1101 |
To my surprise, "mount --bind source dest" accepts |
To my surprise, "mount --bind source dest" accepts |
1102 |
not only "both source and dest are directory" |
not only "both source and dest are directory" |
1103 |
but also "both source and dest are non-directory". |
but also "both source and dest are non-directory". |
1104 |
I was rejecting if dest is not a derectory in AddMountACL(). |
I was rejecting if dest is not a directory in AddMountACL(). |
1105 |
|
|
1106 |
@ Change log format. |
@ Change log format. |
1107 |
|
|
1127 |
common part. |
common part. |
1128 |
|
|
1129 |
These changes will reduce memory used by policy. |
These changes will reduce memory used by policy. |
1130 |
|
|
1131 |
|
Fix 2008/01/15 |
1132 |
|
|
1133 |
|
@ Add ptrace() hook. |
1134 |
|
|
1135 |
|
To prevent attackers from controlling important processes using |
1136 |
|
ptrace(), I added a hook for ptrace(). |
1137 |
|
Most programs (except strace(1) and gdb(1)) won't use ptrace(2). |
1138 |
|
|
1139 |
|
@ Fix sleep condition check in CheckSocketRecvDatagramPermission(). |
1140 |
|
|
1141 |
|
It seems that correct method to use is in_atomic() |
1142 |
|
rather than in_interrupt() because in_atomic() returns nonzero |
1143 |
|
whenever scheduling is not allowed. |
1144 |
|
|
1145 |
|
Fix 2008/01/24 |
1146 |
|
|
1147 |
|
@ Support /proc/ccs/ access by non-root user. |
1148 |
|
|
1149 |
|
Until now, only root user can access /proc/ccs/ interface. |
1150 |
|
But to permit /proc/ccs/ access by non-root user so that |
1151 |
|
it won't require ssh login by root user when administrating |
1152 |
|
from remote host, I eased restrictions on this interface. |
1153 |
|
|
1154 |
|
(current->uid == 0 && current->euid == 0) || |
1155 |
|
(current->uid != 0 && current->uid == inode->i_uid) || |
1156 |
|
(current->gid != 0 && current->gid == inode->i_gid) |
1157 |
|
|
1158 |
|
The inode's uid and gid are set using chown/chgrp commands. |