From: Daniel Walker <dwalker@mvista.com>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
Kentaro Takeda <takedakn@nttdata.co.jp>,
Toshiharu Harada <haradats@nttdata.co.jp>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
linux-netdev <netdev@vger.kernel.org>
Subject: Re: [TOMOYO #7 30/30] Hooks for SAKURA and TOMOYO.
Date: Fri, 04 Apr 2008 09:29:35 -0700 [thread overview]
Message-ID: <1207326576.21308.71.camel@localhost.localdomain> (raw)
In-Reply-To: <20080404122408.986477936@I-love.SAKURA.ne.jp>
On Fri, 2008-04-04 at 21:23 +0900, Tetsuo Handa wrote:
> This patch makes two lines deletion by
> sed -e 's:search_binary_handler:search_binary_handler_with_transition:'
> TOMOYO does domain transition when execve() is called.
> Thus, distinguishing search_binary_handler() from do_execve() and
> search_binary_handler() from other functions (e.g. load_script())
> makes TOMOYO's domain transition handler simple.
>
> Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
> Cc: linux-fsdevel <linux-fsdevel@vger.kernel.org>
> Cc: linux-netdev <netdev@vger.kernel.org>
> ---
> Documentation/kernel-parameters.txt | 15 ++++
> arch/ia64/ia32/sys_ia32.c | 7 ++
> arch/mips/kernel/ptrace32.c | 7 ++
> arch/s390/kernel/ptrace.c | 7 ++
> arch/sh/kernel/ptrace_64.c | 7 ++
> arch/x86/kernel/ptrace.c | 7 ++
> fs/Kconfig | 2
> fs/Makefile | 2
> fs/attr.c | 19 +++++
>From a reviews perspective what I would want is each set of changes,
file system, networking, arch, etc split into separate patches. For
example you have a number of patches just adding header files. You could
merge the header file with the hook additions. Then you have a natural
code split up which should be easier to review..
> + /***** TOMOYO Linux start. *****/
> + if (!ccs_capable(TOMOYO_SYS_PTRACE))
> + return -EPERM;
> + /***** TOMOYO Linux end. *****/
For instance if the function name was "tomoyo_check_capable" it would be
clear that it's part of your code.. The current function naming here is
obscure ..
> + /***** CCS start. *****/
> +#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO)
> + printk(KERN_INFO "Hook version: 2.6.25-rc8-mm1 2008/04/02\n");
> +#endif
> + /***** CCS end. *****/
This printk clearly needs to go away ..
> --- linux-2.6.25-rc8-mm1.orig/include/linux/init_task.h
> +++ linux-2.6.25-rc8-mm1/include/linux/init_task.h
> @@ -197,6 +197,10 @@ extern struct group_info init_groups;
> INIT_IDS \
> INIT_TRACE_IRQFLAGS \
> INIT_LOCKDEP \
> + /***** TOMOYO Linux start. *****/ \
> + .domain_info = &KERNEL_DOMAIN, \
> + .tomoyo_flags = 0, \
> + /***** TOMOYO Linux end. *****/ \
> }
ifdef's ?
>
> --- linux-2.6.25-rc8-mm1.orig/include/linux/sched.h
> +++ linux-2.6.25-rc8-mm1/include/linux/sched.h
> @@ -29,6 +29,11 @@
> #define CLONE_NEWNET 0x40000000 /* New network namespace */
> #define CLONE_IO 0x80000000 /* Clone io context */
>
> +/***** TOMOYO Linux start. *****/
> +struct domain_info;
> +extern struct domain_info KERNEL_DOMAIN;
> +/***** TOMOYO Linux end. *****/
> +
> /*
> * Scheduling policies
> */
> @@ -1278,6 +1283,10 @@ struct task_struct {
> int latency_record_count;
> struct latency_record latency_record[LT_SAVECOUNT];
> #endif
> + /***** TOMOYO Linux start. *****/
> + struct domain_info *domain_info;
> + u32 tomoyo_flags;
> + /***** TOMOYO Linux end. *****/
> };
ifdefs?
next prev parent reply other threads:[~2008-04-04 16:29 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080404122242.867070732@I-love.SAKURA.ne.jp>
2008-04-04 12:22 ` [TOMOYO #7 07/30] Some wrapper functions for socket operation Tetsuo Handa
2008-04-04 12:23 ` [TOMOYO #7 30/30] Hooks for SAKURA and TOMOYO Tetsuo Handa
2008-04-04 16:29 ` Daniel Walker [this message]
2008-04-07 13:56 ` Tetsuo Handa
2008-04-07 15:39 ` Daniel Walker
2008-04-07 15:40 ` Paul Moore
2008-04-07 22:57 ` Casey Schaufler
2008-04-09 8:37 ` Toshiharu Harada
2008-04-09 12:49 ` Stephen Smalley
2008-04-10 5:57 ` Toshiharu Harada
2008-04-10 12:51 ` Stephen Smalley
2008-04-11 11:48 ` Toshiharu Harada
2008-04-09 13:11 ` Matthew Wilcox
2008-04-09 13:26 ` Stephen Smalley
2008-04-11 14:12 ` Tetsuo Handa
2008-04-11 14:30 ` Matthew Wilcox
2008-04-12 11:33 ` Tetsuo Handa
2008-04-13 16:36 ` Serge E. Hallyn
2008-04-14 2:05 ` Crispin Cowan
2008-04-14 14:17 ` Stephen Smalley
2008-04-14 17:05 ` Casey Schaufler
2008-04-15 4:59 ` Crispin Cowan
2008-04-16 16:31 ` Stephen Smalley
2008-04-17 7:49 ` Crispin Cowan
2008-04-17 8:45 ` Jamie Lokier
2008-04-17 12:42 ` Stephen Smalley
2008-04-15 13:00 ` Toshiharu Harada
2008-04-14 1:41 ` Crispin Cowan
2008-04-14 13:48 ` Matthew Wilcox
2008-04-15 3:21 ` Crispin Cowan
2008-04-15 4:57 ` Al Viro
2008-04-09 13:22 ` Serge E. Hallyn
2008-04-11 3:57 ` Toshiharu Harada
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1207326576.21308.71.camel@localhost.localdomain \
--to=dwalker@mvista.com \
--cc=akpm@linux-foundation.org \
--cc=haradats@nttdata.co.jp \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=takedakn@nttdata.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).