Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Kentaro Takeda <takedakn <at> nttdata.co.jp>
Subject: [TOMOYO #10 (linux-next) 0/8] TOMOYO Linux
Newsgroups: gmane.linux.kernel.lsm
Date: Thursday 9th October 2008 04:28:14 UTC (over 9 years ago)
TOMOYO Linux is a pathname-based MAC extension (LSM module) for the 
Linux kernel.

Since the latest mmotm (2008-10-02-16-17) lacks CRED patchset by 
David Howells, we used linux-next (-next-20080919) which includes 
CRED patchset.

Diffrences from previous version are as follows.

*about LSM interfaces:
 -added a new LSM hook security_path_clear() for clearing hash 
  table after VFS helper functions. It is needed to perform DAC 
  before MAC.
 -added a new config option CONFIG_SECURITY_PATH for new LSM hooks.

*about task_struct:
 -added in_execve flag to allow LSM modules to determine whether 
  current process is in an execve operation or not so that they can 
  behave differently while an execve operation is in progress.

*about TOMOYO body:
 -made security_inode_*() return result of security_path_*() and 
  removed code clone of DAC.
 -modified to check permisson of interpreter using 
  bprm->cred->security and current->in_execve flag.
 -modified to use get_task_cred() for reading objective LSM context 
  of a task.
 -modified to use bprm->cred->security to know the first call of 
  security_bprm_check() .
 -modified to pass current->cred->security or bprm->cred->security as 
  parameter.

Thanks to Serge for sugguesting DAC-before-MAC workaround.
Thanks to David for patiently reviewing in_execve patch.

Stephen, James, Chris, please review and respond (hopefully Ack).

Regards,
--

--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 
CD: 3ms