|
Revision tags: v6.15, v6.15-rc7, v6.15-rc6, v6.15-rc5, v6.15-rc4, v6.15-rc3, v6.15-rc2, v6.15-rc1, v6.14, v6.14-rc7, v6.14-rc6, v6.14-rc5, v6.14-rc4, v6.14-rc3, v6.14-rc2, v6.14-rc1, v6.13, v6.13-rc7, v6.13-rc6, v6.13-rc5, v6.13-rc4, v6.13-rc3, v6.13-rc2, v6.13-rc1, v6.12, v6.12-rc7, v6.12-rc6, v6.12-rc5, v6.12-rc4, v6.12-rc3, v6.12-rc2, v6.12-rc1, v6.11, v6.11-rc7, v6.11-rc6, v6.11-rc5, v6.11-rc4, v6.11-rc3, v6.11-rc2, v6.11-rc1, v6.10, v6.10-rc7, v6.10-rc6, v6.10-rc5, v6.10-rc4, v6.10-rc3, v6.10-rc2, v6.10-rc1, v6.9, v6.9-rc7, v6.9-rc6, v6.9-rc5, v6.9-rc4, v6.9-rc3, v6.9-rc2, v6.9-rc1, v6.8, v6.8-rc7, v6.8-rc6, v6.8-rc5, v6.8-rc4, v6.8-rc3, v6.8-rc2, v6.8-rc1, v6.7, v6.7-rc8, v6.7-rc7, v6.7-rc6, v6.7-rc5, v6.7-rc4, v6.7-rc3, v6.7-rc2, v6.7-rc1, v6.6, v6.6-rc7, v6.6-rc6, v6.6-rc5, v6.6-rc4, v6.6-rc3, v6.6-rc2, v6.6-rc1, v6.5, v6.5-rc7, v6.5-rc6, v6.5-rc5, v6.5-rc4, v6.5-rc3, v6.5-rc2, v6.5-rc1, v6.4, v6.4-rc7, v6.4-rc6, v6.4-rc5, v6.4-rc4, v6.4-rc3, v6.4-rc2, v6.4-rc1, v6.3, v6.3-rc7, v6.3-rc6, v6.3-rc5, v6.3-rc4, v6.3-rc3, v6.3-rc2, v6.3-rc1, v6.2, v6.2-rc8, v6.2-rc7, v6.2-rc6, v6.2-rc5, v6.2-rc4, v6.2-rc3, v6.2-rc2, v6.2-rc1, v6.1, v6.1-rc8, v6.1-rc7, v6.1-rc6, v6.1-rc5, v6.1-rc4, v6.1-rc3, v6.1-rc2, v6.1-rc1, v6.0, v6.0-rc7 |
|
| #
90c436a6 |
| 20-Sep-2022 |
John Johansen <[email protected]> |
apparmor: pass cred through to audit info.
The cred is needed to properly audit some messages, and will be needed
in the future for uid conditional mediation. So pass it through to
where the apparmo
apparmor: pass cred through to audit info.
The cred is needed to properly audit some messages, and will be needed
in the future for uid conditional mediation. So pass it through to
where the apparmor_audit_data struct gets defined.
Reviewed-by: Georgia Garcia <[email protected]>
Signed-off-by: John Johansen <[email protected]>
show more ...
|
| #
980a5808 |
| 25-Jul-2023 |
Xiu Jianfeng <[email protected]> |
apparmor: cleanup unused functions in file.h
After changes in commit 33bf60cabcc7 ("LSM: Infrastructure management of
the file security"), aa_alloc_file_ctx() and aa_free_file_ctx() are no
longer us
apparmor: cleanup unused functions in file.h
After changes in commit 33bf60cabcc7 ("LSM: Infrastructure management of
the file security"), aa_alloc_file_ctx() and aa_free_file_ctx() are no
longer used, so remove them, and also remove aa_get_file_label() because
it seems that it's never been used before.
Signed-off-by: Xiu Jianfeng <[email protected]>
Signed-off-by: John Johansen <[email protected]>
show more ...
|
|
Revision tags: v6.0-rc6 |
|
| #
65f7f666 |
| 14-Sep-2022 |
Xiu Jianfeng <[email protected]> |
apparmor: make __aa_path_perm() static
Make __aa_path_perm() static as it's only used inside apparmor/file.c.
Signed-off-by: Xiu Jianfeng <[email protected]>
Signed-off-by: John Johansen <john
apparmor: make __aa_path_perm() static
Make __aa_path_perm() static as it's only used inside apparmor/file.c.
Signed-off-by: Xiu Jianfeng <[email protected]>
Signed-off-by: John Johansen <[email protected]>
show more ...
|
|
Revision tags: v6.0-rc5 |
|
| #
0bece4fa |
| 06-Sep-2022 |
John Johansen <[email protected]> |
apparmor: make sure perm indexes are accumulated
accumulate permission indexes on a first encountered basis. This
favors original rulesets so that new ones can not override without
profile replaceme
apparmor: make sure perm indexes are accumulated
accumulate permission indexes on a first encountered basis. This
favors original rulesets so that new ones can not override without
profile replacement.
Signed-off-by: John Johansen <[email protected]>
show more ...
|
|
Revision tags: v6.0-rc4, v6.0-rc3, v6.0-rc2, v6.0-rc1, v5.19, v5.19-rc8, v5.19-rc7 |
|
| #
ae6d35ed |
| 16-Jul-2022 |
John Johansen <[email protected]> |
apparmor: extend xindex size
Allow the xindex to have 2^24 entries.
Signed-off-by: John Johansen <[email protected]>
|
|
Revision tags: v5.19-rc6, v5.19-rc5, v5.19-rc4, v5.19-rc3, v5.19-rc2, v5.19-rc1, v5.18 |
|
| #
b06a62eb |
| 16-May-2022 |
John Johansen <[email protected]> |
apparmor: move dfa perm macros into policy_unpack
Now that the permission remapping macros aren't needed anywhere except
during profile unpack, move them.
Signed-off-by: John Johansen <john.johanse
apparmor: move dfa perm macros into policy_unpack
Now that the permission remapping macros aren't needed anywhere except
during profile unpack, move them.
Signed-off-by: John Johansen <[email protected]>
show more ...
|
|
Revision tags: v5.18-rc7, v5.18-rc6, v5.18-rc5, v5.18-rc4, v5.18-rc3, v5.18-rc2, v5.18-rc1, v5.17, v5.17-rc8, v5.17-rc7, v5.17-rc6, v5.17-rc5, v5.17-rc4, v5.17-rc3, v5.17-rc2, v5.17-rc1 |
|
| #
33fc95d8 |
| 17-Jan-2022 |
John Johansen <[email protected]> |
apparmor: preparse for state being more than just an integer
Convert from an unsigned int to a state_t for state position. This is
a step in prepping for the state position carrying some additional
apparmor: preparse for state being more than just an integer
Convert from an unsigned int to a state_t for state position. This is
a step in prepping for the state position carrying some additional
flags, and a limited form of backtracking to support variables.
Signed-off-by: John Johansen <[email protected]>
show more ...
|
|
Revision tags: v5.16, v5.16-rc8, v5.16-rc7, v5.16-rc6, v5.16-rc5, v5.16-rc4, v5.16-rc3, v5.16-rc2, v5.16-rc1, v5.15, v5.15-rc7, v5.15-rc6, v5.15-rc5, v5.15-rc4, v5.15-rc3, v5.15-rc2, v5.15-rc1, v5.14, v5.14-rc7, v5.14-rc6, v5.14-rc5, v5.14-rc4, v5.14-rc3, v5.14-rc2, v5.14-rc1, v5.13, v5.13-rc7, v5.13-rc6, v5.13-rc5, v5.13-rc4, v5.13-rc3, v5.13-rc2, v5.13-rc1, v5.12, v5.12-rc8, v5.12-rc7, v5.12-rc6, v5.12-rc5, v5.12-rc4, v5.12-rc3, v5.12-rc2, v5.12-rc1, v5.12-rc1-dontuse, v5.11, v5.11-rc7, v5.11-rc6, v5.11-rc5, v5.11-rc4, v5.11-rc3, v5.11-rc2, v5.11-rc1, v5.10, v5.10-rc7, v5.10-rc6, v5.10-rc5 |
|
| #
53bdc46f |
| 19-Nov-2020 |
John Johansen <[email protected]> |
apparmor: combine file_rules and aa_policydb into a single shared struct
file_rules and policydb are almost the same and will need the same
features in the future so combine them.
