1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324
|
03-14-2002
A summary of updates to LSM and SELinux since the 1-18-2002
release of SELinux follows. Many of the LSM updates and some of
the SELinux updates were contributed by others. See the BitKeeper
tree at lsm.immunix.org for more information about the LSM updates.
Updates to LSM:
Merged 2.5.3 (lsm-2.5).
Inserted setgroups hook call into sys_setgroups16 (both).
Eliminated dup fd lookup on fcntl(F_*LK) code paths (both).
Inserted lock hook call into fcntl*lk operations for consistency (both).
Added hooks for extended attribute operations (lsm-2.5).
Merged 2.5.4 (lsm-2.5).
Added binprm check_security hook (both).
Merged 2.5.5 (lsm-2.5).
Merged 2.4.18 (lsm-2.4).
Merged 2.5.6 (lsm-2.5).
Updates to SELinux:
Minor policy revisions based on feedback.
Merged snort domain (Shaun Savage).
Merged devfs_context changes, new pppd domain, new nscd domain, new squid domain (Russell Coker).
Updated findutils, psmisc, stat, and tar patches to RH7.2 SRPMS
(initial update by Shaun Savage, some revisions by Bede McCall).
Added rpm utility domain.
Removed immutable/append restriction from chsid.
Fixed avc_audit to check the skb->protocol value.
Fixed bug in runas (Russell Coker).
Added initial permission checks for extended attribute operations.
Merged Selopt (James Morris).
Revised SELinux socket/network access controls to use Selopt.
Added domains for Selopt daemon (scmpd) and utilities.
Merged default user (user_u) for unspecified Linux users (Mark Westerman).
Fixed setfiles to support large files.
Added minimal support for usbdevfs labeling.
Added -R option to setfiles and reset target to Makefile.
Renamed gdm* to xdm* in the policy and added type aliases.
Fixed a bug in checkpolicy related to type aliases.
Deprecated clone statements and role transition statements.
Made TE assertions order-independent.
Moved every.te rules into every_domain macro. Started partitioning.
Removed general read access to home directory types.
Partitioned role declarations.
Partitioned domain transitions for big "multiplexor" domains:
init_t, initrc_t, userdomain (user_t/sysadm_t), inetd_t, tcpd_t
Partitioned terminal access rules via type attributes.
Added consistent transitions from sysadm_t to admin program domains.
Moved all macro definitions to new macros hierarchy, use includes
for non-global macros, eliminate ordering dependencies.
Reorganized domains hierarchy; merge system into program, move
user and admin up one level.
Started cleaning up domains to provide better encapsulation.
Fixed function prototypes for new syscalls (Russell Coker).
Merged bug fix for channel code of openssh (OpenSSH).
Updated openssh patch to openssh-3.1p1-2 from RedHat.
Moved *stat64* calls and test program into arch/i386 subdirectories.
01-18-2002
A summary of updates to LSM and SELinux since the 12-10-2001
release of SELinux follows. Many of the LSM updates and some of
the SELinux updates were contributed by others. See the BitKeeper
tree at lsm.immunix.org for more information about the LSM updates.
Updates to LSM:
Merged 2.5.1 (lsm-2.5).
Removed the super_block parameter from the post_mountroot hook (both).
Reverted the kill-1 change (lsm-2.5).
Moved the super_block alloc_security and free_security hook calls (both).
Moved the super_block check_sb and post_addmount hook calls into
graft_tree to cover all mounts, including bind and move mounts (both).
Merged 2.4.17 (lsm-2.4).
Added support for kbuild-2.5 (both).
Merged 2.5.2 (lsm-2.5).
Swap and scheduler fixes for 2.5.2 (lsm-2.5).
Updates to SELinux:
Updated util-linux-2.11f patch to util-linux-2.11f-17.
Fixed bug in selinux_file_send_sigiotask hook function.
Minor policy revisions.
Added contributed scripts/newrules.pl script (Justin Smith).
Fixed a bug in the SID table code.
Revised SELinux module initialization code.
Dealt with initialization changes in 2.5.1.
Permit deferred loading of policy if development module.
Fixed the symlinks target in the module Makefile.
Changed lsm-patch to set the Netlink option defaults.
Generalized README, Makefile, module/Makefile for 2.5 build.
Fixed bug in ipc_precondition calls.
Added avc_enforcing system call and program.
Revised the access vector table structure and code.
Fixed a bug in newrole's handling of descriptors.
12-10-2001
A summary of updates to LSM and SELinux since the 11-19-2001
release of SELinux follows. Many of the LSM updates and some of
the SELinux updates were contributed by others. See the BitKeeper
tree at lsm.immunix.org for more information about the LSM updates.
Updates to LSM:
No longer export capability_ops.
Changed swapon and swapoff hooks to take the swap_info_struct.
Merged 2.4.16.
Synchronized with lsm-2001_11_26-2.4.16 (LSM only).
Synchronized with lsm-full-2001_11_26-2.4.16 (LSM + modules).
Merged the SELinux module.
