| 2864 |
exception policy and profiles, which are all independent of other |
exception policy and profiles, which are all independent of other |
| 2865 |
namespaces. |
namespaces. |
| 2866 |
|
|
| 2867 |
@ Remove CONFIG_TOMOYO_BUILTIN_INITIALIZERS option. |
@ Remove CONFIG_CCSECURITY_BUILTIN_INITIALIZERS option. |
| 2868 |
|
|
| 2869 |
From now on, exception policy and manager need to be able to handle |
From now on, exception policy and manager need to be able to handle |
| 2870 |
policy namespace (which is a <$namespace> prefix added to each line). |
policy namespace (which is a <$namespace> prefix added to each line). |
| 2871 |
Thus, space-separated list for CONFIG_TOMOYO_BUILTIN_INITIALIZERS is |
Thus, space-separated list for CONFIG_CCSECURITY_BUILTIN_INITIALIZERS is |
| 2872 |
no longer suitable for handling policy namespace. |
no longer suitable for handling policy namespace. |
| 2873 |
|
|
| 2874 |
Fix 2011/06/10 |
Fix 2011/06/10 |
| 2878 |
To be able to use TOMOYO under systemd environments where init= parameter |
To be able to use TOMOYO under systemd environments where init= parameter |
| 2879 |
is used, I changed to allow overriding the trigger for calling external |
is used, I changed to allow overriding the trigger for calling external |
| 2880 |
policy loader and activating MAC via kernel command line options. |
policy loader and activating MAC via kernel command line options. |
| 2881 |
|
|
| 2882 |
|
Fix 2011/06/14 |
| 2883 |
|
|
| 2884 |
|
@ Remove unused "struct inode *" parameter from ccs-patch-\*.diff . |
| 2885 |
|
|
| 2886 |
|
To follow changes I made on 2011/04/20, I removed "struct inode *" from |
| 2887 |
|
ccs_mknod_permission(), ccs_mkdir_permission(), ccs_rmdir_permission(), |
| 2888 |
|
ccs_unlink_permission(), ccs_symlink_permission(), ccs_link_permission(), |
| 2889 |
|
ccs_rename_permission() that are called from fs/namei.c |
| 2890 |
|
net/unix/af_unix.c include/linux/security.c security/security.c . |
| 2891 |
|
If you have your own ccs-patch-*.diff , please update accordingly. |
| 2892 |
|
|
| 2893 |
|
Version 1.8.2 2011/06/20 Usability enhancement release. |
| 2894 |
|
|
| 2895 |
|
Fix 2011/07/07 |
| 2896 |
|
|
| 2897 |
|
@ Remove /proc/ccs/.domain_status interface. |
| 2898 |
|
|
| 2899 |
|
Writing to /proc/ccs/.domain_status can be emulated by |
| 2900 |
|
|
| 2901 |
|
( echo "select " $domainname; echo "use_profile " $profile ) | |
| 2902 |
|
/usr/sbin/ccs-loadpolicy -d |
| 2903 |
|
|
| 2904 |
|
and reading from /proc/ccs/.domain_status can be emulated by |
| 2905 |
|
|
| 2906 |
|
grep -A 1 '^<' /proc/ccs/domain_policy | |
| 2907 |
|
awk ' { if ( domainname == "" ) { if ( substr($1, 1, 1) == "<" ) |
| 2908 |
|
domainname = $0; } else if ( $1 == "use_profile" ) { |
| 2909 |
|
print $2 " " domainname; domainname = ""; } } ; ' |
| 2910 |
|
|
| 2911 |
|
. Since this interface is used by only /usr/sbin/ccs-setprofile , |
| 2912 |
|
remove this interface by updating /usr/sbin/ccs-setprofile . |
| 2913 |
|
|
| 2914 |
|
Fix 2011/07/09 |
| 2915 |
|
|
| 2916 |
|
@ Fix /proc/ccs/stat parser. |
| 2917 |
|
|
| 2918 |
|
For optimization, I changed to use simple_strtoul() rather than sscanf() |
| 2919 |
|
in ccs_write_stat(). But it caused parsing failure if space is inserted |
| 2920 |
|
before value (e.g. "Memory used by policy: $value"). |
| 2921 |
|
|
| 2922 |
|
Fix 2011/07/13 |
| 2923 |
|
|
| 2924 |
|
@ Accept "::" notation for IPv6 address. |
| 2925 |
|
|
| 2926 |
|
In order to add network access restriction to TOMOYO 2.4, I backported |
| 2927 |
|
routines for parsing/printing IPv4/IPv6 address from kernel 3.0 into |
| 2928 |
|
TOMOYO 1.8.2. |
| 2929 |
|
Now, IPv6 address accepts "::1" instead of "0:0:0:0:0:0:0:1". |
TOMOYO
Parent Directory
Revision Log
Patch