From: Tony Jones [EMAIL PROTECTED]
Minor performance enhancement.
Thread flag TIF_SYSCALL_AUDIT is not cleared for new children when audit
context creation has been disabled (auditctl -e0). This can cause new children
forked from a parent created when audit was enabled to not take the fastest
On Sat, Oct 27, 2007 at 10:21:39AM -0400, Steve Grubb wrote:
On Friday 26 October 2007 04:42:28 pm Tony Jones wrote:
Thread flag TIF_SYSCALL_AUDIT is not cleared for new children when audit
context creation has been disabled (auditctl -e0). This can cause new
children forked from a parent
On Mon, Oct 29, 2007 at 06:04:31PM -0400, Steve Grubb wrote:
If the child does not have the TIF_SYSCALL_AUDIT flag, it never goes into
audit_syscall_entry. It becomes unauditable.
True but a task where current-audit_context == NULL is going to immediately
BUG out in audit_syscall_entry. This
--
Convert from class_device to device for drivers/spi. This is part of the work
to eliminate struct class_device.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
---
Documentation/spi/spi-summary | 13
of the work to eliminate struct class_device.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
---
drivers/isdn/capi/capi.c |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/isdn/capi/capi.c
+++ b/drivers/isdn/capi/capi.c
@@ -1544,11 +1544,11 @@ static int __init capi_init
On Mon, Aug 20, 2007 at 03:48:08PM -0700, [EMAIL PROTECTED] wrote:
--
Content-Disposition: inline; filename=block.patch
Convert from class_device to device for block/pktcdvd.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux
On Mon, Aug 20, 2007 at 03:48:09PM -0700, [EMAIL PROTECTED] wrote:
--
Content-Disposition: inline; filename=aoechr.patch
Convert from class_device to device for block/aoechr. This is part of the
work to eliminate struct class_device.
Signed-off-by: Tony Jones [EMAIL PROTECTED
On Mon, Aug 20, 2007 at 03:48:10PM -0700, [EMAIL PROTECTED] wrote:
--
Content-Disposition: inline; filename=macintosh.patch
Convert from class_device to device for macintosh. This is part of the
work to eliminate struct class_device.
Signed-off-by: Tony Jones [EMAIL PROTECTED
On Mon, Aug 20, 2007 at 03:48:15PM -0700, [EMAIL PROTECTED] wrote:
--
Content-Disposition: inline; filename=spi.patch
Convert from class_device to device for drivers/spi. This is part of the
work
to eliminate struct class_device.
Signed-off-by: Tony Jones [EMAIL PROTECTED
by a diff mechanism. Free free to drop if so.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ
On Mon, Aug 20, 2007 at 03:48:18PM -0700, [EMAIL PROTECTED] wrote:
--
Content-Disposition: inline; filename=misc.patch
Convert from class_device to device for drivers/misc/tifm. This is
part of the work to eliminate struct class_device.
Signed-off-by: Tony Jones [EMAIL PROTECTED
On Mon, Aug 20, 2007 at 03:48:19PM -0700, [EMAIL PROTECTED] wrote:
--
Content-Disposition: inline; filename=mfd.patch
Convert from class_device to device for drivers/mfd/ucb1x00. This is
part of the work to eliminate struct class_device.
Signed-off-by: Tony Jones [EMAIL PROTECTED
On Mon, Aug 20, 2007 at 03:48:14PM -0700, [EMAIL PROTECTED] wrote:
--
Content-Disposition: inline; filename=dma.patch
Convert from class_device to device for drivers/dma/dmaengine. This is
part of the work to eliminate struct class_device.
Signed-off-by: Tony Jones [EMAIL PROTECTED
On Mon, Aug 20, 2007 at 03:48:12PM -0700, [EMAIL PROTECTED] wrote:
--
Content-Disposition: inline; filename=mtd.patch
Convert from class_device to device for drivers/mtd/mtdchar. This is part of
the work to eliminate struct class_device.
