diff --git a/CREDITS b/CREDITS
index 0d2d60de5a2539cc48c21eee25a226b08b8a2040..9fbd2c77b5462d71dd9d24b5966c03d528094ce6 100644
--- a/CREDITS
+++ b/CREDITS
@@ -2606,11 +2606,9 @@ E: tmolina@cablespeed.com
D: bug fixes, documentation, minor hackery
N: Paul Moore
-E: paul.moore@hp.com
-D: NetLabel author
-S: Hewlett-Packard
-S: 110 Spit Brook Road
-S: Nashua, NH 03062
+E: paul@paul-moore.com
+W: http://www.paul-moore.com
+D: NetLabel, SELinux, audit
N: James Morris
E: jmorris@namei.org
diff --git a/Documentation/admin-guide/LSM/tomoyo.rst b/Documentation/admin-guide/LSM/tomoyo.rst
index a5947218fa647f4f4e2cb2b032dfec85d34ce709..e2d6b6e150825e4f0d0b643850420dae867fbe5e 100644
--- a/Documentation/admin-guide/LSM/tomoyo.rst
+++ b/Documentation/admin-guide/LSM/tomoyo.rst
@@ -9,8 +9,8 @@ TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel.
LiveCD-based tutorials are available at
-http://tomoyo.sourceforge.jp/1.7/1st-step/ubuntu10.04-live/
-http://tomoyo.sourceforge.jp/1.7/1st-step/centos5-live/
+http://tomoyo.sourceforge.jp/1.8/ubuntu12.04-live.html
+http://tomoyo.sourceforge.jp/1.8/centos6-live.html
Though these tutorials use non-LSM version of TOMOYO, they are useful for you
to know what TOMOYO is.
@@ -21,35 +21,35 @@ How to enable TOMOYO?
Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``security=tomoyo`` on
kernel's command line.
-Please see http://tomoyo.sourceforge.jp/2.3/ for details.
+Please see http://tomoyo.osdn.jp/2.5/ for details.
Where is documentation?
=======================
User <-> Kernel interface documentation is available at
-http://tomoyo.sourceforge.jp/2.3/policy-reference.html .
+http://tomoyo.osdn.jp/2.5/policy-specification/index.html .
Materials we prepared for seminars and symposiums are available at
-http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 .
+http://osdn.jp/projects/tomoyo/docs/?category_id=532&language_id=1 .
Below lists are chosen from three aspects.
What is TOMOYO?
TOMOYO Linux Overview
- http://sourceforge.jp/projects/tomoyo/docs/lca2009-takeda.pdf
+ http://osdn.jp/projects/tomoyo/docs/lca2009-takeda.pdf
TOMOYO Linux: pragmatic and manageable security for Linux
- http://sourceforge.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf
+ http://osdn.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf
TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box
- http://sourceforge.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf
+ http://osdn.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf
What can TOMOYO do?
Deep inside TOMOYO Linux
- http://sourceforge.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf
+ http://osdn.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf
The role of "pathname based access control" in security.
- http://sourceforge.jp/projects/tomoyo/docs/lfj2008-bof.pdf
+ http://osdn.jp/projects/tomoyo/docs/lfj2008-bof.pdf
History of TOMOYO?
Realities of Mainlining
- http://sourceforge.jp/projects/tomoyo/docs/lfj2008.pdf
+ http://osdn.jp/projects/tomoyo/docs/lfj2008.pdf
What is future plan?
====================
@@ -60,6 +60,6 @@ multiple LSM modules at the same time. We feel sorry that you have to give up
SELinux/SMACK/AppArmor etc. when you want to use TOMOYO.
We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM
-version of TOMOYO, available at http://tomoyo.sourceforge.jp/1.7/ .
+version of TOMOYO, available at http://tomoyo.osdn.jp/1.8/ .
LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning
to port non-LSM version's functionalities to LSM versions.
diff --git a/MAINTAINERS b/MAINTAINERS
index fbb269415f0672c408558289ec5c4a5d5cdafcc5..e57a4eaec077b87ff4c9c29915ae6026c0301b1d 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9298,15 +9298,6 @@ F: net/*/netfilter/
F: net/netfilter/
F: net/bridge/br_netfilter*.c
-NETLABEL
-M: Paul Moore <paul@paul-moore.com>
-W: http://netlabel.sf.net
-L: netdev@vger.kernel.org
-S: Maintained
-F: Documentation/netlabel/
-F: include/net/netlabel.h
-F: net/netlabel/
-
NETROM NETWORK LAYER
M: Ralf Baechle <ralf@linux-mips.org>
L: linux-hams@vger.kernel.org
@@ -9434,10 +9425,23 @@ F: net/ipv6/
F: include/net/ip*
F: arch/x86/net/*
-NETWORKING [LABELED] (NetLabel, CIPSO, Labeled IPsec, SECMARK)
+NETWORKING [LABELED] (NetLabel, Labeled IPsec, SECMARK)
M: Paul Moore <paul@paul-moore.com>
+W: https://github.com/netlabel
L: netdev@vger.kernel.org
+L: linux-security-module@vger.kernel.org
S: Maintained
+F: Documentation/netlabel/
+F: include/net/calipso.h
+F: include/net/cipso_ipv4.h
+F: include/net/netlabel.h
+F: include/uapi/linux/netfilter/xt_SECMARK.h
+F: include/uapi/linux/netfilter/xt_CONNSECMARK.h
+F: net/netlabel/
+F: net/ipv4/cipso_ipv4.c
+F: net/ipv6/calipso.c
+F: net/netfilter/xt_CONNSECMARK.c
+F: net/netfilter/xt_SECMARK.c
NETWORKING [TLS]
M: Ilya Lesokhin <ilyal@mellanox.com>
@@ -12023,8 +12027,9 @@ M: Paul Moore <paul@paul-moore.com>
M: Stephen Smalley <sds@tycho.nsa.gov>
M: Eric Paris <eparis@parisplace.org>
L: selinux@tycho.nsa.gov (moderated for non-subscribers)
-W: http://selinuxproject.org
-T: git git://git.infradead.org/users/pcmoore/selinux
+W: https://selinuxproject.org
+W: https://github.com/SELinuxProject
+T: git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
S: Supported
F: include/linux/selinux*
F: security/selinux/
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index 22b5d4e687ce0f3a3c2f226845390e5ca91b7385..d1c2901f15420dd331ac70a004b699ae7f76c455 100644
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -4,7 +4,7 @@
*
* Author : Etienne BASSET <etienne.basset@ensta.org>
*
- * All credits to : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * All credits to : Stephen Smalley, <sds@tycho.nsa.gov>
* All BUGS to : Etienne BASSET <etienne.basset@ensta.org>
*/
#ifndef _LSM_COMMON_LOGGING_
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index d1c7bef25691af822079f18f61902fbef7faabd4..c9258124e41757187cdb8b2f83c5901966345902 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -528,11 +528,6 @@
*
* Security hooks for task operations.
*
- * @task_create:
- * Check permission before creating a child process. See the clone(2)
- * manual page for definitions of the @clone_flags.
- * @clone_flags contains the flags indicating what should be shared.
- * Return 0 if permission is granted.
* @task_alloc:
* @task task being allocated.
* @clone_flags contains the flags indicating what should be shared.
@@ -1505,7 +1500,6 @@ union security_list_options {
int (*file_receive)(struct file *file);
int (*file_open)(struct file *file, const struct cred *cred);
- int (*task_create)(unsigned long clone_flags);
int (*task_alloc)(struct task_struct *task, unsigned long clone_flags);
void (*task_free)(struct task_struct *task);
int (*cred_alloc_blank)(struct cred *cred, gfp_t gfp);
@@ -1779,7 +1773,6 @@ struct security_hook_heads {
struct list_head file_send_sigiotask;
struct list_head file_receive;
struct list_head file_open;
- struct list_head task_create;
struct list_head task_alloc;
struct list_head task_free;
struct list_head cred_alloc_blank;
diff --git a/include/linux/security.h b/include/linux/security.h
index 707b524874d89b4a034b77f83ed82019390ef7cd..ce6265960d6c430a90e1ad3c3749d0a438ecaca9 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -318,7 +318,6 @@ int security_file_send_sigiotask(struct task_struct *tsk,
struct fown_struct *fown, int sig);
int security_file_receive(struct file *file);
int security_file_open(struct file *file, const struct cred *cred);
-int security_task_create(unsigned long clone_flags);
int security_task_alloc(struct task_struct *task, unsigned long clone_flags);
void security_task_free(struct task_struct *task);
int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
@@ -880,11 +879,6 @@ static inline int security_file_open(struct file *file,
return 0;
}
-static inline int security_task_create(unsigned long clone_flags)
-{
- return 0;
-}
-
static inline int security_task_alloc(struct task_struct *task,
unsigned long clone_flags)
{
diff --git a/kernel/fork.c b/kernel/fork.c
index 6f1b0af00bdadb311503544906fbcc8c956fae7b..10646182440fa4c3a3a8da7d9fdb7b45f01aab26 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1569,10 +1569,6 @@ static __latent_entropy struct task_struct *copy_process(
return ERR_PTR(-EINVAL);
}
- retval = security_task_create(clone_flags);
- if (retval)
- goto fork_out;
-
retval = -ENOMEM;
p = dup_task_struct(current, node);
if (!p)
diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c
index 6a24569c3578af93673cdd40372fdd6224638de9..672b069dcfea4b2945d07b1de74afc8203c1a6a0 100644
--- a/scripts/selinux/genheaders/genheaders.c
+++ b/scripts/selinux/genheaders/genheaders.c
@@ -129,11 +129,16 @@ int main(int argc, char *argv[])
for (i = 0; secclass_map[i].name; i++) {
struct security_class_mapping *map = &secclass_map[i];
for (j = 0; map->perms[j]; j++) {
+ if (j >= 32) {
+ fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n",
+ map->name, map->perms[j]);
+ exit(5);
+ }
fprintf(fout, "#define %s__%s", map->name,
map->perms[j]);
for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++)
fprintf(fout, " ");
- fprintf(fout, "0x%08xUL\n", (1<<j));
+ fprintf(fout, "0x%08xU\n", (1<<j));
}
}
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 28d4c3a528abce522c4c274c9233cfc03f3eadc2..67703dbe29eafb7138d050f9344438e808ab291b 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -2,7 +2,7 @@
* common LSM auditing functions
*
* Based on code written for SELinux by :
- * Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Stephen Smalley, <sds@tycho.nsa.gov>
* James Morris <jmorris@redhat.com>
* Author : Etienne Basset, <etienne.basset@ensta.org>
*
diff --git a/security/security.c b/security/security.c
index afc34f46c6c5ad6d97b22772d498205f9a74754b..4bf0f571b4ef94df1d3c44b7fed6b7b651c1924f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -974,11 +974,6 @@ int security_file_open(struct file *file, const struct cred *cred)
return fsnotify_perm(file, MAY_OPEN);
}
-int security_task_create(unsigned long clone_flags)
-{
- return call_int_hook(task_create, 0, clone_flags);
-}
-
int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
{
return call_int_hook(task_alloc, 0, task, clone_flags);
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 4b4293194aeea814b499a4fd89a0d8c45d975be6..2380b8d72cecbfaaf7649b4224a4d8869dddf9a0 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -1,7 +1,7 @@
/*
* Implementation of the kernel access vector cache (AVC).
