Subversion リポジトリの参照
Diff of /trunk/1.7.x/ccs-patch/README.ccs
 Parent Directory
|  Revision Log
|  Patch
| 1184 |
they unlikely set up environment variables and unlikely specify "-c" |
they unlikely set up environment variables and unlikely specify "-c" |
| 1185 |
option when invoking /bin/sh , whereas proper functions likely set up |
option when invoking /bin/sh , whereas proper functions likely set up |
| 1186 |
environment variables and likely specify "-c" option. |
environment variables and likely specify "-c" option. |
| 1187 |
|
|
| 1188 |
|
Fix 2008/02/18 |
| 1189 |
|
|
| 1190 |
|
@ Add process state checking. |
| 1191 |
|
|
| 1192 |
|
Until now, it was impossible to change ACL without executing program. |
| 1193 |
|
I added three variables for performing stateful checking within a domain. |
| 1194 |
|
You can set current process's state like: |
| 1195 |
|
|
| 1196 |
|
allow_network TCP accept @TRUSTED_HOSTS 1024-65535 ; set task.state[0]=1 |
| 1197 |
|
allow_network TCP accept @UNTRUSTED_HOSTS 1024-65535 ; set task.state[0]=0 |
| 1198 |
|
|
| 1199 |
|
and you can use the state like |
| 1200 |
|
|
| 1201 |
|
allow_read /path/to/important/file if task.state[0]=1 |
| 1202 |
|
|
| 1203 |
|
in the policy. |
| 1204 |
|
The state changes when the request was granted by the MAC's policy, |
| 1205 |
|
so please be careful with situations where the state has changed successfully |
| 1206 |
|
but the request was not processed because of other reasons (e.g. out of memory). |
|
|
Legend:
| Removed from v.987 |
|
| changed lines |
| |
Added in v.994 |
|
|
| 
TOMOYO
Parent Directory
Revision Log
Patch