[tomoyo-users-en 233] TOMOYO Linux version 1.8.0 released.
from-tomoyo-users-en at I-love.SAKURA.ne.jp
Hello. This is the fifth anniversary release. TOMOYO 1.0 was released on November 11th, 2005. Many enhancements were made. Core part was merged into upstream kernel. I thank you for supporting TOMOYO. In TOMOYO 1.8.0, I tried to remove legacy part and make simpler while enhancing functionality. Since the policy syntax of 1.8.0 is different from that of 1.7.x, 1.8.x is not compatible with 1.7.x. List of changes are too long to paste here. Only 5 topics here. (1) Add support for controlling whether to generate access granted logs or not on per an ACL entry basis rather than per a functionality basis. Mainly for Apache which floods open() requests and QEMU-KVM which floods ioctl() requests. (2) Add support for UNIX domain socket network. Mainly for protecting daemons listening to UNIX domain sockets. (3) Add support for checking getattr permission and directory's read permission. Mainly for users who want to restrict stat() and readdir() operations. By default, stat() and readdir() operations are globally permitted by exception policy because damage by granting these operations are smaller than damage by granting other operations. (4) Add support for KABI (kernel ABI) compatibility mode. Mainly for external kernel modules built for distributor's kernels. (5) Reduced binary object's size by up to about 22%. Mainly for embedded devices (e.g. Android / MeeGo) with limited storage. All kernel versions supported by TOMOYO 1.7.2 are supported by TOMOYO 1.8.0. Vanilla kernels: * 2.4.30 - 220.127.116.11 * 18.104.22.168 - 2.6.37-rc1 Distributor's kernels: * Fedora 11/12/13/14 * CentOS 3.9/4.8/5.5 * RHEL 6 * Debian Etch/Lenny/Squeeze * Ubuntu 6.06/8.04/8.10/9.04/9.10/10.04/10.10 * OpenSUSE 11.0/11.1/11.2/11.3 * Vine Linux 4.2/5.1 * Asianux 2.0/3.0 * Gentoo * Hardened Gentoo * and more... I can create patches for other distribution's kernels. But you may want to use AKARI ( http://akari.sourceforge.jp/comparison.html ) instead. AKARI is made based on TOMOYO 1.8.0 as a LKM based LSM module. This means that you can use most of TOMOYO 1.8.0's functionality without replacing distributor's kernels. Regarding TOMOYO 1.7.x, hereafter I won't make functionality enhancements. Bug fix support is continued. Therefore, those who are using 1.7.x needn't to upgrade to 1.8.x. But those who are using 1.6.x, please consider upgrading to 1.7.x or 1.8.x. Many of distributions supported by 1.6.x have already reached end of life.
More information about the tomoyo-users-en mailing list