aboutsummaryrefslogtreecommitdiffstats
path: root/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/README
blob: 44216cf61e727300e4fce7f7737ab0e6e9fcd66f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Patches in this directory were generated on top of the kernel

 git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas-backport.git

branch

 bsp/v3.10.31-ltsi/rcar-gen2-1.9.2

This patches are subdivided in 3 sets.

Set 1: from 3.10-rc1 to 3.14

  0001-Smack-Local-IPv6-port-based-controls.patch
  0002-Smack-Improve-access-check-performance.patch
  0003-Smack-Add-smkfstransmute-mount-option.patch
  0004-Smack-Fix-possible-NULL-pointer-dereference-at-smk_n.patch
  0005-Smack-Fix-the-bug-smackcipso-can-t-set-CIPSO-correct.patch
  0006-Security-Add-Hook-to-test-if-the-particular-xattr-is.patch
  0007-xattr-Constify-name-member-of-struct-xattr.patch
  0008-security-smack-fix-memleak-in-smk_write_rules_list.patch
  0009-security-smack-add-a-hash-table-to-quicken-smk_find_.patch
  0010-Smack-network-label-match-fix.patch
  0011-Smack-IPv6-casting-error-fix-for-3.11.patch
  0012-Smack-parse-multiple-rules-per-write-to-load2-up-to-.patch
  0013-Smack-Implement-lock-security-mode.patch
  0014-Smack-Ptrace-access-check-mode.patch
  0015-smack-fix-allow-either-entry-be-missing-on-access-ac.patch
  0016-Smack-Prevent-the-and-labels-from-being-used-in-SMAC.patch
  0017-Smack-Make-the-syslog-control-configurable.patch
  0018-Smack-change-rule-cap-check.patch
  0019-Smack-Rationalize-mount-restrictions.patch
  0020-Smack-File-receive-audit-correction.patch
  0021-smack-call-WARN_ONCE-instead-of-calling-audit_log_st.patch


Set 2: from 3.14 to 3.19
 
  0022-smack-fix-key-permission-verification.patch
  0023-Minor-improvement-of-smack_sb_kern_mount.patch
  0024-Smack-fix-the-subject-object-order-in-smack_ptrace_t.patch
  0025-Smack-unify-all-ptrace-accesses-in-the-smack.patch
  0026-Smack-adds-smackfs-ptrace-interface.patch
  0027-bugfix-patch-for-SMACK.patch
  0028-SMACK-Fix-handling-value-NULL-in-post-setxattr.patch
  0029-Smack-Correctly-remove-SMACK64TRANSMUTE-attribute.patch
  0030-Smack-bidirectional-UDS-connect-check.patch
  0031-Smack-Verify-read-access-on-file-open-v3.patch
  0032-Smack-Label-cgroup-files-for-systemd.patch
  0033-Warning-in-scanf-string-typing.patch
  0034-Smack-fix-behavior-of-smack_inode_listsecurity.patch
  0035-Smack-handle-zero-length-security-labels-without-pan.patch
  0036-Smack-remove-unneeded-NULL-termination-from-securtit.patch
  0037-Smack-Fix-setting-label-on-successful-file-open.patch
  0038-Smack-Bring-up-access-mode.patch
  0039-Small-fixes-in-comments-describing-function-paramete.patch
  0040-Fix-a-bidirectional-UDS-connect-check-typo.patch
  0041-Make-Smack-operate-on-smack_known-struct-where-it-st.patch
  0042-Smack-Lock-mode-for-the-floor-and-hat-labels.patch
  0043-Security-smack-replace-kzalloc-with-kmem_cache-for-i.patch
  0044-security-smack-fix-out-of-bounds-access-in-smk_parse.patch

Set 3: from 3.19 to 4.0

  0045-smack-miscellaneous-small-fixes-in-function-comments.patch
  0046-smack-fix-logic-in-smack_inode_init_security-functio.patch
  0047-smack-introduce-a-special-case-for-tmpfs-in-smack_d_.patch
  0048-smack-Fix-a-bidirectional-UDS-connect-check-typo.patch
  0049-Smack-Rework-file-hooks.patch
  0050-Smack-secmark-support-for-netfilter.patch
  0051-smack-Add-missing-logging-in-bidirectional-UDS-conne.patch
  0052-smack-fix-possible-use-after-frees-in-task_security-.patch
  0053-Smack-Repair-netfilter-dependency.patch
  0054-Smack-secmark-connections.patch

Some rewritting occured to avoid to take the commits below that are
affecting smack codes without being important for smack.

  f589594 KEYS: Move the flags representing required permission to linux/key.h
  41c3bd2 netlabel: fix a problem when setting bits below the previously lowest bit
  4b8feff netlabel: fix the horribly broken catmap functions
  4fbe63d netlabel: shorter names for the NetLabel catmap funcs/structs
  e0b93ed security: make security_file_set_fowner, f_setown and __f_setown void return
  a455589 assorted conversions to %p[dD]

Some caution has to be taken about evolution of netlabel that is not
integrated.
 
