h.
How about submitting only vfsmount patches before submitting AppArmor/TOMOYO
main module?
We think the patches relate to not only LSM folks but also fsdevel folks.
So we are going to post the brief description of the patches to fsdevel.
Regards,
Kentaro Takeda
--
To unsubscribe from thi
submitting only vfsmount patches before submitting AppArmor/TOMOYO
main module?
We think the patches relate to not only LSM folks but also fsdevel folks.
So we are going to post the brief description of the patches to fsdevel.
Regards,
Kentaro Takeda
--
To unsubscribe from this list: send the line
s vfsmount patches from merging into -mm tree?
Regards.
Kentaro Takeda
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
?
Regards.
Kentaro Takeda
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Hello.
James Morris wrote:
> Why aren't you using securityfs for this? (It was designed for LSMs).
We are using securityfs mounted on /sys/kernel/security/ .
Thanks.
Kentaro Takeda
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a mess
To avoid namespace_sem deadlock, this patch uses
"current->last_vfsmount" associated by wrapper functions.
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
---
security/tomoyo/tomoyo.c | 825 ++
layed enforcing" mode which allows administrator judge interactively.
You can try TOMOYO Linux without this patch, but in that case, you
can't use access control functionality for restricting signal transmission.
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tets
This patch allows administrators use conditional permission.
TOMOYO Linux supports conditional permission based on
process's UID,GID etc. and/or requested pathname's UID/GID.
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
---
sec
TOMOYO Linux is placed in security/tomoyo .
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
---
security/Kconfig |1 +
security/Makefile|1 +
security/tomoyo/Kconfig | 26 ++
sec
l auditing for all processes,
which may cause performance and log flooding problem?
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
TOMOYO Linux checks mount permission based on
device name, mount point, filesystem type and optional flags.
TOMOYO Linux also checks permission in umount and pivot_root.
Each permission can be automatically accumulated into
the policy using 'learning mode'.
Signed-off-by: Kentaro Takeda <[EM
TOMOYO Linux checks sending signal by signal number and
the domain of target process. In order to check signal
permission, modification against kernel/signal.c is needed.
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro
TOMOYO Linux checks environment variable's names passed to execve()
because some envorinment variables affects to the behavior of program
like argv[0].
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda <[EM
and net/core/datagram.c is needed.
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
---
security/tomoyo/
TOMOYO Linux checks permission in
open/creat/unlink/truncate/ftruncate/mknod/mkdir/
rmdir/symlink/link/rename/uselib/sysctl .
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Sign
If the executed program name and argv[0] is different,
TOMOYO Linux checks permission.
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL
Every process belongs to a domain in TOMOYO Linux.
Domain transition occurs when execve(2) is called
and the domain is expressed as 'process invocation history',
such as ' /sbin/init /etc/init.d/rc'.
Domain information is stored in task_struct->security.
Signed-off-by: Kentaro Takeda <
policy.
The userland daemon /usr/lib/ccs/ccs-auditd will save these logs.
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
---
security/tomoyo/audit.c | 239
1 file changed, 23
Basic functions to get canonicalized absolute pathnames
for TOMOYO Linux. Even the requested pathname is symlink()ed
or chroot()ed, TOMOYO Linux uses the original pathname.
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
---
sec
not be able to pick up this datagram
will repeat recvmsg() forever, which is a worse side effect.
So, don't give different permissions between processes who shares one socket.
Otherwise, some connections/datagrams cannot be delivered to intended process.
Signed-off-by: Kentaro Takeda <[EMAIL PROTEC
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
---
security/tomoyo/include/realpath.h | 45 ++
security/tomoyo/include/tomoyo.h | 695 +
2 files changed, 740 insertions(+)
--- /dev/null
+++
This patch allows LSM hooks refer previously associated "struct vfsmount"
parameter so that they can calculate pathname of given "struct dentry".
AppArmor's approach is to add "struct vfsmount" parameter to all related
functions, while my approach is to store "struct vfsmount" parameter
in
This patch replaces VFS helper function calls caused by
userland process's request with VFS wrapper functions call.
I don't have a plan to control VFS helper function calls
caused by the kernel. Therefore, this patch doesn't modify
individual filesystems in fs/*/ directory.
I need to know the
This patch allows VFS wrapper functions associate "struct vfsmount"
with "struct task_struct" so that LSM hooks can calculate
pathname of given "struct dentry".
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
---
include/linux/init_task.h |1 +
include/linux/sched.h |2 ++
2 files
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
Signed-off-by: Toshiharu Harada <[EMAIL PROTECTED]>
---
Documentation/TOMOYO.txt | 266 +++
1 file changed, 266 insertions(+)
--- /dev/
"TOMOYO Linux" is our work in the field of security enhancement for Linux.
This is the 6th submission of TOMOYO Linux.
(http://tomoyo.sourceforge.jp/wiki-e/?WhatIs#mainlining)
Changes since previous (November 17th) submission:
* Added security goal document. (Documentation/TOMOYO.txt)
This
I'm sorry. I sent inlined patches with quilt,
but MTA converted them to attached files.
