Subject: [TOMOYO #6 00/21] TOMOYO Linux - MAC based on process invocation history.
Date: Tuesday 8th January 2008 09:49:03 UTC (over 9 years ago)
"TOMOYO Linux" is our work in the field of security enhancement for Linux. This is the 6th submission of TOMOYO Linux. (http://tomoyo.sourceforge.jp/wiki-e/?WhatIs#mainlining) Changes since previous (November 17th) submission: * Added security goal document. (Documentation/TOMOYO.txt) This document is intended to specify the security goal that TOMOYO Linux is trying to achieve. Thread URL: http://lkml.org/lkml/2007/12/25/18 * Added environment variable name control functionality. Users can restrict the environment variable's names passed to execve() for each domain. * Refreshed patches for the latest -mm tree. Patches are for 2.6.24-rc6-mm1 The possibility of AB-BA deadlock has been pointed out and argued in http://lkml.org/lkml/2007/11/5/388 . We believe that LSM functions shouldn't access namespace_sem, so we chose to write a set of wrapper functions to pass "struct vfsmount" to LSM functions using "struct task_struct". This method is suggested at http://www.mail-archive.com/linux-security-[email protected]/msg01712.html . We wish Linux to merge either AppArmor's "Pass struct vfsmount to ..." patches or our patches marked as [02/21], [03/21], [04/21] into mainline kernel so that AppArmor and TOMOYO Linux can safely access "struct vfsmount" from LSM. Patches consist of five types. * [TOMOYO 01/21]: Documentation. * [TOMOYO 02-05/21]: Essential modifications against -mm kernel. * [TOMOYO 06-19/21]: LSM implementation of TOMOYO Linux. * [TOMOYO 20/21]: Makefile and Kconfig. * [TOMOYO 21/21]: Optional modifications against -mm kernel. We are trying to make a fair ¡Èsecure Linux¡É comparison table, it should explain the differences between TOMOYO Linux and AppArmor. (http://tomoyo.sourceforge.jp/wiki-e/?WhatIs#comparison) We would like TOMOYO Linux to be added into -mm tree so that more people can try. Any kind of feedbacks for the patches and the table would be appreciated. -- - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html