/Plain_text_e-mail_(Thunderbird)
Kentaro Takeda
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
TOMOYO Linux uses pathnames for auditing and controlling file access.
Therefore, namespace_sem is needed.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
fs/namespace.c|2 +-
include/linux/mnt_namespace.h |2 ++
2 files
Data structures and prototype defitions for TOMOYO Linux.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/include/realpath.h | 44 +++
security/tomoyo/include/tomoyo.h | 516 +
2 files
Kconfig and Makefile for TOMOYO Linux.
TOMOYO Linux is placed in security/tomoyo .
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/Kconfig |1 +
security/Makefile|1 +
security/tomoyo/Kconfig | 18
Basic functions to get canonicalized absolute pathnames
for TOMOYO Linux. Even the requested pathname is symlink()ed
or chroot()ed, TOMOYO Linux uses the original pathname.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo
-security.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/domain.c | 1291 +++
1 files changed, 1291 insertions(+)
--- /dev/null 1970-01-01 00:00:00.0 +
+++ linux-2.6/security
in the TOMOYO Linux policy.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
include/linux/audit.h |3 ++
security/tomoyo/audit.c | 68
2 files changed, 71 insertions(+)
--- /dev/null 1970-01-01 00:00
This patch allows administrators use conditional permission.
TOMOYO Linux supports conditional permission based on
process's UID,GID etc. and/or requested pathname's UID/GID.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo
and namespace_sem can remain static.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/tomoyo.c | 745 +++
1 files changed, 745 insertions(+)
--- /dev/null 1970-01-01 00:00:00.0 +
' and 'UDP accept'(recv),
LSM expansion patch ([TOMOYO /]) is needed.
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/net.c | 983
mode'.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/mount.c | 1019
1 files changed, 1019 insertions(+)
--- /dev/null 1970-01-01 00:00:00.0 +
+++ linux-2.6/security
'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/signal.c | 238 +++
1 files changed, 238 insertions(+)
--- /dev/null 1970-01-01 00:00:00.0 +
+++ linux-2.6
-security.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/domain.c | 1256 +++
1 files changed, 1256 insertions(+)
--- /dev/null 1970-01-01 00:00:00.0 +
+++ linux-2.6/security
in the TOMOYO Linux policy.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
include/linux/audit.h |3 ++
security/tomoyo/audit.c | 68
2 files changed, 71 insertions(+)
--- /dev/null 1970-01-01 00:00
-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/file.c | 1544 +
1 files changed, 1544 insertions(+)
--- /dev/null 1970-01-01 00:00:00.0 +
+++ linux-2.6/security/tomoyo/file.c2007-10-02
argv[0] check functions for TOMOYO Linux.
If the executed program name and argv[0] is different,
TOMOYO Linux checks permission.
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off
' and 'UDP connect',
LSM expansion patch ([TOMOYO 14/15]) is needed.
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/net.c | 975
mode'.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/mount.c | 1019
1 files changed, 1019 insertions(+)
--- /dev/null 1970-01-01 00:00:00.0 +
+++ linux-2.6/security
'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/signal.c | 229 +++
1 files changed, 229 insertions(+)
--- /dev/null 1970-01-01 00:00:00.0 +
+++ linux-2.6
and namespace_sem can remain static.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/tomoyo.c | 748 +++
1 files changed, 748 insertions(+)
--- /dev/null 1970-01-01 00:00:00.0 +
.
* post_recv_datagram is added in skb_recv_datagram.
You can try TOMOYO Linux without this patch, but in that case, you
can't use access control functionality for restricting signal
transmission and incoming network data.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa
On 2007/08/27 21:11, Kyle Moffett wrote:
This is probably not acceptable; I doubt there's a chance in hell
that TOMOYO will get merged as long as it has text-based-language
parsing in the kernel. You also have $NEW_RANDOM_ABUSE_OF_PROCFS and
$PATH_BASED_LSM_ISSUES. See the long flamewars on
] is in the three.
If the [00/15] will be delivered, everything goes just fine.
We are going to wait some more time and decide to repost them again.
