| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0c4b443a-9c72-4800-97e8-a3816b6a9ae2@I-love.SAKURA.ne.jp> Date: Fri, 27 Sep 2024 19:43:05 +0900 From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: LKML <linux-kernel@...r.kernel.org> Subject: [GIT PULL] tomoyo update for v6.12 The following changes since commit ada1986d07976d60bed5017aa38b7f7cf27883f7: tomoyo: fallback to realpath if symlink's pathname does not exist (2024-09-25 22:30:59 +0900) are available in the Git repository at: git://git.code.sf.net/p/tomoyo/tomoyo.git tags/tomoyo-pr-20240927 for you to fetch changes up to ada1986d07976d60bed5017aa38b7f7cf27883f7: tomoyo: fallback to realpath if symlink's pathname does not exist (2024-09-25 22:30:59 +0900) ---------------------------------------------------------------- One bugfix patch, one preparation patch, and one conversion patch. TOMOYO is useful as an analysis tool for learning how a Linux system works. My boss was hoping that SELinux's policy is generated from what TOMOYO has observed. A translated paper describing it is available at https://master.dl.sourceforge.net/project/tomoyo/docs/nsf2003-en.pdf/nsf2003-en.pdf?viasf=1 . Although that attempt failed due to mapping problem between inode and pathname, TOMOYO remains as an access restriction tool due to ability to write custom policy by individuals. I was delivering pure LKM version of TOMOYO (named AKARI) to users who cannot afford rebuilding their distro kernels with TOMOYO enabled. But since the LSM framework was converted to static calls, it became more difficult to deliver AKARI to such users. Therefore, I decided to update TOMOYO so that people can use mostly LKM version of TOMOYO with minimal burden for both distributors and users. Tetsuo Handa (3): tomoyo: preparation step for building as a loadable LSM module tomoyo: allow building as a loadable LSM module tomoyo: fallback to realpath if symlink's pathname does not exist security/tomoyo/Kconfig | 15 ++++++++ security/tomoyo/Makefile | 10 ++++- security/tomoyo/common.c | 14 ++++++- security/tomoyo/common.h | 72 ++++++++++++++++++++++++++++++++++++++ security/tomoyo/domain.c | 9 +++- security/tomoyo/gc.c | 3 + security/tomoyo/hooks.h | 110 ----------------------------------------------------------- security/tomoyo/init.c | 366 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ security/tomoyo/load_policy.c | 12 ++++++ security/tomoyo/proxy.c | 82 ++++++++++++++++++++++++++++++++++++++++++++ security/tomoyo/securityfs_if.c | 12 ++++-- security/tomoyo/util.c | 3 - 12 files changed, 585 insertions(+), 123 deletions(-)
Powered by blists - more mailing lists