2441 |
permissions (e.g. allow_env PATH if symlink.target="/"), it triggered |
permissions (e.g. allow_env PATH if symlink.target="/"), it triggered |
2442 |
NULL pointer dereference. |
NULL pointer dereference. |
2443 |
|
|
2444 |
Fix 2010/10/05 |
Fix 2010/10/28 |
2445 |
|
|
2446 |
|
@ Fix umount() pathname calculation. |
2447 |
|
|
2448 |
|
"mount --bind /path/to/file1 /path/to/file2" is legal. |
2449 |
|
Therefore, "umount /path/to/file2" is also legal. |
2450 |
|
Do not automatically append trailing '/' if pathname to be unmounted |
2451 |
|
does not end with '/'. |
2452 |
|
|
2453 |
|
@ Add preserve KABI compatibility option. (2.6 kernels only) |
2454 |
|
|
2455 |
|
TOMOYO needs "struct ccs_domain_info *" and "u32" for each |
2456 |
|
"struct task_struct". But embedding these variables into |
2457 |
|
"struct task_struct" breaks KABI for prebuilt kernel modules (which |
2458 |
|
means that you will need to rebuild prebuilt kernel modules). |
2459 |
|
|
2460 |
|
Since KABI is commonly used (compared to 5 years ago), asking users to |
2461 |
|
rebuild kernel modules which are not included in kernel package is no |
2462 |
|
longer preferable. Therefore, I added a new option that keeps |
2463 |
|
"struct task_struct" unmodified in order to keep KABI. |
2464 |
|
|
2465 |
|
Note that you have to use ccs-patch-2.6.\*.diff which patches |
2466 |
|
kernel/fork.c in order to use this option. Otherwise, TOMOYO will leak |
2467 |
|
memory whenever "struct task_struct" is released. |
2468 |
|
|
2469 |
@ Change directives. |
@ Change directives. |
2470 |
|
|
2503 |
when you have to disable access control for recv() operation due to |
when you have to disable access control for recv() operation due to |
2504 |
application breakage by discarding incoming datagram. |
application breakage by discarding incoming datagram. |
2505 |
|
|
|
@ Wait for next connection/datagram if current connection/datagram was |
|
|
discarded. |
|
|
|
|
|
Regarding "network inet stream accept", "network inet dgram recv", |
|
|
"network inet raw recv" directives, I modified to wait for next |
|
|
connection/datagram if current connection/datagram was discarded. |
|
|
LSM hooks for these directives are currently missing because this |
|
|
behavior may break applications. If you found applications broken by |
|
|
this behavior, you can set CONFIG::network::inet_stream_accept and/or |
|
|
CONFIG::network::inet_dgram_recv and/or CONFIG::network::inet_raw_recv |
|
|
to mode=disabled in order to only disable filtering for incoming |
|
|
connection/datagram. |
|
|
|
|
2506 |
@ Add Unix domain socket restriction support. |
@ Add Unix domain socket restriction support. |
2507 |
|
|
2508 |
Until now, it was possible to restrict only inet domain sockets (i.e. |
Until now, it was possible to restrict only inet domain sockets (i.e. |