Hello Remy,
On 12/20/07, Remy Bohmer [EMAIL PROTECTED] wrote:
So, Is this a serious requirement? Should this be possible?
I have noticed this problem:
[EMAIL PROTECTED]:~# cat /proc/loadavgrt
1.00 1.00 1.00 0/52 1158
[EMAIL PROTECTED]:~# cat /proc/loadavg
0.00 0.00 0.02 1/52 1159
[EMAIL
debugfs: allow access to signed values
Add debugfs_create_s{8,16,32,64}. For these to work properly, we need to remove
a cast in libfs, change the simple_attr_open prototype and thus fix the users as
well.
Cc: Johannes Berg [EMAIL PROTECTED]
Cc: Mattias Nissler [EMAIL PROTECTED]
To: Greg
On Thursday 20 December 2007, Stefano Brivio wrote:
debugfs: allow access to signed values
Add debugfs_create_s{8,16,32,64}. For these to work properly, we need to
remove
a cast in libfs, change the simple_attr_open prototype and thus fix the users
as
well.
Cc: Johannes Berg [EMAIL
By default, all softirq-threads or IRQs will be RT task but if there
is some option user can switch it to NON-RT task then it will be good.
Okay, understood.
I will think about how to add that too. But, probably we can add it
seperately from this patchset.
Kind Regards,
Remy
2007/12/20,
On Wed 19-12-07 19:35:14, Marcin Slusarz wrote:
On Mon, Dec 17, 2007 at 05:50:17PM +0100, Jan Kara wrote:
fix warnings:
fs/udf/super.c:1320:24: warning: symbol 'bh' shadows an earlier one
fs/udf/super.c:1240:21: originally declared here
fs/udf/super.c:1583:4: warning: symbol 'i'
From: Matt Mackall [EMAIL PROTECTED]
Date: Mon, 17 Dec 2007 08:55:54 -0600
On Sun, Dec 16, 2007 at 10:39:17PM -0800, Andrew Morton wrote:
Actually, you may only need these two:
maps4-add-proc-kpagecount-interface.patch
maps4-add-proc-kpageflags-interface.patch
Yes these two were enough,
On Dec 20, 2007 6:37 AM, David Howells [EMAIL PROTECTED] wrote:
Andrew Morton [EMAIL PROTECTED] wrote:
I would be suspecting iget-stop-procfs-from-using-iget-and-read_inode.patch.
I think your suspicions are very unlikely. The patch only affects
proc_get_inode() - and looking at the patch
* Roland McGrath [EMAIL PROTECTED] wrote:
This is a large series of patches, but there are only a couple that
you need to read in detail to know how to get started on cleaning up
your arch code (1, 4, 6).
user_regset is a new kernel-internal interface into the arch code for
accessing
Hi,
Lennart asked for madvise(WILLNEED) to work on anonymous pages, he plans
to use this to pre-fault pages. He currently uses: mlock/munlock for
this purpose.
[ compile tested only ]
Signed-off-by: Peter Zijlstra [EMAIL PROTECTED]
---
diff --git a/mm/madvise.c b/mm/madvise.c
index
With more and more sub-systems/sub-components leaving their footprint
in task handling functions, it seems reasonable to add notifiers that
these components can use instead of having them all patch themselves
directly into core files.
Patch 1 introduces the base definitions and hooks for task
This is the base patch, adding notification for task creation and
deletion.
Signed-off-by: Jan Beulich [EMAIL PROTECTED]
---
include/linux/sched.h |8 +++-
kernel/fork.c | 11 +++
2 files changed, 18 insertions(+), 1 deletion(-)
---
This has the additional benefit of allowing the code to now be built
as a module (which made it necessary to add MODULE_xxx declarations).
Signed-off-by: Jan Beulich [EMAIL PROTECTED]
Cc: Matt Helsley [EMAIL PROTECTED]
---
drivers/connector/Kconfig |5 +--
drivers/connector/cn_proc.c |
Signed-off-by: Jan Beulich [EMAIL PROTECTED]
Cc: David Howells [EMAIL PROTECTED]
---
arch/mips/kernel/kspd.c |7 +++--
include/linux/key.h |4 ---
kernel/sys.c |8 --
security/keys/process_keys.c | 55 ++-
4
Check the rlimit of the tracing task for total and locked memory when
allocating the BTS buffer.
