Discussion:
[tomoyo-users 802] ポリシーの名前空間のサポートについて
Tetsuo Handa
2011-05-08 14:12:09 UTC
Permalink
$B8=:_(B tomoyo-dev-en ML $B$K$F!"%]%j%7!<$NL>A06u4VBP1~$K$D$$$F5DO@$,?J9TCf$G$9!#(B

http://sourceforge.jp/projects/tomoyo/lists/archive/dev-en/2011-May/thread.html

TOMOYO $B$N%]%j%7!<$O8=:_$N$H$3$mL>A06u4V$KBP1~$7$F$$$^$;$s!#$=$N$?$a!"(B LXC
$B%3%s%F%J$N$h$&$K(B pivot_root() $B$r;HMQ$9$k4D6-$G(B TOMOYO $B$r;H$&>l9g!"(B
$B%3%s%F%J4D6-$NCf$G<B9T$5$l$?%G!<%b%s%W%m%0%i%`$H%3%s%F%J4D6-$N30$G<B9T$5$l$?(B
$B%G!<%b%s%W%m%0%i%`$H$r6hJL$9$k$3$H$,$G$-$J$$$?$a!"4IM}<T$,K>$^$J$$7A$N%I%a%$%s(B
$BA+0\$,H/@8$7$F$7$^$$!"ITJX$G$9!#(B pivot_root() $B$K$h$j:***@.$5$l$?4D6-$O$[$H$s$I(B
$BFHN)$7$?#1Bf$N%^%7%s$H9M$($k$3$H$,$G$-$k$?$a!"$=$N4D6-$rFCJL$J$b$N$H$7$F(B
$B07$&$3$H$,K>$^$l$^$9!#$=$N$?$a!"(B TOMOYO $B$N%]%j%7!<$KL>A06u4V$rF3F~$9$k$3$H$K(B
$B$D$$$F8!F$$7$F$$$^$9!#(B

[tomoyo-dev-en 221] $B$N;~E@$G$NJ}8~@-$O!"(B

(1) $B%I%a%$%sL>$K4X$7$F!"=>Mh$N(B <kernel> $B$H$$$&%W%l%U%#%C%/%9$K2C$($F!"(B
$B!!!!(B<$namespace> $B!JNc!'(B <apache> $B!K$H$$$&7A<0$N%W%l%U%#%C%/%9$KBP1~$7!"(B
$B!!!!%W%l%U%#%C%/%9$rL>A06u4V$NL>A0$H$7$FMxMQ$9$k!#(B

(2) $B8D!9$NL>A06u4V$O!"L>A06u4V$rD6$($?43>D$rKI$0$?$a$K!"FH<+$N(B
$B!!!!(B/proc/ccs/{domain_policy,exception_policy,profile} $B$r;}$D!#(B

(3) $BL>A06u4V$r;XDj$9$k$?$a$K!"(B /proc/ccs/{exception_policy,profile} $B$N(B
$B!!!!3F9T$***@hF,$K(B namespace <$namespace> $B$H$$$&%W%l%U%#%C%/%9$r;XDj$9$k!#(B

$B$H$J$C$F$$$^$9!#$40U8+$r$*BT$A$7$F$$$^$9!#1Q8l$G;22C$5$l$k$+$?$OD>@\(B
tomoyo-dev-en $B$X!"F|K\8l$G;22C$5$l$kJ}$O(B tomoyo-dev $B$X$I$&$>!#(B
Tetsuo Handa
2011-05-26 13:35:46 UTC
Permalink
TOMOYO 1.8 $B$N%]%j%7!<L>A06u4V$N%5%]!<%H!J$H$$$&$+!"%I%a%$%sL>$N3HD%$H8F$V$N$,(B
$***@53N$+$b!)!K$K$D$$$F!";EMM$H<BAu$,$[$\8G$^$j$^$7$?!#;H$$J}$O(B
http://sourceforge.jp/projects/tomoyo/lists/archive/dev-en/2011-May/000237.html
$B$K!";EMM$O(B
http://sourceforge.jp/projects/tomoyo/lists/archive/dev-en/2011-May/000235.html
$B$K$"$j$^$9!#(B

