[RFC] LSM changes for 2.5.38

From: Greg KH (gregat_private)
Date: Thu Sep 26 2002 - 13:25:52 PDT

  • Next message: Greg KH: "Re: [RFC] LSM changes for 2.5.38"

    Hi,
    
    Here are some patches against the latest 2.5 BK tree that add some
    further LSM hooks and documentation to the tree.  There is also one
    minor change to fs/inode.c to allow security modules more information
    about newly created inodes.
    
    These changesets can be found at bk://lsm.bkbits.net/linus-2.5 and I'll
    be attaching the individual patches as responses to this email for those
    who don't want to mess with bitkeeper.
    
    If anyone has any questions or comments on these patches, please let us
    know.  Otherwise I'll be sending them off to Linus in a few days.
    
    thanks,
    
    greg k-h
    
    
     Documentation/DocBook/Makefile        |    2 
     Documentation/DocBook/kernel-api.tmpl |    5 
     Documentation/DocBook/lsm.tmpl        |  285 +++++++++++++++++++++++++++++++++
     arch/i386/kernel/ioport.c             |   14 +
     arch/ia64/ia32/sys_ia32.c             |    7 
     fs/inode.c                            |    2 
     include/linux/ipc.h                   |    1 
     include/linux/msg.h                   |    1 
     include/linux/security.h              |  291 ++++++++++++++++++++++++++++++++++
     ipc/msg.c                             |   57 ++++++
     ipc/sem.c                             |   43 ++++-
     ipc/shm.c                             |   55 ++++++
     ipc/util.c                            |    3 
     kernel/printk.c                       |    4 
     kernel/sys.c                          |   35 ++--
     kernel/sysctl.c                       |    5 
     kernel/time.c                         |    6 
     mm/oom_kill.c                         |    6 
     mm/swapfile.c                         |   10 +
     security/capability.c                 |  210 ++++++++++++++++++++++++
     security/dummy.c                      |  210 ++++++++++++++++++++++++
     21 files changed, 1227 insertions(+), 25 deletions(-)
    -----
    
    ChangeSetat_private, 2002-09-26 13:13:36-07:00, gregat_private
      LSM: added the LSM documentation to the tree.
    
     Documentation/DocBook/Makefile        |    2 
     Documentation/DocBook/kernel-api.tmpl |    5 
     Documentation/DocBook/lsm.tmpl        |  285 ++++++++++++++++++++++++++++++++++
     3 files changed, 291 insertions(+), 1 deletion(-)
    ------
    
    ChangeSetat_private, 2002-09-26 13:05:47-07:00, sdsat_private
      [PATCH] LSM: inode.c init modification
      
      On Thu, 19 Sep 2002, Greg KH wrote:
      
      > Yes, and explaining the fine points of inode_init() and
      > inode_alloc_security() and why they are different, might be a bit tough.
      >
      > {sigh}, well if there's no other way (and I can't think of one right
      > now), but I really don't like it...
      
      Here's a patch that attempt to support the same functionality without
      inserting hooks into filesystem-specific code.  This patch permits the
      security module to perform initialization of the inode security state
      based on the superblock information, enabling SELinux to initialize
      pipe, devpts, and shm inodes without relying on inode_precondition to
      catch them on first use.
      
      This is achieved simply by moving the initialization of inode->i_sb
      before the call to inode_alloc_security, enabling the
      inode_alloc_security hook function to perform the allocation and
      initialization for such inodes.  No new hooks are required.
    
     fs/inode.c |    2 +-
     1 files changed, 1 insertion(+), 1 deletion(-)
    ------
    
    ChangeSetat_private, 2002-09-26 11:56:46-07:00, sdsat_private
      [PATCH] LSM: misc hooks addition
      
      The patch below (relative to the LSM IPC hooks patch) adds the LSM hooks
      for miscellaneous system operations (module_*, sethostname, setdomainname,
      reboot, ioperm/iopl, sysctl, swapon/swapoff, syslog, settime).  It also
      replaces the hardcoded capability tests in the OOM killer code with
      appropriate calls to the LSM capable hook, preserving the original behavior
      as long as the capabilities module is enabled.
    
     arch/i386/kernel/ioport.c |   14 +++++-
     arch/ia64/ia32/sys_ia32.c |    7 +++
     include/linux/security.h  |  106 ++++++++++++++++++++++++++++++++++++++++++++++
     kernel/printk.c           |    4 +
     kernel/sys.c              |   35 ++++++++++-----
     kernel/sysctl.c           |    5 ++
     kernel/time.c             |    6 ++
     mm/oom_kill.c             |    6 +-
     mm/swapfile.c             |   10 ++++
     security/capability.c     |   79 ++++++++++++++++++++++++++++++++++
     security/dummy.c          |   79 ++++++++++++++++++++++++++++++++++
     11 files changed, 337 insertions(+), 14 deletions(-)
    ------
    
    ChangeSetat_private, 2002-09-26 11:56:14-07:00, sdsat_private
      [PATCH] LSM: SysV IPC hooks addition
      
      The patch below adds the LSM hooks for System V IPC to the 2.5.38 kernel.
    
     include/linux/ipc.h      |    1 
     include/linux/msg.h      |    1 
     include/linux/security.h |  185 +++++++++++++++++++++++++++++++++++++++++++++++
     ipc/msg.c                |   57 +++++++++++++-
     ipc/sem.c                |   43 ++++++++++
     ipc/shm.c                |   55 +++++++++++++
     ipc/util.c               |    3 
     security/capability.c    |  131 +++++++++++++++++++++++++++++++++
     security/dummy.c         |  131 +++++++++++++++++++++++++++++++++
     9 files changed, 598 insertions(+), 9 deletions(-)
    ------
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Sep 26 2002 - 13:28:35 PDT