Signed-off-by: Tony Jones [EMAIL PROTECTED
On Mon, Aug 20, 2007 at 03:48:11PM -0700, [EMAIL PROTECTED] wrote:
--
Content-Disposition: inline; filename=wan.patch
Convert from class_device to device for drivers/net/wan/cosa. This is part
of
the work to eliminate struct class_device.
Signed-off-by: Tony Jones [EMAIL PROTECTED
On Mon, Aug 20, 2007 at 03:48:13PM -0700, [EMAIL PROTECTED] wrote:
--
Content-Disposition: inline; filename=ide.patch
Convert from class_device to device for drivers/drivers/ide/ide-tape. This
is
part of the work to eliminate struct class_device.
Signed-off-by: Tony Jones [EMAIL
by a diff mechanism. Free free to drop if so. Thanks!
Signed-off-by: Tony Jones [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ
On Tue, Aug 21, 2007 at 11:28:28AM -0700, David Brownell wrote:
On Tuesday 21 August 2007, Tony Jones wrote:
On Mon, Aug 20, 2007 at 03:48:15PM -0700, [EMAIL PROTECTED] wrote:
Convert from class_device to device for drivers/spi. This is part of the
work
to eliminate struct
On Mon, Jul 04, 2005 at 08:59:02AM +0200, Kurt Garloff wrote:
The topic of replacing dummy (with capability) was discussed there
last week, in the context of stacker, but a common solution for both
cases would be needed.
Both cases?
CONFIG_SECURITY_STACKER and !CONFIG_SECURITY_STACKER
On Mon, Jul 04, 2005 at 06:51:35AM -0500, [EMAIL PROTECTED] wrote:
I don't think your symbol_get() is doing what you think it is ;-)
Hmm, I wonder whether something changed. It shouldn't be possible to
rmmod module b if module a has done a symbol_get on it...
Are you thinking of
On Mon, Jul 04, 2005 at 03:06:46PM -0500, [EMAIL PROTECTED] wrote:
You are calling __symbol_get(ops).
Maybe (/probably :-)) I'm totally misunderstanding what you are doing but:
a) I would have thought you would need to call symbol_get on the name the
caller was passing, i.e
On Wed, Aug 24, 2005 at 06:20:30PM -0700, Chris Wright wrote:
static inline int security_ptrace (struct task_struct * parent, struct
task_struct * child)
{
+#ifdef CONFIG_SECURITY
return security_ops-ptrace (parent, child);
+#else
+ return cap_ptrace (parent, child);
+#endif
On Fri, Aug 26, 2005 at 10:59:52AM -0700, Chris Wright wrote:
* Tony Jones ([EMAIL PROTECTED]) wrote:
The discussion about composing with commoncap made me think about whether
this is the best way to do this. It seems that we're heading towards a
requirement that every module internally
On Fri, Aug 26, 2005 at 02:00:56PM -0400, Stephen Smalley wrote:
That makes capability part of the core kernel again, just like DAC,
which means that you can never override a capability denial in your
module. We sometimes want to override the capability implementation,
not just apply
Hi Serge
5) /*
* Workarounds for the fact that get and setprocattr are used only by
* selinux. (Maybe)
*/
No complaints on selinux getting to avoid the (module), they are intree.
Just a FYI that SubDomain/AppArmor uses these hooks also.
And is it ok with using the some_data
On Sat, Jul 30, 2005 at 10:44:09PM -0500, [EMAIL PROTECTED] wrote:
When I discussed this with Albert Cahalan, he *strongly* objected to
allowing whitespace in security contexts, as he felt it would break
scripts that parsed 'ps -Z' output.
Right, I thought this was actually a feature :)
Introduction
The following are a set of patches the goal of which is to pass vfsmounts
through select portions of the VFS layer sufficient to be visible to the LSM
inode operation hooks.
They are being posted now as a request for comment. Presently the AppArmor
code - being a user
Pass struct vfsmount to the inode_create LSM hook.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c
+++ linux-2.6/fs
Remove redundant check from proc_setattr()
notify_change() already calls security_inode_setattr() before
calling iop-setattr.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/proc/base.c
Pass struct file down to remove_suid and children
Pass struct path to remove_suid and should_remove_suid instead of
only the dentry. Required by a later patch that adds a struct
vfsmount parameter to notify_change().
