[BK PATCH] LSM changes for 2.5.43

From: Greg KH (gregat_private)
Date: Thu Oct 17 2002 - 14:26:21 PDT

  • Next message: Greg KH: "[PATCH] LSM changes for 2.5.43"

    Hi,
    
    Here are a set of patches that change the way the current LSM hooks
    operate.  This patch creates CONFIG_SECURITY and disables it by default
    for now.  When CONFIG_SECURITY is disabled, all security hooks are
    disabled, and compile away to nothing, with the exception of the default
    capability functions, which are compiled into the kernel.
    
    If CONFIG_SECURITY is set to y, the old way of having the security hooks
    happens (a big table of function pointers.)  I'll introduce a Config.in
    change to allow this to happen when the first security module is
    submitted for inclusion in the kernel tree (there are a number that
    should be submitted soon.)
    
    This should appease the people who don't want the additional overhead of
    having the ability to load different types of security modules.
    
    In creating these patches, I tried to use a #define approach, as some
    people pointed out.  The main detraction from doing this was the need to
    allow the capability functions to be enabled if CONFIG_SECURITY=n.
    Chris Wright proposed a way around this, but that forced all of the
    "dummy" capability hooks to be enabled, and built into the kernel, which
    the "size overhead" people would not appreciate.
    
    If anyone comes up with a clean way to use a #define for these hooks,
    and implement the existing functionality as shown in these patches, I'll
    be glad to change them at a later time.
    
    Linus, please pull from:
    	bk://lsm.bkbits.net/linus-2.5
    
    thanks,
    
    greg k-h
     arch/arm/kernel/ptrace.c          |    3 
     arch/i386/kernel/ptrace.c         |    3 
     arch/ia64/kernel/ptrace.c         |    3 
     arch/ppc/kernel/ptrace.c          |    3 
     arch/ppc64/kernel/ptrace.c        |    3 
     arch/ppc64/kernel/ptrace32.c      |    3 
     arch/ppc64/kernel/sys_ppc32.c     |    8 
     arch/s390/kernel/ptrace.c         |    3 
     arch/s390x/kernel/ptrace.c        |    4 
     arch/sparc/kernel/ptrace.c        |    3 
     arch/sparc64/kernel/ptrace.c      |    3 
     arch/sparc64/kernel/sys_sparc32.c |    7 
     arch/um/kernel/ptrace.c           |    3 
     arch/x86_64/kernel/ptrace.c       |    3 
     drivers/base/fs/class.c           |    2 
     drivers/base/fs/intf.c            |    2 
     fs/attr.c                         |    5 
     fs/dquot.c                        |    4 
     fs/exec.c                         |   16 
     fs/fcntl.c                        |   11 
     fs/file_table.c                   |    6 
     fs/inode.c                        |    6 
     fs/ioctl.c                        |    3 
     fs/locks.c                        |   13 
     fs/namei.c                        |   58 --
     fs/namespace.c                    |   23 
     fs/open.c                         |    3 
     fs/proc/base.c                    |    3 
     fs/quota.c                        |    2 
     fs/read_write.c                   |   12 
     fs/readdir.c                      |    4 
     fs/stat.c                         |    6 
     fs/super.c                        |    6 
     fs/xattr.c                        |   14 
     include/linux/sched.h             |    8 
     include/linux/security.h          | 1032 +++++++++++++++++++++++++++++++++++++-
     init/do_mounts.c                  |    3 
     ipc/msg.c                         |    7 
     ipc/sem.c                         |    7 
     ipc/shm.c                         |    7 
     ipc/util.c                        |    2 
     kernel/acct.c                     |    4 
     kernel/capability.c               |   11 
     kernel/exit.c                     |    6 
     kernel/fork.c                     |    7 
     kernel/kmod.c                     |    3 
     kernel/ptrace.c                   |    4 
     kernel/sched.c                    |   15 
     kernel/signal.c                   |    4 
     kernel/sys.c                      |   49 -
     kernel/uid16.c                    |    3 
     mm/mmap.c                         |    3 
     mm/mprotect.c                     |    3 
     net/core/scm.c                    |    3 
     net/decnet/af_decnet.c            |    2 
     security/Config.help              |    7 
     security/Config.in                |    2 
     security/Makefile                 |   10 
     security/capability.c             |  328 ++++++------
     59 files changed, 1380 insertions(+), 401 deletions(-)
    -----
    
    ChangeSetat_private, 2002-10-17 14:08:43-07:00, gregat_private
      LSM: convert over the remaining security calls to the new format.
    
     ipc/msg.c              |    7 +++----
     ipc/sem.c              |    7 +++----
     ipc/shm.c              |    7 +++----
     ipc/util.c             |    2 +-
     kernel/acct.c          |    3 +--
     kernel/capability.c    |   10 +++++-----
     kernel/exit.c          |    6 +++---
     kernel/fork.c          |    7 +++----
     kernel/kmod.c          |    2 +-
     kernel/sched.c         |   15 +++++----------
     kernel/signal.c        |    3 +--
     kernel/sys.c           |   49 ++++++++++++++++++-------------------------------
     kernel/uid16.c         |    3 +--
     net/decnet/af_decnet.c |    2 +-
     14 files changed, 49 insertions(+), 74 deletions(-)
    ------
    