$B%]%j%7!<L>A06u4V$N%5%]!<%H$K$h$j!"(B move_namespace $B$H(B keep_domain $B$rAH$_9g$o$;$F(B
SELinux $B$N$h$&$K%U%i%C%H$J%I%a%$%sG[CV$r$9$k$3$H$b2DG=$K$J$C$?$@$1$G$J$/!"(B
AppArmor $B$N$h$&$K%"%W%j%1!<%7%g%sC10L$N%]%j%7!<$N:***@.$r9T$$$d$9$/$J$j$^$7$?!#(B
SVN $B%l%]%8%H%j$KCV$+$l$F$$$k$b$N$G;n$;$^$9!#(B

$B!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!](B

Fedora 15 $B$,%j%j!<%9$5$l$?$N$G!"BP1~$9$k(B ccs-kernel $B%Q%C%1!<%8$*$h$S(B
ccs-tools $B%Q%C%1!<%8$r:***@.$7!"(B yum $BMQ%l%]%8%H%j$b:***@.$7$^$7$?!#(B
Toshiharu Harada
2011-05-28 13:51:27 UTC
Permalink
$B%]%j%7!<$NL>A06u4V!"(BFedora 15$B$G;n$7$F$_$^$7$?!#(B

$B:#$O!"Nc30%]%j%7!<$+$i(B/bin/bash$B$,<B9T$5$l$k$H>o$K(B
</bin/bash>$B$NL>A06u4V$KHt$P$9!"$H$$$&@_Dj$@$1$G$9$,!"(B
$B$H$F$bIT;W5D$H$$$&$+LLGr$$$H;W$$$^$9!#(B

$***@_Dj$r$7$F$_$F;W$C$?$N$O!"Nc30%]%j%7!<$K$D$$$F!"(B
file read /etc/ld.so.cache
$B$J$I$K$D$$$F!"L>A06u4V$K8B$i$:%0%k!<%P%k$JDj5A$,=q$1$k$H(B
$B$&$l$7$$$H;W$$$^$7$?!#;H$C$F$_$F!"$^$?46A[$,$"$l$P=q$-$^$9!#(B

$B4X78$"$j$^$;$s$,!"(BFedora 15, $B5/F0$,B.$$$G$9$M!#(B
Post by Tetsuo Handa
TOMOYO 1.8 $B$N%]%j%7!<L>A06u4V$N%5%]!<%H!J$H$$$&$+!"%I%a%$%sL>$N3HD%$H8F$V$N$,(B
http://sourceforge.jp/projects/tomoyo/lists/archive/dev-en/2011-May/000237.html
$B$K!";EMM$O(B
http://sourceforge.jp/projects/tomoyo/lists/archive/dev-en/2011-May/000235.html
$B$K$"$j$^$9!#(B
$B%]%j%7!<L>A06u4V$N%5%]!<%H$K$h$j!"(B move_namespace $B$H(B keep_domain $B$rAH$_9g$o$;$F(B
SVN $B%l%]%8%H%j$KCV$+$l$F$$$k$b$N$G;n$;$^$9!#(B
$B!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!](B
Fedora 15 $B$,%j%j!<%9$5$l$?$N$G!"BP1~$9$k(B ccs-kernel $B%Q%C%1!<%8$*$h$S(B
--
Toshiharu Harada
haradats-***@public.gmane.org
Toshiharu Harada
2011-05-31 04:57:43 UTC
Permalink
Post by Toshiharu Harada
$B%]%j%7!<$NL>A06u4V!"(BFedora 15$B$G;n$7$F$_$^$7$?!#(B
$B:#$O!"Nc30%]%j%7!<$+$i(B/bin/bash$B$,<B9T$5$l$k$H>o$K(B
$B$H$F$bIT;W5D$H$$$&$+LLGr$$$H;W$$$^$9!#(B
file read /etc/ld.so.cache
$B$J$I$K$D$$$F!"L>A06u4V$K8B$i$:%0%k!<%P%k$JDj5A$,=q$1$k$H(B
$B$&$l$7$$$H;W$$$^$7$?!#;H$C$F$_$F!"$^$?46A[$,$"$l$P=q$-$^$9!#(B
$B:#F|!"H>ED$5$s$K;H$$J}$r65$($F$b$i$C$F4*0c$$$7$F$$$?$3$H$,(B
$B$"$C$?$N$K5$$,$D$-$^$7$?!#(B