Signed-off-by: Markus Metzger [EMAIL PROTECTED]
---
Index: linux-2.6-x86/arch/x86/kernel/ptrace.c
===
---
Support BTS recording of 32bit and 64bit tasks from 32bit or 64bit tasks.
Signed-off-by: Markus Metzger [EMAIL PROTECTED]
---
Index: linux-2.6-x86/arch/x86/kernel/ds.c
===
--- linux-2.6-x86.orig/arch/x86/kernel/ds.c 2007-12-20
On Thursday 20 December 2007 13:45, Jaswinder Singh wrote:
On 12/20/07, Remy Bohmer [EMAIL PROTECTED] wrote:
So, Is this a serious requirement? Should this be possible?
I have noticed this problem:
[EMAIL PROTECTED]:~# cat /proc/loadavgrt
1.00 1.00 1.00 0/52 1158
[EMAIL PROTECTED]:~# cat
Pass the buffer size for (most) ptrace commands that pass user-allocated
buffers and check that size before accessing the buffer. Unfortunately,
PTRACE_BTS_GET already uses all 4 parameters.
Commands that access user buffers return the number of bytes or records read or
written.
On Wed, 19 Dec 2007, Dave Hansen wrote:
---
linux-2.6.24-rc5/mm/page_alloc.c~memory-controller-move-to-bug-on-in-free_hot_cold_page
2007-12-19 11:31:46.0 +0530
+++ linux-2.6.24-rc5-balbir/mm/page_alloc.c 2007-12-19
11:33:45.0 +0530
@@ -995,7 +995,7 @@ static
On (20/12/07 13:43), Thomas Bogendoerfer didst pronounce:
On Thu, Dec 20, 2007 at 11:44:06AM +, Mel Gorman wrote:
--- a/include/asm-mips/page.h
+++ b/include/asm-mips/page.h
@@ -37,13 +37,6 @@
#include linux/pfn.h
#include asm/io.h
-/*
- * It's normally defined only for
On Wed 19-12-07 20:27:20, Marcin Slusarz wrote:
On Mon, Dec 17, 2007 at 05:32:17PM +0100, Jan Kara wrote:
sparse generated:
fs/udf/namei.c:896:15: originally declared here
fs/udf/namei.c:1147:41: warning: incorrect type in argument 3 (different
signedness)
fs/udf/namei.c:1147:41:
this patch makes room for the vcpu structure in lguest, already used in
this very same way at lguest64. It's the first part of our plan to
have lguest and lguest64 unified too.
When two dogs hang out, you don't have new puppies right in the other day.
Some time has to be elapsed. They have to
this patch introduces a vcpu struct for lguest. In upcoming patches,
more and more fields will be moved from the lguest struct to the vcpu
Signed-off-by: Glauber de Oliveira Costa [EMAIL PROTECTED]
---
drivers/lguest/lg.h | 15 +++
1 files changed, 15 insertions(+), 0 deletions(-)
this patch initializes the first vcpu in the initialize() routing,
which is responsible for starting the process of putting the guest up.
right now, as much of the fields are still not per-vcpu, it does not
do much.
Signed-off-by: Glauber de Oliveira Costa [EMAIL PROTECTED]
---
This patch makes uses of pread() and pwrite() in lguest launcher
to communicate the vcpu id to the lguest driver. The id is kept in
a thread variable, which means we'll span in the future, vcpus as
threads. But right now, only the infrastructure is out there.
Signed-off-by: Glauber de Oliveira
This patch makes the run_guest() routine use the vcpu struct.
This is required since in a smp guest environment, there's no
more the notion of running the guest, but rather, it is running the vcpu
Signed-off-by: Glauber de Oliveira Costa [EMAIL PROTECTED]
---
drivers/lguest/core.c|6
This patch makes the write() file operation smp aware. Which means, receiving
the vcpu_id value through the offset parameter, and being well aware to which
vcpu we're talking to.