    ChangeSetat_private, 2002-10-17 14:06:57-07:00, gregat_private
      LSM: change all of the VFS related security calls to the new format.
    
     fs/attr.c        |    5 +---
     fs/dquot.c       |    3 --
     fs/fcntl.c       |   11 +++-------
     fs/file_table.c  |    6 ++---
     fs/inode.c       |    6 ++---
     fs/ioctl.c       |    3 --
     fs/locks.c       |   12 +++--------
     fs/namei.c       |   58 +++++++++++++++++++++----------------------------------
     fs/namespace.c   |   22 ++++++++------------
     fs/open.c        |    3 --
     fs/proc/base.c   |    2 -
     fs/quota.c       |    2 -
     fs/read_write.c  |   12 +++--------
     fs/readdir.c     |    3 --
     fs/stat.c        |    6 +----
     fs/super.c       |    4 +--
     fs/xattr.c       |   13 +++---------
     init/do_mounts.c |    2 -
     mm/mmap.c        |    3 --
     mm/mprotect.c    |    3 --
     net/core/scm.c   |    3 --
     21 files changed, 70 insertions(+), 112 deletions(-)
    ------
    
    ChangeSetat_private, 2002-10-17 14:05:48-07:00, gregat_private
      LSM: change all security bprm related calls to the new format.
    
     arch/ppc64/kernel/sys_ppc32.c     |    7 +++----
     arch/sparc64/kernel/sys_sparc32.c |    7 +++----
     fs/exec.c                         |   15 ++++++---------
     3 files changed, 12 insertions(+), 17 deletions(-)
    ------
    
    ChangeSetat_private, 2002-10-17 14:04:04-07:00, gregat_private
      LSM: change all usages of security_ops->ptrace() to security_ptrace()
    
     arch/arm/kernel/ptrace.c     |    3 +--
     arch/i386/kernel/ptrace.c    |    3 +--
     arch/ia64/kernel/ptrace.c    |    3 +--
     arch/ppc/kernel/ptrace.c     |    3 +--
     arch/ppc64/kernel/ptrace.c   |    3 +--
     arch/ppc64/kernel/ptrace32.c |    3 +--
     arch/s390/kernel/ptrace.c    |    3 +--
     arch/s390x/kernel/ptrace.c   |    3 +--
     arch/sparc/kernel/ptrace.c   |    3 +--
     arch/sparc64/kernel/ptrace.c |    3 +--
     arch/um/kernel/ptrace.c      |    3 +--
     arch/x86_64/kernel/ptrace.c  |    3 +--
     kernel/ptrace.c              |    3 +--
     13 files changed, 13 insertions(+), 26 deletions(-)
    ------
    
    ChangeSetat_private, 2002-10-17 13:47:59-07:00, gregat_private
      LSM:  Create CONFIG_SECURITY and disable it by default for now.
      
      This allows the security hooks to be compiled away into nothingness if CONFIG_SECURITY
      is disabled.  When disabled, the default capabilities functionality is preserved.
      When enabled, security modules are allowed to be loaded.
    
     include/linux/sched.h    |    8 
     include/linux/security.h | 1032 ++++++++++++++++++++++++++++++++++++++++++++++-
     security/Config.help     |    7 
     security/Config.in       |    2 
     security/Makefile        |   10 
     security/capability.c    |  328 +++++++-------
     6 files changed, 1216 insertions(+), 171 deletions(-)
    ------
    
    ChangeSetat_private, 2002-10-17 13:16:54-07:00, gregat_private
      LSM: add #include <linux/security.h> to a lot of files as they all have security calls in them.
      
      This is needed for the next patches that change the way the security calls work.
    
     arch/ppc64/kernel/sys_ppc32.c |    1 +
     arch/s390x/kernel/ptrace.c    |    1 +
     drivers/base/fs/class.c       |    2 ++
     drivers/base/fs/intf.c        |    2 ++
     fs/dquot.c                    |    1 +
     fs/exec.c                     |    1 +
     fs/locks.c                    |    1 +
     fs/namespace.c                |    1 +
     fs/proc/base.c                |    1 +
     fs/readdir.c                  |    1 +
     fs/super.c                    |    2 +-
     fs/xattr.c                    |    1 +
     init/do_mounts.c              |    1 +
     kernel/acct.c                 |    1 +
     kernel/capability.c           |    1 +
     kernel/kmod.c                 |    1 +
     kernel/ptrace.c               |    1 +
     kernel/signal.c               |    1 +
     18 files changed, 20 insertions(+), 1 deletion(-)
    ------
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 14:27:36 PDT