@ Support program files aggregation.
Until now, programs that have no fixed names and their
parent programs had to be run in a trusted domain
since it is impossible to use patterns for granting
execute permission and defining domains.
I introduced a mechanism to aggregate similar programs
using 'aggregator' directive.
'aggregator /tmp/logrotate.\?\?\?\?\?\? /tmp/logrotate.tmp'
to run all temporary programs for logrotate as /tmp/logrotate.tmp
'aggregator /usr/bin/tac /bin/cat'
to run /usr/bin/tac and /bin/cat as /bin/cat
@ Unlimit max count for audit log.
I forgot to replace MAX_GRANT_LOG and MAX_REJECT_LOG with INT_MAX
so that administrators can give any size for audit logs at runtime.
@ Support individual domain ACL removal.
Until now, to remove ACLs from a domain, administrator had to
once delete and recreate that domain, which wastes a lot of memory.
I introduced a mechanism to remove domain ACL without deleting and
Administrator can delete domains or remove ACLs from domains
via /proc/ccs/policy/domain_policy .
/proc/ccs/policy/delete_domain and /proc/ccs/policy/update_domain
@ Add missing spinlock in SAKURA_MayMount().
vfsmount_lock was missing.
Version 1.1.2 2006/06/02 Functionality enhancement release.