1 |
About this package: |
2 |
|
3 |
This package contains userland programs |
4 |
for TOMOYO Linux version 1.7.0 . |
5 |
This package is released under the GPLv2. |
6 |
|
7 |
http://tomoyo.sourceforge.jp/ |
8 |
|
9 |
ChangeLog: |
10 |
|
11 |
Version 1.0 2005/11/11 First release. |
12 |
|
13 |
Version 1.0.1 2005/12/08 Minor update release. |
14 |
|
15 |
makesyaoranconf.exe: |
16 |
Use versionsort() for sorting entries. |
17 |
|
18 |
poled.exe: |
19 |
Support "search" command. |
20 |
|
21 |
poled_old.exe: |
22 |
Support "search" command. |
23 |
Fix "initializer" checking bug. |
24 |
|
25 |
syspol.exe: |
26 |
Support editing without resetting cursor position. |
27 |
|
28 |
Version 1.0.2 2006/02/14 Procedure review. |
29 |
|
30 |
savepolicy: |
31 |
Support saving "system policy" and "exception policy" |
32 |
in addition to "domain policy". |
33 |
|
34 |
The following programs were added. |
35 |
|
36 |
editpolicy: |
37 |
"syspol.exe" "poled.exe" "poled_old.exe" were integrated |
38 |
and renamed to "editpolicy". |
39 |
This program can edit "system policy", "exception policy" |
40 |
and "domain policy". |
41 |
Command key assignments were changed. |
42 |
|
43 |
checkpolicy: |
44 |
A policy validator taken from "poled_old.exe". |
45 |
This program was designed for detecting and fixing errors |
46 |
in "domain policy". |
47 |
|
48 |
loadpolicy: |
49 |
A policy reloader. |
50 |
This program was designed for loading policy from the disk |
51 |
after clearing current policy in the kernel. |
52 |
|
53 |
sortpolicy: |
54 |
A "domain policy" sorter. |
55 |
This program was designed to compress access logs |
56 |
generated by "ccs-auditd". |
57 |
You can use normal "sort" command for sorting |
58 |
"system policy" and "exception policy". |
59 |
|
60 |
make_exception.sh: |
61 |
A script to create "exception policy". |
62 |
|
63 |
The following programs were renamed. |
64 |
|
65 |
"remount.exe" was renamed to "remount_rootfs". |
66 |
"makesyaoranconf.exe" was renamed to "makesyaoranconf". |
67 |
|
68 |
The following programs were removed. |
69 |
|
70 |
"poled.exe" "poled_old.exe" "syspol.exe" |
71 |
"obsolete_chksymlink" "obsolete_chroot_su" |
72 |
"obsolete_lsdir" "obsolete_makelink" "obsolete_movlog" |
73 |
"bindtest" "logtest" "pathnametest" "rofstest" |
74 |
"linuxrc_old" |
75 |
|
76 |
The following programs for testing TOMOYO Linux's kernel were added. |
77 |
They are in the kernel_test directory. |
78 |
|
79 |
"sakura_bind_test" "sakura_capability_test" |
80 |
"sakura_filesystem_test" "sakura_trace_test" |
81 |
"tomoyo_capability_test" "tomoyo_file_test" "tomoyo_info_test" |
82 |
"tomoyo_name_test" "tomoyo_port_test" "tomoyo_signal_test" |
83 |
|
84 |
Version 1.1 2006/04/01 Functionality enhancement release. |
85 |
|
86 |
loadpolicy: |
87 |
Delete domain for loadpolicy anyway. |
88 |
|
89 |
findtemp: |
90 |
Now supports for detecting all nonexistent pathnames. |
91 |
|
92 |
savepolicy: |
93 |
Run twice inside savepolicy itself to include necessary ACLs |
94 |
for savepolicy itself. |
95 |
|
96 |
The following program for testing TOMOYO Linux's kernel was added. |
97 |
|
98 |
"testall.sh" |
99 |
|
100 |
Version 1.1.1 2006/05/15 Functionality enhancement release. |
101 |
|
102 |
The following programs were added. |
103 |
|
104 |
ld-watch: |
105 |
Monitors /etc/ld.so.cache and updates exception policy. |
106 |
This program is used only when updating packages. |
107 |
|
108 |
ccs-queryd: |
109 |
Monitors /proc/ccs/policy/query for policy violation and |
