Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

+55

Documentation/tomoyo.txt

··· 1 + --- What is TOMOYO? --- 2 + 3 + TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel. 4 + 5 + LiveCD-based tutorials are available at 6 + http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/ubuntu8.04-live/ 7 + http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/centos5-live/ . 8 + Though these tutorials use non-LSM version of TOMOYO, they are useful for you 9 + to know what TOMOYO is. 10 + 11 + --- How to enable TOMOYO? --- 12 + 13 + Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on 14 + kernel's command line. 15 + 16 + Please see http://tomoyo.sourceforge.jp/en/2.2.x/ for details. 17 + 18 + --- Where is documentation? --- 19 + 20 + User <-> Kernel interface documentation is available at 21 + http://tomoyo.sourceforge.jp/en/2.2.x/policy-reference.html . 22 + 23 + Materials we prepared for seminars and symposiums are available at 24 + http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 . 25 + Below lists are chosen from three aspects. 26 + 27 + What is TOMOYO? 28 + TOMOYO Linux Overview 29 + http://sourceforge.jp/projects/tomoyo/docs/lca2009-takeda.pdf 30 + TOMOYO Linux: pragmatic and manageable security for Linux 31 + http://sourceforge.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf 32 + TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box 33 + http://sourceforge.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf 34 + 35 + What can TOMOYO do? 36 + Deep inside TOMOYO Linux 37 + http://sourceforge.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf 38 + The role of "pathname based access control" in security. 39 + http://sourceforge.jp/projects/tomoyo/docs/lfj2008-bof.pdf 40 + 41 + History of TOMOYO? 42 + Realities of Mainlining 43 + http://sourceforge.jp/projects/tomoyo/docs/lfj2008.pdf 44 + 45 + --- What is future plan? --- 46 + 47 + We believe that inode based security and name based security are complementary 48 + and both should be used together. But unfortunately, so far, we cannot enable 49 + multiple LSM modules at the same time. We feel sorry that you have to give up 50 + SELinux/SMACK/AppArmor etc. when you want to use TOMOYO. 51 + 52 + We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM 53 + version of TOMOYO, available at http://tomoyo.sourceforge.jp/en/1.6.x/ . 54 + LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning 55 + to port non-LSM version's functionalities to LSM versions.

+3 -3

security/tomoyo/common.c

··· 5 5 * 6 6 * Copyright (C) 2005-2009 NTT DATA CORPORATION 7 7 * 8 - * Version: 2.2.0-pre 2009/02/01 8 + * Version: 2.2.0 2009/04/01 9 9 * 10 10 */ 11 11 ··· 1773 1773 envp[2] = NULL; 1774 1774 call_usermodehelper(argv[0], argv, envp, 1); 1775 1775 1776 - printk(KERN_INFO "TOMOYO: 2.2.0-pre 2009/02/01\n"); 1776 + printk(KERN_INFO "TOMOYO: 2.2.0 2009/04/01\n"); 1777 1777 printk(KERN_INFO "Mandatory Access Control activated.\n"); 1778 1778 tomoyo_policy_loaded = true; 1779 1779 { /* Check all profiles currently assigned to domains are defined. */ ··· 1800 1800 static int tomoyo_read_version(struct tomoyo_io_buffer *head) 1801 1801 { 1802 1802 if (!head->read_eof) { 1803 - tomoyo_io_printf(head, "2.2.0-pre"); 1803 + tomoyo_io_printf(head, "2.2.0"); 1804 1804 head->read_eof = true; 1805 1805 } 1806 1806 return 0;

+1 -1

security/tomoyo/common.h

+1 -1

security/tomoyo/domain.c

+1 -1

security/tomoyo/file.c

+1 -1

security/tomoyo/realpath.c

+1 -1

security/tomoyo/realpath.h

+1 -1

security/tomoyo/tomoyo.c

+1 -1

security/tomoyo/tomoyo.h

Configure Feed

Configure Feed