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher
Pass struct vfsmount to the inode_setattr LSM hook
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/attr.c
===
--- linux-2.6.orig/fs/attr.c
+++ linux-2.6/fs/attr.c
Add a struct vfsmount parameter to vfs_mknod()
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/ecryptfs/inode.c
===
--- linux-2.6.orig/fs/ecryptfs/inode.c
Pass struct vfsmount to the inode_symlink LSM hook.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c
+++ linux-2.6/fs
Add struct vfsmount parameters to vfs_link()
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c
+++ linux-2.6/fs/namei.c
Pass struct vfsmount to the inode_unlink LSM hook
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c
+++ linux-2.6/fs
Add a struct vfsmount parameter to vfs_rmdir()
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/ecryptfs/inode.c
===
--- linux-2.6.orig/fs/ecryptfs/inode.c
Pass struct vfsmount to the inode_setxattr LSM hook
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/include/linux/security.h
===
--- linux-2.6.orig/include/linux
Add a struct vfsmount parameter to vfs_setxattr()
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/nfsd/vfs.c
===
--- linux-2.6.orig/fs/nfsd/vfs.c
+++ linux-2.6/fs
Add a struct vfsmount parameter to vfs_listxattr()
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/xattr.c
===
--- linux-2.6.orig/fs/xattr.c
+++ linux-2.6/fs
Pass struct vfsmount to the inode_removexattr LSM hook
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/xattr.c
===
--- linux-2.6.orig/fs/xattr.c
+++ linux-2.6/fs
Pass struct vfsmount to the inode_listxattr LSM hook
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/xattr.c
===
--- linux-2.6.orig/fs/xattr.c
+++ linux-2.6/fs
Add a struct vfsmount parameter to vfs_removexattr()
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/nfsd/vfs.c
===
--- linux-2.6.orig/fs/nfsd/vfs.c
+++ linux-2.6
Pass struct vfsmount to the inode_getxattr LSM hook
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/xattr.c
===
--- linux-2.6.orig/fs/xattr.c
+++ linux-2.6/fs
Add a struct vfsmount parameter to vfs_getxattr()
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/nfsd/vfs.c
===
--- linux-2.6.orig/fs/nfsd/vfs.c
+++ linux-2.6/fs
Pass struct vfsmount to the inode_mknod LSM hook
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c
+++ linux-2.6/fs/namei.c
Add a struct vfsmount parameter to vfs_unlink()
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/ecryptfs/inode.c
===
--- linux-2.6.orig/fs/ecryptfs/inode.c
Pass struct vfsmount to the inode_rename LSM hook
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c
+++ linux-2.6/fs
Add struct vfsmount parameters to vfs_rename()
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/ecryptfs/inode.c
===
--- linux-2.6.orig/fs/ecryptfs/inode.c
Pass struct vfsmount to the inode_rmdir LSM hook
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c
+++ linux-2.6/fs/namei.c
Pass the struct vfsmounts to the inode_link LSM hook
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c
+++ linux-2.6/fs
Pass struct vfsmount to the inode_readlink LSM hook
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/stat.c
===
--- linux-2.6.orig/fs/stat.c
+++ linux-2.6/fs/stat.c
Add a struct vfsmount parameter to vfs_symlink()
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/ecryptfs/inode.c
===
--- linux-2.6.orig/fs/ecryptfs/inode.c
Pass struct vfsmount to the inode_mkdir LSM hook
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c
+++ linux-2.6/fs/namei.c
Add struct vfsmount parameter to vfs_mkdir()
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/ecryptfs/inode.c
===
--- linux-2.6.orig/fs/ecryptfs/inode.c
+++ linux
requests. We cannot put it under any pathname based policy, and
also set vfsmount to NULL there.
The next patch passes the vfsmount to the inode_setattr LSM hook.
