[PATCH 0/38] TOMOYO: Starting toward TOMOYO 2.4.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I meant to type 'starting' in the previous posting, but I typo 'staring'.
Since 'review' involves 'look deeply', 'stare' was not entirely wrong? ;-)

This time, patchset is complete state and passed the functionality testing for
TOMOYO 2.4.

This patchset is large, but the key patches I'd like to ask for approval are
[07], [08] and [36]. The rest are internal changes such as syntax changes,
policy I/O handling, merging similar code, updating comments etc.

[01/38] TOMOYO: Temporarily disable in preparation for a series of changes.
[02/38] TOMOYO: Replace allow_read/write with allow_read and allow_write.
[03/38] TOMOYO: Replace deny_rewrite/allow_rewrite with allow_append.
[04/38] TOMOYO: Remove file_pattern keyword.
[05/38] TOMOYO: Simplify profile structure.
[06/38] TOMOYO: Add auditing interface.
[07/38] LSM: Revive security_task_alloc()/security_task_free()/security_bprm_free() hooks.
[08/38] TOMOYO: Use external hashtable for maintaining per task_struct variables.
[09/38] TOMOYO: Remove unused argument from request_info.
[10/38] TOMOYO: Remove globally readable file directive.
[11/38] TOMOYO: Use struct for passing ACL.
[12/38] TOMOYO: Rename directives.
[13/38] TOMOYO: Create domain in enforcing mode.
[14/38] TOMOYO: Add ACL group support.
[15/38] TOMOYO: Use string table for mount operation.
[16/38] TOMOYO: Remove TOMOYO_KEYWORD_*.
[17/38] TOMOYO: Rename functions.
[18/38] TOMOYO: Use common structure for ACL.
[19/38] TOMOYO: Use common code for finding duplicated entry.
[20/38] TOMOYO: Limit garbage collector's queue length.
[21/38] TOMOYO: Misc cleanup.
[22/38] TOMOYO: Cache manager flag into per "struct task_struct" variables.
[23/38] TOMOYO: Use struct for passing execve() param.
[24/38] TOMOYO: Replace /sys/kernel/security/tomoyo/meminfo with /sys/kernel/security/tomoyo/stat
[25/38] TOMOYO: Check directory read permission.
[26/38] TOMOYO: Check getattr permission.
[27/38] TOMOYO: Add missing arguments to tomoyo_assign_domain().
[28/38] TOMOYO: Clean up domain attributes flag.
[29/38] TOMOYO: Add enforcing penalty.
[30/38] TOMOYO: Centralize string table.
[31/38] TOMOYO: Simplify /sys/kernel/security/tomoyo/self_domain
[32/38] TOMOYO: Fix lockdep warning.
[33/38] TOMOYO: Use appropriate signedness.
[34/38] TOMOYO: Use array for value type.
[35/38] TOMOYO: Use structure for keeping write variables.
[36/38] TOMOYO: Change pathname for non-rename()able filesystems.
[37/38] TOMOYO: Update Kconfig
[38/38] TOMOYO: Reenable TOMOYO Linux.

Included in this patchset are:

  Synchronize policy syntax/interfaces with TOMOYO 1.8.1. [most of the rest]
  Add support for allowing accessing only /proc/self/ . [36]
  Add auditing support for generating policy from audit logs. [06]
  Add sleep penalty for avoiding CPU consumption. [29]

Not included in this patchset are ( http://tomoyo.sourceforge.jp/comparison.html ):

  Conditional ACL (e.g. process's uid/gid, argv[]/envp[]) support.
  Network socket operation restriction.
  Environment variable's name restriction.
  Execute handler feature.
  Domain transition without involving execve().
  IPC signal transmission restriction.
  Non-POSIX capability support.

Regards.
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux