Subversion リポジトリの参照
Diff of /trunk/1.7.x/ccs-patch/README.ccs
Parent Directory
| Revision Log
| Patch
1184 |
they unlikely set up environment variables and unlikely specify "-c" |
they unlikely set up environment variables and unlikely specify "-c" |
1185 |
option when invoking /bin/sh , whereas proper functions likely set up |
option when invoking /bin/sh , whereas proper functions likely set up |
1186 |
environment variables and likely specify "-c" option. |
environment variables and likely specify "-c" option. |
1187 |
|
|
1188 |
|
Fix 2008/02/18 |
1189 |
|
|
1190 |
|
@ Add process state checking. |
1191 |
|
|
1192 |
|
Until now, it was impossible to change ACL without executing program. |
1193 |
|
I added three variables for performing stateful checking within a domain. |
1194 |
|
You can set current process's state like: |
1195 |
|
|
1196 |
|
allow_network TCP accept @TRUSTED_HOSTS 1024-65535 ; set task.state[0]=1 |
1197 |
|
allow_network TCP accept @UNTRUSTED_HOSTS 1024-65535 ; set task.state[0]=0 |
1198 |
|
|
1199 |
|
and you can use the state like |
1200 |
|
|
1201 |
|
allow_read /path/to/important/file if task.state[0]=1 |
1202 |
|
|
1203 |
|
in the policy. |
1204 |
|
The state changes when the request was granted by the MAC's policy, |
1205 |
|
so please be careful with situations where the state has changed successfully |
1206 |
|
but the request was not processed because of other reasons (e.g. out of memory). |
|
Legend:
Removed from v.987 |
|
changed lines |
|
Added in v.994 |
|
|
|