04 Jan, 2016
1 commit
-
A _lot_ of ->write() instances were open-coding it; some are
converted to memdup_user_nul(), a lot more remain...Signed-off-by: Al Viro
30 Apr, 2013
1 commit
-
Signed-off-by: Al Viro
23 Feb, 2013
1 commit
-
Signed-off-by: Al Viro
15 Mar, 2012
1 commit
-
"struct file_operations"->poll() expects "unsigned int" return value.
All files in /sys/kernel/security/tomoyo/ directory other than
/sys/kernel/security/tomoyo/query and /sys/kernel/security/tomoyo/audit should
return POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM rather than -ENOSYS.
Also, /sys/kernel/security/tomoyo/query and /sys/kernel/security/tomoyo/audit
should return POLLOUT | POLLWRNORM rather than 0 when there is no data to read.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
04 Jan, 2012
1 commit
-
Signed-off-by: Al Viro
26 Sep, 2011
1 commit
-
Commit efe836ab "TOMOYO: Add built-in policy support." introduced
tomoyo_load_builtin_policy() but was by error called from nowhere.Commit b22b8b9f "TOMOYO: Rename meminfo to stat and show more statistics."
introduced tomoyo_update_stat() but was by error not called from
tomoyo_assign_domain().Also, mark tomoyo_io_printf() and tomoyo_path_permission() static functions,
as reported by "make namespacecheck".Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
14 Sep, 2011
1 commit
-
To be able to split permissions for Apache's CGI programs which are executed
without execve(), add special domain transition which is performed by writing
a TOMOYO's domainname to /sys/kernel/security/tomoyo/self_domain interface.This is an API for TOMOYO-aware userland applications. However, since I expect
TOMOYO and other LSM modules to run in parallel, this patch does not use
/proc/self/attr/ interface in order to avoid conflicts with other LSM modules
when it became possible to run multiple LSM modules in parallel.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
14 Jul, 2011
1 commit
-
Update comments for scripts/kernel-doc and fix some of errors reported by
scripts/checkpatch.pl .Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
08 Jul, 2011
1 commit
-
/sys/kernel/security/tomoyo/.domain_status can be easily emulated using
/sys/kernel/security/tomoyo/domain_policy . We can remove this interface by
updating /usr/sbin/tomoyo-setprofile utility.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
29 Jun, 2011
4 commits
-
Show statistics such as last policy update time and last policy violation time
in addition to memory usage.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Add /sys/kernel/security/tomoyo/audit interface. This interface generates audit
logs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse
audit logs for appending to /sys/kernel/security/tomoyo/domain_policy
interface.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Use common structure for ACL with "struct list_head" + "atomic_t".
Use array/struct where possible.
Remove is_group from "struct tomoyo_name_union"/"struct tomoyo_number_union".
Pass "struct file"->private_data rather than "struct file".
Update some of comments.
Bring tomoyo_same_acl_head() from common.h to domain.c .
Bring tomoyo_invalid()/tomoyo_valid() from common.h to util.c .Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Update (or temporarily remove) comments.
Remove or replace some of #define lines.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
02 Aug, 2010
3 commits
-
TOMOYO does not deal offset pointer. Thus seek operation makes
no sense. Changing default seek operation from default_llseek()
to no_llseek() might break some applications. Thus, explicitly
set noop_llseek().Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Commit 1dae08c "TOMOYO: Add interactive enforcing mode." forgot to register
poll() hook. As a result, /usr/sbin/tomoyo-queryd was doing busy loop.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
security/tomoyo/common.c became too large to read.
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris