1753 |
new conditions for checking file's type and permissions. |
new conditions for checking file's type and permissions. |
1754 |
For example, |
For example, |
1755 |
|
|
1756 |
allow_read /etc/fstab if path1.type=regular path1.mode=0644 |
allow_read /etc/fstab if path1.type=regular path1.perm=0644 |
1757 |
|
|
1758 |
will allow opening /etc/fstab for reading only if /etc/fstab is a regular |
will allow opening /etc/fstab for reading only if /etc/fstab is a regular |
1759 |
file and it's permission is 0644, and |
file and it's permission is 0644, and |
1760 |
|
|
1761 |
allow_write /dev/null if path1/type=char path1.major=1 path1.minor=3 |
allow_write /dev/null if path1.type=char path1.dev_major=1 path1.dev_minor=3 |
1762 |
|
|
1763 |
will allow opening /dev/null for writing only if /dev/null is a character |
will allow opening /dev/null for writing only if /dev/null is a character |
1764 |
device file with major=1 and minor=3 attributes. |
device file with major=1 and minor=3 attributes. |
1774 |
echo Dynamic: 1048576 > /proc/ccs/meminfo |
echo Dynamic: 1048576 > /proc/ccs/meminfo |
1775 |
|
|
1776 |
This quota is not applied to temporary memory used for permission checks. |
This quota is not applied to temporary memory used for permission checks. |
1777 |
|
|
1778 |
|
Fix 2008/12/09 |
1779 |
|
|
1780 |
|
@ Fix ccs_can_save_audit_log() checks. |
1781 |
|
|
1782 |
|
Due to incorrect statement "if (ccs_can_save_audit_log() < 0)" |
1783 |
|
while ccs_can_save_audit_log() is boolean, MAX_GRANT_LOG and |
1784 |
|
MAX_REJECT_LOG were not working. |
1785 |
|
|
1786 |
|
This bug will trigger OOM killer if /usr/sbin/ccs-auditd is not working. |
1787 |
|
|
1788 |
|
Fix 2008/12/24 |
1789 |
|
|
1790 |
|
@ Add "ccs_" prefix. |
1791 |
|
|
1792 |
|
To be able to tell whether a symbol is TOMOYO Linux related or not, |
1793 |
|
I added "ccs_" prefix as much as possible. |
1794 |
|
|
1795 |
|
@ Fix ccs_check_flags() error message. |
1796 |
|
|
1797 |
|
I meant to print SYAORAN-ERROR: message when error == -EPERM, |
1798 |
|
but I was printing it when error == 0 since 1.6.0 . |