オープンソース・ソフトウェアの開発とダウンロード

Subversion リポジトリの参照

Diff of /trunk/1.8.x/ccs-patch/README.ccs

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1011 by kumaneko, Fri Feb 29 14:11:41 2008 UTC revision 1012 by kumaneko, Mon Mar 3 05:07:11 2008 UTC
# Line 1256  Fix 2008/02/29 Line 1256  Fix 2008/02/29
1256    
1257        You can silently terminate a process who requested execve()        You can silently terminate a process who requested execve()
1258        that is not permitted by policy.        that is not permitted by policy.
1259    
1260    Fix 2008/03/03
1261    
1262        @ Add "force_alt_exec" keyword.
1263    
1264          To be able to fully utilize "alt_exec" feature,
1265          I added "force_alt_exec" keyword so that
1266          all execute requests are replaced by the execute request of a program
1267          specified by alt_exec feature.
1268    
1269          If this keyword is specified for a domain, the domain no longer
1270          executes any programs regardless of the mode of file access control
1271          (i.e. the domain won't execute even if MAC_FOR_FILE=0 ).
1272          Instead, the domain executes the program specified by alt_exec feature
1273          and the program specified by alt_exec feature validates the execute
1274          request and executes it if it is appropriate to execute.
1275    
1276          If you can tolerate that there is no chance to return an error code
1277          to the caller to tell the execute request was rejected,
1278          this is more flexible approach than in-kernel execve() parameter
1279          checking because we can do argv[] and envp[] checking easily.

Legend:
Removed from v.1011  
changed lines
  Added in v.1012

Back to OSDN">Back to OSDN
ViewVC Help
Powered by ViewVC 1.1.26