aboutsummaryrefslogtreecommitdiffstats
path: root/security
Commit message (Expand)AuthorAge
* [NetLabel]: protect the CIPSOv4 socket option from setsockopt()Paul Moore2006-10-30
* NetLabel: better error handling involving mls_export_cat()Paul Moore2006-10-16
* SELinux: Bug fix in polidydb_destroyChad Sellers2006-10-12
* IPsec: correct semantics for SELinux policy matchingVenkat Yekkirala2006-10-12
* NetLabel: use SECINITSID_UNLABELED for a base SIDpaul.moore@hp.com2006-10-12
* NetLabel: fix a cache race conditionpaul.moore@hp.com2006-10-12
* Still more typo fixesMatt LaPlante2006-10-03
* more misc typo fixesMatt LaPlante2006-10-03
* [PATCH] r/o bind mount prepwork: inc_nlink() helperDave Hansen2006-10-01
* [PATCH] MLSXFRM: fix mis-labelling of child socketsDavid Woodhouse2006-09-29
* [PATCH] pidspace: is_init()Sukadev Bhattiprolu2006-09-29
* [PATCH] LSM: remove BSD secure level security moduleChris Wright2006-09-29
* [PATCH] SELinux: support mls categories for context mountsCory Olmo2006-09-29
* [PATCH] inode-diet: Eliminate i_blksize from the inode structureTheodore Ts'o2006-09-27
* [PATCH] inode_diet: Replace inode.u.generic_ip with inode.i_privateTheodore Ts'o2006-09-27
* [PATCH] selinux: fix tty lockingStephen Smalley2006-09-26
* [PATCH] SELinux: convert sbsec semaphore to a mutexEric Paris2006-09-26
* [PATCH] SELinux: change isec semaphore to a mutexEric Paris2006-09-26
* [PATCH] SELinux: eliminate inode_security_set_securityEric Paris2006-09-26
* [PATCH] selinux: add support for range transitions on object classesDarrel Goeddel2006-09-26
* [PATCH] selinux: enable configuration of max policy versionStephen Smalley2006-09-26
* [PATCH] selinux: replace ctxid with sid in selinux_audit_rule_match interfaceStephen Smalley2006-09-26
* [PATCH] selinux: rename selinux_ctxid_to_stringStephen Smalley2006-09-26
* [PATCH] selinux: eliminate selinux_task_ctxidStephen Smalley2006-09-26
* [NetLabel]: change the SELinux permissionsPaul Moore2006-09-25
* [NetLabel]: correct improper handling of non-NetLabel peer contextsPaul Moore2006-09-25
* [SELINUX]: Fix bug in security_sid_mls_copyVenkat Yekkirala2006-09-22
* [NetLabel]: add some missing #includes to various header filesPaul Moore2006-09-22
* [NetLabel]: uninline selinux_netlbl_inode_permission()Paul Moore2006-09-22
* [NetLabel]: Cleanup ebitmap_import()Paul Moore2006-09-22
* [NetLabel]: Comment corrections.Paul Moore2006-09-22
* [NetLabel]: Correctly initialize the NetLabel fields.Paul Moore2006-09-22
* [SELINUX]: security/selinux/hooks.c: Make 4 functions static.Adrian Bunk2006-09-22
* [NetLabel]: SELinux supportVenkat Yekkirala2006-09-22
* [MLSXFRM]: Fix build with SECURITY_NETWORK_XFRM disabled.Venkat Yekkirala2006-09-22
* [MLSXFRM]: Auto-labeling of child socketsVenkat Yekkirala2006-09-22
* [MLSXFRM]: Default labeling of socket specific IPSec policiesVenkat Yekkirala2006-09-22
* [MLSXFRM]: Add flow labelingVenkat Yekkirala2006-09-22
* [MLSXFRM]: Flow based matching of xfrm policy and stateVenkat Yekkirala2006-09-22
* [MLSXFRM]: Add security sid to sockVenkat Yekkirala2006-09-22
* [MLSXFRM]: Define new SELinux service routineVenkat Yekkirala2006-09-22
* [MLSXFRM]: Granular IPSec associations for use in MLS environmentsVenkat Yekkirala2006-09-22
* [CRYPTO] users: Use crypto_hash interface instead of crypto_digestHerbert Xu2006-09-20
* [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patchCatherine Zhang2006-08-02
* [PATCH] selinux: fix bug in security_compute_sidVenkat Yekkirala2006-07-31
* [PATCH] selinux: fix memory leakDarrel Goeddel2006-07-31
* [PATCH] Fix security check for joint context= and fscontext= mount optionsEric Paris2006-07-15
* [PATCH] SELinux: add rootcontext= option to label root inode when mountingEric Paris2006-07-10
* [PATCH] SELinux: decouple fscontext/context mount optionsEric Paris2006-07-10
* [PATCH] audit: support for object context filtersDarrel Goeddel2006-07-01
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-28 09:46:33 -0400
