Toshiharu Harada
harad****@gmail*****
2010年 3月 1日 (月) 08:29:52 JST
2.6.34に取り込まれる予定のセキュリティ関連の修正です。 これを見ると、いかに多くTOMOYOの修正が多かったかわかります。 お疲れさまでした。>半田さん 希望的観測かもしれませんが、2.6.35では、きっとLSMスタック (複数セキュリティモジュールとの併用)以外の主要な 機能が利用できるようになるかもしれません。 ---------- Forwarded message ---------- From: James Morris Date: 2010/3/1 Subject: [GIT] Security subsystem changes for 2.6.34 To: Linus Torvalds Cc: linux-security-module Please pull. Note that there may be a (minor) clash with the vfs tree, fixable with: http://lkml.org/lkml/2010/2/7/228 The following changes since commit 30ff056c42c665b9ea535d8515890857ae382540: Linus Torvalds (1): Merge branch 'x86-uv-for-linus' of git://git.kernel.org/.../tip/linux-2.6-tip are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 for-linus Amerigo Wang (1): selinux: remove a useless return David Howells (1): SELinux: Make selinux_kernel_create_files_as() shouldn't just always return 0 Guido Trentalancia (2): selinux: load the initial SIDs upon every policy load selinux: allow MLS->non-MLS and vice versa upon policy reload James Morris (5): Merge branch 'master' into next security: correct error returns for get/set security with private inodes Merge branch 'master' into next security: fix a couple of sparse warnings Merge branch 'next' into for-linus Julia Lawall (1): security/selinux/ss: correct size computation KaiGai Kohei (2): selinux: remove dead code in type_attribute_bounds_av() selinux: libsepol: remove dead code in check_avtab_hierarchy_callback() Kees Cook (3): syslog: distinguish between /proc/kmsg and syscalls syslog: use defined constants instead of raw numbers syslog: clean up needless comment Stephen Smalley (3): selinux: change the handling of unknown classes selinux: convert range transition list to a hashtab selinux: Only audit permissions specified in policy Tetsuo Handa (20): LSM: Rename security_path_ functions argument names. TOMOYO: Add rest of file operation restrictions. TOMOYO: Compare filesystem by magic number rather than by name. TOMOYO: Use RCU primitives for list operation TOMOYO: Replace rw_semaphore by mutex. LSM: Update comment on security_sock_rcv_skb TOMOYO: Remove memory pool for string data. TOMOYO: Remove memory pool for list elements. TOMOYO: Remove usage counter for temporary memory. TOMOYO: Extract bitfield TOMOYO: Reduce lines by using common path for addition and deletion. TOMOYO: Add refcounter on string data. TOMOYO: Merge headers. TOMOYO: Add refcounter on domain structure. TOMOYO: Add garbage collector. TOMOYO: Use enum for index numbers. TOMOYO: Use shorter names. TOMOYO: Remove unneeded parameter. TOMOYO: Remove __func__ from tomoyo_is_correct_path/domain TOMOYO: Protect find_task_by_vpid() with RCU. Thomas Gleixner (1): capabilities: Use RCU to protect task lookup in sys_capget Xiaotian Feng (1): selinux: fix memory leak in sel_make_bools wzt.w****@gmail***** (1): Security: add static to security_ops and default_security_ops variable fs/proc/kmsg.c | 14 +- include/linux/security.h | 14 +- include/linux/syslog.h | 52 +++ kernel/capability.c | 4 +- kernel/printk.c | 52 ++-- security/capability.c | 4 - security/commoncap.c | 9 +- security/security.c | 49 ++- security/selinux/avc.c | 22 +- security/selinux/hooks.c | 41 +-- security/selinux/include/security.h | 13 +- security/selinux/selinuxfs.c | 12 +- security/selinux/ss/context.h | 12 - security/selinux/ss/mls.c | 48 ++-- security/selinux/ss/mls.h | 2 + security/selinux/ss/mls_types.h | 7 +- security/selinux/ss/policydb.c | 127 ++++--- security/selinux/ss/policydb.h | 10 +- security/selinux/ss/services.c | 273 ++++++++------ security/smack/smack_lsm.c | 4 +- security/tomoyo/Makefile | 2 +- security/tomoyo/common.c | 374 +++++++----------- security/tomoyo/common.h | 530 ++++++++++++++++++++------ security/tomoyo/domain.c | 391 +++++++------------ security/tomoyo/file.c | 731 +++++++++++++++++------------------ security/tomoyo/gc.c | 370 ++++++++++++++++++ security/tomoyo/realpath.c | 269 ++++---------- security/tomoyo/realpath.h | 66 ---- security/tomoyo/tomoyo.c | 142 +++++--- security/tomoyo/tomoyo.h | 94 ----- 30 files changed, 2030 insertions(+), 1708 deletions(-) create mode 100644 include/linux/syslog.h create mode 100644 security/tomoyo/gc.c delete mode 100644 security/tomoyo/realpath.h delete mode 100644 security/tomoyo/tomoyo.h -- James Morris