I meant to type 'starting' in the previous posting, but I typo 'staring'. Since 'review' involves 'look deeply', 'stare' was not entirely wrong? ;-) This time, patchset is complete state and passed the functionality testing for TOMOYO 2.4. This patchset is large, but the key patches I'd like to ask for approval are [07], [08] and [36]. The rest are internal changes such as syntax changes, policy I/O handling, merging similar code, updating comments etc. [01/38] TOMOYO: Temporarily disable in preparation for a series of changes. [02/38] TOMOYO: Replace allow_read/write with allow_read and allow_write. [03/38] TOMOYO: Replace deny_rewrite/allow_rewrite with allow_append. [04/38] TOMOYO: Remove file_pattern keyword. [05/38] TOMOYO: Simplify profile structure. [06/38] TOMOYO: Add auditing interface. [07/38] LSM: Revive security_task_alloc()/security_task_free()/security_bprm_free() hooks. [08/38] TOMOYO: Use external hashtable for maintaining per task_struct variables. [09/38] TOMOYO: Remove unused argument from request_info. [10/38] TOMOYO: Remove globally readable file directive. [11/38] TOMOYO: Use struct for passing ACL. [12/38] TOMOYO: Rename directives. [13/38] TOMOYO: Create domain in enforcing mode. [14/38] TOMOYO: Add ACL group support. [15/38] TOMOYO: Use string table for mount operation. [16/38] TOMOYO: Remove TOMOYO_KEYWORD_*. [17/38] TOMOYO: Rename functions. [18/38] TOMOYO: Use common structure for ACL. [19/38] TOMOYO: Use common code for finding duplicated entry. [20/38] TOMOYO: Limit garbage collector's queue length. [21/38] TOMOYO: Misc cleanup. [22/38] TOMOYO: Cache manager flag into per "struct task_struct" variables. [23/38] TOMOYO: Use struct for passing execve() param. [24/38] TOMOYO: Replace /sys/kernel/security/tomoyo/meminfo with /sys/kernel/security/tomoyo/stat [25/38] TOMOYO: Check directory read permission. [26/38] TOMOYO: Check getattr permission. [27/38] TOMOYO: Add missing arguments to tomoyo_assign_domain(). [28/38] TOMOYO: Clean up domain attributes flag. [29/38] TOMOYO: Add enforcing penalty. [30/38] TOMOYO: Centralize string table. [31/38] TOMOYO: Simplify /sys/kernel/security/tomoyo/self_domain [32/38] TOMOYO: Fix lockdep warning. [33/38] TOMOYO: Use appropriate signedness. [34/38] TOMOYO: Use array for value type. [35/38] TOMOYO: Use structure for keeping write variables. [36/38] TOMOYO: Change pathname for non-rename()able filesystems. [37/38] TOMOYO: Update Kconfig [38/38] TOMOYO: Reenable TOMOYO Linux. Included in this patchset are: Synchronize policy syntax/interfaces with TOMOYO 1.8.1. [most of the rest] Add support for allowing accessing only /proc/self/ . [36] Add auditing support for generating policy from audit logs. [06] Add sleep penalty for avoiding CPU consumption. [29] Not included in this patchset are ( http://tomoyo.sourceforge.jp/comparison.html ): Conditional ACL (e.g. process's uid/gid, argv[]/envp[]) support. Network socket operation restriction. Environment variable's name restriction. Execute handler feature. Domain transition without involving execve(). IPC signal transmission restriction. Non-POSIX capability support. Regards. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html