[tomoyo-users 869] Linux 3.1 からは TOMOYO 2.4 になります。

Discussion:

Tetsuo Handa

2011-06-29 05:10:57 UTC

TOMOYO 2.4 $B$K8~$1$?%3%"ItJ,$NJQ99$,%^!<%8$5$l$^$7$?!#(B
TOMOYO 2.4 $B$N9=J8$O(B TOMOYO 1.8.2 $B$H;w$?$b$N$K$J$j$^$9!#(B

$B9=J8$NJQ2=!JNc$($P(B allow_rewrite $B$,:o=|$5$l(B file append $B$,DI2C$5$l$?!K$KH<$$!"(B
TOMOYO 2.3 $BMQ$N%]%j%7!<%U%!%$%k$O(B TOMOYO 2.4 $B$G$O;H$($J$/$J$j$^$9$N$G$4N;>5(B
$B$/$@$5$$!#<!$O!">r7oIU$-%"%/%;%95v2D!JNc$($P%W%m%;%9$N(B UID $B$K4p$E$/%"%/%;%9(B
$B@)8B!K$rDs0F$9$k$D$b$j$G$9!#(B

$B$3$l$+$i(B TOMOYO 2.4 $B$N%I%-%e%a%s%H$***@0Hw$r;O$a$^$9!#(B
$B0J2<$NE@$r=|$$$F!";H$$J}$O4pK\E*$K(B TOMOYO 1.8.2 $B$HF1MM$G$9!#(B

(1) TOMOYO 1.8.2 $B$K4^$^$l$F$$$k5!G=$N0lIt$O(B TOMOYO 2.4 $B$K$O4^$^$l$F$$$^$;$s!#(B
(2) $B%D!<%k$N%W%l%U%#%C%/%9$O(B ccs- $B$G$O$J$/(B tomoyo- $B$G$9!#(B
(3) $B%]%j%7!<$N%$%s%?%U%'!<%9$O(B /proc/ccs/ $B$G$O$J$/(B /sys/kernel/security/tomoyo/
$B!!!!$G$9!#(B
(4) $B%]%j%7!<%U%!%$%k$NCV$->l=j$O(B /etc/ccs/ $B$G$O$J$/(B /etc/tomoyo/ $B$G$9!#(B

$B!J$^$@%+!<%M%kB&$GBP1~$7$F$$$J$$5!G=MQ$N%3!<%I$,4^$^$l$F$$$k>uBV$G$9$,!K(B
TOMOYO 2.4 $BMQ$N(B tomoyo-tools $B$O0J2<$N>l=j$K$"$j$^$9!#(B
http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.4.x/tomoyo-tools.tar.gz?root=tomoyo&view=tar

openSUSE 12.1 $B$K$F!"(B TOMOYO 2.3 $B$,;H$($k$h$&$K$J$j$^$9!#(B
https://bugzilla.novell.com/show_bug.cgi?id=668381

TOMOYO 1.8.2 $B$N%P%$%J%j%Q%C%1!<%8$N:***@.$,40N;$7$^$7$?!#(B
YUM/APT $B%l%]%8%H%j$+$i%@%&%s%m!<%I$G$-$^$9!#(B
$B:G?7$N%=!<%9%U%!%$%k(B tarball $B$O(B ccs-patch-1.8.2-20110626.tar.gz
ccs-tools-1.8.2-20110626.tar.gz akari-1.0.15-20110626.tar.gz $B$G$9!#(B

TOMOYO 1.7.2 $B$GG$0U$N%I%a%$%s$X$NA+0\$rG'$a$k$h$&$K$J$C$?$N$KH<$$!"!JNc$($P(B
task manual_domain_transition <kernel> /sbin/init /bin/login /bin/sh $B$H(B
task manual_domain_transition <kernel> /sbin/init /bin/login2 /bin/sh $B$H$$$&(B
$B#2$D$,;XDj$5$l$F$$$k>l9g!"!K%]%j%7!<%(%G%#%?$N%I%a%$%sA+0\@h$NI=<($,***@53N$+$D(B
$BIT==J,$G$"$k!J$3$NNc$@$H$I$A$i$bKvHx$,(B /bin/sh $B$G$"$k$?$a6hJL$G$-$J$$!K$3$H$,(B
$BH=L@$7$?$?$a!"%I%a%$%sA+0\@h$NI=<(J}K!$rKvHx$@$1$G$J$/A4BN$rI=<($9$k$h$&$K(B
$BJQ99$7$^$7$?!#(B

1.8.2 $B$^$G!'(B Loading Image...