$B!&(Bnamespace$B$rMxMQ$9$k$?$a$K(B/etc/exception_policy.conf$B$NJQ99$OI,$:$7$b(B
$B!!I,MW$G$O$"$j$^$;$s!#(B

namespace$B$rMxMQ$9$k$?$a$K$O!"(Bprofile.conf$B$G?7$7$$(Bnamespace$BMQ$N(B
$***@_Dj$OI,?\$G$"$j!"(Bnamespace$B$rMQ$$$k$3$H$K$h$jFHN)$7$?(B
$BNc30%]%j%7!<$r;}$D$3$H$,2DG=$H$J$j$^$9$,!"I,$:$7$b(B
$BDj5A$7$?(Bnamespace$B$GNc30%]%j%7!<$r;}$DI,MW$O$"$j$^$;$s!#(B
$B!J(Bnamespace$B0JA0$N(BTOMOYO$B$GNc30%]%j%7!<$r6u$G$b;H$($k$N$HF1$8$G$9!K(B

$B!&(Bnamespace$B$NL>A0$O!"(B/bin/bash$B$N$h$&$J%Q%9L>0J30$b;H$($^$9!#(B

$BNc30%]%j%7!<$NCf$G!"(B/bin/bash$B$,<B9T$5$l$?$i<+F0E*$K(B
$B$KA+0\$9$k!"$H$$$&;H$$J}$N>l9g$K$O!"(Bnamespace$BL>$O(B</bin/bash>
$B$N$h$&$K$J$j$^$9$,!"(B<kernel>$B$N(Bnamespace$B$N$"$k%I%a%$%s$G!"(B
/bin/bash$B$,<B9T$5$l$?$iA+0\$9$k!"$H$$$&$h$&$J>l9g$K$O!"(B

file execute /bin/bash exec.realpath="/bin/bash" exec.argv[0]="-bash"
auto_namespace_transition="<harada>"

$B$N$h$&$K=q$/$H!"(B<harada>$B$H$$$&(Bnamespace$B$KA+0\$7$^$9!J$=$N$?$a$K$O!"(B
<harada>$B$rDj5A$7$F$*$+$J$$$H$$$1$^$;$s!K!#(B

$B$$$m$$$m$J;H$$J}$,$G$-$=$&$J(Bnamespace$B$G$9$,!"$H$j$"$($:$O!"(B
$B=>Mh(Binitialize_domain$B$GHt$P$7$F$$$?%W%m%0%i%`$r(Bnamespace$B$K(B
$B3d$jEv$F$k$3$H$,9M$($i$l$^$9!#(Bnamespace$B$rMQ$$$k$H!"(B
<kernel>$B%I%a%$%s$KFHN)$K(Bprofile$B$H(Bdomain, exception$B$rDj5A$G$-$k$N$G!"(B
$BDj5A$7$?ItJ,$O%b%8%e!<%k$N$h$&$K07$&$3$H$,$G$-$^$9!#(B
Post by Toshiharu Harada
$B4X78$"$j$^$;$s$,!"(BFedora 15, $B5/F0$,B.$$$G$9$M!#(B
Post by Tetsuo Handa
TOMOYO 1.8 $B$N%]%j%7!<L>A06u4V$N%5%]!<%H!J$H$$$&$+!"%I%a%$%sL>$N3HD%$H8F$V$N$,(B
http://sourceforge.jp/projects/tomoyo/lists/archive/dev-en/2011-May/000237.html
$B$K!";EMM$O(B
http://sourceforge.jp/projects/tomoyo/lists/archive/dev-en/2011-May/000235.html
$B$K$"$j$^$9!#(B
$B%]%j%7!<L>A06u4V$N%5%]!<%H$K$h$j!"(B move_namespace $B$H(B keep_domain $B$rAH$_9g$o$;$F(B
SVN $B%l%]%8%H%j$KCV$+$l$F$$$k$b$N$G;n$;$^$9!#(B
$B!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!](B
Fedora 15 $B$,%j%j!<%9$5$l$?$N$G!"BP1~$9$k(B ccs-kernel $B%Q%C%1!<%8$*$h$S(B
--
$B86ED5(1I(B (Toshiharu Harada)
haradats-***@public.gmane.org
Tetsuo Handa
2011-06-06 12:20:50 UTC
Permalink
Mauras Olivier $B$5$s$,(B TOMOYO $B$r(B LXC $B4D6-$G;H$&>e$G$N:$Fq$5$K$D$$$FJs9p$7$F(B
$B$/$l$^$7$?!#(B LXC $B4D6-$O(B pivot_root() $B$rMQ$$$F:***@.$5$l$k$?$a!"(B TOMOYO $B$O(B
LXC $B4D6-$NCf$H30$H$r6hJL$9$k$3$H$,$G$-$J$$$3$H$,860x$G$9!#(B

