ダウンロードリスト

プロジェクト概要

システムを解析および保護するためのセキュリティモジュール TOMOYO Linux は Linux 向けの強制アクセス制御( MAC )の実装で、システムのセキュリティを高める用途は勿論、システムの解析を行う用途でも使えるツールです。このプロジェクトは2003年3月に始まり、2012年3月までは株式会社NTTデータがスポンサーとなって開発されました。 TOMOYO Linux はシステムの振る舞いに注目します。プロセスは何かの目的を達成するために生成されます。 TOMOYO Linux は(出入国審査官のように)それぞれのプロセスに対して目的を達成するのに必要な振る舞いや資源について報告させることができます。また、保護モードを有効にすることにより、(運用監視人のように)システム管理者により承認された振る舞いと資源へのアクセスのみを許可することもできます。

リリース時刻: 2006-11-11 00:00
ccs-patch 1.3-20061111

名前 サイズ ハッシュ 日付 ダウンロード数
ccs-patch-1.3-20061111.tar.gz 327.96 KB 2006-11-09 10:10 175
ccs-patch-1.3-20070519.tar.gz 592.82 KB 2007-05-19 16:54 47

リリースノート

リリースノートはありません

変更履歴

Fix 2006/09/30

@ Fix CheckFilePerm() in fs/tomoyo_file.c .

The location to call path_release() was too early.

Fix 2006/10/02

@ Support per-domain profile.

It became possible to assign different profiles for different domains.
This will help administrators using building up approach.

Fix 2006/10/05

@ Change parameters for CheckFilePerm().

I was re-resolving pathnames inside CheckFilePerm() even though
the caller function already resolved them.
So I changed to pass dentry and vfsmount instead of pathname,
and removed changes made on 2006/09/30.

Fix 2006/10/06

@ Support deny_rewrite and allow_rewrite permission.

It became possible to make regular files append-only
using "deny_rewrite" directive in exception policy and
override it using "allow_rewrite" directive in domain policy.

Regular files specified using "deny_rewrite" directive
can't be open()ed with O_TRUNC or without O_APPEND,
can't be truncate()ed or ftruncate()ed,
can't be turned O_APPEND flag off using fcntl(F_SETFL)
unless specified using "allow_rewrite" directive.

Fix 2006/10/12

@ Enable configuration options by default for kernel config.

CONFIG_SAKURA and CONFIG_TOMOYO are now 'y' by default
and CONFIG_SYAORAN is now 'm' by default.

Fix 2006/10/13

@ Use external policy loader.

Until now, policies are loaded when /sbin/init starts and
initial control levels are switched using CCS= parameter.
But since some boxes have to fixate kernel command line options
at compilation time, I think it will become more flexible
by running external policy loader using init= parameter so that
initial control levels can be specified before /sbin/init starts.

Call panic() if initial control levels are not specified.

Fix 2006/10/16

@ Add missing parameter in FindNextDomain().

'struct file' was needed for allowing 'if path1.*' checks.

Fix 2006/10/23

@ Print error messages in CheckFlags().

Some users seem to have troubles picking up all necessary
entries for the configuration file of SYAORAN filesystem
since makesyaoranconf can't pick up entries that are
nonexistent at the time.
I added error message so that users can find missing entries
using dmesg.

Fix 2006/10/24

@ Change /proc/ccs/info/self_domain .

I changed /proc/ccs/info/self_domain to return
the domain of open time rather than first read time.
This modification makes shell's redirection usage
more convenient since redirection opens file
but doesn't read at the time.

'cat < /proc/ccs/info/self_domain' will return
the domain of shell, and
'cat /proc/ccs/info/self_domain' will return
the domain of cat .

Fix 2006/11/06

@ Replace MAX_ENFORCE_GRACE with ALLOW_ENFORCE_GRACE.

Since it was inconvenient that requests that are waiting for
supervisor's decision are rejected automatically when
MAX_ENFORCE_GRACE seconds has elapsed, I modified WriteAnswer()
reset timeout counter whenever a supervisor's decision is written
and I modified ccs-queryd write a dummy decision every seconds
so that the requests won't be rejected automatically as long as
ccs-queryd is running.
This change made MAX_ENFORCE_GRACE's meaning boolean.
So I fixated MAX_ENFORCE_GRACE to 10 seconds and removed
MAX_ENFORCE_GRACE parameter.
To allow administrators selectively enable "delayed enforcing"
mode, I added ALLOW_ENFORCE_GRACE parameter.
The behavior of "delayed enforcing" mode is defined
in the following order.

(1) The requests are rejected immediately if ALLOW_ENFORCE_GRACE=0.
(2) The requests are rejected immediately
if nobody is opening /proc/ccs/policy/query interface.
(3) The requests won't be rejected automatically
if ALLOW_ENFORCE_GRACE=1 and ccs-queryd is running.
(4) The requests will be rejected in 10 seconds
if somebody other than ccs-queryd (such as less(1)) is
opening /proc/ccs/policy/query interface, for
such process doesn't write dummy decisions.

Version 1.3 2006/11/11 First anniversary release.