| 2441 |
permissions (e.g. allow_env PATH if symlink.target="/"), it triggered |
permissions (e.g. allow_env PATH if symlink.target="/"), it triggered |
| 2442 |
NULL pointer dereference. |
NULL pointer dereference. |
| 2443 |
|
|
| 2444 |
Fix 2010/10/05 |
Fix 2010/10/28 |
| 2445 |
|
|
| 2446 |
|
@ Fix umount() pathname calculation. |
| 2447 |
|
|
| 2448 |
|
"mount --bind /path/to/file1 /path/to/file2" is legal. |
| 2449 |
|
Therefore, "umount /path/to/file2" is also legal. |
| 2450 |
|
Do not automatically append trailing '/' if pathname to be unmounted |
| 2451 |
|
does not end with '/'. |
| 2452 |
|
|
| 2453 |
|
@ Add preserve KABI compatibility option. (2.6 kernels only) |
| 2454 |
|
|
| 2455 |
|
TOMOYO needs "struct ccs_domain_info *" and "u32" for each |
| 2456 |
|
"struct task_struct". But embedding these variables into |
| 2457 |
|
"struct task_struct" breaks KABI for prebuilt kernel modules (which |
| 2458 |
|
means that you will need to rebuild prebuilt kernel modules). |
| 2459 |
|
|
| 2460 |
|
Since KABI is commonly used (compared to 5 years ago), asking users to |
| 2461 |
|
rebuild kernel modules which are not included in kernel package is no |
| 2462 |
|
longer preferable. Therefore, I added a new option that keeps |
| 2463 |
|
"struct task_struct" unmodified in order to keep KABI. |
| 2464 |
|
|
| 2465 |
|
Note that you have to use ccs-patch-2.6.\*.diff which patches |
| 2466 |
|
kernel/fork.c in order to use this option. Otherwise, TOMOYO will leak |
| 2467 |
|
memory whenever "struct task_struct" is released. |
| 2468 |
|
|
| 2469 |
@ Change directives. |
@ Change directives. |
| 2470 |
|
|
| 2503 |
when you have to disable access control for recv() operation due to |
when you have to disable access control for recv() operation due to |
| 2504 |
application breakage by discarding incoming datagram. |
application breakage by discarding incoming datagram. |
| 2505 |
|
|
|
@ Wait for next connection/datagram if current connection/datagram was |
|
|
discarded. |
|
|
|
|
|
Regarding "network inet stream accept", "network inet dgram recv", |
|
|
"network inet raw recv" directives, I modified to wait for next |
|
|
connection/datagram if current connection/datagram was discarded. |
|
|
LSM hooks for these directives are currently missing because this |
|
|
behavior may break applications. If you found applications broken by |
|
|
this behavior, you can set CONFIG::network::inet_stream_accept and/or |
|
|
CONFIG::network::inet_dgram_recv and/or CONFIG::network::inet_raw_recv |
|
|
to mode=disabled in order to only disable filtering for incoming |
|
|
connection/datagram. |
|
|
|
|
| 2506 |
@ Add Unix domain socket restriction support. |
@ Add Unix domain socket restriction support. |
| 2507 |
|
|
| 2508 |
Until now, it was possible to restrict only inet domain sockets (i.e. |
Until now, it was possible to restrict only inet domain sockets (i.e. |
TOMOYO
Parent Directory
Revision Log
Patch