| 1146 |
|
|
| 1147 |
Fix 2008/02/05 |
Fix 2008/02/05 |
| 1148 |
|
|
| 1149 |
@ Use find_task_by_vpid() instead of find_task_pid(). |
@ Use find_task_by_vpid() instead of find_task_by_pid(). |
| 1150 |
|
|
| 1151 |
Kernel 2.6.24 introduced PID namespace. |
Kernel 2.6.24 introduced PID namespace. |
| 1152 |
To search PID given from userland, the kernel needs to use |
To search PID given from userland, the kernel needs to use |
| 1153 |
find_task_by_vpid() instead of find_task_pid(). |
find_task_by_vpid() instead of find_task_by_pid(). |
| 1154 |
|
|
| 1155 |
Fix 2008/02/14 |
Fix 2008/02/14 |
| 1156 |
|
|
| 1396 |
when embedding ccs_acl_type2() into print_entry(), |
when embedding ccs_acl_type2() into print_entry(), |
| 1397 |
resulting runtime BUG(). |
resulting runtime BUG(). |
| 1398 |
I added the expected code explicitly as a workaround. |
I added the expected code explicitly as a workaround. |
| 1399 |
|
|
| 1400 |
|
Fix 2008/05/06 |
| 1401 |
|
|
| 1402 |
|
@ Add memory quota. |
| 1403 |
|
|
| 1404 |
|
1.5.x returns -ENOMEM when FindNextDomain() failed to create a new |
| 1405 |
|
domain, but I forgot to return -ENOMEM when find_next_domain() failed to |
| 1406 |
|
create a new domain. |
| 1407 |
|
|
| 1408 |
|
A domain is automatically created by find_next_domain() only if |
| 1409 |
|
the domain for the requested program doesn't exist. |
| 1410 |
|
This behavior is for the administrator's convenience. |
| 1411 |
|
The administrator needn't to know how many domains are needed for running |
| 1412 |
|
the whole programs in the system beforehand when developing the policy. |
| 1413 |
|
But the administrator does not want the kernel to reject execution of the |
| 1414 |
|
requested program when developing the policy. |
| 1415 |
|
|
| 1416 |
|
So, I think it is better to grant execution of programs even if |
| 1417 |
|
find_next_domain() failed to create a new domain than reject execution. |
| 1418 |
|
Thus, I decided not to return -ENOMEM when find_next_domain() failed to |
| 1419 |
|
create a new domain. This exception breaks the domain transition rules, |
| 1420 |
|
so I print "transition_failed" warning in /proc/ccs/domain_policy |
| 1421 |
|
when this exception happened. |
| 1422 |
|
|
| 1423 |
|
Also, to prevent the system from being halted by unexpectedly allocating |
| 1424 |
|
all kernel memory for the policy, I added memory quota. |
| 1425 |
|
This quota is configurable via /proc/ccs/meminfo like |
| 1426 |
|
|
| 1427 |
|
echo Shared: 1048576 > /proc/ccs/meminfo |
| 1428 |
|
echo Private: 1048576 > /proc/ccs/meminfo |
| 1429 |
|
|
| 1430 |
|
Version 1.6.1 2008/05/10 Bug fix release. |
TOMOYO
Parent Directory
Revision Log
Patch