Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 30bc9456 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6 

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
  security: enhance DEFAULT_MMAP_MIN_ADDR description
  SELinux: add netport.[ch]
  SELinux: Add network port SID cache
  SELinux: turn mount options strings into defines
  selinux/ss/services.c should #include <linux/selinux.h>
  selinux: introduce permissive types
  selinux: remove ptrace_sid
  SELinux: requesting no permissions in avc_has_perm_noaudit is a BUG()
  security: code cleanup
  security: replace remaining __FUNCTION__ occurrences
  SELinux: create new open permission
  selinux: selinux/netlabel.c should #include "netlabel.h"
  SELinux: unify printk messages
  SELinux: remove unused backpointers from security objects
  SELinux: Correct the NetLabel locking for the sk_security_struct
parents 4cba84b5 5f46ce14

security/Kconfig

+6 −4
Original line number Diff line number Diff line
@@ -113,10 +113,12 @@ config SECURITY_DEFAULT_MMAP_MIN_ADDR 
	  from userspace allocation.  Keeping a user from writing to low pages

	  can help reduce the impact of kernel NULL pointer bugs.



	  For most users with lots of address space a value of 65536 is

	  reasonable and should cause no problems.  Programs which use vm86

	  functionality would either need additional permissions from either

	  the LSM or the capabilities module or have this protection disabled.

	  For most ia64, ppc64 and x86 users with lots of address space

	  a value of 65536 is reasonable and should cause no problems.

	  On arm and other archs it should not be higher than 32768.

	  Programs which use vm86 functionality would either need additional

	  permissions from either the LSM or the capabilities module or have

	  this protection disabled.



	  This value can be changed after boot using the

	  /proc/sys/vm/mmap_min_addr tunable.

security/commoncap.c

+2 −2
Original line number Diff line number Diff line
@@ -267,7 +267,7 @@ static int get_file_caps(struct linux_binprm *bprm) 
	rc = cap_from_disk(&vcaps, bprm, rc);

	if (rc)

		printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n",

			__FUNCTION__, rc, bprm->filename);

			__func__, rc, bprm->filename);



out:

	dput(dentry);
@@ -302,7 +302,7 @@ int cap_bprm_set_security (struct linux_binprm *bprm) 
	ret = get_file_caps(bprm);

	if (ret)

		printk(KERN_NOTICE "%s: get_file_caps returned %d for %s\n",

			__FUNCTION__, ret, bprm->filename);

			__func__, ret, bprm->filename);



	/*  To support inheritance of root-permissions and suid-root

	 *  executables under compatibility mode, we raise all three

security/keys/internal.h

+4 −4
Original line number Diff line number Diff line
@@ -22,16 +22,16 @@ void no_printk(const char *fmt, ...) 


#ifdef __KDEBUG

#define kenter(FMT, ...) \

	printk(KERN_DEBUG "==> %s("FMT")\n", __FUNCTION__, ##__VA_ARGS__)

	printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)

#define kleave(FMT, ...) \

	printk(KERN_DEBUG "<== %s()"FMT"\n", __FUNCTION__, ##__VA_ARGS__)

	printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__)

#define kdebug(FMT, ...) \

	printk(KERN_DEBUG "xxx" FMT"yyy\n", ##__VA_ARGS__)

#else

#define kenter(FMT, ...) \

	no_printk(KERN_DEBUG "==> %s("FMT")\n", __FUNCTION__, ##__VA_ARGS__)

	no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)

#define kleave(FMT, ...) \

	no_printk(KERN_DEBUG "<== %s()"FMT"\n", __FUNCTION__, ##__VA_ARGS__)

	no_printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__)

#define kdebug(FMT, ...) \

	no_printk(KERN_DEBUG FMT"\n", ##__VA_ARGS__)

#endif

security/root_plug.c

+1 −1
Original line number Diff line number Diff line
@@ -49,7 +49,7 @@ module_param(debug, bool, 0600); 
	do {							\

		if (debug)					\

			printk(KERN_DEBUG "%s: %s: " fmt ,	\

				MY_NAME , __FUNCTION__ , 	\

				MY_NAME , __func__ , 	\

				## arg);			\

	} while (0)

security/security.c

+4 −4
Original line number Diff line number Diff line
@@ -57,7 +57,7 @@ int __init security_init(void) 


	if (verify(&dummy_security_ops)) {

		printk(KERN_ERR "%s could not verify "

		       "dummy_security_ops structure.\n", __FUNCTION__);

		       "dummy_security_ops structure.\n", __func__);

		return -EIO;

	}
@@ -82,7 +82,7 @@ int register_security(struct security_operations *ops) 
{

	if (verify(ops)) {

		printk(KERN_DEBUG "%s could not verify "

		       "security_operations structure.\n", __FUNCTION__);

		       "security_operations structure.\n", __func__);

		return -EINVAL;

	}
@@ -110,13 +110,13 @@ int mod_reg_security(const char *name, struct security_operations *ops) 
{

	if (verify(ops)) {

		printk(KERN_INFO "%s could not verify "

		       "security operations.\n", __FUNCTION__);

		       "security operations.\n", __func__);

		return -EINVAL;

	}



	if (ops == security_ops) {

		printk(KERN_INFO "%s security operations "

		       "already registered.\n", __FUNCTION__);

		       "already registered.\n", __func__);

		return -EINVAL;

	}