Diff of /trunk/1.8.x/ccs-patch/README.ccs

OSDN > Finden Software > TOMOYO

 Browse Subversion Repository



/[tomoyo]/trunk/1.8.x/ccs-patch/README.ccs




Diff of /trunk/1.8.x/ccs-patch/README.ccs



 Parent Directory

|  Revision Log



|  Patch














revision 4981 by kumaneko,
Wed May 11 04:30:22 2011 UTC




revision 5122 by kumaneko,
Tue Jun 14 06:05:00 2011 UTC






#

Line 2854 
 Fix 2011/05/11


Line 2854 
 Fix 2011/05/11












2854
       "<kernel>" + "/foo/\" + "/bar" was by error checked when
       "<kernel>" + "/foo/\" + "/bar" was by error checked when

















2855
       "<kernel> /foo/\* /bar" was given. As a result, legal domainnames like
       "<kernel> /foo/\* /bar" was given. As a result, legal domainnames like

















2856
       "<kernel> /foo/\* /bar" are rejected.
       "<kernel> /foo/\* /bar" are rejected.












2857
 
 







2858
 
 Fix 2011/06/06







2859
 
 







2860
 
     @ Add policy namespace support.







2861
 
 







2862
 
       To be able to use TOMOYO in LXC environments, I introduced policy







2863
 
       namespace. Each policy namespace has its own set of domain policy,







2864
 
       exception policy and profiles, which are all independent of other







2865
 
       namespaces.







2866
 
 







2867
 
     @ Remove CONFIG_CCSECURITY_BUILTIN_INITIALIZERS option.







2868
 
 







2869
 
       From now on, exception policy and manager need to be able to handle







2870
 
       policy namespace (which is a <$namespace> prefix added to each line).







2871
 
       Thus, space-separated list for CONFIG_CCSECURITY_BUILTIN_INITIALIZERS is







2872
 
       no longer suitable for handling policy namespace.







2873
 
 







2874
 
 Fix 2011/06/10







2875
 
 







2876
 
     @ Allow specifying trigger for activation.







2877
 
 







2878
 
       To be able to use TOMOYO under systemd environments where init= parameter







2879
 
       is used, I changed to allow overriding the trigger for calling external







2880
 
       policy loader and activating MAC via kernel command line options.







2881
 
 







2882
 
 Fix 2008/06/14







2883
 
 







2884
 
     @ Remove unused "struct inode *" parameter from ccs-patch-\*.diff .







2885
 
 







2886
 
       To follow changes I made on 2011/04/20, I removed "struct inode *" from







2887
 
       ccs_mknod_permission(), ccs_mkdir_permission(), ccs_rmdir_permission(),







2888
 
       ccs_unlink_permission(), ccs_symlink_permission(), ccs_link_permission(),







2889
 
       ccs_rename_permission() that are called from fs/namei.c







2890
 
       net/unix/af_unix.c include/linux/security.c security/security.c .







2891
 
       If you have your own ccs-patch-*.diff , please update accordingly.
























Legend:



Removed from v.4981
 


changed lines


 
Added in v.5122













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/1.8.x/ccs-patch/README.ccs
-revision 4981 by kumaneko,
Wed May 11 04:30:22 2011 UTC
+revision 5122 by kumaneko,
Tue Jun 14 06:05:00 2011 UTC
 Line 2854 
 Fix 2011/05/11
        "<kernel>" + "/foo/\" + "/bar" was by error checked when
        "<kernel> /foo/\* /bar" was given. As a result, legal domainnames like
        "<kernel> /foo/\* /bar" are rejected.
+ Fix 2011/06/06
+     @ Add policy namespace support.
+       To be able to use TOMOYO in LXC environments, I introduced policy
+       namespace. Each policy namespace has its own set of domain policy,
+       exception policy and profiles, which are all independent of other
+       namespaces.
+     @ Remove CONFIG_CCSECURITY_BUILTIN_INITIALIZERS option.
+       From now on, exception policy and manager need to be able to handle
+       policy namespace (which is a <$namespace> prefix added to each line).
+       Thus, space-separated list for CONFIG_CCSECURITY_BUILTIN_INITIALIZERS is
+       no longer suitable for handling policy namespace.
+ Fix 2011/06/10
+     @ Allow specifying trigger for activation.
+       To be able to use TOMOYO under systemd environments where init= parameter
+       is used, I changed to allow overriding the trigger for calling external
+       policy loader and activating MAC via kernel command line options.
+ Fix 2008/06/14
+     @ Remove unused "struct inode *" parameter from ccs-patch-\*.diff .
+       To follow changes I made on 2011/04/20, I removed "struct inode *" from
+       ccs_mknod_permission(), ccs_mkdir_permission(), ccs_rmdir_permission(),
+       ccs_unlink_permission(), ccs_symlink_permission(), ccs_link_permission(),
+       ccs_rename_permission() that are called from fs/namei.c
+       net/unix/af_unix.c include/linux/security.c security/security.c .
+       If you have your own ccs-patch-*.diff , please update accordingly.
 Legend:



Removed from v.4981
 


changed lines


 
Added in v.5122
 Legend:



Removed from v.4981
 


changed lines


 
Added in v.5122
-Removed from v.4981
+Added in v.5122
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

Open-Source-Software-Entwicklung und Downloads

TOMOYO

Browse Subversion Repository