Jamie Nguyen wrote:
> Personally, I think splitting is much more preferable than
> concatenating. If for example many namespaces are being used (e.g.
> >5), this is much more easily manageable in separate files than within
> a single concatenated file. Do you think it is a problem to disallow
> "/" in $namespace ?
Well, I think we will need to choose one from choices listed below:
(1) implicitly use the basename of the program (e.g. httpd for
"initialize_namespace /usr/sbin/httpd from any" case)
(2) let users explicitly specify the namespace (e.g. apache for
"initialize_namespace apache /usr/sbin/httpd from any" case)
(3) use escape (e.g. \057usr\057sbin\057httpd for /usr/sbin/httpd )
like AppArmor does (i.e. replace '/' with '.')
when accessing namespace directories.
> Also, if we do use a different directory for $namespace, then I
> suppose "/etc/ccs/policy/current" can include further subdirectories
> for each namespace, for example "/etc/ccs/policy/current/apache".
> Proposed layout looks like this:
As you locate $namespace directory under $YY-$MM-$DD.$hh:$mm:$ss directory,
you prefer saving all namespace's policy files atomically over saving
individual namespace's policy files as needed, don't you?
/etc/ccs/
ccs-load-module For loading the kernel module.
ccs-post-init For doing additional initialization.
domain_policy.conf Symlink to policy/current/domain_policy.conf
exception_policy.conf Symlink to policy/current/exception_policy.conf
profile.conf Symlink to policy/current/profile.conf
manager.conf Symlink to policy/current/manager.conf
stat.conf Memory usage quota configuration.
/etc/ccs/tools/
auditd.conf Configuration for /usr/sbin/ccs-auditd
editpolicy.conf Configuration for /usr/sbin/ccs-editpolicy
notifyd.conf Configuration for /usr/sbin/ccs-notifyd
patternize.conf Configuration for /usr/sbin/ccs-patternize
/etc/ccs/policy/
current Symlink to $YY-$MM-$DD.$hh:$mm:$ss
previous Symlink to location where current was pointing to.
/etc/ccs/policy/$YY-$MM-$DD.$hh:$mm:$ss/
domain_policy.conf Domain policy for kernel namespace.
exception_policy.conf Exception policy for kernel namespace.
profile.conf Profile for kernel namespace.
manager.conf Manager for kernel namespace.
/etc/ccs/policy/$YY-$MM-$DD.$hh:$mm:$ss/$namespace/
domain_policy.conf Domain policy for $namespace namespace.
exception_policy.conf Exception policy for $namespace namespace.
profile.conf Profile for $namespace namespace.
manager.conf Manager for $namespace namespace.
Do we locate policy files for kernel namespace to
/etc/ccs/policy/$YY-$MM-$DD.$hh:$mm:$ss/ and retain 4 symlinks in /etc/ccs/ ?
This is good for backward compatibility, but may cause operation mistakes (e.g.
adding to kernel namespace while meant to add to apache namespace) when users
started using other namespaces. In this case, $namespace is none of 'kernel'
'domain_policy.conf' 'exception_policy.conf' 'profile.conf' 'manager.conf'.
If locate policy files for kernel namespace to
/etc/ccs/policy/$YY-$MM-$DD.$hh:$mm:$ss/kernel/ and remove 4 symlinks in
/etc/ccs/ , this breaks backward compatibility but may help avoiding
operation mistakes. In this case, $namespace can be any word.
If we split /etc/ccs/ files for each namespace, we might also want to split
corresponding /proc/ccs/ files. Regarding /proc/ccs/ directory:
/proc/ccs/
namespace For listing namespaces and adding new namespace
query For /usr/sbin/ccs-queryd
audit For /usr/sbin/ccs-auditd
stat Statistics information
version TOMOYO's version
self_domain Current thread's domain
.execute_handler For execute handler programs
.process_status For /usr/sbin/ccs-pstree
domain_policy Mirror of /proc/ccs/$namespace/domain_policy
exception_policy Mirror of /proc/ccs/$namespace/exception_policy
profile Mirror of /proc/ccs/$namespace/profile
manager Mirror of /proc/ccs/$namespace/manager
.domain_status Mirror of /proc/ccs/$namespace/.domain_status
/proc/ccs/$namespace/
domain_policy Domain policy for $namespace namespace.
exception_policy Exception policy for $namespace namespace.
profile Profile for $namespace namespace.
manager Manager for $namespace namespace.
.domain_status Subset of domain_policy for /usr/sbin/ccs-setprofile
In this case, $namespace is none of 'namespace' 'query' 'audit' 'stat'
'version' 'self_domain' '.execute_handler' '.process_status' 'domain_policy'
'exception_policy' 'profile' 'manager' '.domain_status'.
/proc/ccs/
namespace For listing namespaces and adding new namespace
query For /usr/sbin/ccs-queryd
audit For /usr/sbin/ccs-auditd
stat Statistics information
version TOMOYO's version
self_domain Current thread's domain
.execute_handler For execute handler programs
.process_status For /usr/sbin/ccs-pstree
domain_policy Mirror of /proc/ccs/namespace.d/$namespace/domain_policy
exception_policy Mirror of
/proc/ccs/namespace.d/$namespace/exception_policy
profile Mirror of /proc/ccs/namespace.d/$namespace/profile
manager Mirror of /proc/ccs/namespace.d/$namespace/manager
.domain_status Mirror of
/proc/ccs/namespace.d/$namespace/.domain_status
/proc/ccs/namespace.d/$namespace/
domain_policy Domain policy for $namespace namespace.
exception_policy Exception policy for $namespace namespace.
profile Profile for $namespace namespace.
manager Manager for $namespace namespace.
.domain_status Subset of domain_policy for /usr/sbin/ccs-setprofile
In this case, $namespace can be any word.
For backward compatibility, above layout provides domain_policy exception_policy
profile manager .domain_status as mirrors of namespace.d/$namespace/ files
rather than symlinks to namespace.d/$namespace/ files.
Well, .domain_status is used by /usr/sbin/ccs-setprofile but
/usr/sbin/ccs-setprofile is unlikely used because we nowadays use
/usr/sbin/ccs-editpolicy instead. We can remove .domain_status if we modify
/usr/sbin/ccs-setprofile to use domain_policy instead.
_______________________________________________
tomoyo-dev-en mailing list
tomoyo-dev-en@lists.sourceforge.jp
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-dev-en