Signed-off-by: Tony Jones [EMAIL PROTECTED]
Signed-off-by: Andreas Gruenbacher [EMAIL PROTECTED]
Index: linux-2.6/fs/attr.c
On Thu, Nov 01, 2007 at 10:33:52AM -0400, Steve Grubb wrote:
On Monday 29 October 2007 07:15:30 pm Tony Jones wrote:
On Mon, Oct 29, 2007 at 06:04:31PM -0400, Steve Grubb wrote:
So when audit is re-enabled, how do you make that task auditable?
No idea. How do you do it currently? HINT
Removing a watched file will oops if audit is disabled (auditctl -e 0).
To reproduce:
- auditctl -e 1
- touch /tmp/foo
- auditctl -w /tmp/foo
- auditctl -e 0
- rm /tmp/foo (or mv)
Signed-off-by: Tony Jones [EMAIL PROTECTED]
---
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index
On 12/02/2014 01:27 PM, Richard Guy Briggs wrote:
Since both ppc and ppc64 have LE variants which are now reported by uname, add
that flag (__AUDIT_ARCH_LE) to syscall_get_arch() and add AUDIT_ARCH_PPC*LE
variants.
Without this, perf trace and auditctl fail.
Mainline kernel reports
or comm
(regex).
Signed-off-by: Tony Jones to...@suse.com
Cc: Arnaldo Carvalho de Melo a...@kernel.org
diff --git a/tools/perf/scripts/python/bin/compaction-times-record
b/tools/perf/scripts/python/bin/compaction-times-record
new file mode 100755
index 000..2b7fc42
--- /dev/null
+++ b/tools
On 08/20/2015 12:42 PM, Arnaldo Carvalho de Melo wrote:
Well, we don't have any firm set standard for outputting from scripts,
so if you did it inspired by existing scripts outputs, probably that is
good enough, having someone testing it is a plus, and in these cases, if
the works for me
stats for isolate_migratepages and isolate_freepages
(Vlastimil Babka)
- refactor code to achieve above
- add help text
- output to stdout/stderr explicitly
Signed-off-by: Tony Jones to...@suse.com
Cc: Mel Gorman mgor...@suse.com
Cc: Vlastimil Babka vba...@suse.cz
---
.../scripts/python/bin
[thpscale].6: 163610ns (32 migrated 0 failed)
. output continues ...
Signed-off-by: Tony Jones to...@suse.com
Cc: Mel Gorman mgor...@suse.com
---
.../scripts/python/bin/compaction-times-record | 2 +
.../scripts/python/bin/compaction-times-report | 4 +
tools/perf/scripts/python
On 07/23/2016 12:43 PM, Rik van Riel wrote:
> Janani,
> it may make sense to have the code Tony posted be part of
> your patch series. Just have both of your Signed-off-by:
> lines on that patch.
Rik
Unfortunately the previous patch doesn't work on my system, which was the point
I was trying
On 07/20/2016 07:54 AM, Michal Hocko wrote:
>> Michal, just to make sure I understand you correctly, do you mean that we
>> could infer the names of the shrinkers by looking at the names of their
>> callbacks?
>
> Yes, %ps can then be used for the name of the shrinker structure
> (assuming it
On 07/22/2016 06:27 PM, Tony Jones wrote:
> On 07/20/2016 07:54 AM, Michal Hocko wrote:
>
>>> Michal, just to make sure I understand you correctly, do you mean that we
>>> could infer the names of the shrinkers by looking at the names of their
>>> callbacks
On 07/20/2016 07:54 AM, Michal Hocko wrote:
On Wed 20-07-16 20:11:09, Janani Ravichandran wrote:
On Jul 11, 2016, at 8:03 PM, Michal Hocko wrote:
On Mon 11-07-16 10:12:51, Rik van Riel wrote:
What mechanism do you have in mind for obtaining the name,
Michal?
Not sure
On 07/29/2016 06:00 AM, Mel Gorman wrote:
> On Fri, Jul 29, 2016 at 10:13:40AM +1000, Dave Chinner wrote:
>> On Thu, Jul 28, 2016 at 11:25:13AM +0100, Mel Gorman wrote:
>>> On Thu, Jul 28, 2016 at 03:49:47PM +1000, Dave Chinner wrote:
Seems you're all missing the obvious.
