@ Allow address grouping.
To reduce the labor of repeating similar IPv4/IPv6 addresses,
I introduced a macro 'address_group' to make group such addresses.
For example, you had to give like
allow_network TCP accept 10.0.0.0-10.255.255.255 1024-65535
allow_network TCP accept 172.16.0.0-172.31.255.255 1024-65535
allow_network TCP accept 192.168.0.0-192.168.255.255 1024-65535
but now, you can give just
allow_network TCP accept @localnet 1024-65535
if you give
address_group localnet 10.0.0.0-10.255.255.255
address_group localnet 172.16.0.0-172.31.255.255
address_group localnet 192.168.0.0-192.168.255.255
in the exception policy.
@ Remove obsolete functions.
@ Add some hooks.
Read permission check is done if open_exec()
is called from search_binary_handler().
Read permission check is not done if open_exec()
is called from do_execve(), instead,
execute permission check is done at
I moved the location of calling CheckCapabilityACL()
and CheckMountPermission() from sys_mount() to do_mount().
@ Use 'unsigned int' for sscanf().
I compiled SYAORAN fs on x86_64 environment and found
the compiler showing warning messages about size of data types.
Since size of data types may mismatch for sscanf(),
I replaced some types with 'unsigned int'.
Version 1.4 2007/04/01 x86_64 support release.