Signed-off-by: Glauber de Oliveira Costa [EMAIL PROTECTED]
---
drivers/lguest/lguest_user.c | 11 +--
1
this patch changes do_hcall() and do_async_hcall() interfaces (and obviously
their
callers) to get a vcpu struct. Again, a vcpu services the hypercall, not the
whole
guest
Signed-off-by: Glauber de Oliveira Costa [EMAIL PROTECTED]
---
drivers/lguest/core.c |6 +++---
Here, I introduce per-vcpu timers. With this, we can have
local expiries, needed for accounting time in smp guests
Signed-off-by: Glauber de Oliveira Costa [EMAIL PROTECTED]
---
drivers/lguest/hypercalls.c |2 +-
drivers/lguest/interrupts_and_traps.c | 20 ++--
This patch adapts interrupt processing for using the vcpu struct.
Signed-off-by: Glauber de Oliveira Costa [EMAIL PROTECTED]
---
drivers/lguest/core.c |2 +-
drivers/lguest/interrupts_and_traps.c | 25 ++---
drivers/lguest/lg.h | 10
The switcher needs to be mapped per-vcpu, because different vcpus
will potentially have different page tables (they don't have to,
because threads will share the same).
So our first step is the make the function receive a vcpu struct
Signed-off-by: Glauber de Oliveira Costa [EMAIL PROTECTED]
---
emulate_insn() needs to know about current eip, which will be,
in the future, a per-vcpu thing. So in this patch, the function
prototype is modified to receive a vcpu struct
Signed-off-by: Glauber de Oliveira Costa [EMAIL PROTECTED]
---
drivers/lguest/x86/core.c |5 +++--
1 files changed, 3
The fields found in lguest_arch are not really per-guest,
but per-cpu (gdt, idt, etc). So this patch turns lguest_arch
into lguest_vcpu_arch.
It makes sense to have a per-guest per-arch struct, but this
can be addressed later, when the need arrives.
Signed-off-by: Glauber de Oliveira Costa
Hello,
I noticed the following message in my kernel log.
kernel: neigh: timer !nud_in_timer
(Might be due to a race condition.)
I'm running a UP Linux version 2.6.22.1-rt9
( http://rt.wiki.kernel.org/index.php )
The following /proc entries might be relevant.
This is the most obvious per-vcpu field: registers.
So this patch moves it from struct lguest to struct vcpu,
and patch the places in which they are used, accordingly
Signed-off-by: Glauber de Oliveira Costa [EMAIL PROTECTED]
---
drivers/lguest/interrupts_and_traps.c | 29
lguest struct have room for some fields, namely, cr2, ts, esp1
and ss1, that are not really guest-wide, but rather, vcpu-wide.
This patch puts it in the vcpu struct
Signed-off-by: Glauber de Oliveira Costa [EMAIL PROTECTED]
---
drivers/lguest/hypercalls.c | 10 +-
lguest uses tasks to control its running behaviour (like sending
breaks, controlling halted state, etc). In a per-vcpu environment,
each vcpu will have its own underlying task. So this patch
makes the infrastructure for that possible
Signed-off-by: Glauber de Oliveira Costa [EMAIL PROTECTED]
---
this patch makes the pending_notify field, used to control
pending notifications, per-vcpu, instead of per-guest
Signed-off-by: Glauber de Oliveira Costa [EMAIL PROTECTED]
---
drivers/lguest/core.c|6 +++---
drivers/lguest/hypercalls.c |6 +++---
drivers/lguest/lg.h |
this patch makes the pgdir management per-vcpu. The pgdirs pool
is still guest-wide (although it'll probably need to grow when we
are really executing more vcpus), but the pgdidx index is gone,
since it makes no sense anymore. Instead, we use a per-vcpu
index.
Signed-off-by: Glauber de Oliveira
On further investigation, cat /proc/iomem does not trigger the stack
trace until after a suspend-to-disk/resume cycle has occurred.
I am removing Ingo and Russell from the TO list (as they are apparently
the wrong people) and adding the suspend folks, as suspend is implicated.
My .config file
hello Juergen,
On 12/20/07, Juergen Beisert [EMAIL PROTECTED] wrote:
On Thursday 20 December 2007 13:45, Jaswinder Singh wrote:
So I am curious, if possible, user can switch softirq-threads or IRQs
RT tasks to non-RT tasks for slow hardware or least important hardware
for NON-RT tasks. So
Establish the user API for sending a user-defined signal to the traced task on
a BTS buffer overflow.
This should complete the user API for the BTS ptrace extension.
The patches so far implement wrap-around overflow handling as is needed for
debugging.
The remaining open is another overflow
The quirk is for our Intel platform, we don't want HT MSI mapping
enabled in any of our devices.
BRs
Peer Chen
-Original Message-
From: Eric W. Biederman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 19, 2007 5:59 AM
To: peerchen
Cc: linux-kernel; akpm; Andy Currid; Peer Chen
Document changes for this patch set.
Signed-off-by: Markus Metzger [EMAIL PROTECTED]
---
Index: man/man2/ptrace.2
===
--- man.orig/man2/ptrace.2 2007-12-14 17:45:33.%N +0100
+++ man/man2/ptrace.2 2007-12-20 13:20:07.%N +0100
Le vendredi 14 décembre 2007 à 09:28 -0800, Greg KH a écrit :
On Fri, Dec 14, 2007 at 10:37:39PM +0530, Dhaval Giani wrote:
On Fri, Dec 14, 2007 at 08:26:42AM -0800, Greg KH wrote:
On Thu, Dec 13, 2007 at 09:21:26PM +0100, Ingo Molnar wrote:
* Kay Sievers [EMAIL PROTECTED] wrote:
On Thu, 2007-12-20 at 13:14 +, Hugh Dickins wrote:
On Wed, 19 Dec 2007, Dave Hansen wrote:
---
linux-2.6.24-rc5/mm/page_alloc.c~memory-controller-move-to-bug-on-in-free_hot_cold_page
2007-12-19 11:31:46.0 +0530
+++ linux-2.6.24-rc5-balbir/mm/page_alloc.c
On Thu, Dec 20 2007 at 9:58 +0200, Jens Axboe [EMAIL PROTECTED] wrote:
On Thu, Dec 20 2007, Rusty Russell wrote:
On Thursday 20 December 2007 18:07:41 FUJITA Tomonori wrote:
On Thu, 20 Dec 2007 16:45:18 +1100
Rusty Russell [EMAIL PROTECTED] wrote:
OK, some fixes since last time, as I wade
Manually doing chained sg lists is not trivial, so add some helpers
to make sure that drivers get it right.
Signed-off-by: Jens Axboe [EMAIL PROTECTED]
---
include/linux/scatterlist.h | 125 ---
lib/Makefile|2 +-
lib/scatterlist.c | 281
From: Jens Axboe [EMAIL PROTECTED]
Signed-off-by: Jens Axboe [EMAIL PROTECTED]
---
drivers/scsi/libsrp.c|2 +-
drivers/scsi/scsi_error.c|4 +-
drivers/scsi/scsi_lib.c | 150 +-
drivers/usb/storage/isd200.c |4 +-
From: Jens Axboe [EMAIL PROTECTED]
Signed-off-by: Jens Axboe [EMAIL PROTECTED]
---
drivers/ide/arm/icside.c |6 +++---
drivers/ide/cris/ide-cris.c |2 +-
drivers/ide/ide-dma.c |8
drivers/ide/ide-io.c |2 +-
drivers/ide/ide-probe.c |6
Quoting Pavel Emelyanov ([EMAIL PROTECTED]):
Oren Laadan wrote:
Serge E. Hallyn wrote:
Quoting Pavel Emelyanov ([EMAIL PROTECTED]):
Oren Laadan wrote:
Serge E. Hallyn wrote:
Quoting Oren Laadan ([EMAIL PROTECTED]):
I hate to bring this again, but what if the admin in the container
--
This submission of the AppArmor security module is based against 2.6.24-rc4-mm.
Any comments and feedback to improve implementation are appreciated.
Changes since previous submission
- added apparmor security goal document.
Documentation/lsm/AppArmor-Security-Goal.txt
- removed DAC style
This is needed for computing pathnames in the AppArmor LSM.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/namei.c |2 +-
include/linux/security.h |9 ++---
Required by a later patch that adds a struct vfsmount parameter to
notify_change().