110 |
asks the administrator whether to grant or reject the request. |
111 |
This program is used while and after updating packages. |
112 |
|
113 |
Version 1.1.2 2006/06/02 Functionality enhancement release. |
114 |
|
115 |
The following programs were redesigned. |
116 |
|
117 |
editpolicy: |
118 |
Simplified domain policy handling and removed "save" key. |
119 |
All modifications are taken effect immediately. |
120 |
|
121 |
loadpolicy: |
122 |
Simplified domain policy handling. |
123 |
|
124 |
sortpolicy: |
125 |
Simplified domain policy handling. |
126 |
|
127 |
savepolicy: |
128 |
Save all policies by default. |
129 |
|
130 |
The following program was removed. |
131 |
|
132 |
editpolicy_offline |
133 |
|
134 |
Version 1.1.3 2006/07/13 Functionality enhancement release. |
135 |
|
136 |
The following bugs were fixed. |
137 |
|
138 |
editpolicy: |
139 |
The "Commands =" line was too wide to show within 80x25 screen. |
140 |
|
141 |
checkpolicy: |
142 |
Renamed domain for "initializer" was wrong. |
143 |
|
144 |
Version 1.2 2006/09/03 Functionality enhancement release. |
145 |
|
146 |
findtemp: |
147 |
Now displays all nonexistent pathnames. |
148 |
|
149 |
editpolicy_offline: |
150 |
Redesigned to use the same operation manner. |
151 |
Saves changes automatically when exiting. |
152 |
|
153 |
Version 1.3 2006/11/11 First anniversary release. |
154 |
|
155 |
The following program was redesigned. |
156 |
|
157 |
checkpolicy: |
158 |
A policy validator. |
159 |
Reads policy from stdin and prints syntax errors with line numbers. |
160 |
|
161 |
The following programs were added. |
162 |
|
163 |
setprofile: |
164 |
Assigns profiles to domains. |
165 |
|
166 |
pathmatch: |
167 |
Reads pathname patterns and expands them. |
168 |
|
169 |
domainmatch: |
170 |
fgrep for /proc/ccs/policy/domain_policy . |
171 |
|
172 |
ccstree: |
173 |
pstree with profile numbers and domain names. |
174 |
|
175 |
patternize: |
176 |
Reads domain policy and patternize pathnames. |
177 |
|
178 |
proxy: |
179 |
A tiny TCP port forwarder, binding to local port explicitly |
180 |
to allow servers filter based on client's port numbers. |
181 |
|
182 |
mailauth: |
183 |
An example program for CERBERUS. |
184 |
|
185 |
timeauth: |
186 |
An example program for CERBERUS, similar to honey. |
187 |
|
188 |
The following programs were removed. |
189 |
If you need them, please take from version 1.2 . |
190 |
"remount_rootfs" "linuxrc" |
191 |
"dumplink" "dumpsymlink" "makelink" "makesymlink" |
192 |
|
193 |
The following program for testing TOMOYO Linux's kernel was added. |
194 |
|
195 |
"tomoyo_rewrite_test" |
196 |
|
197 |
Version 1.3.1 2006/12/08 Minor update release. |
198 |
|
199 |
The following bug was fixed. |
200 |
|
201 |
editpolicy: |
202 |
PageUp/PageDown keys and screen drawings were not working well |
203 |
on some environments due to forcefully setting "TERM=linux". |
204 |
|
205 |
The following program for testing TOMOYO Linux's kernel was updated. |
206 |
|
207 |
"newns" |
208 |
|
209 |
Version 1.3.2 2007/02/14 Usability enhancement release. |
210 |
|
211 |
Many tools were merged into single source code. |
212 |
Policy editor was redesigned. |
213 |
|
214 |
Version 1.4 2007/04/01 x86_64 support release. |
215 |
|
216 |
The following bug was fixed. |
217 |
|
218 |
editpolicy: |
219 |
Domain flags was wrong if "keep_domain <kernel>" is given. |
220 |
|
221 |
Version 1.4.1 2007/06/05 Minor update release. |
222 |
|
223 |
Single source code was divided into many source code. |
