OK. I've finished building TOMOYO 1.8.2 binary kernel packages for i686.
It turned out that ccs-patch-1.8.2-20110620.tar.gz fails to build if
srcdir != objdir. This problem can be fixed with below patch.
--- a/security/ccsecurity/Makefile
+++ b/security/ccsecurity/Makefile
@@ -16,38 +16,50 @@
endif
include $(TOPDIR)/Rules.make
-tomoyo2c: tomoyo2c.c
- @echo Compiling built-in policy generator for TOMOYO 1.8.x.
- @$(HOSTCC) $(HOSTCFLAGS) -o ./tomoyo2c tomoyo2c.c
-
policy/profile.conf:
+ @mkdir -p policy/
@echo Creating an empty policy/profile.conf
@touch $@
policy/exception_policy.conf:
+ @mkdir -p policy/
@echo Creating a default policy/exception_policy.conf
@echo initialize_domain /sbin/modprobe from any >> $@
@echo initialize_domain /sbin/hotplug from any >> $@
policy/domain_policy.conf:
+ @mkdir -p policy/
@echo Creating an empty policy/domain_policy.conf
@touch $@
policy/manager.conf:
+ @mkdir -p policy/
@echo Creating an empty policy/manager.conf
@touch $@
policy/stat.conf:
+ @mkdir -p policy/
@echo Creating an empty policy/stat.conf
@touch $@
-builtin-policy.h: policy/profile.conf policy/exception_policy.conf
policy/domain_policy.conf policy/manager.conf policy/stat.conf tomoyo2c
+builtin-policy.h: policy/profile.conf policy/exception_policy.conf
policy/domain_policy.conf policy/manager.conf policy/stat.conf
@echo Generating built-in policy for TOMOYO 1.8.x.
- @./tomoyo2c profile < policy/profile.conf > $@
- @./tomoyo2c exception_policy < policy/exception_policy.conf >> $@
- @./tomoyo2c domain_policy < policy/domain_policy.conf >> $@
- @./tomoyo2c manager < policy/manager.conf >> $@
- @./tomoyo2c stat < policy/stat.conf >> $@
+ @echo "static char ccs_builtin_profile[] __initdata =" > [email protected]
+ @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' <
policy/profile.conf >> [email protected]
+ @echo "\"\";" >> [email protected]
+ @echo "static char ccs_builtin_exception_policy[] __initdata =" >>
[email protected]
+ @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' <
policy/exception_policy.conf >> [email protected]
+ @echo "\"\";" >> [email protected]
+ @echo "static char ccs_builtin_domain_policy[] __initdata =" >> [email protected]
+ @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' <
policy/domain_policy.conf >> [email protected]
+ @echo "\"\";" >> [email protected]
+ @echo "static char ccs_builtin_manager[] __initdata =" >> [email protected]
+ @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' <
policy/manager.conf >> [email protected]
+ @echo "\"\";" >> [email protected]
+ @echo "static char ccs_builtin_stat[] __initdata =" >> [email protected]
+ @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' <
policy/stat.conf >> [email protected]
+ @echo "\"\";" >> [email protected]
+ @mv [email protected] $@
policy_io.o: builtin-policy.h
@@ -60,38 +72,50 @@
obj-y += ccsecurity.o
endif
-$(obj)/tomoyo2c: $(obj)/tomoyo2c.c
- @echo Compiling built-in policy generator for TOMOYO 1.8.x.
- @$(HOSTCC) $(HOSTCFLAGS) -o $(obj)/tomoyo2c $(obj)/tomoyo2c.c
-
$(obj)/policy/profile.conf:
+ @mkdir -p $(obj)/policy/
@echo Creating an empty policy/profile.conf
@touch $@
$(obj)/policy/exception_policy.conf:
+ @mkdir -p $(obj)/policy/
@echo Creating a default policy/exception_policy.conf
@echo initialize_domain /sbin/modprobe from any >> $@
@echo initialize_domain /sbin/hotplug from any >> $@
$(obj)/policy/domain_policy.conf:
+ @mkdir -p $(obj)/policy/
@echo Creating an empty policy/domain_policy.conf
@touch $@
$(obj)/policy/manager.conf:
+ @mkdir -p $(obj)/policy/
@echo Creating an empty policy/manager.conf
@touch $@
$(obj)/policy/stat.conf:
+ @mkdir -p $(obj)/policy/
@echo Creating an empty policy/stat.conf
@touch $@
-$(obj)/builtin-policy.h: $(obj)/policy/profile.conf
$(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf
$(obj)/policy/manager.conf $(obj)/policy/stat.conf $(obj)/tomoyo2c
+$(obj)/builtin-policy.h: $(obj)/policy/profile.conf
$(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf
$(obj)/policy/manager.conf $(obj)/policy/stat.conf
@echo Generating built-in policy for TOMOYO 1.8.x.