Add a
On 07/12/2016 11:16 PM, Janani Ravichandran wrote:
>> I also have a patch which adds a similar latency script (python) but
>> interfaces it into the perf script setup.
>
> I’m looking for pointers for writing latency scripts using tracepoints as I’m
> new to it. Can I have a look at yours,
On 07/09/2016 01:52 AM, Janani Ravichandran wrote:
> diff --git a/fs/super.c b/fs/super.c
> index d78b984..051073c 100644
> --- a/fs/super.c
> +++ b/fs/super.c
> @@ -241,6 +241,7 @@ static struct super_block *alloc_super(struct
> file_system_type *type, int flags)
> s->s_time_gran =
elf, but raw data is collected and then printed by e.g. trace-cmd?
> How can it possibly interpret the "char *" kernel pointer?
I actually had a similar patch set to this, I was going to post it but Janani
beat me to it ;-)
Vlastimil is correct, I'll attach my patch below so yo
Add NULL end elements to 'unit_to_pmu' map to prevent compiler warning on
some toolchains.
Signed-off-by: Tony Jones <to...@suse.de>
---
tools/perf/pmu-events/jevents.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/pmu-events/jevents.c b/tools/perf/pmu-
Guard _GNU_SOURCE (as done in pt-decoder/intel-pt-decoder.c) to prevent
possible redefinition error.
Signed-off-by: Tony Jones <to...@suse.de>
---
tools/perf/pmu-events/jevents.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/perf/pmu-events/jevents.c b/tools/perf/pmu-
On 04/24/2017 06:05 AM, Andi Kleen wrote:
> On Sun, Apr 23, 2017 at 09:26:32PM -0700, Tony Jones wrote:
>> Guard _GNU_SOURCE (as done in pt-decoder/intel-pt-decoder.c) to prevent
>> possible redefinition error.
>
> Who defines it?
>
> If it's always defined so
%)
Stddev4096 100.25 ( 0.00%) 88.50 ( 11.72%)
Stddev8192 358.13 ( 0.00%) 169.99 ( 52.54%)
Stddev16384 43.99 ( 0.00%) 141.82 (-222.39%)
Signed-off-by: Tony Jones
Fixes: 56974a6fcfef ("apparmor: add base infastructure for socket
medi
On 09/07/2018 09:37 AM, John Johansen wrote:
> hey Tony,
>
> thanks for the patch, I am curious did you're investigation look
> into what parts of DEFINE_AUDIT_SK are causing the issue?
Hi JJ.
Attached are the perf annotations for DEFINE_AUDIT_SK (percentages are relative
to the fn).
Our
On Mon, Jul 04, 2005 at 08:59:02AM +0200, Kurt Garloff wrote:
> > The topic of replacing dummy (with capability) was discussed there
> > last week, in the context of stacker, but a common solution for both
> > cases would be needed.
>
> Both cases?
CONFIG_SECURITY_STACKER and
On Mon, Jul 04, 2005 at 06:51:35AM -0500, [EMAIL PROTECTED] wrote:
> > I don't think your symbol_get() is doing what you think it is ;-)
> Hmm, I wonder whether something changed. It shouldn't be possible to
> rmmod module b if module a has done a symbol_get on it...
Are you thinking of
On Mon, Jul 04, 2005 at 03:06:46PM -0500, [EMAIL PROTECTED] wrote:
> > You are calling __symbol_get("ops").
> >
> > Maybe (/probably :-)) I'm totally misunderstanding what you are doing but:
> > a) I would have thought you would need to call symbol_get on the name the
> >caller was passing,
On Wed, Jul 27, 2005 at 01:17:32PM -0500, [EMAIL PROTECTED] wrote:
Hi Serge.
A few trivial things I noticed whilst writing some internal documentation
on Stacker. Nothing deep here, but thought I'd pass them along.
I'll try to actually try out the code next week.
I made these notes as I was
Hi Serge
> > 5) /*
> > * Workarounds for the fact that get and setprocattr are used only by
> > * selinux. (Maybe)
> > */
> >
> > No complaints on selinux getting to avoid the (module), they are intree.
> > Just a FYI that SubDomain/AppArmor uses these hooks also.
>
> And is it ok with
On Sat, Jul 30, 2005 at 10:44:09PM -0500, [EMAIL PROTECTED] wrote:
> > When I discussed this with Albert Cahalan, he *strongly* objected to
> > allowing whitespace in security contexts, as he felt it would break
> > scripts that parsed 'ps -Z' output.
>
> Right, I thought this was actually a
On Wed, Aug 24, 2005 at 06:20:30PM -0700, Chris Wright wrote:
> static inline int security_ptrace (struct task_struct * parent, struct
> task_struct * child)
> {
> +#ifdef CONFIG_SECURITY
> return security_ops->ptrace (parent, child);
> +#else
> + return cap_ptrace (parent, child);
>
On Fri, Aug 26, 2005 at 10:59:52AM -0700, Chris Wright wrote:
> * Tony Jones ([EMAIL PROTECTED]) wrote:
> > The discussion about composing with commoncap made me think about whether
> > this is the best way to do this. It seems that we're heading towards a
> > requirem
On Fri, Aug 26, 2005 at 02:00:56PM -0400, Stephen Smalley wrote:
>
> That makes capability part of the core kernel again, just like DAC,
> which means that you can never override a capability denial in your
> module. We sometimes want to override the capability implementation,
> not just apply
Introduction
The following are a set of patches the goal of which is to pass vfsmounts
through select portions of the VFS layer sufficient to be visible to the LSM
inode operation hooks.
They are being posted now as a request for comment. Presently the AppArmor
code - being a user
Pass struct vfsmount to the inode_create LSM hook.
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c
+++
Remove redundant check from proc_setattr()
notify_change() already calls security_inode_setattr() before
calling iop->setattr.
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Index: linux-2.6
Pass struct file down to remove_suid and children
Pass struct path to remove_suid and should_remove_suid instead of
only the dentry. Required by a later patch that adds a struct
vfsmount parameter to notify_change().
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: A
Pass struct vfsmount to the inode_setattr LSM hook
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Index: linux-2.6/fs/attr.c
===
--- linux-2.6.orig/fs/attr.c
+++
Add a struct vfsmount parameter to vfs_mknod()
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Index: linux-2.6/fs/ecryptfs/inode.c
===
--- linux-2.6.orig/fs/ecry
Pass struct vfsmount to the inode_symlink LSM hook.
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c
+++
Add struct vfsmount parameters to vfs_link()
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c
+++ linux-2.
Pass struct vfsmount to the inode_unlink LSM hook
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c
+++
Add a struct vfsmount parameter to vfs_rmdir()
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Index: linux-2.6/fs/ecryptfs/inode.c
===
--- linux-2.6.orig/fs/ecry
Pass struct vfsmount to the inode_setxattr LSM hook
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Index: linux-2.6/include/linux/security.h
===
--- linux-2.6.orig/i
Add a struct vfsmount parameter to vfs_setxattr()
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Index: linux-2.6/fs/nfsd/vfs.c
===
--- linux-2.6.orig/fs/nfsd/vfs.c
+
Add a struct vfsmount parameter to vfs_listxattr()
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Index: linux-2.6/fs/xattr.c
===
--- linux-2.6.orig/fs/xattr.c
+++
Pass struct vfsmount to the inode_removexattr LSM hook
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Index: linux-2.6/fs/xattr.c
===
--- linux-2.6.orig/fs/xattr.c
+
Pass struct vfsmount to the inode_listxattr LSM hook
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Index: linux-2.6/fs/xattr.c
===
--- linux-2.6.orig/fs/xattr.c
+++
Add a struct vfsmount parameter to vfs_removexattr()
Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Index: linux-2.6/fs/nfsd/vfs.c
===
--- linux-2.6.orig/fs/nfsd/vfs
1 - 100 of 250 matches
Mail list logo