I'll retry soon.
Regards,
Kentaro Takeda
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.
tomoyo-file.patch
Description: application/octect-stream
tomoyo-headers.patch
Description: application/octect-stream
tomoyo-domain.patch
Description: application/octect-stream
tomoyo-net.patch
Description: application/octect-stream
tomoyo-hooks.patch
Description: application/octect-stream
tomoyo-mount.patch
Description: application/octect-stream
tomoyo-documentation.patch
Description: application/octect-stream
add-packet-filtering-based-on-process-security-context.patch
Description: application/octect-stream
add-signal-hooks-at-sleepable-locations.patch
Description: application/octect-stream
tomoyo-environ.patch
Description: application/octect-stream
tomoyo-exec.patch
Description: application/octect-stream
tomoyo-condition.patch
Description: application/octect-stream
tomoyo-realpath.patch
Description: application/octect-stream
replace-vfs-with-wrapper-functions.patch
Description: application/octect-stream
tomoyo-capability.patch
Description: application/octect-stream
tomoyo-audit.patch
Description: application/octect-stream
tomoyo-signal.patch
Description: application/octect-stream
add-wrapper-functions-for-vfs-helper-functions.patch
Description: application/octect-stream
tomoyo-kconfig.patch
Description: application/octect-stream
"TOMOYO Linux" is our work in the field of security enhancement for Linux.
This is the 6th submission of TOMOYO Linux.
(http://tomoyo.sourceforge.jp/wiki-e/?WhatIs#mainlining)
Changes since previous (November 17th) submission:
* Added security goal document. (Documentation/TOMOYO.txt)
This
add-struct-vfsmount-to-struct-task_struct.patch
Description: application/octect-stream
tomoyo-hooks.patch
Description: application/octect-stream
tomoyo-mount.patch
Description: application/octect-stream
tomoyo-net.patch
Description: application/octect-stream
tomoyo-headers.patch
Description: application/octect-stream
tomoyo-domain.patch
Description: application/octect-stream
tomoyo-file.patch
Description: application/octect-stream
TOMOYO Linux is our work in the field of security enhancement for Linux.
This is the 6th submission of TOMOYO Linux.
(http://tomoyo.sourceforge.jp/wiki-e/?WhatIs#mainlining)
Changes since previous (November 17th) submission:
* Added security goal document. (Documentation/TOMOYO.txt)
This
tomoyo-documentation.patch
Description: application/octect-stream
replace-vfs-with-wrapper-functions.patch
Description: application/octect-stream
tomoyo-signal.patch
Description: application/octect-stream
add-wrapper-functions-for-vfs-helper-functions.patch
Description: application/octect-stream
tomoyo-audit.patch
Description: application/octect-stream
tomoyo-capability.patch
Description: application/octect-stream
tomoyo-realpath.patch
Description: application/octect-stream
tomoyo-condition.patch
Description: application/octect-stream
tomoyo-exec.patch
Description: application/octect-stream
add-struct-vfsmount-to-struct-task_struct.patch
Description: application/octect-stream
add-signal-hooks-at-sleepable-locations.patch
Description: application/octect-stream
tomoyo-environ.patch
Description: application/octect-stream
add-packet-filtering-based-on-process-security-context.patch
Description: application/octect-stream
tomoyo-kconfig.patch
Description: application/octect-stream
I'm sorry. I sent inlined patches with quilt,
but MTA converted them to attached files.
I'll retry soon.
Regards,
Kentaro Takeda
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
TOMOYO Linux is our work in the field of security enhancement for Linux.
This is the 6th submission of TOMOYO Linux.
(http://tomoyo.sourceforge.jp/wiki-e/?WhatIs#mainlining)
Changes since previous (November 17th) submission:
* Added security goal document. (Documentation/TOMOYO.txt)
This
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
Signed-off-by: Toshiharu Harada [EMAIL PROTECTED]
---
Documentation/TOMOYO.txt | 266 +++
1 file changed, 266 insertions(+)
--- /dev/null
+++ linux-2.6-mm
This patch allows VFS wrapper functions associate struct vfsmount
with struct task_struct so that LSM hooks can calculate
pathname of given struct dentry.
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
include/linux/init_task.h |1 +
include/linux/sched.h |2 ++
2 files changed, 3
This patch allows LSM hooks refer previously associated struct vfsmount
parameter so that they can calculate pathname of given struct dentry.
AppArmor's approach is to add struct vfsmount parameter to all related
functions, while my approach is to store struct vfsmount parameter
in struct
This patch replaces VFS helper function calls caused by
userland process's request with VFS wrapper functions call.
I don't have a plan to control VFS helper function calls
caused by the kernel. Therefore, this patch doesn't modify
individual filesystems in fs/*/ directory.
I need to know the
not be able to pick up this datagram
will repeat recvmsg() forever, which is a worse side effect.
