Hello.
I'm planning to release TOMOYO 1.7.1 ("4th anniversary release") on November
11th. It contains various bug fixes and some enhancements. Major changes are
shown below.
(1) Added recursive directory matching operators.
"/\{" and "\}/" are added. The pattern /\{dir\}/ matches '/' + 'One or more
repetitions of dir/' (e.g. /dir/ /dir/dir/ /dir/dir/dir/ ).
(2) Embedded more information into audit logs.
Until now, /proc/ccs/grant_log /proc/ccs/reject_log /proc/ccs/query were
not printing file's information (e.g. file's uid/gid/mode).
Recently, users who started using "if" clause expect that the learning
mode automatically adds various conditions like "if task.uid=path1.uid".
But the profile will become too complicated if I support all possible
conditions. Thus, I added all information which is enough to generate
"if" clause with all possible conditions from audit logs to audit logs.
Now, the learning mode got different usage. Users can specify
"CONFIG::learning={ max_entry=0 }" in the profile. All requests which
are not permitted by policy will be sent to /proc/ccs/reject_log with
"mode=learning" header lines. Users can selectively append conditions
and append to the policy using "/usr/sbin/ccs-loadpolicy -d".
The learning mode with "CONFIG::learning={ max_entry=0 }" is almost
the same with the permissive mode, only difference is "mode=learning"
and "mode=permissive".
(3) Made pathname for activating TOMOYO configurable.
Until now, pathnames we can use for activating TOMOYO's functionality were
hard coded (either /sbin/init or /sbin/ccs-init ). Android does not have
/sbin/init but it is difficult to start /sbin/ccs-init before daemon
processes starts. Thus, I decided to activate TOMOYO when /init starts.
I made the alternative trigger ( /sbin/ccs-start ) and the default policy
loader ( /sbin/ccs-init ) configurable. You can specify different pathnames
(e.g. /init or /linuxrc ) instead of /sbin/ccs-init for environments which
do not have /sbin/init .
(4) Fixed oops when path_group and number_group were not read out atomically.
I forgot to escape from nested loops correctly when reading path_group and
number_group. As a result, reading path_group and number_group caused
kernel oops when they were not read atomically.
(5) Fixed memory leak when the same address_group was added.
I forgot to call kfree() if same address_group was added.
(6) Fixed buffer contention when allow_env is used with argv[]/envp[].
A permission like
allow_env PATH if exec.envp["PATH"]="/"
was not working since I was using the same buffer for both environment
variable's name and value.
(7) Fixed stall or incorrect comparison when "if" clause exceeded 255 bytes.
I was using "u8" for size parameter by error. As a result, when
size >= 256 was passed to ccs_memcmp(), it was doing partial comparison
(incorrect result) or read overrun (CPU stall). "if" clause can exceeded
255 bytes if complicated condition was given.
(8) Fixed error code when execute_handler and denied_execute_handler failed.
ccs_try_alt_exec() was returning ENOMEM when kmalloc() failed.
It needs to return -ENOMEM to fail.
You can download a snapshot from
http://sourceforge.jp/projects/tomoyo/svn/view/trunk/1.7.x/ccs-patch.tar.gz?root=tomoyo&revision=3134&view=tar
Ubuntu 9.10's kernel is built with both AppArmor and TOMOYO, but TOMOYO 2.2.0
is terribly lacking in functionality (e.g. no audit logs, no network). Thus, I
will provide TOMOYO 1.7.x binary packages for Ubuntu 9.10 . You can download
binary kernel packages for Ubuntu 9.10 (made using above snapshot) from
http://tomoyo.sourceforge.jp/incoming/linux-image-2.6.31-14-ccs1.7.1-pre_2.6.31-14.48_i386.deb
http://tomoyo.sourceforge.jp/incoming/linux-headers-2.6.31-14-ccs1.7.1-pre_2.6.31-14.48_i386.deb
http://tomoyo.sourceforge.jp/incoming/linux-headers-2.6.31-14_2.6.31-14.48_all.deb
http://tomoyo.sourceforge.jp/incoming/linux-libc-dev_2.6.31-14.48_i386.deb
Regards.
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