Synchronized with lsm-full-2001_12_10-2.4.16 (LSM + modules).
Updates to SELinux:
Regenerated lsm-patch for updated security/Makefile.
Updated swapon and swapoff hook functions.
Fixed bug in selinux_inode_delete hook.
Updated procps patch to RH7.2 procps-2.0.7 SRPM.
Updated sh-utils patch to RH7.2 sh-utils-2.0.11 SRPM.
Updated and revised utils/Makefile.
Added Configure.help, defconfig, Makefile patches to lsm-patch.
(includes change to -selinux suffix for kernel)
Changed AVC auditing to only impose ratelimit if enforcing.
Moved share and ptrace permission checks from compute_creds
to set_security and changed so that the exec will fail
rather than merely continuing under the old SID.
Added stat64 versions for stat_secure system calls,
with the usual transparent redirection if desired.
Started updating policy for RH7.2.
Minor policy updates based on feedback.
Merged ipchains domain (Justin Smith).
Changed AVC auditing to put each message on a single line.
Added "quick install" instructions and Makefile.
Updated fileutils patch to RH7.2 fileutils-4.1 SRPM.
Updated openssh patch to RH7.2 openssh-2.9p2-12 SRPM.
More code cleanup and bug fixes for newrole.
Changed newrole and run_init PAM files to omit pam_rootok.so.
Moved the SELinux module into the LSM tree.
11-19-2001
Fourth public release of the LSM-based SELinux prototype.
A summary of updates to LSM and SELinux since the 10-16-2001
release of SELinux follows. Many of the LSM updates and some of
the SELinux updates were contributed by others. See the BitKeeper
tree at lsm.immunix.org for more information about the LSM updates.
Updates to LSM:
Minor cleanup of kernel/capability.c.
Added check_sb hook.
Merged 2.4.13.
Synchronized with lsm-2001_10_24 against 2.4.13.
Improved verification of security_operations structure.
Removed version field from security_operations.
Renamed all configuration options to use CONFIG_SECURITY prefix.
Renamed and modified capabilities module to drop the _plug suffix.
Changed inline hook documentation to kernel-doc format.
Merged 2.4.14.
Applied loopback driver fix.
Synchronized with lsm-2001_11_05 against 2.4.14.
Updates to SELinux:
Fixed newrole and run_init shadow password support.
Updated openssh patch to latest RedHat openssh-2.9p2 SRPM.
Updated util-linux patch to latest RedHat util-linux-2.11f SRPM.
Merged miscellaneous policy updates.
Merged contributed sound domain and types (Mark Westerman).
Added ext3 as a recognized type for persistent labeling.
Added getscheduler hook function.
Added check_sb hook function and updated post_addmount.
Removed the separately loaded module discussion from README.
Fixed Makefile.kernel files for module configuration.
Added a new initial SID and type for /proc/sys/net/unix.
Changed quotactl hook function to correctly work with -ac series.
Fixed IPC alloc_security hooks to free if create check fails.
Moved checkpolicy-specific files to separate directory, and
separated from module build.
Minor cleanup of socket hook functions.
Fixed a bug in load_policy when in permissive mode.
Fixed calls to avc_audit to only audit the denied permissions.
Removed version field from security_operations.
Changed extern inline to static inline (SubmittingPatches).
Renamed SELinux configuration option to CONFIG_SECURITY_SELINUX.
Dropped use of _plug suffix when inserted into the kernel tree.
Started eliminating #ifdefs from module code (SubmittingPatches).
Incremented policydb version to reflect elimination of
CONFIG_FLASK_AUDIT (mainstreamed) and CONFIG_FLASK_NOTIFY (dropped).
Reimplemented execve_secure using the security syscall.
Added a separate Config.in file for SELinux.
Renamed CONFIG_FLASK_DEVELOP to CONFIG_SECURITY_SELINUX_DEVELOP
and moved into kernel configuration. Cleaned up #ifdefs.
Renamed CONFIG_FLASK_MLS to CONFIG_SECURITY_SELINUX_MLS
and moved into kernel configuration. Cleaned up #ifdefs.
Still experimental and not configured for use.
Extended MLS code to provide default behavior for contexts that lack
a level or range component. Ease policy transition to MLS.
Restored conditional support for MLS to checkpolicy and policy
Makefiles.
Added README.MLS.
Updated vixie-cron patch to vixie-cron-3.0.1-63.
Added logrotate-3.5.9 and ported patch from logrotate-3.5.4.
Fixed several bugs in newrole.
10-16-2001
Third public release of the LSM-based SELinux prototype.
A summary of updates to LSM and SELinux since the 9-26-2001
release of SELinux follows. Many of the LSM updates and some of
the SELinux updates were contributed by others. See the BitKeeper
tree at lsm.immunix.org for more information about the LSM updates.
Updates to LSM:
Added comment to security.h about GPL controversy.
Synchronized with lsm-2001_09_26 against 2.4.10.
Added skb_set_owner_w hook.
Fixed a bug in the dummy netlink_send hook.
