From: Linus Torvalds Date: Sat, 25 Mar 2006 17:24:53 +0000 (-0800) Subject: Merge branch 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit... X-Git-Tag: v2.6.17-rc1~665 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1b9a3917366028cc451a98dd22e3bcd537d4e5c1;p=linux-2.6 Merge branch 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current * 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits) [PATCH] fix audit_init failure path [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format [PATCH] sem2mutex: audit_netlink_sem [PATCH] simplify audit_free() locking [PATCH] Fix audit operators [PATCH] promiscuous mode [PATCH] Add tty to syscall audit records [PATCH] add/remove rule update [PATCH] audit string fields interface + consumer [PATCH] SE Linux audit events [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL [PATCH] Fix IA64 success/failure indication in syscall auditing. [PATCH] Miscellaneous bug and warning fixes [PATCH] Capture selinux subject/object context information. [PATCH] Exclude messages by message type [PATCH] Collect more inode information during syscall processing. [PATCH] Pass dentry, not just name, in fsnotify creation hooks. [PATCH] Define new range of userspace messages. [PATCH] Filter rule comparators ... Fixed trivial conflict in security/selinux/hooks.c --- 1b9a3917366028cc451a98dd22e3bcd537d4e5c1 diff --cc include/linux/fsnotify.h index f7e517c1f1,94919c376a..11438eff4d --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@@ -15,26 -15,8 +15,27 @@@ #include #include + #include +/* + * fsnotify_d_instantiate - instantiate a dentry for inode + * Called with dcache_lock held. + */ +static inline void fsnotify_d_instantiate(struct dentry *entry, + struct inode *inode) +{ + inotify_d_instantiate(entry, inode); +} + +/* + * fsnotify_d_move - entry has been moved + * Called with dcache_lock and entry->d_lock held. + */ +static inline void fsnotify_d_move(struct dentry *entry) +{ + inotify_d_move(entry); +} + /* * fsnotify_move - file old_name at old_dir was moved to new_name at new_dir */ diff --cc net/core/dev.c index e0489ca731,e9f84a66ce..8e1dc30512 --- a/net/core/dev.c +++ b/net/core/dev.c @@@ -111,9 -110,12 +111,10 @@@ #include #include #include -#ifdef CONFIG_NET_RADIO -#include /* Note : will define WIRELESS_EXT */ +#include #include -#endif /* CONFIG_NET_RADIO */ #include + #include /* * The list of packet types we will receive (as opposed to discard) diff --cc security/selinux/hooks.c index ccaf988f37,81b726b1a4..b61b9554bc --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@@ -117,8 -117,32 +117,34 @@@ static struct security_operations *seco static LIST_HEAD(superblock_security_head); static DEFINE_SPINLOCK(sb_security_lock); +static kmem_cache_t *sel_inode_cache; + + /* Return security context for a given sid or just the context + length if the buffer is null or length is 0 */ + static int selinux_getsecurity(u32 sid, void *buffer, size_t size) + { + char *context; + unsigned len; + int rc; + + rc = security_sid_to_context(sid, &context, &len); + if (rc) + return rc; + + if (!buffer || !size) + goto getsecurity_exit; + + if (size < len) { + len = -ERANGE; + goto getsecurity_exit; + } + memcpy(buffer, context, len); + + getsecurity_exit: + kfree(context); + return len; + } + /* Allocate and free functions for each kind of security blob. */ static int task_alloc_security(struct task_struct *task) diff --cc security/selinux/selinuxfs.c index f5d7836548,5eba6664ea..a4efc966f0 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@@ -262,8 -269,11 +270,11 @@@ static ssize_t sel_write_load(struct fi length = ret; else length = count; + audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, + "policy loaded auid=%u", + audit_get_loginuid(current->audit_context)); out: - up(&sel_sem); + mutex_unlock(&sel_mutex); vfree(data); return length; }