Diff of /trunk/1.8.x/ccs-patch/README.ccs

OSDN > Finden Software > TOMOYO

 Browse Subversion Repository



/[tomoyo]/trunk/1.8.x/ccs-patch/README.ccs




Diff of /trunk/1.8.x/ccs-patch/README.ccs



 Parent Directory

|  Revision Log



|  Patch














revision 3064 by kumaneko,
Fri Sep 25 08:55:35 2009 UTC




revision 3131 by kumaneko,
Tue Nov  3 03:51:07 2009 UTC






#

Line 2167 
 Fix 2009/09/25


Line 2167 
 Fix 2009/09/25












2167
       The learning mode with "CONFIG::learning={ max_entry=0 }" is almost
       The learning mode with "CONFIG::learning={ max_entry=0 }" is almost

















2168
       the same with the permissive mode, only difference is "mode=learning"
       the same with the permissive mode, only difference is "mode=learning"

















2169
       and "mode=permissive".
       and "mode=permissive".












2170
 
 







2171
 
 Fix 2009/10/05







2172
 
 







2173
 
     @ Fix size truncation bug at ccs_memcmp().







2174
 
 







2175
 
       ccs_memcmp() was using "u8" for size parameter by error. Therefore, when







2176
 
       size >= 256 was passed to ccs_memcmp(), it was doing partial comarison







2177
 
       (incorrect result) or read overrun (CPU stall).







2178
 
 







2179
 
       ccs_memcmp() should use "size_t" for size parameter because size of







2180
 
       "struct ccs_condition" may exceed 256 bytes if complicated condition was







2181
 
       given.







2182
 
 







2183
 
 Fix 2009/10/08







2184
 
 







2185
 
     @ Add CONFIG_CCSECURITY_DEFAULT_LOADER option.







2186
 
 







2187
 
       I made the default policy loader's pathname ( /sbin/ccs-init )







2188
 
       configurable.







2189
 
 







2190
 
     @ Add CONFIG_CCSECURITY_ALTERNATIVE_TRIGGER option.







2191
 
 







2192
 
       Some environments do not have /sbin/init . In such environments, we need







2193
 
       to use different program's pathname (e.g. /init or /linuxrc ) as







2194
 
       activation trigger.







2195
 
 







2196
 
       Thus, I made the alternative trigger ( /sbin/ccs-start ) configurable.







2197
 
 







2198
 
 Fix 2009/11/02







2199
 
 







2200
 
     @ Fix buffer contention.







2201
 
 







2202
 
       A permission like







2203
 
 







2204
 
         allow_env PATH if exec.envp["PATH"]="/"







2205
 
 







2206
 
       was not working since I was using the same buffer for both environment







2207
 
       variable's name and value.







2208
 
 







2209
 
 Fix 2009/11/03







2210
 
 







2211
 
     @ Fix memory leak in ccs_write_address_group_policy().







2212
 
 







2213
 
       I forgot to call kfree() if same entry was added.







2214
 
 







2215
 
     @ Reduce mutexes.







2216
 
 







2217
 
       I was using mutex_lock()/mutex_unlock() so that I can use







2218
 
       atomic_dec_and_test() for removing an element from a list.







2219
 
       I moved that operation to garbage collector in order to reduce frequency







2220
 
       of mutex_lock()/mutex_unlock() calls.
























Legend:



Removed from v.3064
 


changed lines


 
Added in v.3131













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/1.8.x/ccs-patch/README.ccs
-revision 3064 by kumaneko,
Fri Sep 25 08:55:35 2009 UTC
+revision 3131 by kumaneko,
Tue Nov  3 03:51:07 2009 UTC
 Line 2167 
 Fix 2009/09/25
        The learning mode with "CONFIG::learning={ max_entry=0 }" is almost
        the same with the permissive mode, only difference is "mode=learning"
        and "mode=permissive".
+ Fix 2009/10/05
+     @ Fix size truncation bug at ccs_memcmp().
+       ccs_memcmp() was using "u8" for size parameter by error. Therefore, when
+       size >= 256 was passed to ccs_memcmp(), it was doing partial comarison
+       (incorrect result) or read overrun (CPU stall).
+       ccs_memcmp() should use "size_t" for size parameter because size of
+       "struct ccs_condition" may exceed 256 bytes if complicated condition was
+       given.
+ Fix 2009/10/08
+     @ Add CONFIG_CCSECURITY_DEFAULT_LOADER option.
+       I made the default policy loader's pathname ( /sbin/ccs-init )
+       configurable.
+     @ Add CONFIG_CCSECURITY_ALTERNATIVE_TRIGGER option.
+       Some environments do not have /sbin/init . In such environments, we need
+       to use different program's pathname (e.g. /init or /linuxrc ) as
+       activation trigger.
+       Thus, I made the alternative trigger ( /sbin/ccs-start ) configurable.
+ Fix 2009/11/02
+     @ Fix buffer contention.
+       A permission like
+         allow_env PATH if exec.envp["PATH"]="/"
+       was not working since I was using the same buffer for both environment
+       variable's name and value.
+ Fix 2009/11/03
+     @ Fix memory leak in ccs_write_address_group_policy().
+       I forgot to call kfree() if same entry was added.
+     @ Reduce mutexes.
+       I was using mutex_lock()/mutex_unlock() so that I can use
+       atomic_dec_and_test() for removing an element from a list.
+       I moved that operation to garbage collector in order to reduce frequency
+       of mutex_lock()/mutex_unlock() calls.
 Legend:



Removed from v.3064
 


changed lines


 
Added in v.3131
 Legend:



Removed from v.3064
 


changed lines


 
Added in v.3131
-Removed from v.3064
+Added in v.3131
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

Open-Source-Software-Entwicklung und Downloads

TOMOYO

Browse Subversion Repository