- @$(obj)/tomoyo2c profile < $(obj)/policy/profile.conf > $@
- @$(obj)/tomoyo2c exception_policy < $(obj)/policy/exception_policy.conf
>> $@
- @$(obj)/tomoyo2c domain_policy < $(obj)/policy/domain_policy.conf >> $@
- @$(obj)/tomoyo2c manager < $(obj)/policy/manager.conf >> $@
- @$(obj)/tomoyo2c stat < $(obj)/policy/stat.conf >> $@
+ @echo "static char ccs_builtin_profile[] __initdata =" > [email protected]
+ @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' <
$(obj)/policy/profile.conf >> [email protected]
+ @echo "\"\";" >> [email protected]
+ @echo "static char ccs_builtin_exception_policy[] __initdata =" >>
[email protected]
+ @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' <
$(obj)/policy/exception_policy.conf >> [email protected]
+ @echo "\"\";" >> [email protected]
+ @echo "static char ccs_builtin_domain_policy[] __initdata =" >> [email protected]
+ @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' <
$(obj)/policy/domain_policy.conf >> [email protected]
+ @echo "\"\";" >> [email protected]
+ @echo "static char ccs_builtin_manager[] __initdata =" >> [email protected]
+ @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' <
$(obj)/policy/manager.conf >> [email protected]
+ @echo "\"\";" >> [email protected]
+ @echo "static char ccs_builtin_stat[] __initdata =" >> [email protected]
+ @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' <
$(obj)/policy/stat.conf >> [email protected]
+ @echo "\"\";" >> [email protected]
+ @mv [email protected] $@
$(obj)/policy_io.o: $(obj)/builtin-policy.h
Also, ccs-tools-1.8.2-20110620.tar.gz has a bug that "ccs-editpolicy /etc/ccs/"
forgot to kill the offline daemon (which will cause unable to logout terminal
after finishing "ccs-editpolicy /etc/ccs/"). This problem can be fixed with
below patch.
--- a/ccstools/usr_sbin/editpolicy.c
+++ b/ccstools/usr_sbin/editpolicy.c
@@ -3107,6 +3107,8 @@
ccs_current_ns_len = strlen(ccs_current_ns);
}
+static pid_t daemon_pid = 0;
+
/**
* ccs_load_offline - Load policy for offline mode.
*
@@ -3132,7 +3134,8 @@
ccs_network_ip = addr.sin_addr.s_addr;
ccs_network_port = addr.sin_port;
ccs_network_mode = true;
- switch (fork()) {
+ daemon_pid = fork();
+ switch (daemon_pid) {
case 0:
ccs_editpolicy_offline_daemon(fd);
_exit(0);
@@ -3263,6 +3266,8 @@
endwin();
if (ccs_offline_mode && !ccs_readonly_mode)
ccs_save_offline();
+ if (daemon_pid)
+ kill(daemon_pid, SIGHUP);
ccs_clear_domain_policy(&ccs_dp);
return 0;
}
Also, it turned out that domain transition jump information on
<<< Domain Transition Editor >>> screen was not accurate nor sufficient.
For example, users might specify multiple "task manual_domain_transition"
entries that have same program name. Also, information for jumping to which
namespace should be printed. I'm correcting them now.
Domain policy file for below views:
http://sourceforge.jp/projects/tomoyo/svn/view/branches/example-domain-policy.conf?view=markup&root=tomoyo&pathrev=5176
Current view:
http://sourceforge.jp/projects/tomoyo/svn/view/branches/old.png?view=markup&root=tomoyo&pathrev=5176
Proposed view:
http://sourceforge.jp/projects/tomoyo/svn/view/branches/new.png?view=markup&root=tomoyo&pathrev=5176
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
