Gitlab 现已全面支持 git over ssh 与 git over https。通过 HTTPS 访问请配置带有 read_repository / write_repository 权限的 Personal access token。通过 SSH 端口访问请使用 22 端口或 13389 端口。如果使用CAS注册了账户但不知道密码，可以自行至设置中更改；如有其他问题，请发邮件至 service@cra.moe 寻求协助。

Commit 5f8ac64b authored Jan 06, 2006 by Trent Jaeger Committed by David S. Miller Jan 06, 2006

[LSM-IPSec]: Corrections to LSM-IPSec Nethooks



This patch contains two corrections to the LSM-IPsec Nethooks patches
previously applied.  

(1) free a security context on a failed insert via xfrm_user 
interface in xfrm_add_policy.  Memory leak.

(2) change the authorization of the allocation of a security context
in a xfrm_policy or xfrm_state from both relabelfrom and relabelto 
to setcontext.

Signed-off-by: Trent Jaeger <tjaeger@cse.psu.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 69549ddd

net/xfrm/xfrm_user.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -802,6 +802,7 @@ static int xfrm_add_policy(struct sk_buff skb, struct nlmsghdr nlh, void **xfr
		excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
		err = xfrm_policy_insert(p->dir, xp, excl);
		if (err) {
		security_xfrm_policy_free(xp);
		kfree(xp);
		return err;
		}

security/selinux/include/av_perm_to_string.h

+1 −2

Original line number	Diff line number	Diff line
		@@ -238,5 +238,4 @@
		S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
		S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
		S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
		S_(SECCLASS_ASSOCIATION, ASSOCIATION__RELABELFROM, "relabelfrom")
		S_(SECCLASS_ASSOCIATION, ASSOCIATION__RELABELTO, "relabelto")
		S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")

security/selinux/include/av_permissions.h

+1 −2

Original line number	Diff line number	Diff line
		@@ -908,8 +908,7 @@

		#define ASSOCIATION__SENDTO 0x00000001UL
		#define ASSOCIATION__RECVFROM 0x00000002UL
		#define ASSOCIATION__RELABELFROM 0x00000004UL
		#define ASSOCIATION__RELABELTO 0x00000008UL
		#define ASSOCIATION__SETCONTEXT 0x00000004UL

		#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL
		#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL

security/selinux/xfrm.c

+1 −7

Original line number	Diff line number	Diff line
		@@ -137,15 +137,9 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_us
		* Must be permitted to relabel from default socket type (process type)
		* to specified context
		*/
		rc = avc_has_perm(tsec->sid, tsec->sid,
		SECCLASS_ASSOCIATION,
		ASSOCIATION__RELABELFROM, NULL);
		if (rc)
		goto out;

		rc = avc_has_perm(tsec->sid, ctx->ctx_sid,
		SECCLASS_ASSOCIATION,
		ASSOCIATION__RELABELTO, NULL);
		ASSOCIATION__SETCONTEXT, NULL);
		if (rc)
		goto out;

CRA Git | Maintained and supported by SUSTech CRA and CCSE