Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> --- fs/Kconfig | 21 +++++++++++++++++++++ fs/Makefile | 1 + 2 files changed, 22 insertions(+) --- linux-2.6.24-rc5.orig/fs/Kconfig +++ linux-2.6.24-rc5/fs/Kconfig @@ -1555,6 +1555,27 @@ config UFS_DEBUG Y here. This will result in _many_ additional debugging messages to be written to the system log. +config SYAORAN_FS + tristate "SYAORAN (Tamper-Proof Device Filesystem) support" + help + Say Y or M here to support the Tamper-Proof Device Filesystem. + + SYAORAN stands for + "Simple Yet All-important Object Realizing Abiding Nexus". + SYAORAN is a filesystem for /dev with Mandatory Access Control. + + The system can't work if /dev is read-only. + Therefore you need to mount a writable filesystem (such as tmpfs) + for /dev if root fs is read-only. + + But the writable /dev means that files on /dev might be tampered. + For example, if /dev/null is deleted and re-created as a symbolic + link to /dev/hda by an attacker, the contents of the IDE HDD + will be destroyed at a blow. + + SYAORAN can ensure /dev/null is a character device file + with major=1 minor=3. + endmenu menuconfig NETWORK_FILESYSTEMS --- linux-2.6.24-rc5.orig/fs/Makefile +++ linux-2.6.24-rc5/fs/Makefile @@ -118,3 +118,4 @@ obj-$(CONFIG_HPPFS) += hppfs/ obj-$(CONFIG_DEBUG_FS) += debugfs/ obj-$(CONFIG_OCFS2_FS) += ocfs2/ obj-$(CONFIG_GFS2_FS) += gfs2/ +obj-$(CONFIG_SYAORAN_FS) += syaoran/syaoran.o - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html