User: Password:
Subscribe / Log in / New account

TOMOYO patches for Linux 3.2 (Try #2)

From:  Tetsuo Handa <>
Subject:  TOMOYO patches for Linux 3.2 (Try #2)
Date:  Sat, 10 Sep 2011 15:21:44 +0900
Message-ID:  <>
Archive-link:  Article

[1/5] TOMOYO: Add environment variable name restriction support.
[2/5] TOMOYO: Add socket operation restriction support.
[3/5] TOMOYO: Allow controlling generation of access granted logs for per an entry basis.
[4/5] TOMOYO: Allow domain transition without execve().
[5/5] TOMOYO: Avoid race when retrying "file execute" permission check.

This patchset implements below items in .

"Features for assisting specifying numeric values"
=> "Allow grouping IP addresses? (address_group)"

"Features for supporting Apache's virtual hosts"
=> "Allow domain transitions without program execution?"

"Restrict executing programs? (execute)"
=> "Restrict permitted environment variables names?"

"Access control for Networks"
=> "Restrict remote IP addresses and port numbers for outgoing connections?"	=> "Restrict remote IP addresses and port numbers for outgoing packets?"
=> "Restrict local IP addresses and port numbers?"
=> "Restrict remote UNIX addresses for outgoing connections?"
=> "Restrict remote UNIX addresses for outgoing packets?"
=> "Restrict local UNIX addresses?"

Each patch in this patchset is independent. The reason I make these patches as
a patchset is simply for reducing frequency of updating user's profile
configuration which is required whenever a new restriction is supported.
Thus, it is OK to go step by step.
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to
More majordomo info at

Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds