[RFC] LSM changes for 2.5.38

• Previous message: Greg KH: "Re: [patch] inode_init hook"
• Next in thread: Greg KH: "Re: [RFC] LSM changes for 2.5.38"
• Reply: Greg KH: "Re: [RFC] LSM changes for 2.5.38"
• Reply: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Here are some patches against the latest 2.5 BK tree that add some
further LSM hooks and documentation to the tree.  There is also one
minor change to fs/inode.c to allow security modules more information
about newly created inodes.

These changesets can be found at bk://lsm.bkbits.net/linus-2.5 and I'll
be attaching the individual patches as responses to this email for those
who don't want to mess with bitkeeper.

If anyone has any questions or comments on these patches, please let us
know.  Otherwise I'll be sending them off to Linus in a few days.

thanks,

greg k-h


 Documentation/DocBook/Makefile        |    2 
 Documentation/DocBook/kernel-api.tmpl |    5 
 Documentation/DocBook/lsm.tmpl        |  285 +++++++++++++++++++++++++++++++++
 arch/i386/kernel/ioport.c             |   14 +
 arch/ia64/ia32/sys_ia32.c             |    7 
 fs/inode.c                            |    2 
 include/linux/ipc.h                   |    1 
 include/linux/msg.h                   |    1 
 include/linux/security.h              |  291 ++++++++++++++++++++++++++++++++++
 ipc/msg.c                             |   57 ++++++
 ipc/sem.c                             |   43 ++++-
 ipc/shm.c                             |   55 ++++++
 ipc/util.c                            |    3 
 kernel/printk.c                       |    4 
 kernel/sys.c                          |   35 ++--
 kernel/sysctl.c                       |    5 
 kernel/time.c                         |    6 
 mm/oom_kill.c                         |    6 
 mm/swapfile.c                         |   10 +
 security/capability.c                 |  210 ++++++++++++++++++++++++
 security/dummy.c                      |  210 ++++++++++++++++++++++++
 21 files changed, 1227 insertions(+), 25 deletions(-)
-----

ChangeSetat_private, 2002-09-26 13:13:36-07:00, gregat_private
  LSM: added the LSM documentation to the tree.

 Documentation/DocBook/Makefile        |    2 
 Documentation/DocBook/kernel-api.tmpl |    5 
 Documentation/DocBook/lsm.tmpl        |  285 ++++++++++++++++++++++++++++++++++
 3 files changed, 291 insertions(+), 1 deletion(-)
------

ChangeSetat_private, 2002-09-26 13:05:47-07:00, sdsat_private
  [PATCH] LSM: inode.c init modification
  
  On Thu, 19 Sep 2002, Greg KH wrote:
  
  > Yes, and explaining the fine points of inode_init() and
  > inode_alloc_security() and why they are different, might be a bit tough.
  >
  > {sigh}, well if there's no other way (and I can't think of one right
  > now), but I really don't like it...
  
  Here's a patch that attempt to support the same functionality without
  inserting hooks into filesystem-specific code.  This patch permits the
  security module to perform initialization of the inode security state
  based on the superblock information, enabling SELinux to initialize
  pipe, devpts, and shm inodes without relying on inode_precondition to
  catch them on first use.
  
  This is achieved simply by moving the initialization of inode->i_sb
  before the call to inode_alloc_security, enabling the
  inode_alloc_security hook function to perform the allocation and
  initialization for such inodes.  No new hooks are required.

 fs/inode.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)
------

ChangeSetat_private, 2002-09-26 11:56:46-07:00, sdsat_private
  [PATCH] LSM: misc hooks addition
  
  The patch below (relative to the LSM IPC hooks patch) adds the LSM hooks
  for miscellaneous system operations (module_*, sethostname, setdomainname,
  reboot, ioperm/iopl, sysctl, swapon/swapoff, syslog, settime).  It also
  replaces the hardcoded capability tests in the OOM killer code with
  appropriate calls to the LSM capable hook, preserving the original behavior
  as long as the capabilities module is enabled.

 arch/i386/kernel/ioport.c |   14 +++++-
 arch/ia64/ia32/sys_ia32.c |    7 +++
 include/linux/security.h  |  106 ++++++++++++++++++++++++++++++++++++++++++++++
 kernel/printk.c           |    4 +
 kernel/sys.c              |   35 ++++++++++-----
 kernel/sysctl.c           |    5 ++
 kernel/time.c             |    6 ++
 mm/oom_kill.c             |    6 +-
 mm/swapfile.c             |   10 ++++
 security/capability.c     |   79 ++++++++++++++++++++++++++++++++++
 security/dummy.c          |   79 ++++++++++++++++++++++++++++++++++
 11 files changed, 337 insertions(+), 14 deletions(-)
------

ChangeSetat_private, 2002-09-26 11:56:14-07:00, sdsat_private
  [PATCH] LSM: SysV IPC hooks addition
  
  The patch below adds the LSM hooks for System V IPC to the 2.5.38 kernel.

 include/linux/ipc.h      |    1 
 include/linux/msg.h      |    1 
 include/linux/security.h |  185 +++++++++++++++++++++++++++++++++++++++++++++++
 ipc/msg.c                |   57 +++++++++++++-
 ipc/sem.c                |   43 ++++++++++
 ipc/shm.c                |   55 +++++++++++++
 ipc/util.c               |    3 
 security/capability.c    |  131 +++++++++++++++++++++++++++++++++
 security/dummy.c         |  131 +++++++++++++++++++++++++++++++++
 9 files changed, 598 insertions(+), 9 deletions(-)
------

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Greg KH: "Re: [RFC] LSM changes for 2.5.38"
• Previous message: Greg KH: "Re: [patch] inode_init hook"
• Next in thread: Greg KH: "Re: [RFC] LSM changes for 2.5.38"
• Reply: Greg KH: "Re: [RFC] LSM changes for 2.5.38"
• Reply: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 26 2002 - 13:28:35 PDT