08 Apr, 2015

1 commit

• 7e114bbf5   tomoyo: Use bin2c to generate builtin-policy.h ... Browse Code »

  Simplify the Makefile by using a readily available tool instead of a
  custom sed script. The downside is that builtin-policy.h becomes
  unreadable for humans, but it is only a generated file.

  Acked-by: Tetsuo Handa
  Signed-off-by: Michal Marek

  Michal Marek

  2015-04-08 03:27:45 +0800  

07 Jan, 2015

1 commit

• 83fe27ea5   rcu: Make SRCU optional by using CONFIG_SRCU ... Browse Code »

  SRCU is not necessary to be compiled by default in all cases. For tinification
  efforts not compiling SRCU unless necessary is desirable.

  The current patch tries to make compiling SRCU optional by introducing a new
  Kconfig option CONFIG_SRCU which is selected when any of the components making
  use of SRCU are selected.

  If we do not select CONFIG_SRCU, srcu.o will not be compiled at all.

  text data bss dec hex filename
  2007 0 0 2007 7d7 kernel/rcu/srcu.o

  Size of arch/powerpc/boot/zImage changes from

  text data bss dec hex filename
  831552 64180 23944 919676 e087c arch/powerpc/boot/zImage : before
  829504 64180 23952 917636 e0084 arch/powerpc/boot/zImage : after

  so the savings are about ~2000 bytes.

  Signed-off-by: Pranith Kumar
  CC: Paul E. McKenney
  CC: Josh Triplett
  CC: Lai Jiangshan
  Signed-off-by: Paul E. McKenney
  [ paulmck: resolve conflict due to removal of arch/ia64/kvm/Kconfig. ]

  Pranith Kumar

  2015-01-07 03:04:29 +0800  

14 Sep, 2011

1 commit

• 059d84dbb   TOMOYO: Add socket operation restriction support. ... Browse Code »

  This patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIX
  socket's bind()/listen()/connect()/send() operations.

  Signed-off-by: Tetsuo Handa
  Signed-off-by: James Morris

  Tetsuo Handa

  2011-09-14 06:27:05 +0800  

29 Jun, 2011

1 commit

• 0e4ae0e0d   TOMOYO: Make several options configurable. ... Browse Code »

  To be able to start using enforcing mode from the early stage of boot sequence,
  this patch adds support for activating access control without calling external
  policy loader program. This will be useful for systems where operations which
  can lead to the hijacking of the boot sequence are needed before loading the
  policy. For example, you can activate immediately after loading the fixed part
  of policy which will allow only operations needed for mounting a partition
  which contains the variant part of policy and verifying (e.g. running GPG
  check) and loading the variant part of policy. Since you can start using
  enforcing mode from the beginning, you can reduce the possibility of hijacking
  the boot sequence.

  This patch makes several variables configurable on build time. This patch also
  adds TOMOYO_loader= and TOMOYO_trigger= kernel command line option to boot the
  same kernel in two different init systems (BSD-style init and systemd).

  Signed-off-by: Tetsuo Handa
  Signed-off-by: James Morris

  Tetsuo Handa

  2011-06-29 07:31:22 +0800  

12 Feb, 2009

1 commit

• 00d7d6f84   Kconfig and Makefile ... Browse Code »

  TOMOYO uses LSM hooks for pathname based access control and securityfs support.

  Signed-off-by: Kentaro Takeda
  Signed-off-by: Tetsuo Handa
  Signed-off-by: James Morris

  Kentaro Takeda

  2009-02-12 12:19:00 +0800