Acked-by: Catherine Zhang [EMAIL PROTECTED]
Thomas Graf [EMAIL PROTECTED] wrote on 08/05/2006 07:56:20 AM:
Collision between [NetLabel]: SELinux support and
[AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec
Signed-off-by: Thomas Graf [EMAIL PROTECTED]
Index:
David,
I will remember this in the future, I promise.
thank you,
Catherine
David Miller [EMAIL PROTECTED] wrote on 08/02/2006 05:11:03 PM:
Catherine you really must begin to remember to add
proper Signed-off-by: lines to your patch submissions.
I'll sign off on this bug fix, but in the
David,
I did test it with CONFIG_SECURITY disabled, but did not catch the warning
-- I verified that the build completes with a valid vmlinux image. There
are many warnings (device drivers, and others) during the build and I
didn't do a grep to find which one is specific to my patch. Next
I see. The build was fine under x86 and there are so many warnings that a
-Werror probably won't work for me.
thanks,
Catherine
David Miller [EMAIL PROTECTED] wrote on 08/02/2006 06:19:06 PM:
From: Xiaolan Zhang [EMAIL PROTECTED]
Date: Wed, 2 Aug 2006 18:18:07 -0400
I did test
Hi, Catalin and Michal,
Many thanks for your help in fnding and testing the patch!
Catherine
Catalin Marinas [EMAIL PROTECTED] wrote on 07/27/2006 05:00:23
AM:
On 26/07/06, Catherine Zhang [EMAIL PROTECTED] wrote:
Enclosed please find the new fix for the memory leak problem,
incorporating
Thank you all for your help! It's been great working with you.
Catherine
David Miller [EMAIL PROTECTED] wrote on 06/29/2006 03:28:00 PM:
From: James Morris [EMAIL PROTECTED]
Date: Wed, 28 Jun 2006 10:00:48 -0400 (EDT)
On Wed, 28 Jun 2006, Catherine Zhang wrote:
Hi,
Minor fix
Hi,
Thanks for the updates. I am testing the code now. Some minor fixes (so
far):
changed all
#ifdef CONFIG_SECURITY_NETWORKING
to
#ifdef CONFIG_SECURITY_NETWORK
cheers,
Catherine
James Morris [EMAIL PROTECTED] wrote on 06/27/2006 09:57:15 AM:
On Tue, 27 Jun 2006, Stephen Smalley
Some more fixes:
diff -purN -X dontdiff linux-2.6.o/net/unix/af_unix.c linux-2.6.
w/net/unix/af_unix.c
--- linux-2.6.o/net/unix/af_unix.c 2006-06-21 00:02:30.0 -0400
+++ linux-2.6.w/net/unix/af_unix.c 2006-06-27 09:30:12.0 -0400
@@ -128,6 +128,28 @@ static atomic_t
James Morris [EMAIL PROTECTED] wrote on 06/27/2006 09:33:17 PM:
On Tue, 27 Jun 2006, Catherine Zhang wrote:
diff -puN security/selinux/exports.c~lsm-secpeer-unix
security/selinux/exports.c
--- linux-2.6.17-rc6-mm2-JM/security/selinux/exports.c~lsm-
secpeer-unix 2006-06-27
James Morris [EMAIL PROTECTED] wrote on 06/18/2006 04:04:06 AM:
On Sun, 18 Jun 2006, Catherine Zhang wrote:
I'd also mention here that this is to complement the SO_PEERSEC option
for
stream sockets.
OK.
There's an implementation issue, which I'm sure has been mentioned
previously.
Hi, Stephen,
It appears that selinux_enabled is defined inside selinux module and not
visible to the rest of the kernel...
thanks,
Catherine
Stephen Hemminger [EMAIL PROTECTED] wrote on 06/17/2006 12:16:03 AM:
O
+void selinux_get_sock_sid(const struct socket *sock, u32 *sid)
+{
+
Singned-off-by: Catherine Zhang [EMAIL PROTECTED]
James, is this enough or do I need to modify the original patch to add the
above line? The code was taken from various pieces of patches originally
from Trent and merged/modified by me. Let me know what else I need to do.
thanks,
Catherine
Stephen and Andrew,
Many thanks for your comments! Will incorporate your suggestions and
resubmit.
thanks,
Catherine
Stephen Smalley [EMAIL PROTECTED] wrote on 04/10/2006 09:11:47 AM:
On Fri, 2006-04-07 at 19:30 -0400, Catherine Zhang wrote:
Hi, James, Stephen, Dave and Chris,
Hi, Stephen and James,
Looks like the selinux_sk_ctxid() call implemented in James' patch also
requires the sk_callback_lock (see below). I am planning to introduce a
new exported fucntion selinux_sock_ctxid() which does not require any
locking. Comments?
thanks,
Catherine
Stephen Smalley
Thanks everyone for your help! It's been a pleasure working with you.
Catherine
David S. Miller [EMAIL PROTECTED] wrote on 03/10/2006 03:39:51 AM:
From: James Morris [EMAIL PROTECTED]
Date: Thu, 9 Mar 2006 22:40:09 -0500 (EST)
On Thu, 9 Mar 2006, Catherine Zhang wrote:
As per
Hi,
I will work on a fix.
Catherine
[EMAIL PROTECTED] wrote on 03/10/2006 10:48:18 AM:
Hi,
commit ddf1c0e35d73b05ebc9fc12cb374315f806a2764 introduced these
problems,
are people testing with _and_ without SELinux?
security_sid_to_context is only found
at
, optlen, len);
default:
return(-ENOPROTOOPT);
[EMAIL PROTECTED] wrote on 03/10/2006 02:16:44 PM:
On 3/10/06, Arnaldo Carvalho de Melo [EMAIL PROTECTED] wrote:
On 3/10/06, Arnaldo Carvalho de Melo [EMAIL PROTECTED] wrote:
On 3/10/06, Xiaolan Zhang
Arnaldo,
Thanks for the update and quick fix!
Catherine
[EMAIL PROTECTED] wrote on 03/10/2006 02:50:48 PM:
On 3/10/06, Xiaolan Zhang [EMAIL PROTECTED] wrote:
Hi, Arnaldo,
This looks a bit surprising because that 2 lines should have already
been
in the patch (lsm-secpeer
Hi, David,
David S. Miller [EMAIL PROTECTED] wrote on 03/10/2006 06:45:17 PM:
The Unix getpeersec changes added calls to security_sid_to_context(),
but there is no implementation available when CONFIG_SECURITY is
not enabled.
In file included from net/unix/af_unix.c:112:
Hi, James,
I am working on a separate patch for Unix datagram, instead of mixing the
two into one patch.
thanks,
Catherine
James Morris [EMAIL PROTECTED] wrote on 03/08/2006 09:56:33 PM:
On Wed, 8 Mar 2006, David S. Miller wrote:
I thought James still had some objections?
James?
Is
20 matches
Mail list logo