Diff of /trunk/1.7.x/ccs-patch/README.ccs

TOMOYO

 Subversion リポジトリの参照



/[tomoyo]/trunk/1.7.x/ccs-patch/README.ccs




Diff of /trunk/1.7.x/ccs-patch/README.ccs



 Parent Directory

|  Revision Log



|  Patch














revision 3014 by kumaneko,
Fri Sep 11 01:01:43 2009 UTC




revision 3061 by kumaneko,
Thu Sep 24 03:50:59 2009 UTC






#

Line 2085 
 Fix 2009/09/01


Line 2085 
 Fix 2009/09/01












2085
 
 

















2086
       Thus, I added global PID in audit logs.
       Thus, I added global PID in audit logs.

















2087
       
       















2088


     @ Transit to new domain before do_execve() suceeds.


     @ Transit to new domain before do_execve() succeeds.















2089
 
 

















2090
       Permission checks for interpreters and environment variables are
       Permission checks for interpreters and environment variables are

















2091
       done using new domain. In order to be allow ccs-queryd to reach the new
       done using new domain. In order to be allow ccs-queryd to reach the new











#

Line 2132 
 Fix 2009/09/11


Line 2132 
 Fix 2009/09/11












2132
       To ensure consistency with TOMOYO's '/'-tokenized pattern matching rules
       To ensure consistency with TOMOYO's '/'-tokenized pattern matching rules

















2133
       and "\-" operator, only "/\{dir\}/" sequences (where dir does not contain
       and "\-" operator, only "/\{dir\}/" sequences (where dir does not contain

















2134
       '/') is permitted.
       '/') is permitted.












2135
 
 







2136
 
 Fix 2009/09/24







2137
 
 







2138
 
     @ Don't check chmod/chown capability for requests from kernel.







2139
 
 







2140
 
       Until now, ccs_setattr_permission() was inserted in notify_change().







2141
 
       But notify_change() is also called by requests from kernel (e.g. UnionFS)







2142
 
       and it made difficult to use TOMOYO on UnionFS.







2143
 
 







2144
 
       Thus, I moved ccs_capable() checks from ccs_setattr_permission() to







2145
 
       ccs_chmod_permission() and ccs_chown_permission(), and removed







2146
 
       ccs_setattr_permission().
























Legend:



Removed from v.3014
 


changed lines


 
Added in v.3061













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/1.7.x/ccs-patch/README.ccs
-revision 3014 by kumaneko,
Fri Sep 11 01:01:43 2009 UTC
+revision 3061 by kumaneko,
Thu Sep 24 03:50:59 2009 UTC
 Line 2085 
 Fix 2009/09/01
        Thus, I added global PID in audit logs.
-     @ Transit to new domain before do_execve() suceeds.
+     @ Transit to new domain before do_execve() succeeds.
        Permission checks for interpreters and environment variables are
        done using new domain. In order to be allow ccs-queryd to reach the new
 Line 2132 
 Fix 2009/09/11
        To ensure consistency with TOMOYO's '/'-tokenized pattern matching rules
        and "\-" operator, only "/\{dir\}/" sequences (where dir does not contain
        '/') is permitted.
+ Fix 2009/09/24
+     @ Don't check chmod/chown capability for requests from kernel.
+       Until now, ccs_setattr_permission() was inserted in notify_change().
+       But notify_change() is also called by requests from kernel (e.g. UnionFS)
+       and it made difficult to use TOMOYO on UnionFS.
+       Thus, I moved ccs_capable() checks from ccs_setattr_permission() to
+       ccs_chmod_permission() and ccs_chown_permission(), and removed
+       ccs_setattr_permission().
 Legend:



Removed from v.3014
 


changed lines


 
Added in v.3061
 Legend:



Removed from v.3014
 


changed lines


 
Added in v.3061
-Removed from v.3014
+Added in v.3061
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照