|| ||Tetsuo Handa <from-tomoyo-users-en-JPay3/Yim36HaxMnTkn67Xf5DAMn2ifp@public.gmane.org> |
|| ||tomoyo-users-en-5NWGOfrQmneRv+LV9MX5uooqe+aC9MnS@public.gmane.org |
|| ||[tomoyo-users-en 141] TOMOYO Linux version 1.7.2 released. |
|| ||Thu, 1 Apr 2010 22:39:12 +0900|
|| ||Article, Thread
I released TOMOYO Linux 1.7.2 .
This release includes patches for vanilla 2.6.34-rc3 / Ubuntu 10.04 / RHEL 5.5
for changes. However, "(3) Improve garbage collector." in the above link was
removed from TOMOYO 1.7.2 because I found that there is a race problem.
Until TOMOYO 1.7.1 , to disable TOMOYO in case of emergency, we passed
"CCS=disabled" to kernel command line so that /sbin/ccs-init loads profiles
for disabled mode. This "userland disabling" calls TOMOYO's hooks inside
kernel. Thus, there was performance penalty.
Since TOMOYO 1.7.2 , to disable TOMOYO in case of emergency, we can pass
"ccsecurity=off" to kernel command line so that kernel skips calling TOMOYO's
hooks. This "kernel disabling" does not call TOMOYO's hooks inside kernel.
This means that, if TOMOYO 1.7.2 were merged into distributor's kernels, TOMOYO
does not carry performance penalty for those who don't use TOMOYO.
Also, if TOMOYO 1.7.2 is built as a loadable kernel module, TOMOYO does not
carry filesize penalty for those who don't use TOMOYO.
Regarding userland tools, /usr/sbin/ccs-sortpolicy was modified to print
/usr/sbin/ccs-sortpolicy was designed for compressing /proc/ccs/grant_log and
/proc/ccs/reject_log by sorting them by domainnames. Usage examples (assuming
that /proc/ccs/reject_log is saved as /var/log/tomoyo/reject_log.conf by
/usr/sbin/ccs-auditd ) are
# grep -A 3 -F 'profile=2 mode=permissive' /var/log/tomoyo/reject_log.conf | /usr/sbin/ccs-sortpolicy > /var/log/tomoyo/log.conf
# grep -A 3 -F 'profile=2 mode=permissive' /var/log/tomoyo/reject_log.conf | /usr/lib/ccs/convert-audit-log | /usr/sbin/ccs-sortpolicy > /var/log/tomoyo/log.conf
. You can append the sorted policy to /proc/ccs/domain_policy by
# /usr/sbin/ccs-loadpolicy -d < /var/log/tomoyo/log.conf
or to /etc/ccs/domain_policy.conf by
# cat /var/log/tomoyo/log.conf >> /etc/ccs/domain_policy.conf
Since "use_profile" lines changes access control mode of a domain
(e.g. profile 1 is for learning mode, profile 3 is for enforcing mode) but
/var/log/tomoyo/reject_log.conf may contain conflicting entries (e.g.
"use_profile 1" and "use_profile 3") regarding the same domain, it is dangerous
to append /var/log/tomoyo/log.conf to /proc/ccs/domain_policy or
to /etc/ccs/domain_policy.conf if there are conflicting "use_profile" lines.
Thus, I made /usr/sbin/ccs-sortpolicy remove "use_profile" lines so that
/var/log/tomoyo/log.conf won't unexpectedly change current access control mode
specified by /proc/ccs/domain_policy or by /etc/ccs/domain_policy.conf .
But since the ability to sort /proc/ccs/domain_policy or
/etc/ccs/domain_policy.conf seems to be useful, I modified
/usr/sbin/ccs-sortpolicy to print "use_profile" line.
(As with /proc/ccs/domain_policy , if there are multiple "use_profile" lines
regarding the same domain, only the line specified last is printed.)