2659 |
|
|
2660 |
This change allows you to jump to arbitrary domain. |
This change allows you to jump to arbitrary domain. |
2661 |
|
|
2662 |
|
Note that this change also reverts "Change /proc/ccs/info/self_domain ." |
2663 |
|
made on 2006/10/24. Now, 'cat < /proc/ccs/info/self_domain' will act like |
2664 |
|
'cat /proc/ccs/info/self_domain'. Programs depending on old assumption |
2665 |
|
need to be updated. |
2666 |
|
|
2667 |
@ Add "task auto_domain_transition". |
@ Add "task auto_domain_transition". |
2668 |
|
|
2669 |
This is similar to "task manual_domain_transition", but is automatically |
This is similar to "task manual_domain_transition", but is automatically |
2718 |
which share ccs_oom_security. Threads which share ccs_oom_security will |
which share ccs_oom_security. Threads which share ccs_oom_security will |
2719 |
experience temporary inconsistency, but such threads are about to be |
experience temporary inconsistency, but such threads are about to be |
2720 |
killed by SIGKILL signal. |
killed by SIGKILL signal. |
2721 |
|
|
2722 |
|
Fix 2011/01/11 |
2723 |
|
|
2724 |
|
@ Use filesystem name for unnamed devices when vfsmount is missing. |
2725 |
|
|
2726 |
|
"Change pathname for non-rename()able filesystems." changed to use |
2727 |
|
"$fsname:" if the filesystem does not support rename() operation and |
2728 |
|
"dev($major,$minor):" otherwise when vfsmount is missing. But it turned |
2729 |
|
out that it is useless to use "dev($major,$minor):" for unnamed devices |
2730 |
|
(filesystems with $major == 0). Thus, I changed to use "$fsname:" rather |
2731 |
|
than "dev($major,$minor):" for filesystems with $major == 0 when vfsmount |
2732 |
|
is missing. |
2733 |
|
|
2734 |
|
Fix 2011/02/07 |
2735 |
|
|
2736 |
|
@ Fix infinite loop bug when reading /proc/ccs/audit or /proc/ccs/query . |
2737 |
|
|
2738 |
|
In ccs_flush(), head->r.w[0] holds pointer to string data to be printed. |
2739 |
|
But head->r.w[0] was updated only when the string data was partially |
2740 |
|
printed (because head->r.w[0] will be updated by head->r.w[1] later if |
2741 |
|
completely printed). However, regarding /proc/ccs/audit and |
2742 |
|
/proc/ccs/query , an additional '\0' is printed after the string data was |
2743 |
|
completely printed. But if free space for read buffer became 0 before |
2744 |
|
printing the additional '\0', ccs_flush() was returning without updating |
2745 |
|
head->r.w[0]. As a result, ccs_flush() forever reprints already printed |
2746 |
|
string data. |
2747 |
|
|
2748 |
|
Fix 2011/03/01 |
2749 |
|
|
2750 |
|
@ Run garbage collector without waiting for /proc/ccs/ users. |
2751 |
|
|
2752 |
|
Currently TOMOYO holds SRCU lock upon open() and releases it upon close() |
2753 |
|
because list elements stored in the "struct ccs_io_buffer" instances are |
2754 |
|
accessed until close() is called. However, such SRCU usage causes lockdep |
2755 |
|
to complain about leaving the kernel with SRCU lock held. Therefore, |
2756 |
|
I changed to hold/release SRCU upon each read()/write() by selectively |
2757 |
|
deferring kfree() by keeping track of the "struct ccs_io_buffer" |
2758 |
|
instances. |
2759 |
|
|
2760 |
|
Fix 2011/03/05 |
2761 |
|
|
2762 |
|
@ Support built-in policy configuration. |
2763 |
|
|
2764 |
|
To be able to start using enforcing mode from the early stage of boot |
2765 |
|
sequence, I added support for built-in policy configuration and |
2766 |
|
activating access control without calling external policy loader program. |
2767 |
|
|
2768 |
|
This will be useful for systems where operations which can lead to the |
2769 |
|
hijacking of the boot sequence are needed before loading the policy. |
2770 |
|
For example, you can activate immediately after loading the fixed part of |
2771 |
|
policy which will allow only operations needed for mounting a partition |
2772 |
|
which contains the variant part of policy and verifying (e.g. running GPG |
2773 |
|
check) and loading the variant part of policy. Since you can start using |
2774 |
|
enforcing mode from the beginning, you can reduce the possibility of |
2775 |
|
hijacking the boot sequence. |