<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/security/apparmor/policy.c, branch linux-3.4.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>LSM: shrink sizeof LSM specific portion of common_audit_data</title>
<updated>2012-04-03T16:48:40+00:00</updated>
<author>
<name>Eric Paris</name>
<email>eparis@redhat.com</email>
</author>
<published>2012-04-03T16:37:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3b3b0e4fc15efa507b902d90cea39e496a523c3b'/>
<id>3b3b0e4fc15efa507b902d90cea39e496a523c3b</id>
<content type='text'>
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop.  This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union.  Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.

Signed-off-by: Eric Paris &lt;eparis@redhat.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop.  This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union.  Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.

Signed-off-by: Eric Paris &lt;eparis@redhat.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>AppArmor: add const qualifiers to string arrays</title>
<updated>2012-03-15T02:09:13+00:00</updated>
<author>
<name>Jan Engelhardt</name>
<email>jengelh@medozas.de</email>
</author>
<published>2012-03-14T12:30:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2d4cee7e3a2b9f9c3237672cc136e20dbad0e2ce'/>
<id>2d4cee7e3a2b9f9c3237672cc136e20dbad0e2ce</id>
<content type='text'>
Signed-off-by: Jan Engelhardt &lt;jengelh@medozas.de&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Jan Engelhardt &lt;jengelh@medozas.de&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>AppArmor: Add ability to load extended policy</title>
<updated>2012-03-15T02:09:03+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2012-02-16T15:07:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ad5ff3db53c68c2f12936bc74ea5dfe0af943592'/>
<id>ad5ff3db53c68c2f12936bc74ea5dfe0af943592</id>
<content type='text'>
Add the base support for the new policy extensions. This does not bring
any additional functionality, or change current semantics.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Kees Cook &lt;kees@ubuntu.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add the base support for the new policy extensions. This does not bring
any additional functionality, or change current semantics.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Kees Cook &lt;kees@ubuntu.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>APPARMOR: Fix memory leak of alloc_namespace()</title>
<updated>2010-11-10T20:36:18+00:00</updated>
<author>
<name>wzt.wzt@gmail.com</name>
<email>wzt.wzt@gmail.com</email>
</author>
<published>2010-11-10T03:31:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=246c3fb16b08193837a8009ff15ef6908534ba71'/>
<id>246c3fb16b08193837a8009ff15ef6908534ba71</id>
<content type='text'>
policy-&gt;name is a substring of policy-&gt;hname, if prefix is not NULL, it will
allocted strlen(prefix) + strlen(name) + 3 bytes to policy-&gt;hname in policy_init().
use kzfree(ns-&gt;base.name) will casue memory leak if alloc_namespace() failed.

Signed-off-by: Zhitong Wang &lt;zhitong.wangzt@alibaba-inc.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
policy-&gt;name is a substring of policy-&gt;hname, if prefix is not NULL, it will
allocted strlen(prefix) + strlen(name) + 3 bytes to policy-&gt;hname in policy_init().
use kzfree(ns-&gt;base.name) will casue memory leak if alloc_namespace() failed.

Signed-off-by: Zhitong Wang &lt;zhitong.wangzt@alibaba-inc.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>AppArmor: Fix locking from removal of profile namespace</title>
<updated>2010-09-07T23:19:34+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2010-08-28T01:33:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=999b4f0aa2314b76857775334cb94bafa053db64'/>
<id>999b4f0aa2314b76857775334cb94bafa053db64</id>
<content type='text'>
The locking for profile namespace removal is wrong, when removing a
profile namespace, it needs to be removed from its parent's list.
Lock the parent of namespace list instead of the namespace being removed.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The locking for profile namespace removal is wrong, when removing a
profile namespace, it needs to be removed from its parent's list.
Lock the parent of namespace list instead of the namespace being removed.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>AppArmor: core policy routines</title>
<updated>2010-08-02T05:38:37+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2010-07-29T21:48:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c88d4c7b049e87998ac0a9f455aa545cc895ef92'/>
<id>c88d4c7b049e87998ac0a9f455aa545cc895ef92</id>
<content type='text'>
The basic routines and defines for AppArmor policy.  AppArmor policy
is defined by a few basic components.
      profiles - the basic unit of confinement contain all the information
                 to enforce policy on a task

                 Profiles tend to be named after an executable that they
                 will attach to but this is not required.
      namespaces - a container for a set of profiles that will be used
                 during attachment and transitions between profiles.
      sids - which provide a unique id for each profile

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The basic routines and defines for AppArmor policy.  AppArmor policy
is defined by a few basic components.
      profiles - the basic unit of confinement contain all the information
                 to enforce policy on a task

                 Profiles tend to be named after an executable that they
                 will attach to but this is not required.
      namespaces - a container for a set of profiles that will be used
                 during attachment and transitions between profiles.
      sids - which provide a unique id for each profile

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