224 |
|
225 |
The following bug was fixed. |
226 |
|
227 |
checkpolicy: |
228 |
"keep_domain" syntax was not checked correctly. |
229 |
|
230 |
Version 1.4.2 2007/07/13 Bug fix release. |
231 |
|
232 |
.init: |
233 |
Prompt message has changed. |
234 |
|
235 |
Version 1.5.0 2007/09/20 Usability enhancement release. |
236 |
|
237 |
The following bug was fixed. |
238 |
|
239 |
editpolicy: |
240 |
Memory for "path_group" was not freed correctly. |
241 |
|
242 |
The following program for testing TOMOYO Linux's kernel was updated. |
243 |
|
244 |
"tomoyo_network_test" |
245 |
|
246 |
The following features are added. |
247 |
|
248 |
editpolicy: |
249 |
Printing with colors is supported. |
250 |
Contributed by Yoshihiro Kusuno <yocto _at_ users.sourceforge.jp>. |
251 |
|
252 |
loadpolicy: |
253 |
Reading policy from stdin is supported. |
254 |
|
255 |
The /.init is renamed to /sbin/ccs-init . |
256 |
|
257 |
Version 1.5.1 2007/10/19 Minor update release. |
258 |
|
259 |
The following programs were updated. |
260 |
|
261 |
ccs-init: |
262 |
Removed /bin/bash dependency. |
263 |
Don't show prompt for selecting a profile |
264 |
unless something went wrong or explicitly asked. |
265 |
|
266 |
init_policy.sh: |
267 |
Removed /bin/bash dependency. |
268 |
Some "file_pattern"s are added. |
269 |
Error check is added upon startup. |
270 |
|
271 |
loadpolicy: |
272 |
Don't try to open /proc/self/fd/0 when reading from standard input. |
273 |
|
274 |
setlevel: |
275 |
Don't show profiles that are not asked to modify. |
276 |
|
277 |
domainmatch: |
278 |
Removed /bin/bash dependency. |
279 |
Insert a blank line before printing domainname. |
280 |
|
281 |
mailauth: |
282 |
Removed openssl-devel dependency. |
283 |
Use decimal numbers instead of random ASCII character. |
284 |
|
285 |
Version 1.5.2 2007/12/05 Minor update release. |
286 |
|
287 |
The following program was updated. |
288 |
|
289 |
editpolicy: |
290 |
Use different color for domainname's line and selected line. |
291 |
|
292 |
editpolicy_offline: |
293 |
Allow invoking as ccs-editpolicy_offline . |
294 |
|
295 |
Version 1.5.3 2008/01/31 Minor update release. |
296 |
|
297 |
The following program was updated. |
298 |
|
299 |
editpolicy: |
300 |
Allow keyword aliasing. |
301 |
|
302 |
loadpolicy: |
303 |
Allow deleting domain definition. |
304 |
Fix some bugs. |
305 |
|
306 |
savepolicy: |
307 |
Allow printing to stdout. |
308 |
Allow saving profile and manager. |
309 |
|
310 |
checkpolicy: |
311 |
Fix some bugs. |
312 |
|
313 |
The following program was added. |
314 |
|
315 |
ccs-notifyd: |
316 |
Notify the occurrence of first policy violation in enforcing mode. |
317 |
|
318 |
Version 1.6.0 2008/04/01 Feature enhancement release. |
319 |
|
320 |
The following program was updated. |
321 |
|
322 |
editpolicy: |
323 |
Allow keyword aliasing via configuration file. |
324 |
Allow line coloring via configuration file. |
325 |
|
326 |
Version 1.6.1 2008/05/10 Minor update release. |
327 |
|
328 |
The following program was updated. |
329 |
|
330 |
init_policy.sh: |
331 |
Check /usr/lib for symbolic link. |
332 |
|
333 |
Version 1.6.2 2008/06/25 Usability enhancement release. |
334 |
|
335 |
The following programs were updated. |
336 |
|
337 |
ccs-init: |
338 |
Don't wait for user's input if /etc/ccs/ doesn't exist. |
339 |
|
340 |
init_policy.sh: |
341 |
Add some files under /usr/share/ to globally readable files. |
342 |
Don't make patterns for /sys/ . |
343 |
Fix some bugs. |
344 |
|
345 |
