Merge branch 'for-linus' of... (7e688095) · Commits · 戴 / test

Documentation/apparmor.txt

0 → 100644

+39 −0

Original line number	Diff line number	Diff line
		--- What is AppArmor? ---

		AppArmor is MAC style security extension for the Linux kernel. It implements
		a task centered policy, with task "profiles" being created and loaded
		from user space. Tasks on the system that do not have a profile defined for
		them run in an unconfined state which is equivalent to standard Linux DAC
		permissions.

		--- How to enable/disable ---

		set CONFIG_SECURITY_APPARMOR=y

		If AppArmor should be selected as the default security module then
		set CONFIG_DEFAULT_SECURITY="apparmor"
		and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1

		Build the kernel

		If AppArmor is not the default security module it can be enabled by passing
		security=apparmor on the kernel's command line.

		If AppArmor is the default security module it can be disabled by passing
		apparmor=0, security=XXXX (where XXX is valid security module), on the
		kernel's command line

		For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
		policy must be loaded into the kernel from user space (see the Documentation
		and tools links).

		--- Documentation ---

		Documentation can be found on the wiki.

		--- Links ---

		Mailing List - apparmor@lists.ubuntu.com
		Wiki - http://apparmor.wiki.kernel.org/
		User space tools - https://launchpad.net/apparmor
		Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git

Documentation/kernel-parameters.txt

+8 −0

Original line number	Diff line number	Diff line
		@@ -93,6 +93,7 @@ parameter is applicable:
		Documentation/scsi/.
		SECURITY Different security models are enabled.
		SELINUX SELinux support is enabled.
		APPARMOR AppArmor support is enabled.
		SERIAL Serial support is enabled.
		SH SuperH architecture is enabled.
		SMP The kernel is an SMP kernel.
		@@ -2312,6 +2313,13 @@ and is between 256 and 4096 characters. It is defined in the file
		If enabled at boot time, /selinux/disable can be used
		later to disable prior to initial policy load.

		apparmor= [APPARMOR] Disable or enable AppArmor at boot time
		Format: { "0" \| "1" }
		See security/apparmor/Kconfig help text
		0 -- disable.
		1 -- enable.
		Default value is set via kernel config option.

		serialnumber [BUGS=X86-32]

		shapers= [NET]

Documentation/tomoyo.txt

+5 −5

Original line number	Diff line number	Diff line
		@@ -3,8 +3,8 @@
		TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel.

		LiveCD-based tutorials are available at
		http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/ubuntu8.04-live/
		http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/centos5-live/ .
		http://tomoyo.sourceforge.jp/1.7/1st-step/ubuntu10.04-live/
		http://tomoyo.sourceforge.jp/1.7/1st-step/centos5-live/ .
		Though these tutorials use non-LSM version of TOMOYO, they are useful for you
		to know what TOMOYO is.

		@@ -13,12 +13,12 @@ to know what TOMOYO is.
		Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on
		kernel's command line.

		Please see http://tomoyo.sourceforge.jp/en/2.2.x/ for details.
		Please see http://tomoyo.sourceforge.jp/2.3/ for details.

		--- Where is documentation? ---

		User <-> Kernel interface documentation is available at
		http://tomoyo.sourceforge.jp/en/2.2.x/policy-reference.html .
		http://tomoyo.sourceforge.jp/2.3/policy-reference.html .

		Materials we prepared for seminars and symposiums are available at
		http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 .
		@@ -50,6 +50,6 @@ multiple LSM modules at the same time. We feel sorry that you have to give up
		SELinux/SMACK/AppArmor etc. when you want to use TOMOYO.

		We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM
		version of TOMOYO, available at http://tomoyo.sourceforge.jp/en/1.6.x/ .
		version of TOMOYO, available at http://tomoyo.sourceforge.jp/1.7/ .
		LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning
		to port non-LSM version's functionalities to LSM versions.

MAINTAINERS

+9 −1

Original line number	Diff line number	Diff line
		@@ -5061,6 +5061,14 @@ S: Supported
		F: include/linux/selinux*
		F: security/selinux/

		APPARMOR SECURITY MODULE
		M: John Johansen <john.johansen@canonical.com>
		L: apparmor@lists.ubuntu.com (subscribers-only, general discussion)
		W: apparmor.wiki.kernel.org
		T: git git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git
		S: Supported
		F: security/apparmor/

		SENSABLE PHANTOM
		M: Jiri Slaby <jirislaby@gmail.com>
		S: Maintained
		@@ -5605,7 +5613,7 @@ L: tomoyo-users-en@lists.sourceforge.jp (subscribers-only, for developers and us
		L: tomoyo-dev@lists.sourceforge.jp (subscribers-only, for developers in Japanese)
		L: tomoyo-users@lists.sourceforge.jp (subscribers-only, for users in Japanese)
		W: http://tomoyo.sourceforge.jp/
		T: quilt http://svn.sourceforge.jp/svnroot/tomoyo/trunk/2.2.x/tomoyo-lsm/patches/
		T: quilt http://svn.sourceforge.jp/svnroot/tomoyo/trunk/2.3.x/tomoyo-lsm/patches/
		S: Maintained
		F: security/tomoyo/

fs/fuse/dir.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1016,7 +1016,7 @@ static int fuse_permission(struct inode *inode, int mask)
		exist. So if permissions are revoked this won't be
		noticed immediately, only after the attribute
		timeout has expired */
		} else if (mask & MAY_ACCESS) {
		} else if (mask & (MAY_ACCESS \| MAY_CHDIR)) {
		err = fuse_access(inode, mask);
		} else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
		if (!(inode->i_mode & S_IXUGO)) {

Admin message