Linux kernel documentation tree maintained by Jonathan Corbet http://mirrors.hust.edu.cn/git/lwn.git/atom?h=docs-5.3 2019-06-05T15:37:17+00:00 2019-06-05T15:37:17+00:00 Thomas Gleixner tglx@linutronix.de 2019-06-01T08:08:55+00:00 urn:sha1:b886d83c5b621abc84ff9616f14c529be3f6b147 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation version 2 of the license extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 315 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Armijn Hemel <armijn@tjaldur.nl> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-12-12T22:58:51+00:00 Paul Gortmaker paul.gortmaker@windriver.com 2018-12-09T20:36:29+00:00 urn:sha1:876979c9308b7228cdaf6785909c57eebc85d911 Historically a lot of these existed because we did not have a distinction between what was modular code and what was providing support to modules via EXPORT_SYMBOL and friends. That changed when we forked out support for the latter into the export.h file. This means we should be able to reduce the usage of module.h in code that is obj-y Makefile or bool Kconfig. The advantage in removing such instances is that module.h itself sources about 15 other headers; adding significantly to what we feed cpp, and it can obscure what headers we are effectively using. Since module.h might have been the implicit source for init.h (for __init) and for export.h (for EXPORT_SYMBOL) we consider each instance for the presence of either and replace as needed. Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: John Johansen <john.johansen@canonical.com> Cc: Mimi Zohar <zohar@linux.ibm.com> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> Cc: David Howells <dhowells@redhat.com> Cc: linux-security-module@vger.kernel.org Cc: linux-integrity@vger.kernel.org Cc: keyrings@vger.kernel.org Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: James Morris <james.morris@microsoft.com> 2018-10-10T16:56:16+00:00 Eric Biggers ebiggers@google.com 2018-09-07T21:33:24+00:00 urn:sha1:1e4c8dafbb6bf72fb5eca035b861e39c5896c2b7 The 12 character temporary buffer is not necessarily long enough to hold a 'long' value. Increase it. Signed-off-by: Eric Biggers <ebiggers@google.com> Cc: stable@vger.kernel.org Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> 2018-10-10T16:56:15+00:00 Eric Biggers ebiggers@google.com 2018-09-07T20:22:23+00:00 urn:sha1:b2724d5802a77b7fb47e84d9b88b80370eccbc64 Constify some static data that is never modified, so that it is placed in .rodata. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> 2018-05-17T12:03:07+00:00 Matthew Garrett mjg59@google.com 2018-05-11T23:12:34+00:00 urn:sha1:0c343af8065be5ceb0c03a876af7c513e960e2ff We want to add additional evm control nodes, and it'd be preferable not to clutter up the securityfs root directory any further. Create a new integrity directory, move the ima directory into it, create an evm directory for the evm attribute and add compatibility symlinks. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-05-17T11:49:12+00:00 Petr Vorel pvorel@suse.cz 2018-04-24T14:30:38+00:00 urn:sha1:de636769c8c7359dacccca61d6c187d864d1d3b8 Define pr_fmt everywhere. Signed-off-by: Petr Vorel <pvorel@suse.cz> Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> (powerpc build error) Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Changelog: Previous pr_fmt definition was too late and caused problems in powerpc allyesconfg build. 2018-05-17T11:47:17+00:00 Petr Vorel pvorel@suse.cz 2018-04-20T13:28:57+00:00 urn:sha1:ffb122de9a60bd789422fd9caa4d8363acf1e851 Kernel configured as CONFIG_IMA_READ_POLICY=y && CONFIG_IMA_WRITE_POLICY=n keeps 0600 mode after loading policy. Remove write permission to state that policy file no longer be written. Signed-off-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2017-11-08T20:16:36+00:00 Thomas Meyer thomas@m3y3r.de 2017-10-07T14:02:21+00:00 urn:sha1:39adb92598a7466e00f72bb8a197d8811017418a Bool initializations should use true and false. Bool tests don't need comparisons. Signed-off-by: Thomas Meyer <thomas@m3y3r.de> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2017-11-08T20:16:36+00:00 Mimi Zohar zohar@linux.vnet.ibm.com 2017-06-27T20:10:39+00:00 urn:sha1:2068626d1345f23fd2b926d834d4f74b37cd7134 The securityfs policy file is removed unless additional rules can be appended to the IMA policy (CONFIG_IMA_WRITE_POLICY), regardless as to whether the policy is configured so that it can be displayed. This patch changes this behavior, removing the securityfs policy file, only if CONFIG_IMA_READ_POLICY is also not enabled. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2017-06-21T18:37:12+00:00 Geliang Tang geliangtang@gmail.com 2017-05-06T15:40:18+00:00 urn:sha1:b4e280304ddb2fb5b6970524e901fc8ae8ec6337 Use memdup_user_nul() helper instead of open-coding to simplify the code. Signed-off-by: Geliang Tang <geliangtang@gmail.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>