In August 2006 I posted a patch generating a minimal SELinux policy. This
week, David P. Quigley posted an updated version of that as a patch against
the kernel. It also had nice logic for auto-installing the policy.
Following is David's original patch intro (preserved especially
bc it has stats on the generated policies):
se interested in the changes there were only two significant
changes. The first is that the iteration through the list of classes
used NULL as a sentinel value. The problem with this is that the
class_to_string array actually has NULL entries in its table as place
holders for the user space object classes.
The second change was that it would seem at some point the initial sids
table was NULL terminated. This is no longer the case so that iteration
has to be done on array length instead of looking for NULL.
Some statistics on the policy that it generates:
The policy consists of 523 lines which contain no blank lines. Of those
523 lines 453 of them are class, permission, and initial sid
definitions. These lines are usually little to no concern to the policy
developer since they will not be adding object classes or permissions.
Of the remaining 70 lines there is one type, one role, and one user
statement. The remaining lines are broken into three portions. The first
group are TE allow rules which make up 29 of the remaining lines, the
second is assignment of labels to the initial sids which consist of 27
lines, and file system labeling statements which are the remaining 11.
In addition to the policy.conf generated there is a single file_contexts
file containing two lines which labels the entire system with base_t.
This policy generates a policy.23 binary that is 7920 bytes.
(then a few versions later...):
The new policy is 587 lines (stripped of blank lines) with 476 of those
lines being the boilerplate that I mentioned last time. The remaining
111 lines have the 3 lines for type, user, and role, 70 lines for the
allow rules (one for each object class including user space object
classes), 27 lines to assign types to the initial sids, and 11 lines for
file system labeling. The policy binary is 9194 bytes.
Changelog:
Aug 26: Added Documentation/SELinux.txt
Aug 26: Incorporated a set of comments by Stephen Smalley:
1. auto-setup SELINUXTYPE=dummy
2. don't auto-install if selinux is enabled with
non-dummy policy
3. don't re-compute policy version
4. /sbin/setfiles not /usr/sbin/setfiles
Aug 22: As per JMorris comments, made sure make distclean
cleans up the mdp directory.
Removed a check for file_contexts which is now
created in the same file as the check, making it
superfluous.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
With 22454cb99f we added only the
first entry of the device table. We need to loop over the whole
device list.
Signed-off-by: Kay Sievers <kay.sievers@vrfy.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
scripts/patch-kernel script can't patch a tree, say, from 2.6.25 to
2.6.26.1, because of a wrong comparison in context of patching 2.6.x base.
Fix it.
Acked-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Fix handling of nested structs or unions. The regex to strip (eliminate)
nested structs or unions was limited to only 0 or 1 matches. This can
cause an uneven number of left/right braces to be stripped, which causes
this:
Warning(linux-2.6.27-rc1-git2//include/net/mac80211.h:336): No description found for parameter '}'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixes:
kconfig: drop the ""trying to assign nonexistent symbol" warning
kconfig: always write out .config
They really stand out now that make *config is less chatty - and
they are generally ignored - so drop them.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Roman Zippel <zippel@linux-m68k.org>
Cc: Adrian Bunk <bunk@kernel.org>
Always write out .config also in the case where config
did not change.
This fixes: http://bugzilla.kernel.org/show_bug.cgi?id=11230
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Josh Boyer <jwboyer@linux.vnet.ibm.com>
Cc: Adrian Bunk <bunk@kernel.org>
People don't like them and think they're errors.
Leave the __fw_install one though; when 'make firmware_install' does
nothing, it's best to have a 'Nothing to be done for...' message rather
than just doing nothing.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
It would have saved both a bug submitter and me a few hours if
scripts/ver_linux had picked the same gcc as the build.
Since I can't see any reason why it fiddles with PATH at all this patch
therefore removes the PATH setting.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
The extern flag currently is not included in type dump files
(genksyms --dump-types). Include that flag there for completeness.
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
We are having two kinds of problems with genksyms today: fake checksum
changes without actual ABI changes, and changes which we would rather like
to ignore (such as an additional field at the end of a structure that
modules are not supposed to touch, for example).
I have thought about ways to improve genksyms and compute checksums
differently to avoid those problems, but in the end I don't see a
fundamentally better way. So here are some genksyms patches for at least
making the checksums more easily manageable, if we cannot fully fix them.
In addition to the bugfixes (the first two patches), this allows genksyms
to track checksum changes and report why a checksum changed (third patch),
and to selectively ignore changes (fourth patch).
This patch:
Gcc __attribute__ definitions may occur repeatedly, e.g.,
static int foo __attribute__((__used__))
__attribute__((aligned (16)));
The genksyms parser does not understand this, and generates a syntax error.
Fix this case.
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Cc: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
gcc 4.3 correctly determines that input() is unused and gives the
following warning:
<-- snip -->
...
HOSTCC scripts/genksyms/lex.o
scripts/genksyms/lex.c:1487: warning: ‘input’ defined but not used
...
<-- snip -->
Fix it by adding %option noinput to scripts/genksyms/lex.l and
regeneration of scripts/genksyms/lex.c_shipped.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
gcc 4.3 correctly determines that input() is unused and gives the
following warning:
<-- snip -->
...
HOSTCC scripts/kconfig/zconf.tab.o
scripts/kconfig/lex.zconf.c:1628: warning: ‘input’ defined but not used
...
<-- snip -->
Fix it by adding %option noinput to scripts/kconfig/zconf.l and
regeneration of scripts/kconfig/lex.zconf.c_shipped.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Cc: Roman Zippel <zippel@linux-m68k.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Spelling fixes in scripts/mod/modpost.c
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-next: (25 commits)
setlocalversion: do not describe if there is nothing to describe
kconfig: fix typos: "Suport" -> "Support"
kconfig: make defconfig is no longer chatty
kconfig: make oldconfig is now less chatty
kconfig: speed up all*config + randconfig
kconfig: set all new symbols automatically
kconfig: add diffconfig utility
kbuild: remove Module.markers during mrproper
kbuild: sparse needs CF not CHECKFLAGS
kernel-doc: handle/strip __init
vmlinux.lds: move __attribute__((__cold__)) functions back into final .text section
init: fix URL of "The GNU Accounting Utilities"
kbuild: add arch/$ARCH/include to search path
kbuild: asm symlink support for arch/$ARCH/include
kbuild: support arch/$ARCH/include for tags, cscope
kbuild: prepare headers_* for arch/$ARCH/include
kbuild: install all headers when arch is changed
kbuild: make clean removes *.o.* as well
kbuild: optimize headers_* targets
kbuild: only one call for include/ in make headers_*
...
Jan Engelhardt wrote:
> Just a note that when you run git-describe, you should probably quiten it.
>
> fatal: cannot describe 'bd7364a0fd5a4a2878fe4a224be1b142a4e6698e'
>
> This happens when tags are not present, which can happen if Linus's tree
> is sent upwards again, IOW:
>
> machine1$ git-clone torvalds/linux-2.6.git
> machine1$ git push elsewhere master
>
> machine2$ git-clone elsewhere:/linux
> machine2$ git-describe HEAD
> fatal: cannot describe that
Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Acked-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
make defconfig generated a lot of output
then noone actually read.
Use conf_set_all_new_symbols() to generate the default
configuration and avoid the chatty output.
A typical run now looks like this:
$ make defconfig
*** Default configuration is based on 'i386_defconfig'
arch/x86/configs/i386_defconfig:13:warning: trying to assign nonexistent symbol SEMAPHORE_SLEEPERS
arch/x86/configs/i386_defconfig:176:warning: trying to assign nonexistent symbol PREEMPT_BKL
...
arch/x86/configs/i386_defconfig:1386:warning: trying to assign nonexistent symbol INSTRUMENTATION
$
As an added benefit we now clearly see the warnings generated
in the start of the process.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Roman Zippel <zippel@linux-m68k.org>
Previously when running "make oldconfig" we saw all the propmt lines
from kconfig and noone actully read this.
With this patch the user will only see output if there is new symbols.
This will be seen as "make oldconfig" runs which does not generate any output.
A typical run now looks like this:
$ make oldconfig
scripts/kconfig/conf -o arch/x86/Kconfig
$
If a new symbol is found then we restart the config process like this:
$ make oldconfig
scripts/kconfig/conf -o arch/x86/Kconfig
*
* Restart config...
*
*
* General setup
*
Prompt for development and/or incomplete code/drivers (EXPERIMENTAL) [Y/n/?] y
Local version - append to kernel release (LOCALVERSION) []
...
The bahaviour is similar to what we know when running the implicit
oldconfig target "make silentoldconfig".
"make silentoldconfig" are run as part of the kernel build process
if the configuration has changed.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Roman Zippel <zippel@linux-m68k.org>
Drop the chatty mode when we generate the all*config, randconfig
configurations.
Ths speeds up the process considerably and noone looked
at the output anyway.
This patch uses the conf_set_all_new_symbols() function
just added to kconfig.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Roman Zippel <zippel@linux-m68k.org>
Add conf_set_all_new_symbols() which set all symbols (which don't have a
value yet) to a specifed value.
Signed-off-by: Roman Zippel <zippel@linux-m68k.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Diffconfig is a simple utility for comparing two kernel configuration files.
See usage in the script for more info.
Signed-off-by: Tim Bird <tim.bird@am.sony.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Handle __init in functions with kernel-doc notation by stripping the
__init away from the output doc. This is already being done for
"__devinit". This patch fixes these kernel-doc error/aborts:
Error(linux-next-20080619//drivers/usb/gadget/config.c:132): cannot understand prototype: 'struct usb_descriptor_header **__init usb_copy_descriptors(struct usb_descriptor_header **src) '
Error(linux-next-20080619//drivers/usb/gadget/config.c:182): cannot understand prototype: 'struct usb_endpoint_descriptor *__init usb_find_endpoint( struct usb_descriptor_header **src, struct usb_descriptor_header **copy, struct usb_endpoint_descriptor *match ) '
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Factor out the headers_*_all support to a seperate
shell script and add support for arch specific
header files can be located in either
arch/$ARCH/include/asm
or
include/asm-$ARCH/
In "make help" always display the headers_* targets.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
We see some header files that are selected dependent on
the actual architecture so force a reinstallation
of all header files when the arch changes.
This slows down "make headers_check_all" but then
we better reflect reality.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Move the core functionality of headers_install
and headers_check to two small perl scripts.
The makefile is adapted to use the perl scrip and
changed to operate on all files in a directory.
So if one file is changed then all files in the
directory is processed.
perl were chosen for the helper scripts because this
is pure text processing which perl is good at and
especially the headers_check.pl script are expected to
see changes / new checks implmented.
The speed is ~300% faster on this box.
And the output generated to the screen is now down to
two lines per directory (one for install, one for check)
so it is easier to scroll back after a kernel build.
The perl scripts has been brought to sanity by patient
feedback from: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Move it to the top-level file to decide if we install/check
the generic headers or the arch specific headers.
This revealed a long standing bug where "make headers_check_all"
relied on the files in asm/ for the current architecture.
So make headers_check_all is now broken by this commit.
In addition:
o add a simpler way to detect if an arch support
exporting header files.
o add 'set -e;' so we error out early if
make headers_check_all fails.
o add sparc64 and cris to arch we do not process
in make headers_*_all because:
sparc64 - use sparc to export headers
cris - is know seriously broken
Includes suggestions from: David Woodhouse
<dwmw2@infradead.org>.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: David Woodhouse <dwmw2@infradead.org>
ALTARCH is no longer used by any arch(*) so drop
support for this from Makefile.headerinst
Dropping ALTARCH support simplifies Makefile.headerinst
(*) sparc64 uses it but work is ongoing to drop it
and no furter usage is planned.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: David Miller <davem@davemloft.net>
unifdef utility is fast enough to warrant that we always
run the scripts through unifdef.
This patch runs all headers listed with header-y and unifdef-y
through unifdef.
Next step is to drop unifdef-y in all Kbuild files and
that can now be done in smaller steps.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Adrian Bunk <bunk@kernel.org>
This means that we no longer need write access to the source tree while
doing 'make modules_install'.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
uname -m was leaving a newline in $arch, and not passing the tests.
Also, printing the unknown arch on failure is probably helpful.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Currently, checkstack.pl only looks for fixed subtractions from the stack
pointer. However, things like this:
void function(int size)
{
char stackbuster[size << 2];
...
are certainly worth pointing out, I think.
This could perhaps be done more cleanly, and the following patch only
adds "dynamic" REs for x86 and x86_64, but it works:
0x00b0 crypto_cbc_decrypt_inplace [cbc]: Dynamic (%rax)
0x00ad crypto_pcbc_decrypt_inplace [pcbc]: Dynamic (%rax)
0x02f6 crypto_pcbc_encrypt_inplace [pcbc]: Dynamic (%rax)
0x036c _crypto_xcbc_digest_setkey [xcbc]: Dynamic (%rax)
...
(Inspired by Keith Owens' old stack-check script)
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
When checking spacing for pointer checks the type cannot start in the
middle of a word, ie. this is not 'int * bar':
x = fooint * bar;
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Now that we have a variants system, move to using that to carry the
unary/binary designation for +, -, &, and *.
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Add checks for the question mark colon operator spacing, and also check
the other uses of colon. Colon means a number of things:
- it introduces the else part of the ?: operator,
- it terminates a goto label,
- it terminates the case value,
- it separates the identifier from the bit size on bit fields, and
- it is used to introduce option types in asm().
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Add support for multiple modifiers such as:
int __one __two foo;
Also handle trailing known modifiers when defecting modifiers:
int __one foo __read_mostly;
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ensure we do not inadvertantly load known modifiers up as possible types.
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Make sure we correctly mark the return type of the pointer to a function
declaration.
const void *(*sb_tag)(struct sysfs_tag_info *info);
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Exclude vmlinux.lds.h from the macro complexity checks. They will never
apply sanely here.
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Although we are finding the added modifier in the declaration below
we are not correctly matching it as a type. Fix the declaration.
static void __ref *vmem_alloc_pages(unsigned int order)
{
}
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Improve type matcher debug so we can see what it does match. As part
of this move us to to using the common debug framework.
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Correct spelling in the kfree reports.
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
usb_free_urb() can take a NULL, so let's check and warn about that.
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Check to see if the block/statement which a condition or loop introduces
is indented correctly.
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>