Today I released TOMOYO 1.8.2.
Many improvements have been made since TOMOYO 1.0.
Too many to list all, but here are some.
TOMOYO 1.1 (2006/04/01)
(01) Write permission was divided into individual permissions such as "create",
"unlink", "write".
(02) /proc/self/ was introduced in order to allow accessing only current
thread's information.
TOMOYO 1.1.1 (2006/05/15)
(03) Interactive enforcing mode was added in order to help updating policy upon
software updates.
TOMOYO 1.1.2 (2006/06/02)
(04) Aggregating executable program's pathnames was added in order to make it
possible to run temporarily programs without disabling MAC.
TOMOYO 1.1.3 (2006/07/13)
(05) Allow executing programs via symbolic links in order to make it easier to
use TOMOYO on busybox systems.
TOMOYO 1.2 (2006/09/03)
(06) Conditional permissions based on current thread's uid/gid etc. and file's
owner/group etc. was introduced in order to restrict operations by root.
TOMOYO 1.3 (2006/11/11)
(07) Per-domain profile was introduced in order to make it possible to use
TOMOYO as building up approach.
(08) Location of policy loader became configurable upon boot using CCS_loader=
option.
TOMOYO 1.3.2 (2007/02/14)
(09) Pathname grouping directive was introduced.
(10) Domain transition keeper/initializer directives were introduced.
TOMOYO 1.4.1 (2007/06/05)
(11) Pathname subtraction was introduced in order to allow users to exclude
specific files and directories such as .htaccess and ~/.ssh/ .
TOMOYO 1.5.0 (2007/09/20)
(12) Passing init=/sbin/ccs-init to the kernel boot commandline became
unnecessary.
TOMOYO 1.6.0 (2008/04/01)
(13) Allow restricting environment variables in order to make it difficult to
attack using environment variables.
(14) Allow restricting argv[]/envp[] passed to do_execve() in order to make it
difficult for shellcodes and OS-command injection vulnerability from
spawning shells and arbitrary commands.
(15) Allow carrying sleep penalty upon policy violation in enforcing mode in
order to avoid CPU power consumption by the hijacked process.
(16) Allow redirecting program execution using execute handler functionality in
order to help validating and sanitizing argv[]/envp[] arguments.
(17) Allow redirecting program execution using denied execute handler
functionality in order to help getting back the control of the hijacked
process.
TOMOYO 1.6.5 (2008/11/11)
(18) Allow caching whether the current thread was once authorized as a policy
manager or not in order to allow package managers to rename/delete the
manager programs.
TOMOYO 1.7.0 (2009/09/03)
(19) Garbage collector was introduced.
(20) Allow checking numeric arguments for file operations that receive them.
(21) Use global PID in audit logs in order to make it possible to use TOMOYO
with PID namespaces.
TOMOYO 1.7.1 (2009/11/11)
(22) Recursive pathname matching operator /\{pattern\}/ was introduced in order
to make it easier to apply TOMOYO against home directories.
TOMOYO 1.7.2 (2010/04/01)
(23) Allow domain transition without invoking do_execve() in order to make it
possible to support Apache's virtual hosts.
(24) Allow compiling TOMOYO as almost a loadable kernel module in order to make
it easier to use TOMOYO on embedded systems where the partition size for
kernel is tight.
TOMOYO 1.8.0 (2010/11/11)
(25) Allow managing per-task variables outside "struct task_struct" in order to
make it possible to use TOMOYO without breaking kernel ABI.
(26) Use proc:/self/ rather than /proc/self/ in order to make it easier to use
TOMOYO in chroot()ed environments.
(27) Allow use of ACL grouping in order to make it easier to group commonly
granted permissions.
(28) Access request granted logs became configurable for per-ACL entry basis
in order to make it easier to use TOMOYO with Xen and KVM environments.
(29) Automatic domain transition upon match was introduced in order to make it
easier to use TOMOYO in Android environments.
TOMOYO 1.8.1 (2011/04/01)
(30) Built-in policy configuration was introduced in order to make it easier to
use TOMOYO in Android environments.
TOMOYO 1.8.2 (2011/06/20)
(31) Policy namespace was introduced in order to make it easier to use TOMOYO
in LXC environments.
(32) Trigger for activation became configurable upon boot using CCS_trigger=
option in order to make it easier to use TOMOYO with systemd environments.
Now, I'm proposing TOMOYO 2.4 (made based on TOMOYO 1.8.2) for upstream. I hope
many of improvements listed above are accepted in TOMOYO 2.4. But TOMOYO 2.4
wants reviewers. Please come to LSM-ML and join the review if you can.
Regards.
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
