11 Jun, 2016
1 commit
-
We always mixed in the parent pointer into the dentry name hash, but we
did it late at lookup time. It turns out that we can simplify that
lookup-time action by salting the hash with the parent pointer early
instead of late.A few other users of our string hashes also wanted to mix in their own
pointers into the hash, and those are updated to use the same mechanism.Hash users that don't have any particular initial salt can just use the
NULL pointer as a no-salt.Cc: Vegard Nossum
Cc: George Spelvin
Cc: Al Viro
Signed-off-by: Linus Torvalds
26 Sep, 2011
2 commits
-
tomoyo_policy_lock mutex already protects it.
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
When TOMOYO started using garbage collector at commit 847b173e "TOMOYO: Add
garbage collector.", we waited for close() before kfree(). Thus, elements to be
kfree()d were queued up using tomoyo_gc_list list.But it turned out that tomoyo_element_linked_by_gc() tends to choke garbage
collector when certain pattern of entries are queued.Since garbage collector is no longer waiting for close() since commit 2e503bbb
"TOMOYO: Fix lockdep warning.", we can remove tomoyo_gc_list list and
tomoyo_element_linked_by_gc() by doing sequential processing.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
14 Jul, 2011
1 commit
-
Update comments for scripts/kernel-doc and fix some of errors reported by
scripts/checkpatch.pl .Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
29 Jun, 2011
7 commits
-
To be able to start using enforcing mode from the early stage of boot sequence,
this patch adds support for built-in policy configuration (and next patch adds
support for activating access control without calling external policy loader
program).Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Show statistics such as last policy update time and last policy violation time
in addition to memory usage.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments,
for TOMOYO cannot distinguish between environments outside the container and
environments inside the container since LXC environments are created using
pivot_root(). To address this problem, this patch introduces policy namespace.Each policy namespace has its own set of domain policy, exception policy and
profiles, which are all independent of other namespaces. This independency
allows users to develop policy without worrying interference among namespaces.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
ACL group allows administrator to globally grant not only "file read"
permission but also other permissions.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Add /sys/kernel/security/tomoyo/audit interface. This interface generates audit
logs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse
audit logs for appending to /sys/kernel/security/tomoyo/domain_policy
interface.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Use structure for passing ACL line, in preparation for supporting policy
namespace and conditional parameters.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Use common structure for ACL with "struct list_head" + "atomic_t".
Use array/struct where possible.
Remove is_group from "struct tomoyo_name_union"/"struct tomoyo_number_union".
Pass "struct file"->private_data rather than "struct file".
Update some of comments.
Bring tomoyo_same_acl_head() from common.h to domain.c .
Bring tomoyo_invalid()/tomoyo_valid() from common.h to util.c .Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
31 Mar, 2011
1 commit
-
When memory used for policy exceeds the quota, tomoyo_memory_ok() return false.
In this case, tomoyo_commit_ok() must call kfree() before returning NULL.
This bug exists since 2.6.35.Signed-off-by: Xiaochen Wang
Acked-by: Tetsuo Handa
Signed-off-by: James Morris
02 Aug, 2010
8 commits
-
Use shorter name in order to make it easier to fit 80 columns limit.
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
When userspace program reads policy from /sys/kernel/security/tomoyo/
interface, TOMOYO uses line buffered mode. A line has at least one word.Commit 006dacc "TOMOYO: Support longer pathname." changed a word's max length
from 4000 bytes to max kmalloc()able bytes. By that commit, a line's max length
changed from 8192 bytes to more than max kmalloc()able bytes.Max number of words in a line remains finite. This patch changes the way of
buffering so that all words in a line are firstly directly copied to userspace
buffer as much as possible and are secondly queued for next read request.
Words queued are guaranteed to be valid until /sys/kernel/security/tomoyo/
interface is close()d.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Use common code for "initialize_domain"/"no_initialize_domain"/"keep_domain"/
"no_keep_domain" keywords.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Use common code for "path_group" and "number_group".
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Assign list id and make the lists as array of "struct list_head".
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Read functions do not fail. Make them from int to void.
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Allow pathnames longer than 4000 bytes.
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
security/tomoyo/common.c became too large to read.
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris