lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1260393952.3344.18.camel@localhost>
Date:	Wed, 09 Dec 2009 16:25:52 -0500
From:	Eric Paris <eparis@...hat.com>
To:	linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-cachefs@...hat.com, ecryptfs-devel@...ts.launchpad.net,
	linux-fsdevel@...r.kernel.org, linux-nfs@...r.kernel.org,
	linux-arch@...r.kernel.org, linux-mm@...ck.org,
	netdev@...r.kernel.org, linux-security-module@...r.kernel.org
Cc:	rdunlap@...otime.net, zohar@...ux.vnet.ibm.com, eparis@...hat.com,
	jmorris@...ei.org, serue@...ibm.com, dhowells@...hat.com,
	steved@...hat.com, tiwai@...e.de, viro@...iv.linux.org.uk,
	tyhicks@...ux.vnet.ibm.com, kirkland@...onical.com,
	akpm@...ux-foundation.org, npiggin@...e.de, wli@...omorphy.com,
	mel@....ul.ie, shuber2@...il.com, dsmith@...hat.com, jack@...e.cz,
	jmalicki@...acarta.com, hch@....de, bfields@...ldses.org,
	neilb@...e.de, agruen@...e.de, john@...nmccutchan.com,
	rlove@...ve.org, ebiederm@...ssion.com, heiko.carstens@...ibm.com,
	penguin-kernel@...ove.SAKURA.ne.jp, miklos@...redi.hu,
	jens.axboe@...cle.com, arnd@...db.de, drepper@...hat.com,
	a.p.zijlstra@...llo.nl, Trond.Myklebust@...app.com, matthew@....cx,
	hooanon05@...oo.co.jp, mingo@...e.hu, rusty@...tcorp.com.au,
	penberg@...helsinki.fi, clg@...ibm.com, hugh.dickins@...cali.co.uk,
	vapier@...too.org, kamezawa.hiroyu@...fujitsu.com,
	nishimura@....nes.nec.co.jp, davem@...emloft.net,
	eric.dumazet@...il.com, sgrubb@...hat.com
Subject: VFS and IMA API patch series please pull

I've sent this patch series out a couple of times but at now 18 patches
long and all having received acks I don't want to send the whole series
again.  I have a version based of off linus' tree including all of the
ACKs I received on list and which has been run through the LTP test
suite successfully.  This series basically does two things.

1) removes all users of get_empty_filp() and init_file()
2) reworks the ima API to hide it under the LSM and remove its hooks
into individual filesystems (shmem, pipes, hugetables, ecrypts, nfs,
networking, ?afs?).

This repo contains all of the patches including those which actually
make init_file() static and remove init_file() from the headers.  They
remove the EXPORT_SYMBOL for those as well.  If a deprecation is
required for out of tree kernel code they can still be exported but that
out of tree code will now certainly fail to work with IMA and will
result in (harmless) printk spam.

I'm not sure who the best person to pull this would be.  VFS maintainer?
Al?  Should I just send straight to Linus?  I'm not sure what the best
path is.  All of the individual fs changes have been acked by their
respective maintainers and the IMA work has been acked by the IMA
maintainer.  The only patches without CLEAR acks and review are the two
which remove the get_empty_filp() and init_file() calls.

The following changes since commit 2b876f95d03e226394b5d360c86127cbefaf614b:
  Linus Torvalds (1):
        Merge branches 'timers-for-linus-ntp' and 'irq-core-for-linus' of git://git.kernel.org/.../tip/linux-2.6-tip

are available in the git repository at:

  git://git.infradead.org/users/eparis/vfsima.git master

Eric Paris (14):
      shmem: do not call fput_filp on an initialized filp
      shmem: use alloc_file instead of init_file
      pipes: use alloc-file instead of duplicating code
      inotify: use alloc_file instead of doing it internally
      networking: rework socket to fd mapping using alloc-file
      vfs: make init-file static
      fs: move get_empty_filp() deffinition to internal.h
      ima: valid return code from ima_inode_alloc
      ima: only insert at inode creation time
      ima: initialize ima before inodes can be allocated
      IMA: clean up the IMA counts updating code
      ima: call ima_inode_free ima_inode_free
      ima: move ima hooks to __dentry_open for easier ima API
      ima: rename ima_path_check to ima_file_check

Mimi Zohar (4):
      ima: Fix refcnt bug in get_path_measurement
      security: move ima_file_check() to lsm hook
      ima: limit imbalance msg
      ima: rename PATH_CHECK to FILE_CHECK

 Documentation/ABI/testing/ima_policy |   12 +-
 fs/cachefiles/rdwr.c                 |    2 -
 fs/ecryptfs/main.c                   |    3 -
 fs/file_table.c                      |   81 +++++------
 fs/hugetlbfs/inode.c                 |    2 -
 fs/internal.h                        |    1 +
 fs/namei.c                           |   35 +----
 fs/nfsd/vfs.c                        |   14 --
 fs/notify/inotify/inotify_user.c     |   23 +-
 fs/open.c                            |    9 +-
 fs/pipe.c                            |   21 +--
 include/asm-generic/fcntl.h          |    8 +
 include/linux/file.h                 |    3 -
 include/linux/fs.h                   |    7 +-
 include/linux/ima.h                  |   16 +--
 init/main.c                          |    2 +-
 ipc/mqueue.c                         |    2 -
 ipc/shm.c                            |    2 -
 mm/shmem.c                           |   25 ++--
 net/socket.c                         |  123 ++++++----------
 security/integrity/ima/ima.h         |    6 +-
 security/integrity/ima/ima_api.c     |    4 +-
 security/integrity/ima/ima_iint.c    |   84 ++---------
 security/integrity/ima/ima_main.c    |  273 +++++++++++++++++-----------------
 security/integrity/ima/ima_policy.c  |   19 ++-
 security/security.c                  |    8 +-
 26 files changed, 324 insertions(+), 461 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