Changed the delete_module hook to take module prameter,
and added hook call in the automatic reaping case.
Removed name parameter from init_module hook (redundant with module).
Merged 2.4.11.
Changed security/Makefile to export capability_plug.o symbols.
Synchronized with lsm-2001_10_10 against 2.4.11.
Merged 2.4.12.
Applied parport bug fix patch.
Synchronized with lsm-2001_10_11 against 2.4.12.
Updates to SELinux:
Added support for stacking the capability plug.
Added domain for the ssh client program.
Added explicit modes to install commands in the Makefiles.
Merged contributed named domain (Yuichi Nakamura).
Added more permissions related to logrotate and crond.
Added init_var_run_t derived type for /var/run/shutdown.pid.
Added auditdeny rules relating to su by user_t.
Added checkpc to file_contexts (oversight from earlier).
Pruned apostrophes from policy comments - not handled well by m4.
Fixed a bug in the netlink_send hook.
Updated delete_module and init_module hooks.
Merged contributed gdm domain (Mark Westerman).
Fixed extended IPC syscalls to use sys_ipc.
Moved creation of arch symlinks to selinux_plug Makefiles.
Added run_init utility and policy.
09-26-2001
Second public release of the LSM-based SELinux prototype.
A summary of updates to LSM and SELinux since the 08-23-2001
release of SELinux follows. Many of the LSM updates and some of
the SELinux updates were contributed by others. See the BitKeeper
tree at lsm.immunix.org for more information about the LSM updates.
Updates to LSM:
Fixed bug in Documentation/DocBook/Makefile.
Added hooks for controlling Unix domain socket IPC.
Changed int to unsigned int for sys_security parameters.
Renamed the syscall hook to sys_security.
Fixed bug in lsm/net/ipv4/netfilter/ip_queue.c.
Synchronized with lsm-2001_08_23 against 2.4.9.
Fixed bug in lsm/kernel/acct.c.
Reworked message queue hooks to address pipelined IPC.
Added hooks for quotactl and quota_on.
Moved IPC associate hook calls to calculate id only once.
Added hooks for syslog and bdflush.
Fixed error handling of ip_decode_options hook.
Added hook for prctl.
Moved IPC alloc_security hook calls to make key and flags available.
Split dummy security module from base framework.
Synchronized with lsm-2001_09_04 against 2.4.9.
Moved mkdir hook so that mode is sanitized prior to call.
Fixed bug in lsm/fs/file_table.c.
Fixed various failures to initially clear security field.
Fixed call to post_addmount to only occur on success.
Fixed placement of unix_may_send hook.
Added missing call to shm free_security hook.
Moved mount-related hooks into super_block_security_ops.
Changed skb_clone to return an error status.
Documented the hook function prototypes in security.h.
Synchronized with lsm-2001_09_20 against 2.4.9.
Merged 2.4.10.
Synchronized with lsm-2001_09_23 against 2.4.10.
Fixed initialization.
Removed capable hook from must_not_trace_exec.
Added a draft overview document for LSM to Documentation/DocBook.
Updates to SELinux:
Added access controls for Unix domain socket IPC.
Updated permissions in policy for Unix domain socket IPC.
Updated sys_security call and hook function.
Fixed bug in selinux_sock_rcv_skb.
Removed permissions in policy to generic socket class.
Added separate security class for PF_KEY sockets.
Removed obsolete pipe class.
Updated message queue hook functions.
Merged contributed IPSEC domain (Mark Westerman).
Added configurable support for labeling devfs entries.
Implemented msgsid, shmsid, and semsid calls.
Fixed performance bug in inode-to-PSID mapping code.
Fixed bug in selinux_ip_postroute.
Revised policy based on feedback.
Added fd use permission to newrole_t.
Added permission checks and updated policy for nfsservctl,
quotactl, quota_on, bdflush, and syslog.
Restored the avc_ratelimit mechanism.
Merged contributed fix (SAFE_ALLOC) for memory allocation
in netdev_alloc_security and security server (James Morris).
Changed remaining allocations to also use SAFE_ALLOC.
Added safe_down/up for interrupt-safe semaphores.
Added semaphores for allocator functions.
Added in_interrupt tests to precondition functions.
Changed the initializing tests to use atomic bitops.
Added per-inode and per-filesystem semaphores for relabels.
Added per-filesystem semaphore for PSID->context mapping updates.
Added semaphores for SID table insertions.
Added write memory barriers for list insertions into
PSID and SID tables.
Moved mounton into common file permissions.
Removed mountassociate permission.
Added semaphores and interrupt handling for policy reloads.
Fixed a bug in flush_unauthorized_files and file_receive.
Updated for 2.4.10.
Merged contributed updates to the policy configuration (David Wheeler,Mark Westerman).
08-23-2001
Initial public release of the LSM-based SELinux prototype.
This release was based on the lsm-2001_08_16 patch against kernel
2.4.9, but also incorporated several changes made between 8/16 and
8/22 to LSM.
|