2227 |
|
|
2228 |
As a result, reading path_group and number_group caused kernel oops |
As a result, reading path_group and number_group caused kernel oops |
2229 |
when they were not read atomically. |
when they were not read atomically. |
2230 |
|
|
2231 |
|
Fix 2009/11/06 |
2232 |
|
|
2233 |
|
@ Fix incorrect allow_mount audit log. |
2234 |
|
|
2235 |
|
Audit log for allow_mount was using decimal format. |
2236 |
|
It needs to use hexadecimal format. |
2237 |
|
|
2238 |
|
Fix 2009/11/09 |
2239 |
|
|
2240 |
|
@ Add profile version check. |
2241 |
|
|
2242 |
|
To avoid upgrading from TOMOYO 1.6.x to TOMOYO 1.7.x without upgrading |
2243 |
|
/proc/ccs/profile (which results in not protecting the system at all), |
2244 |
|
I added a check for PROFILE_VERSION= . |
2245 |
|
|
2246 |
|
Version 1.7.1 2009/11/11 Fourth anniversary release. |
2247 |
|
|
2248 |
|
Fix 2009/11/13 |
2249 |
|
|
2250 |
|
@ Don't use core_initcall() for initializing lock for GC. |
2251 |
|
|
2252 |
|
Some kernels call TOMOYO's hooks before processing core_initcall(). |
2253 |
|
Thus, I can't use core_initcall() for initializing lock for GC. |
2254 |
|
|
2255 |
|
Fix 2009/11/18 |
2256 |
|
|
2257 |
|
@ Don't check "allow_write" permission for open(O_RDONLY | O_TRUNC). |
2258 |
|
|
2259 |
|
Since TOMOYO checks "allow_truncate" permission rather than "allow_write" |
2260 |
|
permission for O_TRUNC, I need to distinguish open(O_RDONLY | O_TRUNC) |
2261 |
|
and open(O_RDWR | O_TRUNC). But I made a mistake between TOMOYO 1.7.0 and |
2262 |
|
1.7.1 which made it impossible for TOMOYO for kernels 2.6.14 and earlier |
2263 |
|
to distinguish them. |
2264 |
|
|
2265 |
|
Fix 2009/11/27 |
2266 |
|
|
2267 |
|
@ Use newly created domain's name for domain creation audit log. |
2268 |
|
|
2269 |
|
Since 1.7.0 , /proc/ccs/reject_log was by error using existing domain's |
2270 |
|
name when auditing newly created domain's "use_profile" line. |
2271 |
|
|
2272 |
|
Fix 2009/12/12 |
2273 |
|
|
2274 |
|
@ Use rcu_read_lock() for find_task_by_pid(). |
2275 |
|
|
2276 |
|
Since kernel 2.6.17 , caller of find_task_by_pid() needs to call |
2277 |
|
rcu_read_lock() rather than read_lock(&tasklist_lock) because find_pid() |
2278 |
|
uses RCU primitives but spinlock does not prevent RCU callback if |
2279 |
|
preemptive RCU ( CONFIG_PREEMPT_RCU or CONFIG_TREE_PREEMPT_RCU ) is |
2280 |
|
enabled. |