1 |
/* |
2 |
* include/linux/sakura.h |
3 |
* |
4 |
* Implementation of the Domain-Free Mandatory Access Control. |
5 |
* |
6 |
* Copyright (C) 2005-2007 NTT DATA CORPORATION |
7 |
* |
8 |
* Version: 1.5.0-pre 2007/08/06 |
9 |
* |
10 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
11 |
* See README.ccs for ChangeLog. |
12 |
* |
13 |
*/ |
14 |
/* |
15 |
* A brief description about SAKURA: |
16 |
* |
17 |
* SAKURA stands for "Security Advancement Know-how Upon Read-only Approach". |
18 |
* As the name shows, SAKURA was originally a methodology to make root fs read-only |
19 |
* to avoid tampering the system files. |
20 |
* But now, SAKURA is not only a methodology but also a kernel patch |
21 |
* that improves the system security with less effort. |
22 |
* |
23 |
* SAKURA can restrict operations that affect systemwide. |
24 |
*/ |
25 |
|
26 |
#ifndef _LINUX_SAKURA_H |
27 |
#define _LINUX_SAKURA_H |
28 |
|
29 |
#ifndef __user |
30 |
#define __user |
31 |
#endif |
32 |
|
33 |
/***** SAKURA Linux start. *****/ |
34 |
|
35 |
/* Check whether the given pathname is allowed to chroot to. */ |
36 |
int CheckChRootPermission(struct nameidata *nd); |
37 |
|
38 |
/* Check whether the mount operation with the given parameters is allowed. */ |
39 |
int CheckMountPermission(char *dev_name, char *dir_name, char *type, unsigned long *flags); |
40 |
|
41 |
/* Check whether the current process is allowed to pivot_root. */ |
42 |
int CheckPivotRootPermission(struct nameidata *old_nd, struct nameidata *new_nd); |
43 |
|
44 |
/* Check whether the given mount operation hides an mounted partition. */ |
45 |
int SAKURA_MayMount(struct nameidata *nd); |
46 |
|
47 |
/* Check whether the given mountpoint is allowed to umount. */ |
48 |
int SAKURA_MayUmount(struct vfsmount *mnt); |
49 |
|
50 |
/* Check whether the given port is allowed to autobind. */ |
51 |
int SAKURA_MayAutobind(const u16 port); |
52 |
|
53 |
/***** SAKURA Linux end. *****/ |
54 |
#endif |