Thanks again.
Kentaro Takeda
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED
Data structures and prototype defitions for TOMOYO Linux.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/include/realpath.h | 44 +++
security/tomoyo/include/tomoyo.h | 517 +
2 files
Basic functions to get canonicalized absolute pathnames
for TOMOYO Linux. Even the requested pathname is symlink()ed
or chroot()ed, TOMOYO Linux uses the original pathname.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo
tomoyo-capability.patch
Description: application/octect-stream
add-struct-vfsmount-to-struct-task_struct.patch
Description: application/octect-stream
tomoyo-headers.patch
Description: application/octect-stream
tomoyo-mount.patch
Description: application/octect-stream
tomoyo-environ.patch
Description: application/octect-stream
add-signal-hooks-at-sleepable-locations.patch
Description: application/octect-stream
add-packet-filtering-based-on-process-security-context.patch
Description: application/octect-stream
tomoyo-documentation.patch
Description: application/octect-stream
tomoyo-hooks.patch
Description: application/octect-stream
add-wrapper-functions-for-vfs-helper-functions.patch
Description: application/octect-stream
tomoyo-realpath.patch
Description: application/octect-stream
tomoyo-condition.patch
Description: application/octect-stream
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
Signed-off-by: Toshiharu Harada [EMAIL PROTECTED]
---
Documentation/TOMOYO.txt | 266 +++
1 file changed, 266 insertions(+)
--- /dev/null
+++ linux-2.6-mm
This patch allows LSM hooks refer previously associated struct vfsmount
parameter so that they can calculate pathname of given struct dentry.
AppArmor's approach is to add struct vfsmount parameter to all related
functions, while my approach is to store struct vfsmount parameter
in struct
not be able to pick up this datagram
will repeat recvmsg() forever, which is a worse side effect.
So, don't give different permissions between processes who shares one socket.
Otherwise, some connections/datagrams cannot be delivered to intended process.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/include/realpath.h | 45 ++
security/tomoyo/include/tomoyo.h | 695 +
2 files changed, 740 insertions(+)
--- /dev/null
+++ linux-2.6-mm
Basic functions to get canonicalized absolute pathnames
for TOMOYO Linux. Even the requested pathname is symlink()ed
or chroot()ed, TOMOYO Linux uses the original pathname.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo
TOMOYO Linux checks permission in
open/creat/unlink/truncate/ftruncate/mknod/mkdir/
rmdir/symlink/link/rename/uselib/sysctl .
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off
TOMOYO Linux checks environment variable's names passed to execve()
because some envorinment variables affects to the behavior of program
like argv[0].
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL
TOMOYO Linux checks mount permission based on
device name, mount point, filesystem type and optional flags.
TOMOYO Linux also checks permission in umount and pivot_root.
Each permission can be automatically accumulated into
the policy using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL
processes,
which may cause performance and log flooding problem?
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/capability.c
TOMOYO Linux is placed in security/tomoyo .
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/Kconfig |1 +
security/Makefile|1 +
security/tomoyo/Kconfig | 26 ++
security/tomoyo/Makefile
To avoid namespace_sem deadlock, this patch uses
current-last_vfsmount associated by wrapper functions.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/tomoyo.c | 825 +++
1 file
enforcing mode which allows administrator judge interactively.
You can try TOMOYO Linux without this patch, but in that case, you
can't use access control functionality for restricting signal transmission.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED
?
Regards.
Kentaro Takeda
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
submitting only vfsmount patches before submitting AppArmor/TOMOYO
main module?
We think the patches relate to not only LSM folks but also fsdevel folks.
So we are going to post the brief description of the patches to fsdevel.
Regards,
Kentaro Takeda
-
To unsubscribe from this list: send the line
In the LSM ml, we are discussing about
how to know requested pathnames within LSM modules.
Currently, VFS helper functions don't pass struct vfsmount parameter.
Therefore, we cannot calculate requested pathnames within LSM modules
because LSM hooks can't know struct vfsmount parameter that
52 matches
Mail list logo