*
- * Authors: Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Authors: Stephen Smalley, <sds@tycho.nsa.gov>
* James Morris <jmorris@redhat.com>
*
* Update: KaiGai, Kohei <kaigai@ak.jp.nec.com>
@@ -346,27 +346,26 @@ static struct avc_xperms_decision_node
struct avc_xperms_decision_node *xpd_node;
struct extended_perms_decision *xpd;
- xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep,
- GFP_ATOMIC | __GFP_NOMEMALLOC);
+ xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, GFP_NOWAIT);
if (!xpd_node)
return NULL;
xpd = &xpd_node->xpd;
if (which & XPERMS_ALLOWED) {
xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep,
- GFP_ATOMIC | __GFP_NOMEMALLOC);
+ GFP_NOWAIT);
if (!xpd->allowed)
goto error;
}
if (which & XPERMS_AUDITALLOW) {
xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep,
- GFP_ATOMIC | __GFP_NOMEMALLOC);
+ GFP_NOWAIT);
if (!xpd->auditallow)
goto error;
}
if (which & XPERMS_DONTAUDIT) {
xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep,
- GFP_ATOMIC | __GFP_NOMEMALLOC);
+ GFP_NOWAIT);
if (!xpd->dontaudit)
goto error;
}
@@ -394,8 +393,7 @@ static struct avc_xperms_node *avc_xperms_alloc(void)
{
struct avc_xperms_node *xp_node;
- xp_node = kmem_cache_zalloc(avc_xperms_cachep,
- GFP_ATOMIC|__GFP_NOMEMALLOC);
+ xp_node = kmem_cache_zalloc(avc_xperms_cachep, GFP_NOWAIT);
if (!xp_node)
return xp_node;
INIT_LIST_HEAD(&xp_node->xpd_head);
@@ -548,7 +546,7 @@ static struct avc_node *avc_alloc_node(void)
{
struct avc_node *node;
- node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC|__GFP_NOMEMALLOC);
+ node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT);
if (!node)
goto out;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ad3b0f53ede00bb6fcd5a870c1369a8003950510..f5d304736852f98508144c23e7325068c6ae2ee8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3,7 +3,7 @@
*
* This file contains the SELinux hook function implementations.
*
- * Authors: Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Authors: Stephen Smalley, <sds@tycho.nsa.gov>
* Chris Vance, <cvance@nai.com>
* Wayne Salamon, <wsalamon@nai.com>
* James Morris <jmorris@redhat.com>
@@ -815,7 +815,9 @@ static int selinux_set_mnt_opts(struct super_block *sb,
if (!strcmp(sb->s_type->name, "debugfs") ||
!strcmp(sb->s_type->name, "tracefs") ||
!strcmp(sb->s_type->name, "sysfs") ||
- !strcmp(sb->s_type->name, "pstore"))
+ !strcmp(sb->s_type->name, "pstore") ||
+ !strcmp(sb->s_type->name, "cgroup") ||
+ !strcmp(sb->s_type->name, "cgroup2"))
sbsec->flags |= SE_SBGENFS;
if (!sbsec->behavior) {
@@ -1303,6 +1305,7 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
case SOCK_SEQPACKET:
return SECCLASS_UNIX_STREAM_SOCKET;
case SOCK_DGRAM:
+ case SOCK_RAW:
return SECCLASS_UNIX_DGRAM_SOCKET;
}
break;
@@ -2317,6 +2320,7 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
int rc;
+ u32 av;
if (!nnp && !nosuid)
return 0; /* neither NNP nor nosuid */
@@ -2325,24 +2329,40 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
return 0; /* No change in credentials */
/*
- * The only transitions we permit under NNP or nosuid
- * are transitions to bounded SIDs, i.e. SIDs that are
- * guaranteed to only be allowed a subset of the permissions
- * of the current SID.
+ * If the policy enables the nnp_nosuid_transition policy capability,
+ * then we permit transitions under NNP or nosuid if the
+ * policy allows the corresponding permission between
+ * the old and new contexts.
*/
- rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
- if (rc) {
- /*
- * On failure, preserve the errno values for NNP vs nosuid.
- * NNP: Operation not permitted for caller.
- * nosuid: Permission denied to file.
- */
+ if (selinux_policycap_nnp_nosuid_transition) {
+ av = 0;
if (nnp)
- return -EPERM;
- else
- return -EACCES;
+ av |= PROCESS2__NNP_TRANSITION;
+ if (nosuid)
+ av |= PROCESS2__NOSUID_TRANSITION;
+ rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
+ SECCLASS_PROCESS2, av, NULL);
+ if (!rc)
+ return 0;
}
- return 0;
+
+ /*
+ * We also permit NNP or nosuid transitions to bounded SIDs,
+ * i.e. SIDs that are guaranteed to only be allowed a subset
+ * of the permissions of the current SID.
