search for: schaufler

...tr name is set. If not, act as if security_old_inode_init_security() returned -EOPNOTSUPP, and set si->enable to zero to notify to the functions following ocfs2_init_security_get() that no xattrs are available. Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> Reviewed-by: Casey Schaufler <casey at schaufler-ca.com> Acked-by: Joseph Qi <joseph.qi at linux.alibaba.com> --- fs/ocfs2/namei.c | 2 ++ fs/ocfs2/xattr.c | 30 ++++++++++++++++++++++++++---- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c index 9175dbc4720..17...

...curity_inode_init_security(), expect that this array is terminated when > the xattr name is set to NULL, reuse the same assumption to scan all xattrs > and to calculate the HMAC on all of them. > > Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> > Reviewed-by: Casey Schaufler <casey at schaufler-ca.com> Normally changing the contents of the EVM HMAC calculation would break existing systems. Assuming for the time being this is safe, at what point will it affect backwards compatability? Should it be documented now or then? -- thanks, Mimi

...ining two users reiserfs and ocfs2 switched to security_inode_init_security(), security_old_inode_init_security() can be now removed. Out-of-tree kernel modules should switch to security_inode_init_security() too. Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> Reviewed-by: Casey Schaufler <casey at schaufler-ca.com> --- include/linux/security.h | 12 ------------ security/security.c | 11 ----------- 2 files changed, 23 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index ca1b7109c0db..c682fc96ed61 100644 --- a/include/linux/security.h +++...

...ining two users reiserfs and ocfs2 switched to security_inode_init_security(), security_old_inode_init_security() can be now removed. Out-of-tree kernel modules should switch to security_inode_init_security() too. Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> Reviewed-by: Casey Schaufler <casey at schaufler-ca.com> Reviewed-by: Mimi Zohar <zohar at linux.ibm.com> --- include/linux/security.h | 12 ------------ security/security.c | 11 ----------- 2 files changed, 23 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 5984d0d550b.....

...r space. As a consequence, even if EVM is invoked, it will not provide an xattr (if it is not the first to set it, its xattr will be discarded; if it is the first, it does not have xattrs to calculate the HMAC on). Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> Reviewed-by: Casey Schaufler <casey at schaufler-ca.com> Reviewed-by: Mimi Zohar <zohar at linux.ibm.com> --- fs/reiserfs/xattr_security.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c index 41c0ea84fbf..6bff...

...->enable to zero to > notify to the functions following ocfs2_init_security_get() that the xattr > is not available (same as if security_old_inode_init_security() returned > -EOPNOTSUPP). > > Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> > Reviewed-by: Casey Schaufler <casey at schaufler-ca.com> > --- > fs/ocfs2/namei.c | 18 ++++++------------ > fs/ocfs2/xattr.c | 30 ++++++++++++++++++++++++++---- > 2 files changed, 32 insertions(+), 16 deletions(-) > > diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c > index 05f32989bad6..55fba81c...

From: Roberto Sassu <roberto.sassu at huawei.com> One of the major goals of LSM stacking is to run multiple LSMs side by side without interfering with each other. The ultimate decision will depend on individual LSM decision. Several changes need to be made to the LSM infrastructure to be able to support that. This patch set tackles one of them: gives to each LSM the ability to specify one

From: Roberto Sassu <roberto.sassu at huawei.com> One of the major goals of LSM stacking is to run multiple LSMs side by side without interfering with each other. The ultimate decision will depend on individual LSM decision. Several changes need to be made to the LSM infrastructure to be able to support that. This patch set tackles one of them: gives to each LSM the ability to specify one

...ted-by: Nicolas Bouchinet <nicolas.bouchinet at clip-os.org> (EVM crash) > > > > Link: https://lore.kernel.org/linux-integrity/Y1FTSIo+1x+4X0LS at archlinux/ > > > > Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> > > > > Reviewed-by: Casey Schaufler <casey at schaufler-ca.com> > > > > Reviewed-by: Mimi Zohar <zohar at linux.ibm.com> > > > > --- > > > > include/linux/lsm_hook_defs.h | 3 +- > > > > include/linux/lsm_hooks.h | 1 + > > > > security/security.c...

...Bouchinet <nicolas.bouchinet at clip-os.org> (EVM crash) > > > > > Link: https://lore.kernel.org/linux-integrity/Y1FTSIo+1x+4X0LS at archlinux/ > > > > > Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> > > > > > Reviewed-by: Casey Schaufler <casey at schaufler-ca.com> > > > > > Reviewed-by: Mimi Zohar <zohar at linux.ibm.com> > > > > > --- > > > > > include/linux/lsm_hook_defs.h | 3 +- > > > > > include/linux/lsm_hooks.h | 1 + > > > > > s...

...s following ocfs2_init_security_get() that the xattr > > > is not available (same as if security_old_inode_init_security() returned > > > -EOPNOTSUPP). > > > > > > Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> > > > Reviewed-by: Casey Schaufler <casey at schaufler-ca.com> > > > --- > > > fs/ocfs2/namei.c | 18 ++++++------------ > > > fs/ocfs2/xattr.c | 30 ++++++++++++++++++++++++++---- > > > 2 files changed, 32 insertions(+), 16 deletions(-) > > > > > > diff --git a/fs/ocfs2/...

