1256 |
|
|
1257 |
You can silently terminate a process who requested execve() |
You can silently terminate a process who requested execve() |
1258 |
that is not permitted by policy. |
that is not permitted by policy. |
1259 |
|
|
1260 |
|
Fix 2008/03/03 |
1261 |
|
|
1262 |
|
@ Add "force_alt_exec" keyword. |
1263 |
|
|
1264 |
|
To be able to fully utilize "alt_exec" feature, |
1265 |
|
I added "force_alt_exec" keyword so that |
1266 |
|
all execute requests are replaced by the execute request of a program |
1267 |
|
specified by alt_exec feature. |
1268 |
|
|
1269 |
|
If this keyword is specified for a domain, the domain no longer |
1270 |
|
executes any programs regardless of the mode of file access control |
1271 |
|
(i.e. the domain won't execute even if MAC_FOR_FILE=0 ). |
1272 |
|
Instead, the domain executes the program specified by alt_exec feature |
1273 |
|
and the program specified by alt_exec feature validates the execute |
1274 |
|
request and executes it if it is appropriate to execute. |
1275 |
|
|
1276 |
|
If you can tolerate that there is no chance to return an error code |
1277 |
|
to the caller to tell the execute request was rejected, |
1278 |
|
this is more flexible approach than in-kernel execve() parameter |
1279 |
|
checking because we can do argv[] and envp[] checking easily. |
1280 |
|
|
1281 |
|
Fix 2008/03/04 |
1282 |
|
|
1283 |
|
@ Use string for access control mode. |
1284 |
|
|
1285 |
|
An integer expression for access control mode sometimes confuses |
1286 |
|
administrators because profile number is also an integer expression. |
1287 |
|
To avoid confusion between profile number and access control mode, |
1288 |
|
I introduced a string expression for access control mode. |
1289 |
|
|
1290 |
|
Modes which take an integer between 0 and 3. |
1291 |
|
|
1292 |
|
0 -> disabled |
1293 |
|
1 -> learning |
1294 |
|
2 -> permissive |
1295 |
|
3 -> enforcing |
1296 |
|
|
1297 |
|
Modes which take 0 or 1. |
1298 |
|
|
1299 |
|
0 -> disabled |
1300 |
|
1 -> enabled |