The following patch set enables atomic security labeling of newly created
inodes by altering the fs code to invoke a new LSM hook to obtain the security
attribute to apply to a newly created inode and to set up the incore inode
security state during the inode creation transaction. This parallels the
existing processing for setting ACLs on newly created inodes. Otherwise, it
is possible for new inodes to be accessed by another thread via the dcache
prior to complete security setup (presently handled by the
post_create/mkdir/... LSM hooks in the VFS) and a newly created inode may be
left unlabeled on the disk in the event of a crash. SELinux presently works
around the issue by ensuring that the incore inode security label is
initialized to a special SID that is inaccessible to unprivileged processes
(in accordance with policy), thereby preventing inappropriate access but
potentially causing false denials on legitimate accesses. A simple test
program demonstrates such false denials on SELinux, and the patch solves the
problem. Similar such false denials have been encountered in real
applications.
This patch defines a new inode_init_security LSM hook to obtain the security
attribute to apply to a newly created inode and to set up the incore inode
security state for it, and adds a corresponding hook function implementation
to SELinux.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This patch pulls the PCI-related junk out of struct device_node and
puts it in a separate structure, struct pci_dn. The device_node now
just has a void * pointer in it, which points to a struct pci_dn for
nodes that represent PCI devices. It could potentially be used in
future for device-specific data for other sorts of devices, such as
virtual I/O devices.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Merge a few asm-ppc and asm-ppc64 header files.
Note: the merge of setup.h intentionally does not carry
forward the m68k cruft. That means this patch continues
to break the already broken amiga on the ppc32.
Signed-off-by: Jon Loeliger <jdl@freescale.com>
Signed-off-by: Kumar Gala <kumar.gala@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Standardize on _ASM_POWERPC_... prefix for all #include
exclusion symbols. Fixup all the non-compilers.
Signed-off-by: Jon Loeliger <jdl@freescale.com>
Signed-off-by: Kumar Gala <kumar.gala@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Include the ColdFire 523x register definitions when compiling
for that target processor.
Signed-off-by: Greg Ungerer <gerg@uclinux.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Add support definitions for the integrated UARTs on the 523x ColdFire
processor family.
Signed-off-by: Greg Ungerer <gerg@uclinux.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Add processor level and clock support defines for the ColdFire 523x
processor.
Signed-off-by: Greg Ungerer <gerg@uclinux.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
29 July 2005, Cambridge, MA:
This afternoon Alan Stern submitted a patch to remove the URB_ASYNC_UNLINK
flag from the Linux kernel. Mr. Stern explained, "This flag is a relic
from an earlier, less-well-designed system. For over a year it hasn't
been used for anything other than printing warning messages."
An anonymous spokesman for the Linux kernel development community
commented, "This is exactly the sort of thing we see happening all the
time. As the kernel evolves, support for old techniques and old code can
be jettisoned and replaced by newer, better approaches. Proprietary
operating systems do not have the freedom or flexibility to change so
quickly."
Mr. Stern, a staff member at Harvard University's Rowland Institute who
works on Linux only as a hobby, noted that the patch (labelled as548) did
not update two files, keyspan.c and option.c, in the USB drivers' "serial"
subdirectory. "Those files need more extensive changes," he remarked.
"They examine the status field of several URBs at times when they're not
supposed to. That will need to be fixed before the URB_ASYNC_UNLINK flag
is removed."
Greg Kroah-Hartman, the kernel maintainer responsible for overseeing all
of Linux's USB drivers, did not respond to our inquiries or return our
calls. His only comment was "Applied, thanks."
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch removes support for user-provided platform-specific hardware reset
and clock starting/stopping functions. Hardware reset was needed earlier as
getting the software reset working was tricky due to the lack of documentation.
Recently, a number of people using isp116x have said the software reset is
working for them.
I haven't heard of anybody using the clock starting/stopping.
Signed-off-by: Olav Kongas <ok@artecdesign.ee>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch sets the isp116x to report overcurrent always per-port.
Signed-off-by: Olav Kongas <ok@artecdesign.ee>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The isp116x chip will now always be in per-port power switching mode. Remove
conf options to set any other mode.
Signed-off-by: Olav Kongas <ok@artecdesign.ee>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch removes the power-on-to-power-good-time configuration option for
isp116x-hcd.
Signed-off-by: Olav Kongas <ok@artecdesign.ee>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch introduces a /sys/class/usb_device/ class
where every connected usb-device will show up:
tree /sys/class/usb_device/
/sys/class/usb_device/
|-- usb1.1
| |-- dev
| `-- device -> ../../../devices/pci0000:00/0000:00:1d.0/usb1
|-- usb2.1
| |-- dev
| `-- device -> ../../../devices/pci0000:00/0000:00:1d.1/usb2
...
The presence of the "dev" file lets udev create real device nodes.
kay@pim:~/src/linux-2.6> tree /dev/bus/usb/
/dev/bus/usb/
|-- 1
| `-- 1
|-- 2
| `-- 1
...
udev rule:
SUBSYSTEM="usb_device", PROGRAM="/sbin/usb_device %k", NAME="%c"
(echo $1 | /bin/sed 's/usb\([0-9]*\)\.\([0-9]*\)/bus\/usb\/\1\/\2/')
This makes libusb pick up the real nodes instead of the mounted usbfs:
export USB_DEVFS_PATH=/dev/bus/usb
Background:
All this makes it possible to manage usb devices with udev instead of
the devfs solution. We are currently working on a pam_console/resmgr
replacement driven by udev and a pam-helper. It applies ACL's to device
nodes, which is required for modern desktop functionalty like
"Fast User Switching" or multiple local login support.
New patch with its own major. I've succesfully disabled usbfs and use real
nodes only on my box. With: "export USB_DEVFS_PATH=/dev/bus/usb" libusb picks
up the udev managed nodes instead of reading usbfs files.
This makes udev to provide symlinks for libusb to pick up:
SUBSYSTEM="usb_device", PROGRAM="/sbin/usbdevice %k", SYMLINK="%c"
/sbin/usbdevice:
#!/bin/sh
echo $1 | /bin/sed 's/usbdev\([0-9]*\)\.\([0-9]*\)/bus\/usb\/\1\/\2/'
Signed-off-by: Kay Sievers <kay.sievers@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
