|| ||Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
|| ||firstname.lastname@example.org |
|| ||TOMOYO patches for Linux 3.2 (Try #2) |
|| ||Sat, 10 Sep 2011 15:21:44 +0900|
|| ||Article, Thread
[1/5] TOMOYO: Add environment variable name restriction support.
[2/5] TOMOYO: Add socket operation restriction support.
[3/5] TOMOYO: Allow controlling generation of access granted logs for per an entry basis.
[4/5] TOMOYO: Allow domain transition without execve().
[5/5] TOMOYO: Avoid race when retrying "file execute" permission check.
This patchset implements below items in http://tomoyo.sourceforge.jp/comparison.html .
"Features for assisting specifying numeric values"
=> "Allow grouping IP addresses? (address_group)"
"Features for supporting Apache's virtual hosts"
=> "Allow domain transitions without program execution?"
"Restrict executing programs? (execute)"
=> "Restrict permitted environment variables names?"
"Access control for Networks"
=> "Restrict remote IP addresses and port numbers for outgoing connections?" => "Restrict remote IP addresses and port numbers for outgoing packets?"
=> "Restrict local IP addresses and port numbers?"
=> "Restrict remote UNIX addresses for outgoing connections?"
=> "Restrict remote UNIX addresses for outgoing packets?"
=> "Restrict local UNIX addresses?"
Each patch in this patchset is independent. The reason I make these patches as
a patchset is simply for reducing frequency of updating user's profile
configuration which is required whenever a new restriction is supported.
Thus, it is OK to go step by step.
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to email@example.com
More majordomo info at http://vger.kernel.org/majordomo-info.html