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/ntfs/file.c |2 +-
The vfsmount parameter must be set appropriately for files visibile
outside the kernel. Files that are only used in a filesystem (e.g.,
reiserfs xattr files) will have a NULL vfsmount.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by:
The vfsmount will be passed down to the LSM hook so that LSMs can compute
pathnames.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/ecryptfs/inode.c |5 -
fs/namei.c|
This is needed for computing pathnames in the AppArmor LSM.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/namei.c |2 +-
include/linux/security.h |8 ++--
The vfsmount will be passed down to the LSM hook so that LSMs can compute
pathnames.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/ecryptfs/inode.c |5 -
fs/namei.c | 10
This is needed for computing pathnames in the AppArmor LSM.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/namei.c |2 +-
include/linux/security.h |7 +--
The vfsmount will be passed down to the LSM hook so that LSMs can compute
pathnames.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/ecryptfs/inode.c |4 +++-
fs/namei.c |6
This is needed for computing pathnames in the AppArmor LSM.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/namei.c |2 +-
include/linux/security.h |8 +---
This is needed for computing pathnames in the AppArmor LSM.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/stat.c|3 ++-
include/linux/security.h |8 +---
The vfsmount will be passed down to the LSM hook so that LSMs can compute
pathnames.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/ecryptfs/inode.c |9 +++--
fs/namei.c |
This is needed for computing pathnames in the AppArmor LSM.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/namei.c |3 ++-
include/linux/security.h | 16 +++-
On Thu, 20 Dec 2007, Peter Zijlstra wrote:
Lennart asked for madvise(WILLNEED) to work on anonymous pages, he plans
to use this to pre-fault pages. He currently uses: mlock/munlock for
this purpose.
I certainly agree with this in principle: it just seems an unnecessary
and surprising
The vfsmount will be passed down to the LSM hook so that LSMs can compute
pathnames.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/ecryptfs/inode.c |4 +++-
fs/namei.c|
This is needed for computing pathnames in the AppArmor LSM.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/namei.c |2 +-
include/linux/security.h | 10 +++---
If we unhash the dentry before calling the security_inode_rmdir hook,
we cannot compute the file's pathname in the hook anymore. AppArmor
needs to know the filename in order to decide whether a file may be
deleted, though.
Signed-off-by: John Johansen [EMAIL PROTECTED]
Signed-off-by: Andreas
The vfsmount will be passed down to the LSM hook so that LSMs can compute
pathnames.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/ecryptfs/inode.c |3 ++-
fs/namei.c |
This is needed for computing pathnames in the AppArmor LSM.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/namei.c |2 +-
include/linux/security.h | 10 +++---
The vfsmount will be passed down to the LSM hook so that LSMs can compute
pathnames.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/ecryptfs/inode.c |7 ++-
fs/namei.c | 19
This is needed for computing pathnames in the AppArmor LSM.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/namei.c |6 --
include/linux/security.h | 13 ++---
The vfsmount will be passed down to the LSM hook so that LSMs can compute
pathnames.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/nfsd/vfs.c | 16 +++-
This is needed for computing pathnames in the AppArmor LSM.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/xattr.c |4 ++--
include/linux/security.h | 35
The vfsmount will be passed down to the LSM hook so that LSMs can compute
pathnames.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/nfsd/nfs4xdr.c |2 +-
fs/nfsd/vfs.c
This is needed for computing pathnames in the AppArmor LSM.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/xattr.c |2 +-
include/linux/security.h | 11 +++
The vfsmount will be passed down to the LSM hook so that LSMs can compute
pathnames.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/unionfs/copyup.c |5 +++--
fs/unionfs/xattr.c|
This is needed for computing pathnames in the AppArmor LSM.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/xattr.c |2 +-
include/linux/security.h |9 +
On 2007.12.19 09:44:50 -0800, Linus Torvalds wrote:
On Sun, 16 Dec 2007, Krzysztof Oledzki wrote:
I'll confirm this tomorrow but it seems that even switching to data=ordered
(AFAIK default o ext3) is indeed enough to cure this problem.
Ok, do we actually have any ext3 expert
The vfsmount will be passed down to the LSM hook so that LSMs can compute
pathnames.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/nfsd/vfs.c |7 ---
fs/unionfs/xattr.c|
This is needed for computing pathnames in the AppArmor LSM.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/xattr.c |2 +-
include/linux/security.h | 13 -
First, when __d_path() hits a lazily unmounted mount point, it tries to prepend
the name of the lazily unmounted dentry to the path name. It gets this wrong,
and also overwrites the slash that separates the name from the following
pathname component. This patch fixes that; if a process was in
The path that __d_path() computes can become slightly inconsistent when it
races with mount operations: it grabs the vfsmount_lock when traversing mount
points but immediately drops it again, only to re-grab it when it reaches the
next mount point. The result is that the filename computed is not
In AppArmor, we are interested in pathnames relative to the namespace root.
