|From:||Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>|
|Subject:||TOMOYO patches for Linux 3.2 (Try #2)|
|Date:||Sat, 10 Sep 2011 15:21:44 +0900|
[1/5] TOMOYO: Add environment variable name restriction support. [2/5] TOMOYO: Add socket operation restriction support. [3/5] TOMOYO: Allow controlling generation of access granted logs for per an entry basis. [4/5] TOMOYO: Allow domain transition without execve(). [5/5] TOMOYO: Avoid race when retrying "file execute" permission check. This patchset implements below items in http://tomoyo.sourceforge.jp/comparison.html . "Features for assisting specifying numeric values" => "Allow grouping IP addresses? (address_group)" "Features for supporting Apache's virtual hosts" => "Allow domain transitions without program execution?" "Restrict executing programs? (execute)" => "Restrict permitted environment variables names?" "Access control for Networks" => "Restrict remote IP addresses and port numbers for outgoing connections?" => "Restrict remote IP addresses and port numbers for outgoing packets?" => "Restrict local IP addresses and port numbers?" => "Restrict remote UNIX addresses for outgoing connections?" => "Restrict remote UNIX addresses for outgoing packets?" => "Restrict local UNIX addresses?" Each patch in this patchset is independent. The reason I make these patches as a patchset is simply for reducing frequency of updating user's profile configuration which is required whenever a new restriction is supported. Thus, it is OK to go step by step. -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to firstname.lastname@example.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds