This file defines prototypes and constants that are needed by hooks. Signed-off-by: Kentaro Takeda Signed-off-by: Tetsuo Handa Signed-off-by: Toshiharu Harada --- include/linux/sakura.h | 82 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) --- /dev/null +++ linux-2.6.25-rc8-mm1/include/linux/sakura.h @@ -0,0 +1,82 @@ +/* + * include/linux/sakura.h + * + * Implementation of the Domain-Free Mandatory Access Control. + * + * Copyright (C) 2005-2008 NTT DATA CORPORATION + * + * Version: 1.6.0 2008/04/01 + * + */ +/* + * A brief description about SAKURA: + * + * SAKURA stands for "Security Advancement Know-how Upon Read-only Approach". + * As the name shows, SAKURA was originally a methodology to make root fs + * read-only to avoid tampering the system files. + * But now, SAKURA is not only a methodology but also a kernel patch + * that improves the system security with less effort. + * + * SAKURA can restrict operations that affect systemwide. + * SAKURA manages the filesystem's namespace related operations so that + * files remains where the administrator expects. + */ + +#ifndef _LINUX_SAKURA_H +#define _LINUX_SAKURA_H + +#if defined(CONFIG_SAKURA) + +/* Check whether the given pathname is allowed to chroot to. */ +int ccs_check_chroot_permission(struct nameidata *nd); + +/* Check whether the mount operation with the given parameters is allowed. */ +int ccs_check_mount_permission(char *dev_name, char *dir_name, char *type, + const unsigned long *flags); + +/* Check whether the current process is allowed to pivot_root. */ +int ccs_check_pivot_root_permission(struct nameidata *old_nd, + struct nameidata *new_nd); + +/* Check whether the given mount operation hides an mounted partition. */ +int ccs_may_mount(struct nameidata *nd); + +/* Check whether the given mountpoint is allowed to umount. */ +int ccs_may_umount(struct vfsmount *mnt); + +/* Check whether the given port is allowed to autobind. */ +int ccs_may_autobind(const u16 port); + +#else + +static inline int ccs_check_chroot_permission(struct nameidata *nd) +{ + return 0; +} +static inline int ccs_check_mount_permission(char *dev_name, char *dir_name, + char *type, + const unsigned long *flags) +{ + return 0; +} +static inline int ccs_check_pivot_root_permission(struct nameidata *old_nd, + struct nameidata *new_nd) +{ + return 0; +} +static inline int ccs_may_mount(struct nameidata *nd) +{ + return 0; +} +static inline int ccs_may_umount(struct vfsmount *mnt) +{ + return 0; +} +static inline int ccs_may_autobind(const u16 port) +{ + return 0; +} + +#endif + +#endif -- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/