04 Jan, 2012
1 commit
-
Signed-off-by: Al Viro
14 Sep, 2011
1 commit
-
Add per-entry flag which controls generation of grant logs because Xen and KVM
issues ioctl requests so frequently. For example,file ioctl /dev/null 0x5401 grant_log=no
will suppress /sys/kernel/security/tomoyo/audit even if preference says
grant_log=yes .Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
14 Jul, 2011
1 commit
-
Update comments for scripts/kernel-doc and fix some of errors reported by
scripts/checkpatch.pl .Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
11 Jul, 2011
4 commits
-
This patch adds support for permission checks using argv[]/envp[] of execve()
request. Hooks are in the last patch of this pathset.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
This patch adds support for permission checks using executable file's realpath
upon execve() and symlink's target upon symlink(). Hooks are in the last patch
of this pathset.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
This patch adds support for permission checks using file object's DAC
attributes (e.g. owner/group) when checking file's pathnames. Hooks for passing
file object's pointers are in the last patch of this pathset.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
This patch adds support for permission checks using current thread's UID/GID
etc. in addition to pathnames.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
01 Jul, 2011
1 commit
-
Commit eadd99cc "TOMOYO: Add auditing interface." by error replaced
"struct tomoyo_request_info"->domain with tomoyo_domain().Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
29 Jun, 2011
4 commits
-
Show statistics such as last policy update time and last policy violation time
in addition to memory usage.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Gather string constants to one file in order to make the object size smaller.
Use unsigned type where appropriate.
read()/write() returns ssize_t.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments,
for TOMOYO cannot distinguish between environments outside the container and
environments inside the container since LXC environments are created using
pivot_root(). To address this problem, this patch introduces policy namespace.Each policy namespace has its own set of domain policy, exception policy and
profiles, which are all independent of other namespaces. This independency
allows users to develop policy without worrying interference among namespaces.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Add /sys/kernel/security/tomoyo/audit interface. This interface generates audit
logs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse
audit logs for appending to /sys/kernel/security/tomoyo/domain_policy
interface.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris