The Linux Security Modules project provides a lightweight, general
purpose framework for access control. The LSM interface enables
security policies to be developed as loadable kernel modules.
See http://lsm.immunix.org for more information.
2.5.52-lsm1 patch released. This is a rebase up to 2.5.52 as well as
numerous module updates and bugfixes. The interface has changed, and
the hooks are controlled with CONFIG_SECURITY now. Currently LIDS and
DTE will not compile.
Full lsm-2.5 patch (LSM + all modules) is available at:
http://lsm.immunix.org/patches/2.5/2.5.52/patch-2.5.52-lsm1.gz
The whole ChangeLog for this release is at:
http://lsm.immunix.org/patches/2.5/2.5.52/ChangeLog-2.5.52-lsm1
The LSM 2.5 BK tree can be pulled from:
bk://lsm.bkbits.net/lsm-2.5
2.5.52-lsm1
- merge with 2.5.36-52 (GregKH and me)
- Owlsm module updates (GregKH)
- Makefile and Kconfig cleanups (GregKH)
- SELinux: Assign an initial SID to SCMP packets. (Wayne Salamon)
- dummy module cleanups (GregKH)
- convert hooks to new format (GregKH)
(Stephen Smalley)
- add CONFIG_SECURITY (GregKH)
- SELinux: Handles inodes allocated by AFS (Stephen Smalley)
- SELinux: kill uses of i_dev (Stephen Smalley)
- LIDS 2.0.2pre2 update (Huagang Xie)
- Add hook to init_private_file/release_private_file (Stephen Smalley)
- remove sys_security (Christoph Hellwig)
- LIDS fix __FUNCTION__ pasting (me)
- Kconfig updates (me)
- LIDS workqueue conversion and bug fix (Huagang Xie)
- IPC hooks cleanup (Stephen Smalley)
- Selopt __exit fixups (Stephen Smalley)
- remove file_llseek (Christoph Hellwig)
- SELinux: remove inode_preconditions (Stephen Smalley)
- Added gfp_mask param to skb_alloc_security() hook (James Morris)
- SELinux: pivot_root, connect revalidation bug fixes
kbd ioctl fix, signull perm, remove old perm. (Stephen Smalley)
- LIDS update to for_each_process (me)
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
On Thu, Dec 19, 2002 at 02:51:23AM -0800, Chris Wright wrote:
> The Linux Security Modules project provides a lightweight, general
> purpose framework for access control. The LSM interface enables
> security policies to be developed as loadable kernel modules.
> See http://lsm.immunix.org for more information.
> 2.5.52-lsm1 patch released. This is a rebase up to 2.5.52 as well as
> numerous module updates and bugfixes. The interface has changed, and
> the hooks are controlled with CONFIG_SECURITY now. Currently LIDS and
> DTE will not compile.
> Full lsm-2.5 patch (LSM + all modules) is available at:
> http://lsm.immunix.org/patches/2.5/2.5.52/patch-2.5.52-lsm1.gz
> The whole ChangeLog for this release is at:
> http://lsm.immunix.org/patches/2.5/2.5.52/ChangeLog-2.5.52-lsm1
> The LSM 2.5 BK tree can be pulled from:
> bk://lsm.bkbits.net/lsm-2.5
Forgive my ignorance (if this applies) but I recently submitted a patch
acked by both you and gregkh. If there are difficulties with it I'd be
much obliged to hear of them and will resolve them with the utmost
urgency. Aside from that my only concern is that it did not appear in
your changelog. If it's been deferred to a later push that is also okay
with me.
Linus, please do not take this concern as any opposition to the
inclusion of this patch and review it entirely independently of this.
I'm only exercising due diligence with respect to an API update I sent
which should have zero impact on correct functionality, and the omission
of my patch has no implications wrt. the properness of the changes sent
in this submission.
Thanks,
Bill
> On Thu, Dec 19, 2002 at 02:51:23AM -0800, Chris Wright wrote:
>> The Linux Security Modules project provides a lightweight, general
>> purpose framework for access control. The LSM interface enables
>> security policies to be developed as loadable kernel modules.
>> See http://lsm.immunix.org for more information.
>> 2.5.52-lsm1 patch released. This is a rebase up to 2.5.52 as well as
>> numerous module updates and bugfixes. The interface has changed, and
>> the hooks are controlled with CONFIG_SECURITY now. Currently LIDS and
>> DTE will not compile.
>> Full lsm-2.5 patch (LSM + all modules) is available at:
>> http://lsm.immunix.org/patches/2.5/2.5.52/patch-2.5.52-lsm1.gz
>> The whole ChangeLog for this release is at:
>> http://lsm.immunix.org/patches/2.5/2.5.52/ChangeLog-2.5.52-lsm1
>> The LSM 2.5 BK tree can be pulled from:
>> bk://lsm.bkbits.net/lsm-2.5
On Thu, Dec 19, 2002 at 03:14:33AM -0800, William Lee Irwin III wrote:
> Forgive my ignorance (if this applies) but I recently submitted a patch
My apologies. The patch (as I've heard from hch) has gone out separately.
Thanks to both gregkh and chris for rapid responses, and many apologies
from me wrt. my uninformed responses.
For the majority of -lsm users: This was an API update. No semantic
differences wrt. bugs or other issues should be visible. Thank you
for your patience, and I apologize in advance for my ignorance. Rest
assured in the fact that my changes are not critical to your security
correctness and that chris and gregkh have been thorough, diligent
and highly responsive wrt. the incorporation of this API update along
with your essential security updates.
Thanks,
Bill
* William Lee Irwin III ([email protected]) wrote:
>
> Forgive my ignorance (if this applies) but I recently submitted a patch
> acked by both you and gregkh. If there are difficulties with it I'd be
> much obliged to hear of them and will resolve them with the utmost
> urgency. Aside from that my only concern is that it did not appear in
> your changelog. If it's been deferred to a later push that is also okay
> with me.
As you already noted, Greg has pushed that change to Linus in a separate
patchset.
cheers,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net