Here is the short log of the commit integrated (not the one prefixed
with sharp).

 c673944 Smack: Local IPv6 port based controls
 2f823ff Smack: Improve access check performance
 e830b39 Smack: Add smkfstransmute mount option
 8cd77a0 Smack: Fix possible NULL pointer dereference at smk_netlbl_mls()
 0fcfee6 Smack: Fix the bug smackcipso can't set CIPSO correctly
 746df9b Security: Add Hook to test if the particular xattr is part of a MAC model.
 9548906 xattr: Constify ->name member of "struct xattr".
 470043b security: smack: fix memleak in smk_write_rules_list()
 4d7cf4a security: smack: add a hash table to quicken smk_find_entry()
 677264e Smack: network label match fix
 6ea0624 Smack: IPv6 casting error fix for 3.11
 10289b0 Smack: parse multiple rules per write to load2, up to PAGE_SIZE-1 bytes
 c0ab6e5 Smack: Implement lock security mode
 b5dfd80 Smack: Ptrace access check mode
 398ce07 smack: fix: allow either entry be missing on access/access2 check (v2)
 19760ad Smack: Prevent the * and @ labels from being used in SMACK64EXEC
 00f84f3 Smack: Make the syslog control configurable
 4afde48 Smack: change rule cap check
 24ea1b6 Smack: Rationalize mount restrictions
 4482a44 Smack: File receive audit correction
 4eb0f4a smack: call WARN_ONCE() instead of calling audit_log_start()
 # f589594 KEYS: Move the flags representing required permission to linux/key.h
 fffea21 smack: fix key permission verifgit checkout ication
 55dfc5d Minor improvement of 'smack_sb_kern_mount'
 959e6c7 Smack: fix the subject/object order in smack_ptrace_traceme()
 5663884 Smack: unify all ptrace accesses in the smack
 6686781 Smack: adds smackfs/ptrace interface
 5e9ab59 bugfix patch for SMACK
 9598f4c SMACK: Fix handling value==NULL in post setxattr
 f59bdfb Smack: Correctly remove SMACK64TRANSMUTE attribute
 54e70ec Smack: bidirectional UDS connect check
 a6834c0 Smack: Verify read access on file open - v3
 36ea735 Smack: Label cgroup files for systemd
 ec554fa Warning in scanf string typing
 # 41c3bd2 netlabel: fix a problem when setting bits below the previously lowest bit
 # 4b8feff netlabel: fix the horribly broken catmap functions
 # 4fbe63d netlabel: shorter names for the NetLabel catmap funcs/structs
 fd5c9d2 Smack: fix behavior of smack_inode_listsecurity
 b862e56 Smack: handle zero-length security labels without panic
 da1b635 Smack: remove unneeded NULL-termination from securtity label
 d83d2c2 Smack: Fix setting label on successful file open
 d166c80 Smack: Bring-up access mode
 e95ef49 Small fixes in comments describing function parameters
 d0175790 Fix a bidirectional UDS connect check typo
 21c7eae Make Smack operate on smack_known struct where it still used char*
 # e0b93ed security: make security_file_set_fowner, f_setown and __f_setown void return
 6c892df Smack: Lock mode for the floor and hat labels
 1a5b472 Security: smack: replace kzalloc with kmem_cache for inode_smack
 # a455589 assorted conversions to %p[dD]
 5c1b662 security: smack: fix out-of-bounds access in smk_parse_smack()
 1a28979 smack: miscellaneous small fixes in function comments
 68390cc smack: fix logic in smack_inode_init_security function
 1d8c232 smack: introduce a special case for tmpfs in smack_d_instantiate()
 96be7b5 smack: Fix a bidirectional UDS connect check typo
 5e7270a Smack: Rework file hooks
 69f287a Smack: secmark support for netfilter
 138a868 smack: Add missing logging in bidirectional UDS connect check
 6d1cff2 smack: fix possible use after frees in task_security() callers
 82b0b2c Smack: Repair netfilter dependency
 7f368ad Smack: secmark connections
 # 8802565 Smack: Use d_is_positive() rather than testing dentry->d_inode