2001_06_20 patch against 2.4.5

• Previous message: Greg KH: "Re: Bitkeeper (was: New LSM patch for consideration)"
• Next in thread: Stephen Smalley: "Re: 2001_06_20 patch against 2.4.5"
• Reply: Stephen Smalley: "Re: 2001_06_20 patch against 2.4.5"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Latest lsm patch is available.
    http://lsm.immunix.org/patches/lsm-2001_06_20-2.4.5.patch.gz
 
BitKeeper has been updated.
 
This is Stephen Smalley's latest proposal merged into 2.4.5.  I backed
out the 2.4.6-pre3 merge.  The relevant changes that happened after that
merge are in this patch (and in BitKeeper) against 2.4.5.

Thanks to everyone who helped, either with code or discussion, produce
this patch.  I'd especially like to thank Stephen for this solid
contribution.  He did a lot of work to unify the hooks and organize
the framework.  Both the dummy and capabilities code are effectively 
using this newly organized lsm framework

Patch includes:
 * capable hook is used as coarse grained permissive hook
 * fine grained hooks are restrictive and uniform
 * default (dummy) security_ops is usable as superuser check
 * capabilities is a module and implements capabilities specific bits of
   ptrace, compute_creds, etc.
 * base logic for compute_creds is in kernel, the rest is done in
   module, this fixed the setuid problem with dummy_ops
 * added kmod_set_label and post_set*id hooks
 * many hooks had additional parameters to make them more useful
 * change to kernel to copy userspace info to tmp variable to use some
   of the additional parameters added to hooks
 * added IPC and fowner/fcntl/sigiotask updates from Chris Vance
   <cvanceat_private>, NAI Labs.
 * added ioctl from Wayne Salamon.
 * initial port to IA64 from Greg Kroah-Hartman
 # secondary module registration now takes a module name as well
 * ...and some things that i'm forgetting right now ;-)
 
-chris

p.s. for those BitKeeper users that want to re-sync without
re-cloning...there are probably many ways to do this.  I know of an easy
fool proof one. In your local repository, simply undo any changes after 1.73:

bk undo -a1.73
bk pull

and you're done.

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "Re: My patch"
• Previous message: Greg KH: "Re: Bitkeeper (was: New LSM patch for consideration)"
• Next in thread: Stephen Smalley: "Re: 2001_06_20 patch against 2.4.5"
• Reply: Stephen Smalley: "Re: 2001_06_20 patch against 2.4.5"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 20 2001 - 19:27:38 PDT