This is the same as d_path() except for the root where the search ends. Add
a function for computing the namespace-relative path.
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL
Add a new file operation: f_op-fgetattr(), that is invoked by
fstat(). Fall back to i_op-getattr() if it is not defined.
We need this because fstat() semantics can in some cases be better
implemented if the filesystem has the open file available.
Let's take the following example: we have a
From: Miklos Szeredi [EMAIL PROTECTED]
Add a new file operation: f_op-fsetattr(), that is invoked by
ftruncate, fchmod, fchown and utimensat. Fall back to i_op-setattr()
if it is not defined.
For the reasons why we need this, see patch adding fgetattr().
ftruncate() already passed the open
This allows LSMs to also distinguish between file descriptor and path
access for the xattr operations. (The other relevant operations are
covered by the setattr hook.)
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/nfsd/vfs.c
Convert the selinux sysctl pathname computation code into a standalone
function.
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
Reviewed-by: James Morris [EMAIL PROTECTED]
---
include/linux/sysctl.h |2 ++
kernel/sysctl.c |
Set the LOOKUP_CONTINUE flag when checking parent permissions. This allows
permission functions to tell between parent and leaf checks.
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/namei.c |2 ++
1 file changed, 2 insertions(+)
Switch from file_permission() to vfs_permission() in sys_fchdir(): this
avoids calling permission() with a NULL nameidata here.
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/open.c | 11 ++-
1 file changed, 6 insertions(+),
We cannot easily switch from file_permission() to vfs_permission()
everywhere, so fix file_permission() to not use a NULL nameidata
for the remaining users.
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/namei.c |8 +++-
1 file
Update kenel audit range comments to show AppArmor's registered range of
1500-1599. This range used to be reserved for LSPP but LSPP uses the
SE Linux range and the range was given to AppArmor.
Adds necessary export symbols for audit subsystem routines.
Changes audit_log_vformat to be externally
The underlying functions by which the AppArmor LSM hooks are implemented.
Signed-off-by: John Johansen [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
---
security/apparmor/main.c | 1357 +++
1 file changed, 1357 insertions(+)
Module parameters, LSM hooks, initialization and teardown.
Signed-off-by: John Johansen [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
---
security/apparmor/lsm.c | 815
1 file changed, 815 insertions(+)
--- /dev/null
This patch allows ehca to forward event client-reregister-required to
registered clients. Such one event is generated by the switch eg. after
its reboot.
Signed-off-by: Hoang-Nam Nguyen [EMAIL PROTECTED]
---
drivers/infiniband/hw/ehca/ehca_irq.c | 12
1 files changed, 12
Pathname matching, transition table loading, profile loading and
manipulation.
Signed-off-by: John Johansen [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
---
security/apparmor/match.c| 299 +
security/apparmor/match.h| 85 +++
All the things that didn't nicely fit in a category on their own: kbuild
code, declararions and inline functions, /sys/kernel/security/apparmor
filesystem for controlling apparmor from user space, profile list
functions, locking documentation, /proc/$pid/task/$tid/attr/current
access.
Signed-off-by: John Johansen [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
---
security/Kconfig |1 +
security/Makefile |1 +
security/apparmor/Kconfig | 22 --
3 files changed, 22 insertions(+), 2 deletions(-)
---
Signed-off-by: John Johansen [EMAIL PROTECTED]
Signed-off-by: Jesse Michael [EMAIL PROTECTED]
---
security/apparmor/Makefile |7 +
security/apparmor/apparmor.h |7 +
security/apparmor/lsm.c | 129 ++-
Switch from file_permission() to vfs_permission() in do_path_lookup():
this avoids calling permission() with a NULL nameidata here.
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Signed-off-by: John Johansen [EMAIL PROTECTED]
---
fs/namei.c |9 +++--
1 file changed, 3
--- /dev/null
+++ b/Documentation/lsm/AppArmor-Security-Goal.txt
@@ -0,0 +1,134 @@
+AppArmor Security Goal
+Crispin Cowan, PhD
+MercenaryLinux.com
+
+This document specifies the security goal that AppArmor is intended to
+achieve, so that users can evaluate whether AppArmor will meet their
+needs,
101 - 200 of 1372 matches
Mail list logo
