Gitlab 现已全面支持 git over ssh 与 git over https。通过 HTTPS 访问请配置带有 read_repository / write_repository 权限的 Personal access token。通过 SSH 端口访问请使用 22 端口或 13389 端口。如果使用CAS注册了账户但不知道密码，可以自行至设置中更改；如有其他问题，请发邮件至 service@cra.moe 寻求协助。

Commit 5c108d4e authored Dec 13, 2019 by Stephen Smalley Committed by Paul Moore Dec 18, 2019

selinux: randomize layout of key structures



Randomize the layout of key selinux data structures.
Initially this is applied to the selinux_state, selinux_ss,
policydb, and task_security_struct data structures.

NB To test/use this mechanism, one must install the
necessary build-time dependencies, e.g. gcc-plugin-devel on Fedora,
and enable CONFIG_GCC_PLUGIN_RANDSTRUCT in the kernel configuration.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Kees Cook <keescook@chromium.org>
[PM: double semi-colon fixed]
Signed-off-by: Paul Moore <paul@paul-moore.com>

parent 6c5a682e

security/selinux/include/objsec.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -35,7 +35,7 @@ struct task_security_struct {
		u32 create_sid; /* fscreate SID */
		u32 keycreate_sid; /* keycreate SID */
		u32 sockcreate_sid; /* fscreate SID */
		};
		} __randomize_layout;

		enum label_initialized {
		LABEL_INVALID, /* invalid or not initialized */

security/selinux/include/security.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -110,7 +110,7 @@ struct selinux_state {
		bool policycap[__POLICYDB_CAPABILITY_MAX];
		struct selinux_avc *avc;
		struct selinux_ss *ss;
		};
		} __randomize_layout;

		void selinux_ss_init(struct selinux_ss **ss);
		void selinux_avc_init(struct selinux_avc **avc);

security/selinux/ss/policydb.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -307,7 +307,7 @@ struct policydb {

		u16 process_class;
		u32 process_trans_perms;
		};
		} __randomize_layout;

		extern void policydb_destroy(struct policydb *p);
		extern int policydb_load_isids(struct policydb p, struct sidtab s);

security/selinux/ss/services.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -31,7 +31,7 @@ struct selinux_ss {
		struct selinux_map map;
		struct page *status_page;
		struct mutex status_lock;
		};
		} __randomize_layout;

		void services_compute_xperms_drivers(struct extended_perms *xperms,
		struct avtab_node *node);

CRA Git | Maintained and supported by SUSTech CRA and CCSE