linux/security
Eric Paris 0bce952799 SELinux: print denials for buggy kernel with unknown perms
Historically we've seen cases where permissions are requested for classes
where they do not exist.  In particular we have seen CIFS forget to set
i_mode to indicate it is a directory so when we later check something like
remove_name we have problems since it wasn't defined in tclass file.  This
used to result in a avc which included the permission 0x2000 or something.
Currently the kernel will deny the operations (good thing) but will not
print ANY information (bad thing).  First the auditdeny field is no
extended to include unknown permissions.  After that is fixed the logic in
avc_dump_query to output this information isn't right since it will remove
the permission from the av and print the phrase "<NULL>".  This takes us
back to the behavior before the classmap rewrite.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-11-24 14:30:49 +11:00
..
integrity/ima LSM: imbed ima calls in the security hooks 2009-10-25 12:22:48 +08:00
keys KEYS: Have the garbage collector set its timer for live expired keys 2009-09-23 11:03:47 -07:00
selinux SELinux: print denials for buggy kernel with unknown perms 2009-11-24 14:30:49 +11:00
smack seq_file: constify seq_operations 2009-09-23 07:39:29 -07:00
tomoyo tomoyo: improve hash bucket dispersion 2009-10-29 11:17:33 +11:00
capability.c security: report the module name to security_module_request 2009-11-10 09:33:46 +11:00
commoncap.c security: remove root_plug 2009-10-20 14:26:16 +09:00
device_cgroup.c cgroups: let ss->can_attach and ss->attach do whole threadgroups at a time 2009-09-24 07:20:58 -07:00
inode.c securityfs: securityfs_remove should handle IS_ERR pointers 2009-05-12 11:06:11 +10:00
Kconfig Config option to set a default LSM 2009-11-09 08:40:07 +11:00
lsm_audit.c security: report the module name to security_module_request 2009-11-10 09:33:46 +11:00
Makefile security: remove root_plug 2009-10-20 14:26:16 +09:00
min_addr.c sysctl: require CAP_SYS_RAWIO to set mmap_min_addr 2009-11-09 08:34:22 +11:00
security.c security: report the module name to security_module_request 2009-11-10 09:33:46 +11:00