Hello, Arjan van de Ven wrote: > > A new and easy to master access control for Linux, > > TOMOYO Linux, is now available. > very interesting; a few quick questions that I didn't see answered on > the side Thank you for your interest. > 1) where can we download the patches? You can download from http://sourceforge.jp/projects/tomoyo/ . Click the links "Download" in the middle of the page. The ccs-patch is the kernel patch and the ccs-tools is the userland utilities such as policy editors. The documentation index page is http://tomoyo.sourceforge.jp/en/doc/ . The complete installation guide is at http://tomoyo.sourceforge.jp/en/doc/install.html . The kickstart installation guide will be added in a several days. > 2) How does the use of "absolute paths" interact with namespaces? > In principle each process can have its own namespace after all! > (not many distributions use this today, but that will change soon, > per user /tmp is a very attractive feature and all needed > infrastructure helpers for this will be in the 2.6.15 kernel) This is like d_path(), expect that TOMOYO Linux ignores each process's root directory. TOMOYO Linux uses global namespace. For example, if a process accesses to /foo/bar which has already chroot'ed to /jail directory, then TOMOYO Linux regards as if the process is accessing to /jail/foo/bar . You can find some example policies at http://tomoyo.sourceforge.jp/example_policy/ . You can feel the image of realpath()-based policy files. Regards... -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