Signed-off-by: Jo
apparmor: combine file_rules and aa_policydb into a single shared struct
file_rules and policydb are almost the same and will need the same
features in the future so combine them.
Signed-off-by: John Johansen <[email protected]>
show more ...
|
|
Revision tags: v5.10-rc4 |
|
| #
754f209b |
| 12-Nov-2020 |
John Johansen <[email protected]> |
apparmor: move fperm computation into policy_unpack
fperm computation is only needed during policy_unpack so move the
code there to isolate it fromt the run time code.
Signed-off-by: John Johansen
apparmor: move fperm computation into policy_unpack
fperm computation is only needed during policy_unpack so move the
code there to isolate it fromt the run time code.
Signed-off-by: John Johansen <[email protected]>
show more ...
|
|
Revision tags: v5.10-rc3, v5.10-rc2, v5.10-rc1, v5.9, v5.9-rc8, v5.9-rc7, v5.9-rc6, v5.9-rc5, v5.9-rc4, v5.9-rc3, v5.9-rc2, v5.9-rc1, v5.8, v5.8-rc7, v5.8-rc6, v5.8-rc5, v5.8-rc4, v5.8-rc3, v5.8-rc2, v5.8-rc1, v5.7, v5.7-rc7, v5.7-rc6, v5.7-rc5, v5.7-rc4, v5.7-rc3, v5.7-rc2, v5.7-rc1 |
|
| #
408d53e9 |
| 30-Mar-2020 |
Mike Salvatore <[email protected]> |
apparmor: compute file permissions on profile load
Rather than computing file permissions for each file access, file
permissions can be computed once on profile load and stored for lookup.
Signed-o
apparmor: compute file permissions on profile load
Rather than computing file permissions for each file access, file
permissions can be computed once on profile load and stored for lookup.
Signed-off-by: Mike Salvatore <[email protected]>
Signed-off-by: John Johansen <[email protected]>
show more ...
|
| #
f567e7fa |
| 25-Mar-2022 |
John Johansen <[email protected]> |
apparmor: extend policydb permission set by making use of the xbits
The policydb permission set has left the xbits unused. Make them available
for mediation.
Signed-off-by: John Johansen <john.joha
apparmor: extend policydb permission set by making use of the xbits
The policydb permission set has left the xbits unused. Make them available
for mediation.
Signed-off-by: John Johansen <[email protected]>
show more ...
|
| #
ef704545 |
| 25-Jan-2021 |
Randy Dunlap <[email protected]> |
security: apparmor: file.h: delete duplicated word
Delete the doubled word "then" in a comment.
Signed-off-by: Randy Dunlap <[email protected]>
Reviewed-by: Seth Arnold <[email protected]
security: apparmor: file.h: delete duplicated word
Delete the doubled word "then" in a comment.
Signed-off-by: Randy Dunlap <[email protected]>
Reviewed-by: Seth Arnold <[email protected]>
Signed-off-by: John Johansen <[email protected]>
show more ...
|
| #
453431a5 |
| 07-Aug-2020 |
Waiman Long <[email protected]> |
mm, treewide: rename kzfree() to kfree_sensitive()
As said by Linus:
A symmetric naming is only helpful if it implies symmetries in use.
Otherwise it's actively misleading.
In "kzalloc()", t
mm, treewide: rename kzfree() to kfree_sensitive()
As said by Linus:
A symmetric naming is only helpful if it implies symmetries in use.
Otherwise it's actively misleading.
In "kzalloc()", the z is meaningful and an important part of what the
caller wants.
In "kzfree()", the z is actively detrimental, because maybe in the
future we really _might_ want to use that "memfill(0xdeadbeef)" or
something. The "zero" part of the interface isn't even _relevant_.
The main reason that kzfree() exists is to clear sensitive information
that should not be leaked to other future users of the same memory
objects.
Rename kzfree() to kfree_sensitive() to follow the example of the recently
added kvfree_sensitive() and make the intention of the API more explicit.
In addition, memzero_explicit() is used to clear the memory to make sure
that it won't get optimized away by the compiler.
The renaming is done by using the command sequence:
git grep -w --name-only kzfree |\
xargs sed -i 's/kzfree/kfree_sensitive/'
followed by some editing of the kfree_sensitive() kerneldoc and adding
a kzfree backward compatibility macro in slab.h.
