| e53cfda5d2c90a6dd763eb72034c775add729e40 |
|
14-Apr-2013 |
Al Viro <viro@zeniv.linux.org.uk> |
tomoyo_close_control: don't bother with return value
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
| 496ad9aa8ef448058e36ca7a787c61f2e63f0f54 |
|
23-Jan-2013 |
Al Viro <viro@zeniv.linux.org.uk> |
new helper: file_inode(file)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
| 6041e8346f2165679c2184cab60db768d6a26a1d |
|
14-Mar-2012 |
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> |
TOMOYO: Return appropriate value to poll().
"struct file_operations"->poll() expects "unsigned int" return value.
All files in /sys/kernel/security/tomoyo/ directory other than
/sys/kernel/security/tomoyo/query and /sys/kernel/security/tomoyo/audit should
return POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM rather than -ENOSYS.
Also, /sys/kernel/security/tomoyo/query and /sys/kernel/security/tomoyo/audit
should return POLLOUT | POLLWRNORM rather than 0 when there is no data to read.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
| 52ef0c042bf06f6aef382fade175075627beebc1 |
|
26-Jul-2011 |
Al Viro <viro@zeniv.linux.org.uk> |
switch securityfs_create_file() to umode_t
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
| 778c4a4d60d932c1df6d270dcbc88365823c3963 |
|
25-Sep-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Fix make namespacecheck warnings.
Commit efe836ab "TOMOYO: Add built-in policy support." introduced
tomoyo_load_builtin_policy() but was by error called from nowhere.
Commit b22b8b9f "TOMOYO: Rename meminfo to stat and show more statistics."
introduced tomoyo_update_stat() but was by error not called from
tomoyo_assign_domain().
Also, mark tomoyo_io_printf() and tomoyo_path_permission() static functions,
as reported by "make namespacecheck".
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
|
| 731d37aa70c7b9de3be6bf2c8287366223bf5ce5 |
|
10-Sep-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Allow domain transition without execve().
To be able to split permissions for Apache's CGI programs which are executed
without execve(), add special domain transition which is performed by writing
a TOMOYO's domainname to /sys/kernel/security/tomoyo/self_domain interface.
This is an API for TOMOYO-aware userland applications. However, since I expect
TOMOYO and other LSM modules to run in parallel, this patch does not use
/proc/self/attr/ interface in order to avoid conflicts with other LSM modules
when it became possible to run multiple LSM modules in parallel.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
|
| 0f2a55d5bb2372058275b0b343d90dd5d640d045 |
|
14-Jul-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Update kernel-doc.
Update comments for scripts/kernel-doc and fix some of errors reported by
scripts/checkpatch.pl .
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
|
| 5c4274f13819b40e726f6ee4ef13b4952cff5010 |
|
07-Jul-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Remove /sys/kernel/security/tomoyo/.domain_status interface.
/sys/kernel/security/tomoyo/.domain_status can be easily emulated using
/sys/kernel/security/tomoyo/domain_policy . We can remove this interface by
updating /usr/sbin/tomoyo-setprofile utility.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
|
| b22b8b9fd90eecfb7133e56b4e113595f09f4492 |
|
26-Jun-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Rename meminfo to stat and show more statistics.
Show statistics such as last policy update time and last policy violation time
in addition to memory usage.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
|
| eadd99cc85347b4f9eb10122ac90032eb4971b02 |
|
26-Jun-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Add auditing interface.
Add /sys/kernel/security/tomoyo/audit interface. This interface generates audit
logs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse
audit logs for appending to /sys/kernel/security/tomoyo/domain_policy
interface.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
|
| 0df7e8b8f1c25c10820bdc679555f2fbfb897ca0 |
|
26-Jun-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Cleanup part 3.
Use common structure for ACL with "struct list_head" + "atomic_t".
Use array/struct where possible.
Remove is_group from "struct tomoyo_name_union"/"struct tomoyo_number_union".
Pass "struct file"->private_data rather than "struct file".
Update some of comments.
Bring tomoyo_same_acl_head() from common.h to domain.c .
Bring tomoyo_invalid()/tomoyo_valid() from common.h to util.c .
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
|
| b5bc60b4ce313b6dbb42e7d32915dcf0a07c2a68 |
|
26-Jun-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Cleanup part 2.
Update (or temporarily remove) comments.
Remove or replace some of #define lines.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
|
| 7e2deb7ce8f662bce877dbfd3b0053e9559c25a3 |
|
08-Jul-2010 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Explicitly set file_operations->llseek pointer.
TOMOYO does not deal offset pointer. Thus seek operation makes
no sense. Changing default seek operation from default_llseek()
to no_llseek() might break some applications. Thus, explicitly
set noop_llseek().
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
|
| 0849e3ba53c3ef603dffa9758a73e07ed186a937 |
|
24-Jun-2010 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Add missing poll() hook.
Commit 1dae08c "TOMOYO: Add interactive enforcing mode." forgot to register
poll() hook. As a result, /usr/sbin/tomoyo-queryd was doing busy loop.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
|
| c3ef1500ec833890275172c7d063333404b64d60 |
|
17-May-2010 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Split files into some pieces.
security/tomoyo/common.c became too large to read.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
|