--- trunk/1.5.x/ccs-patch/README.ccs	2007/10/15 08:55:00	580
+++ trunk/1.5.x/ccs-patch/README.ccs	2007/10/16 08:00:21	581
@@ -1040,3 +1040,18 @@
 
       Now, quota checking is done before getting domain_acl_lock lock.
       This may exceed quota by one or two entries, but that won't matter.
+
+Fix 2007/10/16
+
+    @ Add environment variable check.
+
+      There are environment variables that may cause dangerous behavior
+      like LD_\* .
+      So I introduced 'allow_env' directive that allows specified
+      environment variable inherited to next domain.
+      Unlike other permissions, this check is done at execve() time
+      using next domain's ACL information.
+
+      To manage commonly inherited environments like PATH ,
+      you can use 'allow_env' directive in exception policy
+      to globally grant specified environment variable.