an class="hl kwb">struct dentry *dentry) { /* * We faked vfs to believe the dentry was hashed when we created it. * Now we restore the flag so that dput() will work correctly. */ dentry->d_flags |= DCACHE_UNHASHED; return 1; } static struct file_system_type anon_inode_fs_type = { .name = "anon_inodefs", .get_sb = anon_inodefs_get_sb, .kill_sb = kill_anon_super, }; static struct dentry_operations anon_inodefs_dentry_operations = { .d_delete = anon_inodefs_delete_dentry, }; /** * anon_inode_getfd - creates a new file instance by hooking it up to an * anonymous inode, and a dentry that describe the "class" * of the file * * @name: [in] name of the "class" of the new file * @fops [in] file operations for the new file * @priv [in] private data for the new file (will be file's private_data) * * Creates a new file by hooking it on a single inode. This is useful for files * that do not need to have a full-fledged inode in order to operate correctly. * All the files created with anon_inode_getfd() will share a single inode, * hence saving memory and avoiding code duplication for the file/inode/dentry * setup. Returns new descriptor or -error. */ int anon_inode_getfd(const char *name, const struct file_operations *fops, void *priv) { struct qstr this; struct dentry *dentry; struct file *file; int error, fd; if (IS_ERR(anon_inode_inode)) return -ENODEV; error = get_unused_fd(); if (error < 0) return error; fd = error; /* * Link the inode to a directory entry by creating a unique name * using the inode sequence number. */ error = -ENOMEM; this.name = name; this.len = strlen(name); this.hash = 0; dentry = d_alloc(anon_inode_mnt->mnt_sb->s_root, &this); if (!dentry) goto err_put_unused_fd; /* * We know the anon_inode inode count is always greater than zero, * so we can avoid doing an igrab() and we can use an open-coded * atomic_inc(). */ atomic_inc(&anon_inode_inode->i_count); dentry->d_op = &anon_inodefs_dentry_operations; /* Do not publish this dentry inside the global dentry hash table */ dentry->d_flags &= ~DCACHE_UNHASHED; d_instantiate(dentry, anon_inode_inode); error = -ENFILE; file = alloc_file(anon_inode_mnt, dentry, FMODE_READ | FMODE_WRITE, fops); if (!file) goto err_dput; file->f_mapping = anon_inode_inode->i_mapping; file->f_pos = 0; file->f_flags = O_RDWR; file->f_version = 0; file->private_data = priv; fd_install(fd, file); return fd; err_dput: dput(dentry); err_put_unused_fd: put_unused_fd(fd); return error; } EXPORT_SYMBOL_GPL(anon_inode_getfd); /* * A single inode exists for all anon_inode files. Contrary to pipes, * anon_inode inodes have no associated per-instance data, so we need * only allocate one of them. */ static struct inode *anon_inode_mkinode(void) { struct inode *inode = new_inode(anon_inode_mnt->mnt_sb); if (!inode) return ERR_PTR(-ENOMEM); inode->i_fop = &anon_inode_fops; /* * Mark the inode dirty from the very beginning, * that way it will never be moved to the dirty * list because mark_inode_dirty() will think * that it already _is_ on the dirty list. */ inode->i_state = I_DIRTY; inode->i_mode = S_IRUSR | S_IWUSR; inode->i_uid = current->fsuid; inode->i_gid = current->fsgid; inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; return inode; } static int __init anon_inode_init(void) { int error; error = register_filesystem(&anon_inode_fs_type); if (error) goto err_exit; anon_inode_mnt = kern_mount(&anon_inode_fs_type); if (IS_ERR(anon_inode_mnt)) { error = PTR_ERR(anon_inode_mnt); goto err_unregister_filesystem; } anon_inode_inode = anon_inode_mkinode(); if (IS_ERR(anon_inode_inode)) { error = PTR_ERR(anon_inode_inode); goto err_mntput; } return 0; err_mntput: mntput(anon_inode_mnt); err_unregister_filesystem: unregister_filesystem(&anon_inode_fs_type); err_exit: panic(KERN_ERR "anon_inode_init() failed (%d)\n", error); } fs_initcall(anon_inode_init);
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-28 09:46:33 -0400