleeding_edge-2.5
into kroah.com:/home/greg/linux/BK/lsm-2.5
arch/ppc64/kernel/sys_ppc32.c | 8 ++++----
arch/sparc64/kernel/sys_sparc32.c | 7 +++----
include/linux/sched.h | 8 ++++----
net/decnet/af_decnet.c | 2 +-
4 files changed, 12 insertions(+), 13 deletions(-)
------
ChangeSet@1.786.16.6, 2002-10-17 14:08:43-07:00, greg@kroah.com
LSM: convert over the remaining security calls to the new format.
ipc/msg.c | 7 +++----
ipc/sem.c | 7 +++----
ipc/shm.c | 7 +++----
ipc/util.c | 2 +-
kernel/acct.c | 3 +--
kernel/capability.c | 10 +++++-----
kernel/exit.c | 6 +++---
kernel/fork.c | 7 +++----
kernel/kmod.c | 2 +-
kernel/sched.c | 15 +++++----------
kernel/signal.c | 3 +--
kernel/sys.c | 49 ++++++++++++++++++-------------------------------
kernel/uid16.c | 3 +--
net/decnet/af_decnet.c | 2 +-
14 files changed, 49 insertions(+), 74 deletions(-)
------
ChangeSet@1.786.16.5, 2002-10-17 14:06:57-07:00, greg@kroah.com
LSM: change all of the VFS related security calls to the new format.
fs/attr.c | 5 +---
fs/dquot.c | 3 --
fs/fcntl.c | 11 +++-------
fs/file_table.c | 6 ++---
fs/inode.c | 6 ++---
fs/ioctl.c | 3 --
fs/locks.c | 12 +++--------
fs/namei.c | 58 +++++++++++++++++++++----------------------------------
fs/namespace.c | 22 ++++++++------------
fs/open.c | 3 --
fs/proc/base.c | 2 -
fs/quota.c | 2 -
fs/read_write.c | 12 +++--------
fs/readdir.c | 3 --
fs/stat.c | 6 +----
fs/super.c | 4 +--
fs/xattr.c | 13 +++---------
init/do_mounts.c | 2 -
mm/mmap.c | 3 --
mm/mprotect.c | 3 --
net/core/scm.c | 3 --
21 files changed, 70 insertions(+), 112 deletions(-)
------
ChangeSet@1.786.16.4, 2002-10-17 14:05:48-07:00, greg@kroah.com
LSM: change all security bprm related calls to the new format.
arch/ppc64/kernel/sys_ppc32.c | 7 +++----
arch/sparc64/kernel/sys_sparc32.c | 7 +++----
fs/exec.c | 15 ++++++---------
3 files changed, 12 insertions(+), 17 deletions(-)
------
ChangeSet@1.786.16.3, 2002-10-17 14:04:04-07:00, greg@kroah.com
LSM: change all usages of security_ops->ptrace() to security_ptrace()
arch/arm/kernel/ptrace.c | 3 +--
arch/i386/kernel/ptrace.c | 3 +--
arch/ia64/kernel/ptrace.c | 3 +--
arch/ppc/kernel/ptrace.c | 3 +--
arch/ppc64/kernel/ptrace.c | 3 +--
arch/ppc64/kernel/ptrace32.c | 3 +--
arch/s390/kernel/ptrace.c | 3 +--
arch/s390x/kernel/ptrace.c | 3 +--
arch/sparc/kernel/ptrace.c | 3 +--
arch/sparc64/kernel/ptrace.c | 3 +--
arch/um/kernel/ptrace.c | 3 +--
arch/x86_64/kernel/ptrace.c | 3 +--
kernel/ptrace.c | 3 +--
13 files changed, 13 insertions(+), 26 deletions(-)
------
ChangeSet@1.786.16.2, 2002-10-17 13:47:59-07:00, greg@kroah.com
LSM: Create CONFIG_SECURITY and disable it by default for now.
This allows the security hooks to be compiled away into nothingness if CONFIG_SECURITY
is disabled. When disabled, the default capabilities functionality is preserved.
When enabled, security modules are allowed to be loaded.
include/linux/sched.h | 8
include/linux/security.h | 1032 ++++++++++++++++++++++++++++++++++++++++++++++-
security/Config.help | 7
security/Config.in | 2
security/Makefile | 10
security/capability.c | 328 +++++++-------
6 files changed, 1216 insertions(+), 171 deletions(-)
------
ChangeSet@1.786.16.1, 2002-10-17 13:16:54-07:00, greg@kroah.com
LSM: add #include <linux/security.h> to a lot of files as they all have security calls in them.
This is needed for the next patches that change the way the security calls work.
arch/ppc64/kernel/sys_ppc32.c | 1 +
arch/s390x/kernel/ptrace.c | 1 +
drivers/base/fs/class.c | 2 ++
drivers/base/fs/intf.c | 2 ++
fs/dquot.c | 1 +
fs/exec.c | 1 +
fs/locks.c | 1 +
fs/namespace.c | 1 +
fs/proc/base.c | 1 +
fs/readdir.c | 1 +
fs/super.c | 2 +-
fs/xattr.c | 1 +
init/do_mounts.c | 1 +
kernel/acct.c | 1 +
kernel/capability.c | 1 +
kernel/kmod.c | 1 +
kernel/ptrace.c | 1 +
kernel/signal.c | 1 +
18 files changed, 20 insertions(+), 1 deletion(-)
------
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH] LSM changes for 2.5.49
2002-11-26 22:04 [BK PATCH] LSM changes for 2.5.49 Greg KH
@ 2002-11-26 22:06 ` Greg KH
0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2002-11-26 22:06 UTC (permalink / raw)
To: linux-kernel, linux-security-module
All 14 of the patches in this set can be found at:
kernel.org/pub/linux/kernel/people/gregkh/lsm/lsm-*2.5.49*
if anyone is interested in seeing them.
I can roll them up into one big patch for 2.5.49 if anyone really wants
that too.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-11-26 22:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-11-26 22:04 [BK PATCH] LSM changes for 2.5.49 Greg KH
2002-11-26 22:06 ` [PATCH] " Greg KH
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.