Toshiharu Harada
harad****@nttda*****
2007年 7月 22日 (日) 18:26:12 JST
原田です。 BoFの後考えている取り組み(予定)について、7月20日 SELinuxのStephenに打診してみる目的で送信した メールを転送します。 -------- Original Message -------- Subject: Re: [RFC] TOMOYO Linux Date: Fri, 20 Jul 2007 17:34:35 +0900 From: Toshiharu Harada <harad****@nttda*****> Organization: NTT DATA CORPORATION To: Stephen Smalley <sds****@tycho*****> CC: Tetsuo Handa <handa****@pm*****>, taked****@nttda***** References: <466FA****@nttda*****> <11817****@moss-*****> Hi, Stephen Smalley wrote: > If you really want feedback or to get your code into the kernel, you > need to do more than post a URL to the code - you need to break your > code down into a number of patches and post them, just like the AppArmor > folks have been doing. I'd suggest further that if you need the same > support as AppArmor (e.g. passing down the vfsmounts, the improved > d_path functions, etc), then re-base your patches off of theirs and note > that yours depend on theirs (aside from their module itself, of course). Thanks again for your time and thoughtful suggestions to TOMOYO Linux. It was a real good experience to talk with you. (I never expected you to appear my session) You showed us two options for the future plan. One is "marriage with AA" and the other is "marriage with SELinux". After having a several technical meeting, we are now aiming TOMOYO Linux as a supplemental MAC for SELinux. To do that, we are working on: i) not to use task_struct security member to store (TOMOYO) domain information. ii) adding code to SELinux to call secondary MAC (that is TOMOYO). In addition, we added network MAC to LSM version of TOMOYO Linux. If things go well, we are going to post the result to the LKML pretty soon according to your advice to Tetsuo. Stephen, I have a question for you. I remember you told us SELinux has domain generate/tracking? capabilities like TOMOYO does. I asked Japanese SELinux users but no answer was returned. Would you point me the information resource (papers/url/file anything) on that? I wanted to share my experience of OLS2007 to Japanese people, so I wrote a Wiki page and introduce it to Japanese Linux community including SELinux users ml. The content is only in Japanese (I'm sorry for that), but there are some pictures. I'll be happy if you have time to take a look. http://tomoyo.sourceforge.jp/wiki/?OLS2007-BOF Best regards, Toshiharu Harada -- 原田季栄 (Toshiharu Harada) harad****@nttda*****
TOMOYO
Fork