2441 |
permissions (e.g. allow_env PATH if symlink.target="/"), it triggered |
permissions (e.g. allow_env PATH if symlink.target="/"), it triggered |
2442 |
NULL pointer dereference. |
NULL pointer dereference. |
2443 |
|
|
2444 |
Fix 2010/09/01 |
Fix 2010/10/05 |
2445 |
|
|
2446 |
@ Change directives. |
@ Change directives. |
2447 |
|
|
2577 |
|
|
2578 |
file read /etc/shadow task.uid=0 |
file read /etc/shadow task.uid=0 |
2579 |
|
|
2580 |
@ Remove per-profile preference. |
@ Remove "file_pattern" keyword. |
2581 |
|
|
2582 |
I removed per profile preference in order to make code simpler. |
I removed "file_pattern" keyword because it is impossible to predefine |
2583 |
|
all possible pathname patterns. Also, learning pathnames using incomplete |
2584 |
|
patterns makes it difficult to later replace using "path_group" keyword. |
2585 |
|
|
2586 |
|
@ Replace verbose= parameter with statistic interface. |
2587 |
|
|
2588 |
|
Since it is noisy if a lot of policy violation messages are printed, |
2589 |
|
I removed printk(). To be able to check whether policy violation occurred |
2590 |
|
or not, I introduced /proc/ccs/stat interface which counts number of |
2591 |
|
policy violations occurred. You can firstly check /proc/ccs/stat and then |
2592 |
|
check /proc/ccs/reject_log . |
2593 |
|
|
2594 |
|
@ Remove global preference. |
2595 |
|
|
2596 |
|
I removed global preference in order to make code simpler. |
2597 |
|
|
2598 |
@ Allow controlling generation of access granted logs for per an entry |
@ Allow controlling generation of access granted logs for per an entry |
2599 |
basis. |
basis. |