[[email protected]: fs/crypto/inline_crypt.c needs linux/slab.h]
[[email protected]: fix fs/crypto/inline_crypt.c some more]
Suggested-by: Joe Perches <[email protected]>
Signed-off-by: Waiman Long <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Acked-by: David Howells <[email protected]>
Acked-by: Michal Hocko <[email protected]>
Acked-by: Johannes Weiner <[email protected]>
Cc: Jarkko Sakkinen <[email protected]>
Cc: James Morris <[email protected]>
Cc: "Serge E. Hallyn" <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Matthew Wilcox <[email protected]>
Cc: David Rientjes <[email protected]>
Cc: Dan Carpenter <[email protected]>
Cc: "Jason A . Donenfeld" <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Linus Torvalds <[email protected]>
show more ...
|
|
Revision tags: v5.6, v5.6-rc7, v5.6-rc6, v5.6-rc5, v5.6-rc4, v5.6-rc3, v5.6-rc2, v5.6-rc1, v5.5, v5.5-rc7, v5.5-rc6, v5.5-rc5, v5.5-rc4, v5.5-rc3, v5.5-rc2, v5.5-rc1, v5.4, v5.4-rc8, v5.4-rc7, v5.4-rc6, v5.4-rc5, v5.4-rc4, v5.4-rc3, v5.4-rc2, v5.4-rc1, v5.3 |
|
| #
341c1fda |
| 14-Sep-2019 |
John Johansen <[email protected]> |
apparmor: make it so work buffers can be allocated from atomic context
In some situations AppArmor needs to be able to use its work buffers
from atomic context. Add the ability to specify when in at
apparmor: make it so work buffers can be allocated from atomic context
In some situations AppArmor needs to be able to use its work buffers
from atomic context. Add the ability to specify when in atomic context
and hold a set of work buffers in reserve for atomic context to
reduce the chance that a large work buffer allocation will need to
be done.
Fixes: df323337e507 ("apparmor: Use a memory pool instead per-CPU caches")
Signed-off-by: John Johansen <[email protected]>
show more ...
|
|
Revision tags: v5.3-rc8, v5.3-rc7, v5.3-rc6, v5.3-rc5, v5.3-rc4, v5.3-rc3, v5.3-rc2, v5.3-rc1, v5.2, v5.2-rc7, v5.2-rc6, v5.2-rc5, v5.2-rc4, v5.2-rc3 |
|
| #
b886d83c |
| 01-Jun-2019 |
Thomas Gleixner <[email protected]> |
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of th
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license as published by
the free software foundation version 2 of the license
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 315 file(s).
Signed-off-by: Thomas Gleixner <[email protected]>
Reviewed-by: Allison Randal <[email protected]>
Reviewed-by: Armijn Hemel <[email protected]>
Cc: [email protected]
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
show more ...
|
|
Revision tags: v5.2-rc2, v5.2-rc1, v5.1, v5.1-rc7, v5.1-rc6, v5.1-rc5, v5.1-rc4, v5.1-rc3, v5.1-rc2, v5.1-rc1, v5.0, v5.0-rc8, v5.0-rc7, v5.0-rc6, v5.0-rc5, v5.0-rc4, v5.0-rc3, v5.0-rc2, v5.0-rc1, v4.20, v4.20-rc7, v4.20-rc6, v4.20-rc5, v4.20-rc4, v4.20-rc3 |
|
| #
33bf60ca |
| 12-Nov-2018 |
Casey Schaufler <[email protected]> |
LSM: Infrastructure management of the file security
Move management of the file->f_security blob out of the
individual security modules and into the infrastructure.
The modules no longer allocate or
LSM: Infrastructure management of the file security
Move management of the file->f_security blob out of the
individual security modules and into the infrastructure.
The modules no longer allocate or free the data, instead
they tell the infrastructure how much space they require.
