| 1468 |
|
|
| 1469 |
To allow users specify locale specific files to globally readable files, |
To allow users specify locale specific files to globally readable files, |
| 1470 |
I relaxed checking in update_globally_readable_entry(). |
I relaxed checking in update_globally_readable_entry(). |
| 1471 |
|
|
| 1472 |
|
Fix 2008/06/11 |
| 1473 |
|
|
| 1474 |
|
@ Remove ALLOW_ENFORCE_GRACE parameter. |
| 1475 |
|
|
| 1476 |
|
Since unexpected requests caused by doing software updates can happen |
| 1477 |
|
in all profiles, users likely have to write ALLOW_ENFORCE_GRACE=enabled |
| 1478 |
|
to all profiles. And it makes meaningless to allow users to selectively |
| 1479 |
|
enable specific profile's ALLOW_ENFORCE_GRACE parameter. |
| 1480 |
|
So, I removed ALLOW_ENFORCE_GRACE parameter. |
| 1481 |
|
Now, the system behaves as if ALLOW_ENFORCE_GRACE=enabled is specified. |
| 1482 |
|
The behavior of "delayed enforcing" mode is defined in the following |
| 1483 |
|
order. |
| 1484 |
|
|
| 1485 |
|
(1) The requests are rejected immediately if nobody is opening |
| 1486 |
|
/proc/ccs/query interface. |
| 1487 |
|
(2) The requests will be rejected in 10 seconds if somebody other than |
| 1488 |
|
ccs-queryd (such as less(1)) is opening /proc/ccs/query interface, |
| 1489 |
|
for such process doesn't write dummy decisions. |
| 1490 |
|
|
| 1491 |
|
Fix 2008/06/22 |
| 1492 |
|
|
| 1493 |
|
@ Pass escaped pathname to audit_execute_handler_log(). |
| 1494 |
|
|
| 1495 |
|
I was passing unescaped pathname to audit_execute_handler_log() |
| 1496 |
|
which causes /proc/ccs/grant_log contain whitespace characters |
| 1497 |
|
if execute handler's pathname contains whitespace characters. |
| 1498 |
|
|
| 1499 |
|
Fix 2008/06/25 |
| 1500 |
|
|
| 1501 |
|
@ Return 0 when ccs_may_umount() succeeds. |
| 1502 |
|
|
| 1503 |
|
I forgot to clear error value in ccs_may_umount() when the requested |
| 1504 |
|
directory didn't match "deny_unmount" keyword. As a result, any umount() |
| 1505 |
|
request with RESTRICT_UNMOUNT=enforcing returned -EPERM error. |
| 1506 |
|
|
| 1507 |
|
Version 1.6.2 2008/06/25 Usability enhancement release. |
| 1508 |
|
|
| 1509 |
|
Fix 2008/07/01 |
| 1510 |
|
|
| 1511 |
|
@ Fix "Compilation failure" with 2.4.20 kernel. |
| 1512 |
|
|
| 1513 |
|
RedHat Linux 9's 2.4.20 kernel backported O(1) scheduler patch, |
| 1514 |
|
resulting compilation error at ccs_load_policy(). |
| 1515 |
|
I added defined(TASK_DEAD) check. |
| 1516 |
|
|
| 1517 |
|
Fix 2008/07/08 |
| 1518 |
|
|
| 1519 |
|
@ Don't check permissions if vfsmount is NULL. |
| 1520 |
|
|
| 1521 |
|
Some filesystems (e.g. unionfs) pass NULL vfsmount. |
| 1522 |
|
I changed fs/tomoyo_file.c not to try to calculate pathnames |
| 1523 |
|
if vfsmount is NULL. |
| 1524 |
|
|
| 1525 |
|
Version 1.6.3 2008/07/15 Bug fix release. |
TOMOYO
Parent Directory
Revision Log
Patch