16 Apr, 2015
1 commit
-
most of the ->d_inode uses there refer to the same inode IO would
go to, i.e. d_backing_inode()Signed-off-by: David Howells
Signed-off-by: Al Viro
21 Sep, 2012
1 commit
-
Acked-by: Tetsuo Handa
Acked-by: Serge Hallyn
Signed-off-by: Eric W. Biederman
26 Sep, 2011
1 commit
-
When TOMOYO started using garbage collector at commit 847b173e "TOMOYO: Add
garbage collector.", we waited for close() before kfree(). Thus, elements to be
kfree()d were queued up using tomoyo_gc_list list.But it turned out that tomoyo_element_linked_by_gc() tends to choke garbage
collector when certain pattern of entries are queued.Since garbage collector is no longer waiting for close() since commit 2e503bbb
"TOMOYO: Fix lockdep warning.", we can remove tomoyo_gc_list list and
tomoyo_element_linked_by_gc() by doing sequential processing.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
19 Sep, 2011
1 commit
-
I got an opinion that it is difficult to use exception policy's domain
transition control directives because they need to match the pathname specified
to "file execute" directives. For example, if "file execute /bin/\*\-ls\-cat"
is given, corresponding domain transition control directive needs to be like
"no_keep_domain /bin/\*\-ls\-cat from any".If we can specify like below, it will become more convenient.
file execute /bin/ls keep exec.realpath="/bin/ls" exec.argv[0]="ls"
file execute /bin/cat keep exec.realpath="/bin/cat" exec.argv[0]="cat"
file execute /bin/\*\-ls\-cat child
file execute /usr/sbin/httpd exec.realpath="/usr/sbin/httpd" exec.argv[0]="/usr/sbin/httpd"In above examples, "keep" works as if keep_domain is specified, "child" works
as if "no_reset_domain" and "no_initialize_domain" and "no_keep_domain" are
specified, "" causes domain transition to domain upon
successful execve() operation.Moreover, we can also allow transition to different domains based on conditions
like below example./usr/sbin/sshd
file execute /bin/bash /usr/sbin/sshd //batch-session exec.argc=2 exec.argv[1]="-c"
file execute /bin/bash /usr/sbin/sshd //root-session task.uid=0
file execute /bin/bash /usr/sbin/sshd //nonroot-session task.uid!=0Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
14 Sep, 2011
1 commit
-
Add per-entry flag which controls generation of grant logs because Xen and KVM
issues ioctl requests so frequently. For example,file ioctl /dev/null 0x5401 grant_log=no
will suppress /sys/kernel/security/tomoyo/audit even if preference says
grant_log=yes .Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
11 Jul, 2011
4 commits
-
This patch adds support for permission checks using argv[]/envp[] of execve()
request. Hooks are in the last patch of this pathset.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
This patch adds support for permission checks using executable file's realpath
upon execve() and symlink's target upon symlink(). Hooks are in the last patch
of this pathset.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
This patch adds support for permission checks using file object's DAC
attributes (e.g. owner/group) when checking file's pathnames. Hooks for passing
file object's pointers are in the last patch of this pathset.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
This patch adds support for permission checks using current thread's UID/GID
etc. in addition to pathnames.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris