1468 |
|
|
1469 |
To allow users specify locale specific files to globally readable files, |
To allow users specify locale specific files to globally readable files, |
1470 |
I relaxed checking in update_globally_readable_entry(). |
I relaxed checking in update_globally_readable_entry(). |
1471 |
|
|
1472 |
|
Fix 2008/06/11 |
1473 |
|
|
1474 |
|
@ Remove ALLOW_ENFORCE_GRACE parameter. |
1475 |
|
|
1476 |
|
Since unexpected requests caused by doing software updates can happen |
1477 |
|
in all profiles, users likely have to write ALLOW_ENFORCE_GRACE=enabled |
1478 |
|
to all profiles. And it makes meaningless to allow users to selectively |
1479 |
|
enable specific profile's ALLOW_ENFORCE_GRACE parameter. |
1480 |
|
So, I removed ALLOW_ENFORCE_GRACE parameter. |
1481 |
|
Now, the system behaves as if ALLOW_ENFORCE_GRACE=enabled is specified. |
1482 |
|
The behavior of "delayed enforcing" mode is defined in the following |
1483 |
|
order. |
1484 |
|
|
1485 |
|
(1) The requests are rejected immediately if nobody is opening |
1486 |
|
/proc/ccs/query interface. |
1487 |
|
(2) The requests will be rejected in 10 seconds if somebody other than |
1488 |
|
ccs-queryd (such as less(1)) is opening /proc/ccs/query interface, |
1489 |
|
for such process doesn't write dummy decisions. |
1490 |
|
|
1491 |
|
Fix 2008/06/22 |
1492 |
|
|
1493 |
|
@ Pass escaped pathname to audit_execute_handler_log(). |
1494 |
|
|
1495 |
|
I was passing unescaped pathname to audit_execute_handler_log() |
1496 |
|
which causes /proc/ccs/grant_log contain whitespace characters |
1497 |
|
if execute handler's pathname contains whitespace characters. |
1498 |
|
|
1499 |
|
Fix 2008/06/25 |
1500 |
|
|
1501 |
|
@ Return 0 when ccs_may_umount() succeeds. |
1502 |
|
|
1503 |
|
I forgot to clear error value in ccs_may_umount() when the requested |
1504 |
|
directory didn't match "deny_unmount" keyword. As a result, any umount() |
1505 |
|
request with RESTRICT_UNMOUNT=enforcing returned -EPERM error. |
1506 |
|
|
1507 |
|
Version 1.6.2 2008/06/25 Usability enhancement release. |
1508 |
|
|
1509 |
|
Fix 2008/07/01 |
1510 |
|
|
1511 |
|
@ Fix "Compilation failure" with 2.4.20 kernel. |
1512 |
|
|
1513 |
|
RedHat Linux 9's 2.4.20 kernel backported O(1) scheduler patch, |
1514 |
|
resulting compilation error at ccs_load_policy(). |
1515 |
|
I added defined(TASK_DEAD) check. |
1516 |
|
|
1517 |
|
Fix 2008/07/08 |
1518 |
|
|
1519 |
|
@ Don't check permissions if vfsmount is NULL. |
1520 |
|
|
1521 |
|
Some filesystems (e.g. unionfs) pass NULL vfsmount. |
1522 |
|
I changed fs/tomoyo_file.c not to try to calculate pathnames |
1523 |
|
if vfsmount is NULL. |
1524 |
|
|
1525 |
|
Version 1.6.3 2008/07/15 Bug fix release. |