+ */
+ rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
+ if (!rc)
+ return 0;
+
+ /*
+ * On failure, preserve the errno values for NNP vs nosuid.
+ * NNP: Operation not permitted for caller.
+ * nosuid: Permission denied to file.
+ */
+ if (nnp)
+ return -EPERM;
+ return -EACCES;
}
static int selinux_bprm_set_creds(struct linux_binprm *bprm)
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index 0999df03af8bff2fe54c084e7459ed19da5a20c2..a5004e9de11a999f56333eed055b9519d7275b39 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -1,7 +1,7 @@
/*
* Access vector cache interface for object managers.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
#ifndef _SELINUX_AVC_H_
#define _SELINUX_AVC_H_
diff --git a/security/selinux/include/avc_ss.h b/security/selinux/include/avc_ss.h
index d5c328452df0161acd82bd8ec295fecc00392b86..37d57dadd476a90d6a1bef5f2104a0057d1dd44f 100644
--- a/security/selinux/include/avc_ss.h
+++ b/security/selinux/include/avc_ss.h
@@ -1,7 +1,7 @@
/*
* Access vector cache interface for the security server.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
#ifndef _SELINUX_AVC_SS_H_
#define _SELINUX_AVC_SS_H_
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index b9fe3434b036d8a0e7c55716753f04735c1a9a0e..35ffb29a69cb00b34a4de5d722eaee46df310a74 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -48,6 +48,8 @@ struct security_class_mapping secclass_map[] = {
"setrlimit", "rlimitinh", "dyntransition", "setcurrent",
"execmem", "execstack", "execheap", "setkeycreate",
"setsockcreate", "getrlimit", NULL } },
+ { "process2",
+ { "nnp_transition", "nosuid_transition", NULL } },
{ "system",
{ "ipc_info", "syslog_read", "syslog_mod",
"syslog_console", "module_request", "module_load", NULL } },
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 6ebc61e370ff32856ef9b164355ffd2e9645699e..1649cd18eb0bed125bb38466506309d26c647f90 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -3,7 +3,7 @@
*
* This file contains the SELinux security data structures for kernel objects.
*
- * Author(s): Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author(s): Stephen Smalley, <sds@tycho.nsa.gov>
* Chris Vance, <cvance@nai.com>
* Wayne Salamon, <wsalamon@nai.com>
* James Morris <jmorris@redhat.com>
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index e91f08c16c0b2943686fe94eb3ac84b09078e5de..28dfb2f93e4dcfcb62fc77e20fe7303295905b48 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -1,7 +1,7 @@
/*
* Security server interface.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*
*/
@@ -73,6 +73,7 @@ enum {
POLICYDB_CAPABILITY_EXTSOCKCLASS,
POLICYDB_CAPABILITY_ALWAYSNETWORK,
POLICYDB_CAPABILITY_CGROUPSECLABEL,
+ POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION,
__POLICYDB_CAPABILITY_MAX
};
#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
@@ -84,6 +85,7 @@ extern int selinux_policycap_openperm;
extern int selinux_policycap_extsockclass;
extern int selinux_policycap_alwaysnetwork;
extern int selinux_policycap_cgroupseclabel;
+extern int selinux_policycap_nnp_nosuid_transition;
/*
* type_datum properties
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index 3628d3a868b669c9aa9267808533aaa5dc8c0d1c..2c3c7d010d8a49c584057c0ec9efbe8213286601 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -1,7 +1,7 @@
/*
* Implementation of the access vector table type.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
index d946c9dc3c9ca6b2569ecd7624c3bd12f7789c77..725853cadc42111c0ee49304cafbba7509ef12b2 100644
--- a/security/selinux/ss/avtab.h
+++ b/security/selinux/ss/avtab.h
@@ -5,7 +5,7 @@
* table is used to represent the type enforcement
* tables.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
diff --git a/security/selinux/ss/constraint.h b/security/selinux/ss/constraint.h
index 96fd947c494b64827f89e745393483669cc07d8e..33ae2aec4f3617b211c53f96361fd34281dc8005 100644
--- a/security/selinux/ss/constraint.h
+++ b/security/selinux/ss/constraint.h
@@ -10,7 +10,7 @@
