Open-Source-Software-Entwicklung und Downloads

TOMOYO

Browse Subversion Repository

/[tomoyo]/trunk/1.6.x/ccs-patch/include/linux/sakura.h

Diff of /trunk/1.6.x/ccs-patch/include/linux/sakura.h

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1051 by kumaneko, Tue Jan 15 04:44:35 2008 UTC revision 1052 by kumaneko, Mon Mar 24 03:50:04 2008 UTC
# Line 5  Line 5 
5   *   *
6   * Copyright (C) 2005-2008  NTT DATA CORPORATION   * Copyright (C) 2005-2008  NTT DATA CORPORATION
7   *   *
8   * Version: 1.6.0-pre   2008/01/03   * Version: 1.6.0-pre   2008/03/24
9   *   *
10   * This file is applicable to both 2.4.30 and 2.6.11 and later.   * This file is applicable to both 2.4.30 and 2.6.11 and later.
11   * See README.ccs for ChangeLog.   * See README.ccs for ChangeLog.
# Line 15  Line 15 
15   * A brief description about SAKURA:   * A brief description about SAKURA:
16   *   *
17   *  SAKURA stands for "Security Advancement Know-how Upon Read-only Approach".   *  SAKURA stands for "Security Advancement Know-how Upon Read-only Approach".
18   *  As the name shows, SAKURA was originally a methodology to make root fs read-only   *  As the name shows, SAKURA was originally a methodology to make root fs
19   *  to avoid tampering the system files.   *  read-only to avoid tampering the system files.
20   *  But now, SAKURA is not only a methodology but also a kernel patch   *  But now, SAKURA is not only a methodology but also a kernel patch
21   *  that improves the system security with less effort.   *  that improves the system security with less effort.
22   *   *
23   *  SAKURA can restrict operations that affect systemwide.   *  SAKURA can restrict operations that affect systemwide.
24     *  SAKURA manages the filesystem's namespace related operations so that
25     *  files remains where the administrator expects.
26   */   */
27    
28  #ifndef _LINUX_SAKURA_H  #ifndef _LINUX_SAKURA_H
# Line 30  Line 32 
32  #define __user  #define __user
33  #endif  #endif
34    
 /***** SAKURA Linux start. *****/  
   
35  #if defined(CONFIG_SAKURA)  #if defined(CONFIG_SAKURA)
36    
37  /* Check whether the given pathname is allowed to chroot to. */  /* Check whether the given pathname is allowed to chroot to. */
38  int CheckChRootPermission(struct nameidata *nd);  int ccs_check_chroot_permission(struct nameidata *nd);
39    
40  /* Check whether the mount operation with the given parameters is allowed. */  /* Check whether the mount operation with the given parameters is allowed. */
41  int CheckMountPermission(char *dev_name, char *dir_name, char *type, const unsigned long *flags);  int ccs_check_mount_permission(char *dev_name, char *dir_name, char *type,
42                                   const unsigned long *flags);
43    
44  /* Check whether the current process is allowed to pivot_root. */  /* Check whether the current process is allowed to pivot_root. */
45  int CheckPivotRootPermission(struct nameidata *old_nd, struct nameidata *new_nd);  int ccs_check_pivot_root_permission(struct nameidata *old_nd,
46                                        struct nameidata *new_nd);
47    
48  /* Check whether the given mount operation hides an mounted partition. */  /* Check whether the given mount operation hides an mounted partition. */
49  int SAKURA_MayMount(struct nameidata *nd);  int ccs_may_mount(struct nameidata *nd);
50    
51  /* Check whether the given mountpoint is allowed to umount. */  /* Check whether the given mountpoint is allowed to umount. */
52  int SAKURA_MayUmount(struct vfsmount *mnt);  int ccs_may_umount(struct vfsmount *mnt);
53    
54  /* Check whether the given port is allowed to autobind. */  /* Check whether the given port is allowed to autobind. */
55  int SAKURA_MayAutobind(const u16 port);  int ccs_may_autobind(const u16 port);
56    
57  #else  #else
58    
59  static inline int CheckChRootPermission(struct nameidata *nd) { return 0; }  static inline int ccs_check_chroot_permission(struct nameidata *nd)
60  static inline int CheckMountPermission(char *dev_name, char *dir_name, char *type, const unsigned long *flags) { return 0; }  {
61  static inline int CheckPivotRootPermission(struct nameidata *old_nd, struct nameidata *new_nd) { return 0; }          return 0;
62  static inline int SAKURA_MayMount(struct nameidata *nd) { return 0; }  }
63  static inline int SAKURA_MayUmount(struct vfsmount *mnt) { return 0; }  static inline int ccs_check_mount_permission(char *dev_name, char *dir_name,
64  static inline int SAKURA_MayAutobind(const u16 port) { return 0; }                                               char *type,
65                                                 const unsigned long *flags)
66    {
67            return 0;
68    }
69    static inline int ccs_check_pivot_root_permission(struct nameidata *old_nd,
70                                                      struct nameidata *new_nd)
71    {
72            return 0;
73    }
74    static inline int ccs_may_mount(struct nameidata *nd)
75    {
76            return 0;
77    }
78    static inline int ccs_may_umount(struct vfsmount *mnt)
79    {
80            return 0;
81    }
82    static inline int ccs_may_autobind(const u16 port)
83    {
84            return 0;
85    }
86    
87  #endif  #endif
88    
89  /***** SAKURA Linux end. *****/  /* For compatibility with 1.4.x/1.5.x patches */
90    #define CheckChRootPermission    ccs_check_chroot_permission
91    #define SAKURA_MayUmount         ccs_may_umount
92    #define SAKURA_MayMount          ccs_may_mount
93    #define CheckMountPermission     ccs_check_mount_permission
94    #define CheckPivotRootPermission ccs_check_pivot_root_permission
95    #define SAKURA_MayAutobind       ccs_may_autobind
96    
97  #endif  #endif
Legend:
Removed from v.1051  
changed lines
  Added in v.1052
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
Über OSDN
Software suchen
Entwickeln Software
Hilfeseiten