| 797 |
I was using PAGE_SIZE (4096 in many environments) |
I was using PAGE_SIZE (4096 in many environments) |
| 798 |
as the max length of any string data. |
as the max length of any string data. |
| 799 |
But for environments that have larger PAGE_SIZE, |
But for environments that have larger PAGE_SIZE, |
| 800 |
doing memset(ptr, 0, PAGE_SIZE) everytime is too wasteful. |
doing memset(ptr, 0, PAGE_SIZE) every time is too wasteful. |
| 801 |
|
|
| 802 |
Fix 2007/01/29 |
Fix 2007/01/29 |
| 803 |
|
|
| 2839 |
|
|
| 2840 |
Note that "struct ccsecurity_operations ccsecurity_ops" has changed. |
Note that "struct ccsecurity_operations ccsecurity_ops" has changed. |
| 2841 |
Loadable kernel modules that depends on it need to be rebuilt. |
Loadable kernel modules that depends on it need to be rebuilt. |
| 2842 |
|
|
| 2843 |
|
Fix 2011/05/05 |
| 2844 |
|
|
| 2845 |
|
@ Fix wrong profile number in audit logs for "misc env" permission. |
| 2846 |
|
|
| 2847 |
|
Profile number used for "file execute" permission was by error reused |
| 2848 |
|
when generating audit logs for "misc env" permission. |
| 2849 |
|
|
| 2850 |
|
Fix 2011/05/11 |
| 2851 |
|
|
| 2852 |
|
@ Fix wrong domainname validation. |
| 2853 |
|
|
| 2854 |
|
"<kernel>" + "/foo/\" + "/bar" was by error checked when |
| 2855 |
|
"<kernel> /foo/\* /bar" was given. As a result, legal domainnames like |
| 2856 |
|
"<kernel> /foo/\* /bar" are rejected. |
| 2857 |
|
|
| 2858 |
|
Fix 2011/06/06 |
| 2859 |
|
|
| 2860 |
|
@ Add policy namespace support. |
| 2861 |
|
|
| 2862 |
|
To be able to use TOMOYO in LXC environments, I introduced policy |
| 2863 |
|
namespace. Each policy namespace has its own set of domain policy, |
| 2864 |
|
exception policy and profiles, which are all independent of other |
| 2865 |
|
namespaces. |
| 2866 |
|
|
| 2867 |
|
@ Remove CONFIG_CCSECURITY_BUILTIN_INITIALIZERS option. |
| 2868 |
|
|
| 2869 |
|
From now on, exception policy and manager need to be able to handle |
| 2870 |
|
policy namespace (which is a <$namespace> prefix added to each line). |
| 2871 |
|
Thus, space-separated list for CONFIG_CCSECURITY_BUILTIN_INITIALIZERS is |
| 2872 |
|
no longer suitable for handling policy namespace. |
| 2873 |
|
|
| 2874 |
|
Fix 2011/06/10 |
| 2875 |
|
|
| 2876 |
|
@ Allow specifying trigger for activation. |
| 2877 |
|
|
| 2878 |
|
To be able to use TOMOYO under systemd environments where init= parameter |
| 2879 |
|
is used, I changed to allow overriding the trigger for calling external |
| 2880 |
|
policy loader and activating MAC via kernel command line options. |
| 2881 |
|
|
| 2882 |
|
Fix 2008/06/14 |
| 2883 |
|
|
| 2884 |
|
@ Remove unused "struct inode *" parameter from ccs-patch-\*.diff . |
| 2885 |
|
|
| 2886 |
|
To follow changes I made on 2011/04/20, I removed "struct inode *" from |
| 2887 |
|
ccs_mknod_permission(), ccs_mkdir_permission(), ccs_rmdir_permission(), |
| 2888 |
|
ccs_unlink_permission(), ccs_symlink_permission(), ccs_link_permission(), |
| 2889 |
|
ccs_rename_permission() that are called from fs/namei.c |
| 2890 |
|
net/unix/af_unix.c include/linux/security.c security/security.c . |
| 2891 |
|
If you have your own ccs-patch-*.diff , please update accordingly. |
| 2892 |
|
|
| 2893 |
|
Version 1.8.2 2011/06/20 Usability enhancement release. |
TOMOYO
Parent Directory
Revision Log
Patch