...> > Reported-by: Nicolas Bouchinet <nicolas.bouchinet at clip-os.org> (EVM crash) > > > Link: https://lore.kernel.org/linux-integrity/Y1FTSIo+1x+4X0LS at archlinux/ > > > Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> > > > Reviewed-by: Casey Schaufler <casey at schaufler-ca.com> > > > Reviewed-by: Mimi Zohar <zohar at linux.ibm.com> > > > --- > > > include/linux/lsm_hook_defs.h | 3 +- > > > include/linux/lsm_hooks.h | 1 + > > > security/security.c | 119 +++++++++++++++...

Hi Newsgroup, I want to write a technical thesis about Samba 4 and need more detailed infos about samba's own implementations of ldap, kerberos, bind, etc. and the differences from the common implementations. Obviously I'm to stupid to find it for myself so I would be very grateful for any help, links, etc. Thanks in advance, Markus

Joe Perches (25): arm: Use bool function return values of true/false not 1/0 arm64: Use bool function return values of true/false not 1/0 hexagon: Use bool function return values of true/false not 1/0 ia64: Use bool function return values of true/false not 1/0 mips: Use bool function return values of true/false not 1/0 powerpc: Use bool function return values of true/false not 1/0

Joe Perches (25): arm: Use bool function return values of true/false not 1/0 arm64: Use bool function return values of true/false not 1/0 hexagon: Use bool function return values of true/false not 1/0 ia64: Use bool function return values of true/false not 1/0 mips: Use bool function return values of true/false not 1/0 powerpc: Use bool function return values of true/false not 1/0

Joe Perches (25): arm: Use bool function return values of true/false not 1/0 arm64: Use bool function return values of true/false not 1/0 hexagon: Use bool function return values of true/false not 1/0 ia64: Use bool function return values of true/false not 1/0 mips: Use bool function return values of true/false not 1/0 powerpc: Use bool function return values of true/false not 1/0

...okia.com> Carlos Maiolino <cmaiolino@redhat.com> Carolyn Wyborny <carolyn.wyborny@intel.com> carriere etienne <etienne.carriere@stericsson.com> Carsten Emde <C.Emde@osadl.org> Carsten Otte <cotte@de.ibm.com> Carsten S. <carsteniq@yahoo.com> Casey Schaufler <casey@schaufler-ca.com> Casey Schaufler <cschaufler@cschaufler-intel.(none)> Caspar Zhang <caspar@casparzhang.com> Catalin Iacob <iacobcatalin@gmail.com> Catalin Marinas <catalin.marinas@arm.com> Catherine Sullivan <catherine.sullivan@intel.com> Ceri...

...okia.com> Carlos Maiolino <cmaiolino@redhat.com> Carolyn Wyborny <carolyn.wyborny@intel.com> carriere etienne <etienne.carriere@stericsson.com> Carsten Emde <C.Emde@osadl.org> Carsten Otte <cotte@de.ibm.com> Carsten S. <carsteniq@yahoo.com> Casey Schaufler <casey@schaufler-ca.com> Casey Schaufler <cschaufler@cschaufler-intel.(none)> Caspar Zhang <caspar@casparzhang.com> Catalin Iacob <iacobcatalin@gmail.com> Catalin Marinas <catalin.marinas@arm.com> Catherine Sullivan <catherine.sullivan@intel.com> Ceri...

...okia.com> Carlos Maiolino <cmaiolino@redhat.com> Carolyn Wyborny <carolyn.wyborny@intel.com> carriere etienne <etienne.carriere@stericsson.com> Carsten Emde <C.Emde@osadl.org> Carsten Otte <cotte@de.ibm.com> Carsten S. <carsteniq@yahoo.com> Casey Schaufler <casey@schaufler-ca.com> Casey Schaufler <cschaufler@cschaufler-intel.(none)> Caspar Zhang <caspar@casparzhang.com> Catalin Iacob <iacobcatalin@gmail.com> Catalin Marinas <catalin.marinas@arm.com> Catherine Sullivan <catherine.sullivan@intel.com> Ceri...

...okia.com> Carlos Maiolino <cmaiolino@redhat.com> Carolyn Wyborny <carolyn.wyborny@intel.com> carriere etienne <etienne.carriere@stericsson.com> Carsten Emde <C.Emde@osadl.org> Carsten Otte <cotte@de.ibm.com> Carsten S. <carsteniq@yahoo.com> Casey Schaufler <casey@schaufler-ca.com> Casey Schaufler <cschaufler@cschaufler-intel.(none)> Caspar Zhang <caspar@casparzhang.com> Catalin Iacob <iacobcatalin@gmail.com> Catalin Marinas <catalin.marinas@arm.com> Catherine Sullivan <catherine.sullivan@intel.com> Ceri...