redonkable/remarkable-linux
redonkable/remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/drivers
History
Paul Moore 5dbbaf2de8 tun: fix LSM/SELinux labeling of tun/tap devices 
This patch corrects some problems with LSM/SELinux that were introduced
with the multiqueue patchset.  The problem stems from the fact that the
multiqueue work changed the relationship between the tun device and its
associated socket; before the socket persisted for the life of the
device, however after the multiqueue changes the socket only persisted
for the life of the userspace connection (fd open).  For non-persistent
devices this is not an issue, but for persistent devices this can cause
the tun device to lose its SELinux label.

We correct this problem by adding an opaque LSM security blob to the
tun device struct which allows us to have the LSM security state, e.g.
SELinux labeling information, persist for the lifetime of the tun
device.  In the process we tweak the LSM hooks to work with this new
approach to TUN device/socket labeling and introduce a new LSM hook,
security_tun_dev_attach_queue(), to approve requests to attach to a
TUN queue via TUNSETQUEUE.

The SELinux code has been adjusted to match the new LSM hooks, the
other LSMs do not make use of the LSM TUN controls.  This patch makes
use of the recently added "tun_socket:attach_queue" permission to
restrict access to the TUNSETQUEUE operation.  On older SELinux
policies which do not define the "tun_socket:attach_queue" permission
the access control decision for TUNSETQUEUE will be handled according
to the SELinux policy's unknown permission setting.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Eric Paris <eparis@parisplace.org>
Tested-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14 18:16:59 -05:00
..
accessibility
acpi Merge branch 'acpi-assorted' 2013-01-04 23:10:29 +01:00
amba Drivers: amba: remove __dev* attributes. 2013-01-03 15:57:02 -08:00
ata Drivers: ata: remove __dev* attributes. 2013-01-03 15:57:03 -08:00
atm Drivers: atm: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
auxdisplay Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
base Merge branch 'pm-sleep' 2013-01-06 00:36:17 +01:00
bcma Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-01-08 07:31:49 -08:00
block Drivers: block: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
bluetooth
bus Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
cdrom Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
char Drivers: char: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
clk ARM: arm-soc fixes for 3.8-rc 2013-01-08 18:53:56 -08:00
clocksource Drivers: clocksource: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
connector Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
cpufreq cpufreq / governor: Fix problem with cpufreq_ondemand or cpufreq_conservative 2013-01-03 13:11:19 +01:00
cpuidle cpuidle: fix lock contention in the idle path 2013-01-03 13:11:06 +01:00
crypto Drivers: crypto: remove __dev* attributes. 2013-01-03 15:57:02 -08:00
dca
devfreq Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
dio
dma ARM: arm-soc fixes for 3.8-rc 2013-01-08 18:53:56 -08:00
edac Two error path fixes causing a crash and a Kconfig fix for an issue 2013-01-09 08:43:56 -08:00
eisa
extcon
firewire Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
firmware Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
gpio Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
gpu udldrmfb: udl_get_edid: drop unneeded i-- 2013-01-14 08:45:27 +10:00
hid Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
hsi Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
hv
hwmon hwmon: (vexpress) Fix build error seen if CONFIG_OF_DEVICE is not set 2013-01-09 21:47:22 -08:00
hwspinlock
i2c i2c: remove __dev* attributes from subsystem 2012-12-22 20:13:45 +01:00
ide Drivers: ide: remove __dev* attributes. 2013-01-03 15:57:03 -08:00
idle intel_idle: pr_debug information need separated 2013-01-03 13:11:05 +01:00
iio Staging fixes for 3.8-rc3 2013-01-14 09:08:38 -08:00
infiniband Drivers: infinband: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2013-01-04 10:30:11 -08:00
iommu Drivers: iommu: remove __dev* attributes. 2013-01-03 15:57:14 -08:00
ipack
irqchip ARM: arm-soc: Device-tree updates, take 2 2012-12-14 14:42:53 -08:00
isdn Drivers: isdn: remove __dev* attributes. 2013-01-03 15:57:02 -08:00
leds leds: leds-gpio: set devm_gpio_request_one() flags param correctly 2013-01-02 17:58:41 -08:00
lguest lguest: fix typo 2012-12-18 15:19:06 +10:30
macintosh Drivers: macintosh: remove __dev* attributes. 2013-01-03 15:57:14 -08:00
md Miscellaneous device-mapper fixes, cleanups and performance improvements. 2012-12-21 17:08:06 -08:00
media Drivers: media: remove __dev* attributes. 2013-01-03 15:57:02 -08:00
memory Drivers: memory: remove __dev* attributes. 2013-01-03 15:57:14 -08:00
memstick
message Drivers: message: remove __dev* attributes. 2013-01-03 15:57:14 -08:00
mfd Drivers: mfd: remove __dev* attributes. 2013-01-03 15:57:14 -08:00
misc mei: fix mismatch in mutex unlock-lock in mei_amthif_read() 2013-01-07 10:28:03 -08:00
mmc Drivers: mmc: remove __dev* attributes. 2013-01-03 15:57:14 -08:00
mtd Drivers: mtd: remove __dev* attributes. 2013-01-03 15:57:03 -08:00
net tun: fix LSM/SELinux labeling of tun/tap devices 2013-01-14 18:16:59 -05:00
nfc Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
nubus
of of: Fix export of of_find_matching_node_and_match() 2012-12-19 10:58:53 +00:00
oprofile
parisc Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
parport Drivers: parport: remove __dev* attributes. 2013-01-03 15:57:03 -08:00
pci pci: fix iov.c kernel-doc warnings 2013-01-10 14:35:23 -08:00
pcmcia
pinctrl ARM: arm-soc fixes for 3.8-rc 2013-01-08 18:53:56 -08:00
platform asus-laptop: Fix potential invalid pointer dereference 2013-01-07 12:33:48 -05:00
pnp PNP: Handle IORESOURCE_BITS in resource allocation 2013-01-03 13:10:53 +01:00
power ARM: arm-soc fixes for 3.8-rc 2013-01-08 18:53:56 -08:00
pps Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
ps3 Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
ptp
pwm pwm: Changes for v3.8-rc1 2012-12-19 08:19:07 -08:00
rapidio
regulator Drivers: regulator: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
remoteproc Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
rpmsg Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
rtc drivers/rtc/rtc-da9055.c: fix cross-section reference 2013-01-11 14:54:54 -08:00
s390 s390/3215: partially revert tty close handling fix 2013-01-08 10:57:08 +01:00
sbus Drivers: sbus: remove __dev* attributes. 2013-01-03 15:57:03 -08:00
scsi Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
sfi
sh Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
sn Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
spi spi/sh-hspi: fix return value check in hspi_probe(). 2012-12-19 15:11:41 +00:00
ssb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-01-08 07:31:49 -08:00
staging Staging fixes for 3.8-rc3 2013-01-14 09:08:38 -08:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2012-12-15 14:25:10 -08:00
tc
thermal Drivers: thermal: remove __dev* attributes. 2013-01-03 15:57:02 -08:00
tty Merge branch 'omap-for-v3.8/fixes-for-merge-window' into omap-for-v3.8/fixes-for-merge-window-v2 2012-12-16 11:28:10 -08:00
uio
usb USB fixes for 3.8-rc3 2013-01-14 09:07:57 -08:00
uwb
vfio
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2012-12-15 14:25:10 -08:00
video drivers/video/ssd1307fb.c: fix bit order bug in the byte translation function 2013-01-11 14:54:54 -08:00
virt Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-12-18 09:58:09 -08:00
virtio Drivers: virtio: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
vlynq Drivers: vlynq: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
vme
w1 Drivers: w1: remove last __devexit_p() instance 2013-01-03 15:57:01 -08:00
watchdog watchdog: twl4030_wdt: add DT support 2013-01-02 12:07:05 +01:00
xen Drivers: xen: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
zorro Drivers: zorro: remove CONFIG_HOTPLUG usage 2013-01-03 15:57:01 -08:00
Kconfig
Makefile