From: Kentaro Takeda <takedakn@nttdata.co.jp>
To: Stephen Smalley <sds@tycho.nsa.gov>,
James Morris <jmorris@namei.org>,
Chris Wright <chrisw@sous-sol.org>
Cc: "Serge E. Hallyn" <serue@us.ibm.com>,
David Howells <dhowells@redhat.com>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
Toshiharu Harada <haradats@nttdata.co.jp>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [TOMOYO #10 (linux-next) 0/8] TOMOYO Linux
Date: Thu, 09 Oct 2008 13:28:14 +0900 [thread overview]
Message-ID: <20081009042814.398846861@nttdata.co.jp> (raw)
TOMOYO Linux is a pathname-based MAC extension (LSM module) for the
Linux kernel.
Since the latest mmotm (2008-10-02-16-17) lacks CRED patchset by
David Howells, we used linux-next (-next-20080919) which includes
CRED patchset.
Diffrences from previous version are as follows.
*about LSM interfaces:
-added a new LSM hook security_path_clear() for clearing hash
table after VFS helper functions. It is needed to perform DAC
before MAC.
-added a new config option CONFIG_SECURITY_PATH for new LSM hooks.
*about task_struct:
-added in_execve flag to allow LSM modules to determine whether
current process is in an execve operation or not so that they can
behave differently while an execve operation is in progress.
*about TOMOYO body:
-made security_inode_*() return result of security_path_*() and
removed code clone of DAC.
-modified to check permisson of interpreter using
bprm->cred->security and current->in_execve flag.
-modified to use get_task_cred() for reading objective LSM context
of a task.
-modified to use bprm->cred->security to know the first call of
security_bprm_check() .
-modified to pass current->cred->security or bprm->cred->security as
parameter.
Thanks to Serge for sugguesting DAC-before-MAC workaround.
Thanks to David for patiently reviewing in_execve patch.
Stephen, James, Chris, please review and respond (hopefully Ack).
Regards,
--
next reply other threads:[~2008-10-09 4:29 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-09 4:28 Kentaro Takeda [this message]
2008-10-09 4:28 ` [TOMOYO #10 (linux-next) 1/8] Introduce new LSM hooks where vfsmount is available Kentaro Takeda
2008-10-09 4:28 ` [TOMOYO #10 (linux-next) 2/8] Add in_execve flag into task_struct Kentaro Takeda
2008-10-09 4:28 ` [TOMOYO #10 (linux-next) 3/8] LSM adapter functions Kentaro Takeda
2008-10-09 6:10 ` KAMEZAWA Hiroyuki
2008-10-09 6:57 ` Kentaro Takeda
2008-10-09 4:28 ` [TOMOYO #10 (linux-next) 4/8] Memory and pathname management functions Kentaro Takeda
2008-10-09 6:18 ` KAMEZAWA Hiroyuki
2008-10-09 7:17 ` Kentaro Takeda
2008-10-09 4:28 ` [TOMOYO #10 (linux-next) 5/8] Common functions for TOMOYO Linux Kentaro Takeda
2008-10-09 4:28 ` [TOMOYO #10 (linux-next) 6/8] Domain transition handler Kentaro Takeda
2008-10-09 4:28 ` [TOMOYO #10 (linux-next) 7/8] File operation restriction part Kentaro Takeda
2008-10-09 16:48 ` Serge E. Hallyn
2008-10-12 0:09 ` Tetsuo Handa
2008-10-15 1:29 ` Paul E. McKenney
2008-10-16 4:05 ` Kentaro Takeda
2008-10-16 15:10 ` Paul E. McKenney
2008-10-17 8:32 ` Kentaro Takeda
2008-10-17 14:56 ` Paul E. McKenney
2008-10-18 14:04 ` Tetsuo Handa
2008-10-18 15:18 ` Paul E. McKenney
2008-10-19 13:10 ` Tetsuo Handa
2008-10-20 4:17 ` Paul E. McKenney
2008-10-15 15:24 ` Serge E. Hallyn
2008-10-09 4:28 ` [TOMOYO #10 (linux-next) 8/8] Kconfig and Makefile Kentaro Takeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081009042814.398846861@nttdata.co.jp \
--to=takedakn@nttdata.co.jp \
--cc=akpm@linux-foundation.org \
--cc=chrisw@sous-sol.org \
--cc=dhowells@redhat.com \
--cc=haradats@nttdata.co.jp \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.