$B$3$NLdBj$KBP=h$9$k$?$a$K!"(B tomoyo-dev-en $B#M#L$K$F%]%j%7!<L>A06u4V$N%5%]!<%H$K(B
$B$D$$$F$N5DO@$,9T$o$l!";EMM$H<BAu$,***@.$7$^$7$?!#(B

http://tomoyo.sourceforge.jp/1.8/chapter-15.html

$B%]%j%7!<L>A06u4V$O85!9$O(B TOMOYO $B$r(B LXC $B4D6-$G;HMQ$9$k$?$a$***@_7W$5$l$^$7$?$,!"(B
LXC $B4D6-$r;HMQ$7$F$$$J$/$F$bLr$KN)$D$3$H$G$7$g$&!#$=$l$>$l$N%]%j%7!<L>A06u4V$O!"(B
$BFHN)$7$?%I%a%$%s%]%j%7!<!"Nc30%]%j%7!<!"%W%m%U%!%$%k$N%;%C%H$r;}$C$F$$$^$9!#(B
$B$"$kL>A06u4V$,;}$D%;%C%H$OB>$NL>A06u4V$,;}$D%;%C%H$H$OFHN)$7$F$$$^$9!#$3$N(B
$BFHN)@-$K$h$j!"$"$J$?!J$*$h$SFCDj$N%"%W%j%1!<%7%g%s8~$1$N%]%j%7!<$r:***@.$7$FG[I[(B
$B$7$?$$?M!K$O!"B>$NL>A06u4V$H$N43>D$r?4G[$9$k$3$H$J$/%]%j%7!<%U%!%$%k$r:***@.$9$k(B
$B$3$H$,2DG=$K$J$j$^$9!#$=$N$?$a!"(B TOMOYO $B$r(B AppArmor $B$N$h$&$K;H$&$3$H$,$G$-$k(B
$B$h$&$K$J$k$H9M$($F$$$^$9!#(B

TOMOYO 1.8.2-pre $BMQ$N%Q%C%A$O%+!<%M%k%=!<%9%G%#%l%/%H%j$+$i(B

wget -O - 'http://sourceforge.jp/projects/tomoyo/svn/view/trunk/1.8.x/ccs-patch.tar.gz?root=tomoyo&view=tar' | tar -zxf - --strip 1

$B$r<B9T$9$k$3$H$G%@%&%s%m!<%I$G$-$^$9!#$^$?!"(B TOMOYO 1.8.2-pre $BMQ$N%D!<%k$O(B

wget -O - 'http://sourceforge.jp/projects/tomoyo/svn/view/trunk/1.8.x/ccs-tools/ccstools.tar.gz?root=tomoyo&view=tar' | tar -zxf -

$B$r<B9T$9$k$3$H$G%@%&%s%m!<%I$G$-$^$9!#(B

$B<!2s(B TOMOYO 2.4 $B$rDs0F$9$k$H$-$K%]%j%7!<L>A06u4V$r4^$a$?$$$H;W$C$F$$$^$9!#(B
$B$I$&$>;n$7$F!"LdBjE@$rJs9p$7$F$/$@$5$$!#(B

Loading...