An error occurred fetching the project authors.
  1. 31 Dec, 2008 1 commit
    • Paul Moore's avatar
      selinux: Deprecate and schedule the removal of the the compat_net functionality · 277d342f
      Paul Moore authored
      This patch is the first step towards removing the old "compat_net" code from
      the kernel.  Secmark, the "compat_net" replacement was first introduced in
      2.6.18 (September 2006) and the major Linux distributions with SELinux support
      have transitioned to Secmark so it is time to start deprecating the "compat_net"
      mechanism.  Testing a patched version of 2.6.28-rc6 with the initial release of
      Fedora Core 5 did not show any problems when running in enforcing mode.
      
      This patch adds an entry to the feature-removal-schedule.txt file and removes
      the SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT configuration option, forcing
      Secmark on by default although it can still be disabled at runtime.  The patch
      also makes the Secmark permission checks "dynamic" in the sense that they are
      only executed when Secmark is configured; this should help prevent problems
      with older distributions that have not yet migrated to Secmark.
      Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
      Acked-by: default avatarJames Morris <jmorris@namei.org>
      277d342f
  2. 11 Sep, 2008 1 commit
  3. 18 Apr, 2008 1 commit
    • Eric Paris's avatar
      selinux: introduce permissive types · 64dbf074
      Eric Paris authored
      Introduce the concept of a permissive type.  A new ebitmap is introduced to
      the policy database which indicates if a given type has the permissive bit
      set or not.  This bit is tested for the scontext of any denial.  The bit is
      meaningless on types which only appear as the target of a decision and never
      the source.  A domain running with a permissive type will be allowed to
      perform any action similarly to when the system is globally set permissive.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      64dbf074
  4. 29 Jan, 2008 1 commit
  5. 09 May, 2007 1 commit
  6. 03 Oct, 2006 2 commits
  7. 26 Sep, 2006 2 commits
  8. 18 Jun, 2006 1 commit
    • James Morris's avatar
      [SECMARK]: Add new packet controls to SELinux · 4e5ab4cb
      James Morris authored
      Add new per-packet access controls to SELinux, replacing the old
      packet controls.
      
      Packets are labeled with the iptables SECMARK and CONNSECMARK targets,
      then security policy for the packets is enforced with these controls.
      
      To allow for a smooth transition to the new controls, the old code is
      still present, but not active by default.  To restore previous
      behavior, the old controls may be activated at runtime by writing a
      '1' to /selinux/compat_net, and also via the kernel boot parameter
      selinux_compat_net.  Switching between the network control models
      requires the security load_policy permission.  The old controls will
      probably eventually be removed and any continued use is discouraged.
      
      With this patch, the new secmark controls for SElinux are disabled by
      default, so existing behavior is entirely preserved, and the user is
      not affected at all.
      
      It also provides a config option to enable the secmark controls by
      default (which can always be overridden at boot and runtime).  It is
      also noted in the kconfig help that the user will need updated
      userspace if enabling secmark controls for SELinux and that they'll
      probably need the SECMARK and CONNMARK targets, and conntrack protocol
      helpers, although such decisions are beyond the scope of kernel
      configuration.
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4e5ab4cb
  9. 08 Feb, 2006 1 commit
  10. 05 Feb, 2006 1 commit
  11. 16 Apr, 2005 1 commit
    • Linus Torvalds's avatar
      Linux-2.6.12-rc2 · 1da177e4
      Linus Torvalds authored
      Initial git repository build. I'm not bothering with the full history,
      even though we have it. We can create a separate "historical" git
      archive of that later if we want to, and in the meantime it's about
      3.2GB when imported into git - space that would just make the early
      git days unnecessarily complicated, when we don't have a lot of good
      infrastructure for it.
      
      Let it rip!
      1da177e4