New kind of audit rule predicates: "object is visible in given subtree".
The part that can be sanely implemented, that is. Limitations:
* if you have hardlink from outside of tree, you'd better watch
it too (or just watch the object itself, obviously)
* if you mount something under a watched tree, tell audit
that new chunk should be added to watched subtrees
* if you umount something in a watched tree and it's still mounted
elsewhere, you will get matches on events happening there. New command
tells audit to recalculate the trees, trimming such sources of false
positives.
Note that it's _not_ about path - if something mounted in several places
(multiple mount, bindings, different namespaces, etc.), the match does
_not_ depend on which one we are using for access.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Get a snapshot of a subtree, creating private clones of vfsmounts
for all its components and release such snapshot resp.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial: (74 commits)
fix do_sys_open() prototype
sysfs: trivial: fix sysfs_create_file kerneldoc spelling mistake
Documentation: Fix typo in SubmitChecklist.
Typo: depricated -> deprecated
Add missing profile=kvm option to Documentation/kernel-parameters.txt
fix typo about TBI in e1000 comment
proc.txt: Add /proc/stat field
small documentation fixes
Fix compiler warning in smount example program from sharedsubtree.txt
docs/sysfs: add missing word to sysfs attribute explanation
documentation/ext3: grammar fixes
Documentation/java.txt: typo and grammar fixes
Documentation/filesystems/vfs.txt: typo fix
include/asm-*/system.h: remove unused set_rmb(), set_wmb() macros
trivial copy_data_pages() tidy up
Fix typo in arch/x86/kernel/tsc_32.c
file link fix for Pegasus USB net driver help
remove unused return within void return function
Typo fixes retrun -> return
x86 hpet.h: remove broken links
...
This patch adds support for the dm_path_event dm_send_event functions which
create and send udev events.
Signed-off-by: Mike Anderson <andmike@linux.vnet.ibm.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
This patch adds a function to obtain a copy of a mapped device's name and uuid.
Signed-off-by: Mike Anderson <andmike@linux.vnet.ibm.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Make size of dm_ioctl struct always 312 bytes on all supported
architectures.
This change retains compatibility with already-compiled code because
it uses an embedded offset to locate the payload that follows the
structure.
On 64-bit architectures there is no change at all; on 32-bit
we are increasing the size of dm-ioctl from 308 to 312 bytes.
Currently with 32-bit userspace / 64-bit kernel on x86_64
some ioctls (including rename, message) are incorrectly rejected
by the comparison against 'param + 1'. This breaks userspace
lvrename and multipath 'fail_if_no_path' changes, for example.
(BTW Device-mapper uses its own versioning and ignores the ioctl
size bits. Only the generic ioctl compat code on mixed arches
checks them, and that will continue to accept both sizes for now,
but we intend to list 308 as deprecated and eventually remove it.)
Signed-off-by: Milan Broz <mbroz@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Cc: Guido Guenther <agx@sigxcpu.org>
Cc: Kevin Corry <kevcorry@us.ibm.com>
Cc: stable@kernel.org
Update the security_socket_peersec documentation in
include/linux/security.h. security_socket_peersec has been split
into two functions - _stream and _dgram, with new capabilities.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Adrian Bunk <bunk@kernel.org>
* hwif->hwif_data contains pointer to struct expansion_card so use ec->dma
directly instead of caching it in hwif->hw.dma.
* Remove no longer needed hw_regs_t.dma and NO_DMA define.
Cc: Russell King <rmk@arm.linux.org.uk>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Add CONFIG_IDE_ARCH_OBSOLETE_INIT to drivers/ide/Kconfig and use it instead
of defining IDE_ARCH_OBSOLETE_INIT in <arch/ide.h>.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* Add ide_find_port() helper.
* Convert icside, rapide and ide_platform host drivers to use it.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* Add ide_device_add() helper and convert host drivers to use it
instead of open-coded variants.
* Make ide_pci_setup_ports() and do_ide_setup_pci_device()
take 'u8 *idx' argument instead of 'ata_index_t *index'.
* Remove no longer needed ata_index_t.
* Unexport probe_hwif_init() and make it static.
* Unexport ide_proc_register_port().
There should be no functionality changes caused by this patch
(sgiioc4.c: ide_proc_register_port() requires hwif->present
to be set and it won't be set if probe_hwif_init() fails).
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* Add ->fixup method to ide_hwif_t.
* Set hwif->fixup in ide_pci_setup_ports() to d->fixup.
* Use hwif->fixup in probe_hwif().
* Use probe_hwif_init() instead of probe_hwif_init_with_fixup() in
ide_setup_pci_device().
* Add 'fixup' argument to ide_register_hw() and use it to set hwif->fixup,
update all ide_register_hw() users accordingly.
* Convert ide-cs/delkin_cb host drivers to use ide_register_hw().
* Restore hwif->fixup in ide_hwif_restore().
* Remove ide_register_hw_with_fixup(), probe_hwif_init_with_fixup()
and 'fixup' argument from probe_hwif().
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Add IDE_HFLAG_{IO_32BIT,UNMASK_IRQS} host flag to tell ide_pci_setup_ports()
to set drive->{io_32bit,unmask} for both drives on the interface. Convert
amd74xx, sl82c105 and via82cxxx host drivers to use these new host flags.
While at it:
* Add IDE_HFLAGS_AMD define (amd74xx host driver).
* Add IDE_HFLAGS_VIA define (via82cxxx host driver).
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
