| 2261 |
and open(O_RDWR | O_TRUNC). But I made a mistake between TOMOYO 1.7.0 and |
and open(O_RDWR | O_TRUNC). But I made a mistake between TOMOYO 1.7.0 and |
| 2262 |
1.7.1 which made it impossible for TOMOYO for kernels 2.6.14 and earlier |
1.7.1 which made it impossible for TOMOYO for kernels 2.6.14 and earlier |
| 2263 |
to distinguish them. |
to distinguish them. |
| 2264 |
|
|
| 2265 |
|
Fix 2009/11/27 |
| 2266 |
|
|
| 2267 |
|
@ Use newly created domain's name for domain creation audit log. |
| 2268 |
|
|
| 2269 |
|
Since 1.7.0 , /proc/ccs/reject_log was by error using existing domain's |
| 2270 |
|
name when auditing newly created domain's "use_profile" line. |
| 2271 |
|
|
| 2272 |
|
Fix 2009/12/12 |
| 2273 |
|
|
| 2274 |
|
@ Use rcu_read_lock() for find_task_by_pid(). |
| 2275 |
|
|
| 2276 |
|
Since kernel 2.6.18 , caller of find_task_by_pid() needs to call |
| 2277 |
|
rcu_read_lock() rather than read_lock(&tasklist_lock) because find_pid() |
| 2278 |
|
uses RCU primitives but spinlock does not prevent RCU callback if |
| 2279 |
|
preemptive RCU ( CONFIG_PREEMPT_RCU or CONFIG_TREE_PREEMPT_RCU ) is |
| 2280 |
|
enabled. |
| 2281 |
|
|
| 2282 |
|
Fix 2009/12/15 |
| 2283 |
|
|
| 2284 |
|
@ Don't check DAC permission if disabled mode. |
| 2285 |
|
|
| 2286 |
|
I was checking DAC permissions regarding directory entry modification |
| 2287 |
|
operations (e.g. mkdir()) even if mode=disabled . It is a waste of CPU |
| 2288 |
|
resource to check DAC permissions when MAC permissions are not checked. |
| 2289 |
|
Thus, I modified to skip DAC permission checks if mode=disabled . |
| 2290 |
|
|
| 2291 |
|
@ Allow deleting "quota_exceeded" and "transition_failed" entries. |
| 2292 |
|
|
| 2293 |
|
To notify users of "this domain has too many entries to hold" and "some |
| 2294 |
|
process in this domain was not able to perform domain transition", |
| 2295 |
|
"quota_exceeded" and "transition_failed" messages are used respectively. |
| 2296 |
|
These messages were not deletable. But it is more convenient for users |
| 2297 |
|
to be notified again if such events occurred again after tuning policy. |
| 2298 |
|
Thus, I made these messages deletable. |
| 2299 |
|
|
| 2300 |
|
Fix 2009/12/17 |
| 2301 |
|
|
| 2302 |
|
@ Don't check read permission in ccs_try_alt_exec(). |
| 2303 |
|
|
| 2304 |
|
While I was trying to remove ccs_execve_list list for GC optimization |
| 2305 |
|
between TOMOYO 1.7.0 and 1.7.1 , I made a mistake which made TOMOYO to |
| 2306 |
|
check allow_read permission of the programs specified by execute_handler |
| 2307 |
|
and denied_execute_handler keywords. |
TOMOYO
Parent Directory
Revision Log
Patch