Signed-off-by: Casey Schaufler <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
[kees: adjusted for ordered init series]
Signed-off-by: Kees Cook <[email protected]>
show more ...
|
|
Revision tags: v4.20-rc2, v4.20-rc1, v4.19, v4.19-rc8, v4.19-rc7, v4.19-rc6, v4.19-rc5, v4.19-rc4, v4.19-rc3, v4.19-rc2, v4.19-rc1, v4.18, v4.18-rc8, v4.18-rc7, v4.18-rc6, v4.18-rc5, v4.18-rc4, v4.18-rc3, v4.18-rc2, v4.18-rc1, v4.17, v4.17-rc7, v4.17-rc6, v4.17-rc5, v4.17-rc4, v4.17-rc3, v4.17-rc2, v4.17-rc1, v4.16, v4.16-rc7, v4.16-rc6, v4.16-rc5, v4.16-rc4, v4.16-rc3, v4.16-rc2, v4.16-rc1, v4.15, v4.15-rc9, v4.15-rc8, v4.15-rc7, v4.15-rc6, v4.15-rc5, v4.15-rc4, v4.15-rc3, v4.15-rc2, v4.15-rc1, v4.14, v4.14-rc8, v4.14-rc7, v4.14-rc6, v4.14-rc5, v4.14-rc4, v4.14-rc3, v4.14-rc2, v4.14-rc1, v4.13, v4.13-rc7, v4.13-rc6, v4.13-rc5, v4.13-rc4, v4.13-rc3, v4.13-rc2 |
|
| #
993b3ab0 |
| 18-Jul-2017 |
Kees Cook <[email protected]> |
apparmor: Refactor to remove bprm_secureexec hook
The AppArmor bprm_secureexec hook can be merged with the bprm_set_creds
hook since it's dealing with the same information, and all of the details
ar
apparmor: Refactor to remove bprm_secureexec hook
The AppArmor bprm_secureexec hook can be merged with the bprm_set_creds
hook since it's dealing with the same information, and all of the details
are finalized during the first call to the bprm_set_creds hook via
prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored
via bprm->called_set_creds).
Here, all the comments describe how secureexec is actually calculated
during bprm_set_creds, so this actually does it, drops the bprm flag that
was being used internally by AppArmor, and drops the bprm_secureexec hook.
Signed-off-by: Kees Cook <[email protected]>
Acked-by: John Johansen <[email protected]>
Reviewed-by: James Morris <[email protected]>
Acked-by: Serge Hallyn <[email protected]>
show more ...
|
|
Revision tags: v4.13-rc1, v4.12, v4.12-rc7, v4.12-rc6, v4.12-rc5 |
|
| #
8014370f |
| 09-Jun-2017 |
John Johansen <[email protected]> |
apparmor: move path_link mediation to using labels
Signed-off-by: John Johansen <[email protected]>
|
| #
aebd873e |
| 09-Jun-2017 |
John Johansen <[email protected]> |
apparmor: refactor path name lookup and permission checks around labels
Signed-off-by: John Johansen <[email protected]>
|
| #
98c3d182 |
| 09-Jun-2017 |
John Johansen <[email protected]> |
apparmor: update aa_audit_file() to use labels
Signed-off-by: John Johansen <[email protected]>
|
| #
190a9518 |
| 09-Jun-2017 |
John Johansen <[email protected]> |
apparmor: move aa_file_perm() to use labels
Signed-off-by: John Johansen <[email protected]>
|
| #
192ca6b5 |
| 09-Jun-2017 |
John Johansen <[email protected]> |
apparmor: revalidate files during exec
Instead of running file revalidation lazily when read/write are called
copy selinux and revalidate the file table on exec. This avoids
extra mediation overhead
apparmor: revalidate files during exec
Instead of running file revalidation lazily when read/write are called
copy selinux and revalidate the file table on exec. This avoids
extra mediation overhead in read/write and also prevents file handles
being passed through to a grand child unchecked.
Signed-off-by: John Johansen <[email protected]>
show more ...
|
| #
2835a13b |
| 09-Jun-2017 |
John Johansen <[email protected]> |
apparmor: cleanup rename XXX_file_context() to XXX_file_ctx()
Signed-off-by: John Johansen <[email protected]>
|
|
Revision tags: v4.12-rc4 |
|
| #
2d679f3c |
| 29-May-2017 |
John Johansen <[email protected]> |
apparmor: switch from file_perms to aa_perms
Signed-off-by: John Johansen <[email protected]>
|
|
Revision tags: v4.12-rc3 |
|
| #
e53cfe6c |
| 26-May-2017 |
John Johansen <[email protected]> |
apparmor: rework perm mapping to a slightly broader set
Signed-off-by: John Johansen <[email protected]>
|