So, don't give different permissions between processes who shares one socket.
Otherwise, some connections/datagrams cannot be delivered to intended process.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/include/realpath.h | 45 ++
security/tomoyo/include/tomoyo.h | 695 +
2 files changed, 740 insertions(+)
--- /dev/null
+++ linux-2.6-mm
Basic functions to get canonicalized absolute pathnames
for TOMOYO Linux. Even the requested pathname is symlink()ed
or chroot()ed, TOMOYO Linux uses the original pathname.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo
policy.
The userland daemon /usr/lib/ccs/ccs-auditd will save these logs.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/audit.c | 239
1 file changed, 239 insertions(+)
--- /dev
If the executed program name and argv[0] is different,
TOMOYO Linux checks permission.
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED
Every process belongs to a domain in TOMOYO Linux.
Domain transition occurs when execve(2) is called
and the domain is expressed as 'process invocation history',
such as 'kernel /sbin/init /etc/init.d/rc'.
Domain information is stored in task_struct-security.
Signed-off-by: Kentaro Takeda [EMAIL
TOMOYO Linux checks permission in
open/creat/unlink/truncate/ftruncate/mknod/mkdir/
rmdir/symlink/link/rename/uselib/sysctl .
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off
TOMOYO Linux checks environment variable's names passed to execve()
because some envorinment variables affects to the behavior of program
like argv[0].
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL
and net/core/datagram.c is needed.
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/net.c | 934
TOMOYO Linux checks mount permission based on
device name, mount point, filesystem type and optional flags.
TOMOYO Linux also checks permission in umount and pivot_root.
Each permission can be automatically accumulated into
the policy using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL
TOMOYO Linux checks sending signal by signal number and
the domain of target process. In order to check signal
permission, modification against kernel/signal.c is needed.
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro
processes,
which may cause performance and log flooding problem?
Each permission can be automatically accumulated into
the policy of each domain using 'learning mode'.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/capability.c
TOMOYO Linux is placed in security/tomoyo .
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/Kconfig |1 +
security/Makefile|1 +
security/tomoyo/Kconfig | 26 ++
security/tomoyo/Makefile
This patch allows administrators use conditional permission.
TOMOYO Linux supports conditional permission based on
process's UID,GID etc. and/or requested pathname's UID/GID.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo
To avoid namespace_sem deadlock, this patch uses
current-last_vfsmount associated by wrapper functions.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED]
---
security/tomoyo/tomoyo.c | 825 +++
1 file
enforcing mode which allows administrator judge interactively.
You can try TOMOYO Linux without this patch, but in that case, you
can't use access control functionality for restricting signal transmission.
Signed-off-by: Kentaro Takeda [EMAIL PROTECTED]
Signed-off-by: Tetsuo Handa [EMAIL PROTECTED
Hello.
James Morris wrote:
Why aren't you using securityfs for this? (It was designed for LSMs).
We are using securityfs mounted on /sys/kernel/security/ .
Thanks.
Kentaro Takeda
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL
Basic functions to get canonicalized absolute pathnames
for TOMOYO Linux. Even the requested pathname is symlink()ed
or chroot()ed, TOMOYO Linux uses the original pathname.
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
---
sec
. Please try TOMOYO Linux.
Feedbacks are most welcome.
<>
OLS BoF material:
http://sourceforge.jp/projects/tomoyo/document/ols2007-tomoyo-20070629.pdf
Previous submissions: http://lkml.org/lkml/2007/6/13/58 ,
http://lkml.org/lkml/2007/6/14/55, http://lkml.org/lkml/2007/8/24/116
Kentaro
Data structures and prototype defitions for TOMOYO Linux.
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
---
security/tomoyo/include/realpath.h | 44 +++
security/tomoyo/include/tomoyo.h | 517 ++
TOMOYO Linux uses pathnames for auditing and controlling file access.
Therefore, namespace_sem is needed.
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
---
fs/namespace.c |2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
-
ssage [00/15] is in the three.
If the [00/15] will be delivered, everything goes just fine.
We are going to wait some more time and decide to repost them again.
Thanks again.
Kentaro Takeda
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
On 2007/08/27 21:11, Kyle Moffett wrote:
>This is probably not acceptable; I doubt there's a chance in hell
>that TOMOYO will get merged as long as it has text-based-language
>parsing in the kernel. You also have $NEW_RANDOM_ABUSE_OF_PROCFS and
>$PATH_BASED_LSM_ISSUES. See the long flamewars on
Kconfig and Makefile for TOMOYO Linux.
TOMOYO Linux is placed in security/tomoyo .
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
---
security/Kconfig |1 +
security/Makefile|1 +
security/tomoyo/Kco
.
* post_recv_datagram is added in skb_recv_datagram.
You can try TOMOYO Linux without this patch, but in that case, you
can't use access control functionality for restricting signal
transmission and incoming network data.
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo
1 - 100 of 180 matches
Mail list logo
