e53cfda5d2c90a6dd763eb72034c775add729e40 |
|
14-Apr-2013 |
Al Viro <viro@zeniv.linux.org.uk> |
tomoyo_close_control: don't bother with return value Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
496ad9aa8ef448058e36ca7a787c61f2e63f0f54 |
|
23-Jan-2013 |
Al Viro <viro@zeniv.linux.org.uk> |
new helper: file_inode(file) Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
6041e8346f2165679c2184cab60db768d6a26a1d |
|
14-Mar-2012 |
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> |
TOMOYO: Return appropriate value to poll(). "struct file_operations"->poll() expects "unsigned int" return value. All files in /sys/kernel/security/tomoyo/ directory other than /sys/kernel/security/tomoyo/query and /sys/kernel/security/tomoyo/audit should return POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM rather than -ENOSYS. Also, /sys/kernel/security/tomoyo/query and /sys/kernel/security/tomoyo/audit should return POLLOUT | POLLWRNORM rather than 0 when there is no data to read. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <james.l.morris@oracle.com>
|
52ef0c042bf06f6aef382fade175075627beebc1 |
|
26-Jul-2011 |
Al Viro <viro@zeniv.linux.org.uk> |
switch securityfs_create_file() to umode_t Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
778c4a4d60d932c1df6d270dcbc88365823c3963 |
|
25-Sep-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Fix make namespacecheck warnings. Commit efe836ab "TOMOYO: Add built-in policy support." introduced tomoyo_load_builtin_policy() but was by error called from nowhere. Commit b22b8b9f "TOMOYO: Rename meminfo to stat and show more statistics." introduced tomoyo_update_stat() but was by error not called from tomoyo_assign_domain(). Also, mark tomoyo_io_printf() and tomoyo_path_permission() static functions, as reported by "make namespacecheck". Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
|
731d37aa70c7b9de3be6bf2c8287366223bf5ce5 |
|
10-Sep-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Allow domain transition without execve(). To be able to split permissions for Apache's CGI programs which are executed without execve(), add special domain transition which is performed by writing a TOMOYO's domainname to /sys/kernel/security/tomoyo/self_domain interface. This is an API for TOMOYO-aware userland applications. However, since I expect TOMOYO and other LSM modules to run in parallel, this patch does not use /proc/self/attr/ interface in order to avoid conflicts with other LSM modules when it became possible to run multiple LSM modules in parallel. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
|
0f2a55d5bb2372058275b0b343d90dd5d640d045 |
|
14-Jul-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Update kernel-doc. Update comments for scripts/kernel-doc and fix some of errors reported by scripts/checkpatch.pl . Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
|
5c4274f13819b40e726f6ee4ef13b4952cff5010 |
|
07-Jul-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Remove /sys/kernel/security/tomoyo/.domain_status interface. /sys/kernel/security/tomoyo/.domain_status can be easily emulated using /sys/kernel/security/tomoyo/domain_policy . We can remove this interface by updating /usr/sbin/tomoyo-setprofile utility. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
|
b22b8b9fd90eecfb7133e56b4e113595f09f4492 |
|
26-Jun-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Rename meminfo to stat and show more statistics. Show statistics such as last policy update time and last policy violation time in addition to memory usage. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
|
eadd99cc85347b4f9eb10122ac90032eb4971b02 |
|
26-Jun-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Add auditing interface. Add /sys/kernel/security/tomoyo/audit interface. This interface generates audit logs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse audit logs for appending to /sys/kernel/security/tomoyo/domain_policy interface. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
|
0df7e8b8f1c25c10820bdc679555f2fbfb897ca0 |
|
26-Jun-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Cleanup part 3. Use common structure for ACL with "struct list_head" + "atomic_t". Use array/struct where possible. Remove is_group from "struct tomoyo_name_union"/"struct tomoyo_number_union". Pass "struct file"->private_data rather than "struct file". Update some of comments. Bring tomoyo_same_acl_head() from common.h to domain.c . Bring tomoyo_invalid()/tomoyo_valid() from common.h to util.c . Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
|
b5bc60b4ce313b6dbb42e7d32915dcf0a07c2a68 |
|
26-Jun-2011 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Cleanup part 2. Update (or temporarily remove) comments. Remove or replace some of #define lines. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
|
7e2deb7ce8f662bce877dbfd3b0053e9559c25a3 |
|
08-Jul-2010 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Explicitly set file_operations->llseek pointer. TOMOYO does not deal offset pointer. Thus seek operation makes no sense. Changing default seek operation from default_llseek() to no_llseek() might break some applications. Thus, explicitly set noop_llseek(). Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
|
0849e3ba53c3ef603dffa9758a73e07ed186a937 |
|
24-Jun-2010 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Add missing poll() hook. Commit 1dae08c "TOMOYO: Add interactive enforcing mode." forgot to register poll() hook. As a result, /usr/sbin/tomoyo-queryd was doing busy loop. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
|
c3ef1500ec833890275172c7d063333404b64d60 |
|
17-May-2010 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
TOMOYO: Split files into some pieces. security/tomoyo/common.c became too large to read. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
|