Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Tetsuo Handa <penguin-kernel <at> I-love.SAKURA.ne.jp>
Subject: TOMOYO patches for Linux 3.2 (Try #2)
Newsgroups: gmane.linux.kernel.lsm
Date: Saturday 10th September 2011 06:21:44 UTC (over 6 years ago)
[1/5] TOMOYO: Add environment variable name restriction support.
[2/5] TOMOYO: Add socket operation restriction support.
[3/5] TOMOYO: Allow controlling generation of access granted logs for per
an entry basis.
[4/5] TOMOYO: Allow domain transition without execve().
[5/5] TOMOYO: Avoid race when retrying "file execute" permission check.

This patchset implements below items in http://tomoyo.sourceforge.jp/comparison.html
.

"Features for assisting specifying numeric values"
=> "Allow grouping IP addresses? (address_group)"

"Features for supporting Apache's virtual hosts"
=> "Allow domain transitions without program execution?"

"Restrict executing programs? (execute)"
=> "Restrict permitted environment variables names?"

"Access control for Networks"
=> "Restrict remote IP addresses and port numbers for outgoing
connections?"	=> "Restrict remote IP addresses and port numbers for
outgoing packets?"
=> "Restrict local IP addresses and port numbers?"
=> "Restrict remote UNIX addresses for outgoing connections?"
=> "Restrict remote UNIX addresses for outgoing packets?"
=> "Restrict local UNIX addresses?"

Each patch in this patchset is independent. The reason I make these patches
as
a patchset is simply for reducing frequency of updating user's profile
configuration which is required whenever a new restriction is supported.
Thus, it is OK to go step by step.
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 
CD: 3ms