ccs-queryd: |
346 |
Show more information regarding pending requests. |
347 |
Merge functionality of ld-watch . |
348 |
|
349 |
ccs-notifyd: |
350 |
Show more information regarding pending requests. |
351 |
|
352 |
The following program was added. |
353 |
|
354 |
convert-exec-param: |
355 |
Generate "allow_execute" entry which considers argv[] values |
356 |
from access logs. |
357 |
|
358 |
Version 1.6.3 2008/07/15 Bug fix release. |
359 |
|
360 |
The following programs were updated. |
361 |
|
362 |
editpolicy: |
363 |
Treat ASCII code's BS character as ncurses code's BS character. |
364 |
|
365 |
proxy: |
366 |
Dropped suid-root since /usr/lib/ccs/ is globally accessible |
367 |
since 1.6.2 . |
368 |
|
369 |
Version 1.6.4 2008/09/03 Bug fix release. |
370 |
|
371 |
No changes for tools. |
372 |
|
373 |
Only programs for testing kernel were updated. |
374 |
|
375 |
Version 1.6.5 2008/11/11 Third anniversary release. |
376 |
|
377 |
Updated coding style and fixed some bugs. |
378 |
|
379 |
Version 1.6.6 2009/02/02 Bug fix release. |
380 |
|
381 |
The following programs were updated. |
382 |
|
383 |
ccs-editpolicy: |
384 |
Handle '\A' and '\a' correctly. |
385 |
|
386 |
ccs-pathmatch: |
387 |
Handle '\A' and '\a' correctly. |
388 |
|
389 |
Version 1.6.7 2009/04/01 Feature enhancement release. |
390 |
|
391 |
ccs-editpolicy: |
392 |
Add ability to edit profile and manager and meminfo. |
393 |
Add ability to edit policy files in arbitrary location. |
394 |
Add ability to edit policy remotely. |
395 |
Add readonly mode option for showcase use. |
396 |
Add automatic refresh option for showcase use. |
397 |
|
398 |
ccs-loadpolicy: |
399 |
Add ability to load policy remotely. |
400 |
Add ability to load meminfo. |
401 |
|
402 |
ccs-savepolicy: |
403 |
Add ability to save policy remotely. |
404 |
Add ability to print meminfo. |
405 |
|
406 |
ccs-editpolicy-agent: |
407 |
This program gives ccs-editpolicy and ccs-loadpolicy and ccs-savepolicy |
408 |
ability to manage embedded systems remotely via TCP/IP networking. |
409 |
|
410 |
ccs-editpolicy_offline: |
411 |
This program was removed because its functionality was merged into |
412 |
ccs-editpolicy. |
413 |
|
414 |
ccs-setlevel: |
415 |
This program became obsolete because its functionality was merged into |
416 |
ccs-editpolicy and ccs-loadpolicy. |
417 |
|
418 |
Version 1.6.8 2009/05/28 Bug fix release. |
419 |
|
420 |
ccs-ccstree: |
421 |
Add ability to fetch status remotely. |
422 |
|
423 |
ccs-editpolicy-agent: |
424 |
Add support for ccs-ccstree. |
425 |
|
426 |
Version 1.6.8p1 2009/06/23 Bug fix release. |
427 |
|
428 |
ccs-auditd: |
429 |
Print error message if auditing interface is not available. |
430 |
|
431 |
Version 1.7.0 2009/09/03 Feature enhancement release. |
432 |
|
433 |
Installation directory changed. |
434 |
Renamed from "ccs-ccstree" to "ccs-pstree" . |
435 |
Removed "realpath", "make_alias", "makesyaoranconf". |
436 |
|
437 |
/sbin/ccs-init: |
438 |
Converted to binary program. |
439 |
|
440 |
/usr/lib/ccs/init_policy: |
441 |
Converted to binary program. |
442 |
|
443 |
/usr/sbin/ccs-findtenp: |
444 |
Add "--with-domainname" option. |
445 |
|
446 |
/usr/sbin/ccs-queryd: |
447 |
Use global PID for reaching the target domain. |
448 |
|
449 |
/usr/sbin/ccs-auditd: |
450 |
Reduce fsync() requests. |
451 |
|
452 |
/usr/sbin/ccs-editpolicy: |
453 |
Removed system policy editor. |
454 |
Changed profile editor. |
455 |
Optimize command temporarily not working due to syntax changes. |