tomoyo-capability.patch
Description: application/octect-stream
add-struct-vfsmount-to-struct-task_struct.patch
Description: application/octect-stream
tomoyo-headers.patch
Description: application/octect-stream
tomoyo-mount.patch
Description: application/octect-stream
tomoyo-environ.patch
Description: application/octect-stream
add-signal-hooks-at-sleepable-locations.patch
Description: application/octect-stream
add-packet-filtering-based-on-process-security-context.patch
Description: application/octect-stream
tomoyo-documentation.patch
Description: application/octect-stream
tomoyo-hooks.patch
Description: application/octect-stream
add-wrapper-functions-for-vfs-helper-functions.patch
Description: application/octect-stream
tomoyo-realpath.patch
Description: application/octect-stream
tomoyo-condition.patch
Description: application/octect-stream
Just FYI: A NACK to such an addition doesn't simply go away by
ignoring it.
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Hello.
Christoph Hellwig wrote:
Just FYI: A NACK to such an addition doesn't simply go away by
ignoring it.
Excuse me. What NACK is remaining?
About the below comments?
NACK to this. Passing function parameters through the task_struct is
definitely not an acceptable hack
Exactly.
Nick Piggin [EMAIL PROTECTED] wrote:
Nick Piggin [EMAIL PROTECTED] wrote:
No. I mean call the bit PG_private2. That way non-pagecache and
filesystems that don't use fscache can use it.
The bit is called PG_owner_priv_2, and then 'subclassed' to PG_fscache,
much like PG_owner_priv_1
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
Signed-off-by: Toshiharu Harada [EMAIL PROTECTED]
---
Documentation/TOMOYO.txt | 266 +++
1 file changed, 266 insertions(+)
--- /dev/null
+++
This patch allows LSM hooks refer previously associated struct vfsmount
parameter so that they can calculate pathname of given struct dentry.
AppArmor's approach is to add struct vfsmount parameter to all related
functions, while my approach is to store struct vfsmount parameter
in struct
This patch allows LSM modules filter incoming connections/datagrams
based on the process's security context who is attempting to pick up.
There are already hooks to filter incoming connections/datagrams
based on the socket's security context, but these hooks are not
applicable when one wants to
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/include/realpath.h | 45 ++
security/tomoyo/include/tomoyo.h | 695 +
2 files changed, 740 insertions(+)
--- /dev/null
+++
Basic functions to get canonicalized absolute pathnames
for TOMOYO Linux. Even the requested pathname is symlink()ed
or chroot()ed, TOMOYO Linux uses the original pathname.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
TOMOYO Linux checks permission in
open/creat/unlink/truncate/ftruncate/mknod/mkdir/
rmdir/symlink/link/rename/uselib/sysctl .
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by:
TOMOYO Linux checks environment variable's names passed to execve()
because some envorinment variables affects to the behavior of program
like argv[0].
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL
TOMOYO Linux checks mount permission based on
device name, mount point, filesystem type and optional flags.
TOMOYO Linux also checks permission in umount and pivot_root.
Each permission can be automatically accumulated into
the policy using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL
TOMOYO Linux checks permission for non-POSIX capability
so that the number of capabilities won't be limited to 32 or 64.
TOMOYO Linux uses per-a-domain capability, an approach that associate
capabilities with each domain, and assign a domain for each process.
The advantages of this approach are
TOMOYO Linux is placed in security/tomoyo .
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/Kconfig |1 +
security/Makefile|1 +
security/tomoyo/Kconfig | 26 ++
security/tomoyo/Makefile
To avoid namespace_sem deadlock, this patch uses
current-last_vfsmount associated by wrapper functions.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/tomoyo.c | 825 +++
1 file
This patch adds LSM hooks for sending signal.
* task_kill_unlocked is added in sys_kill
* task_tkill_unlocked is added in sys_tkill
* task_tgkill_unlocked is added in sys_tgkill
We know sleepable hooks are racy.
But we want to add sleepable hooks because TOMOYO Linux supports
delayed
On Wednesday 09 January 2008 10:51, David Howells wrote:
Nick Piggin [EMAIL PROTECTED] wrote:
Nick Piggin [EMAIL PROTECTED] wrote:
No. I mean call the bit PG_private2. That way non-pagecache and
filesystems that don't use fscache can use it.
The bit is called PG_owner_priv_2, and
On Wed, 9 Jan 2008, Kentaro Takeda wrote:
Common functions for TOMOYO Linux.
TOMOYO Linux uses /sys/kernel/security/tomoyo interface for configuration.
Why aren't you using securityfs for this? (It was designed for LSMs).
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from
On Wed, 9 Jan 2008, James Morris wrote:
On Wed, 9 Jan 2008, Kentaro Takeda wrote:
Common functions for TOMOYO Linux.
TOMOYO Linux uses /sys/kernel/security/tomoyo interface for configuration.
Why aren't you using securityfs for this? (It was designed for LSMs).
Doh, it is using
30 matches
Mail list logo