* process from labeling an object with a different user
* identity.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
#ifndef _SS_CONSTRAINT_H_
#define _SS_CONSTRAINT_H_
diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h
index 212e3479a0d98e0b32b643ef78d97f5174b7f692..a2c0f37c42aef1ed220dbd3d8dc2088740f548dd 100644
--- a/security/selinux/ss/context.h
+++ b/security/selinux/ss/context.h
@@ -10,7 +10,7 @@
* security server and can be changed without affecting
* clients of the security server.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
#ifndef _SS_CONTEXT_H_
#define _SS_CONTEXT_H_
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index ad38299164c392b1feba7a34a395a8b1dc24b504..fc28149a4f2e67ba8293cd0d2863eae484b8a7a3 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -1,7 +1,7 @@
/*
* Implementation of the extensible bitmap type.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
* Updated: Hewlett-Packard <paul@paul-moore.com>
diff --git a/security/selinux/ss/ebitmap.h b/security/selinux/ss/ebitmap.h
index 6d5a9ac4251f860da7a29b1082fe246098257b02..da1325dda550e664821e6c33e418227343047dba 100644
--- a/security/selinux/ss/ebitmap.h
+++ b/security/selinux/ss/ebitmap.h
@@ -9,7 +9,7 @@
* an explicitly specified starting bit position within
* the total bitmap.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
#ifndef _SS_EBITMAP_H_
#define _SS_EBITMAP_H_
diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
index 3858706a29fbb9d885e0722b8e3a06cdaa0ffcd4..686c3917064c5d10dddf7a4c3a6db70136f40624 100644
--- a/security/selinux/ss/hashtab.c
+++ b/security/selinux/ss/hashtab.c
@@ -1,7 +1,7 @@
/*
* Implementation of the hash table type.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
#include <linux/kernel.h>
#include <linux/slab.h>
diff --git a/security/selinux/ss/hashtab.h b/security/selinux/ss/hashtab.h
index 953872cd84ab0a17bf161154b1dfd38080357ff5..009fb5e06172d54fafeb1478f43c6251ef8291e4 100644
--- a/security/selinux/ss/hashtab.h
+++ b/security/selinux/ss/hashtab.h
@@ -5,7 +5,7 @@
* functions for hash computation and key comparison are
* provided by the creator of the table.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
#ifndef _SS_HASHTAB_H_
#define _SS_HASHTAB_H_
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index e1088842232c6aefd334c2bf96c51549d8a55363..d9dc34f4fadea997902a3e309170a908e89dcbdd 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -1,7 +1,7 @@
/*
* Implementation of the multi-level security (MLS) policy.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
index e4369e3e6366f89e52690e64ad16ae00ba45b985..0f0a1d65b2ceb3dba1f7fee67dbe1d9841245a9d 100644
--- a/security/selinux/ss/mls.h
+++ b/security/selinux/ss/mls.h
@@ -1,7 +1,7 @@
/*
* Multi-level security (MLS) policy operations.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
diff --git a/security/selinux/ss/mls_types.h b/security/selinux/ss/mls_types.h
index e93648774137c601f5ec90ce14a03983655ce36d..47f3702cd596ebcdff6b76b88e776eecadfea2b2 100644
--- a/security/selinux/ss/mls_types.h
+++ b/security/selinux/ss/mls_types.h
@@ -1,7 +1,7 @@
/*
* Type definitions for the multi-level security (MLS) policy.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index aa6500abb178c3534b2940e0acfb48a8613768b1..6e8c8056d7adfa7f57c6f0041087a49eb1575605 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -1,7 +1,7 @@
/*
* Implementation of the policy database.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 5d23eed35fa7a4a2b15beec21eb869a2213201c3..215f8f30ac5a5dcfa5126c8357da7cebf9639a1b 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -2,7 +2,7 @@
* A policy database (policydb) specifies the
* configuration data for the security policy.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 2f02fa67ec2e833eefb6f98f9d6190f4012679a1..e4a1c0dc561a40a06bc10534273ddb1919798c0c 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1,7 +1,7 @@
/*
* Implementation of the security services.
*
- * Authors : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Authors : Stephen Smalley, <sds@tycho.nsa.gov>
* James Morris <jmorris@redhat.com>
*
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
@@ -76,7 +76,8 @@ char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX] = {
"open_perms",
"extended_socket_class",
"always_check_network",
- "cgroup_seclabel"
+ "cgroup_seclabel",
+ "nnp_nosuid_transition"
};
int selinux_policycap_netpeer;
@@ -84,6 +85,7 @@ int selinux_policycap_openperm;
int selinux_policycap_extsockclass;
int selinux_policycap_alwaysnetwork;
int selinux_policycap_cgroupseclabel;
+int selinux_policycap_nnp_nosuid_transition;
static DEFINE_RWLOCK(policy_rwlock);
@@ -2009,6 +2011,9 @@ static void security_load_policycaps(void)
selinux_policycap_cgroupseclabel =
ebitmap_get_bit(&policydb.policycaps,
POLICYDB_CAPABILITY_CGROUPSECLABEL);
+ selinux_policycap_nnp_nosuid_transition =
+ ebitmap_get_bit(&policydb.policycaps,
+ POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION);
for (i = 0; i < ARRAY_SIZE(selinux_policycap_names); i++)
pr_info("SELinux: policy capability %s=%d\n",
diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h
index 6abcd8729ec3a6c7605ab394a7d108fe0192020a..3d9fa9556b4f97a2f2fa9c1cd252eae3ac2587ad 100644
--- a/security/selinux/ss/services.h
+++ b/security/selinux/ss/services.h
@@ -1,7 +1,7 @@
/*
* Implementation of the security services.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
#ifndef _SS_SERVICES_H_
#define _SS_SERVICES_H_
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
index c5f436b15d1992dc2a40999f0477728c67f7512d..6ae08efc5ae78dfd3a00885dd1ff45bc5952f788 100644
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@ -1,7 +1,7 @@
/*
* Implementation of the SID table type.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
#include <linux/kernel.h>
#include <linux/slab.h>
diff --git a/security/selinux/ss/sidtab.h b/security/selinux/ss/sidtab.h
index 84dc154d9389db3b6353443e7c6d3c1997e08a76..de5d0ea583d2535a79a7cde28b4abdc5ad28e9eb 100644
--- a/security/selinux/ss/sidtab.h
+++ b/security/selinux/ss/sidtab.h
@@ -2,7 +2,7 @@
* A security identifier table (sidtab) is a hash table
* of security context structures indexed by SID value.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
#ifndef _SS_SIDTAB_H_
#define _SS_SIDTAB_H_
diff --git a/security/selinux/ss/symtab.c b/security/selinux/ss/symtab.c
index 160326ee99e58b0d47388dcb98493a7d1bb0905f..d1a6745849a7beee47ddc75d372cb26ed3234a1e 100644
--- a/security/selinux/ss/symtab.c
+++ b/security/selinux/ss/symtab.c
@@ -1,7 +1,7 @@
/*
* Implementation of the symbol table type.
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
#include <linux/kernel.h>
#include <linux/string.h>
diff --git a/security/selinux/ss/symtab.h b/security/selinux/ss/symtab.h
index ca422b42fbc0beaf680cf79e2f7617f5f5255715..0bc12d587d3a20836c41b83d3c0eefd3e230633c 100644
--- a/security/selinux/ss/symtab.h
+++ b/security/selinux/ss/symtab.h
@@ -4,7 +4,7 @@
* is arbitrary. The symbol table type is implemented
* using the hash table type (hashtab).
*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
#ifndef _SS_SYMTAB_H_
#define _SS_SYMTAB_H_