1.8.2 $B0J9_!'(B Loading Image...

Toshiharu Harada

2011-06-29 05:30:01 UTC

Permalink

$B86ED(B@$B?M4V%I%C%/$G(BCT$B8!::BT$A$G$9!#(B

openSUSE$B<!4|%P!<%8%g%s$X$NEk:\$KB3$/!"$J$+$J$+?J$^$J$+$C$?#27O$NDs0F$NBg$-$JA0?J$r?4$+$i$&$l$7$/;W$$$^$9!#J8;zDL$j!"H>ED$5$s$NITCG$NEXNO$HG.0U$N;rJ*$G$9!#(B

Post by Tetsuo Handa
TOMOYO 2.4 $B$K8~$1$?%3%"ItJ,$NJQ99$,%^!<%8$5$l$^$7$?!#(B
TOMOYO 2.4 $B$N9=J8$O(B TOMOYO 1.8.2 $B$H;w$?$b$N$K$J$j$^$9!#(B
$B9=J8$NJQ2=!JNc$($P(B allow_rewrite $B$,:o=|$5$l(B file append $B$,DI2C$5$l$?!K$KH<$$!"(B
TOMOYO 2.3 $BMQ$N%]%j%7!<%U%!%$%k$O(B TOMOYO 2.4 $B$G$O;H$($J$/$J$j$^$9$N$G$4N;>5(B
(1) TOMOYO 1.8.2 $B$K4^$^$l$F$$$k5!G=$N0lIt$O(B TOMOYO 2.4 $B$K$O4^$^$l$F$$$^$;$s!#(B
(2) $B%D!<%k$N%W%l%U%#%C%/%9$O(B ccs- $B$G$O$J$/(B tomoyo- $B$G$9!#(B
(3) $B%]%j%7!<$N%$%s%?%U%'!<%9$O(B /proc/ccs/ $B$G$O$J$/(B /sys/kernel/security/tomoyo/
$B!!!!$G$9!#(B
(4) $B%]%j%7!<%U%!%$%k$NCV$->l=j$O(B /etc/ccs/ $B$G$O$J$/(B /etc/tomoyo/ $B$G$9!#(B
TOMOYO 2.4 $BMQ$N(B tomoyo-tools $B$O0J2<$N>l=j$K$"$j$^$9!#(B
http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.4.x/tomoyo-tools.tar.gz?root=tomoyo&view=tar
openSUSE 12.1 $B$K$F!"(B TOMOYO 2.3 $B$,;H$($k$h$&$K$J$j$^$9!#(B
https://bugzilla.novell.com/show_bug.cgi?id=668381
$B:G?7$N%=!<%9%U%!%$%k(B tarball $B$O(B ccs-patch-1.8.2-20110626.tar.gz
ccs-tools-1.8.2-20110626.tar.gz akari-1.0.15-20110626.tar.gz $B$G$9!#(B
TOMOYO 1.7.2 $B$GG$0U$N%I%a%$%s$X$NA+0\$rG'$a$k$h$&$K$J$C$?$N$KH<$$!"!JNc$($P(B
task manual_domain_transition <kernel> /sbin/init /bin/login /bin/sh $B$H(B
task manual_domain_transition <kernel> /sbin/init /bin/login2 /bin/sh $B$H$$$&(B
$BJQ99$7$^$7$?!#(B
1.8.2 $B$^$G!'(B http://sourceforge.jp/projects/tomoyo/svn/view/branches/old.png?view=markup&root=tomoyo&pathrev=5176
1.8.2 $B0J9_!'(B http://sourceforge.jp/projects/tomoyo/svn/view/branches/new.png?view=markup&root=tomoyo&pathrev=5176

yocto

2011-06-29 15:13:53 UTC

Permalink

$B%/%9%N$G$9!#(B

Tetsuo Handa

2011-07-07 14:59:56 UTC

Permalink

Tetsuo Handa $B$5$s$O=q$-$^$7$?!'(B
TOMOYO 2.4 $BMQ$N%I%-%e%a%s%H$rMQ0U$7$^$7$?!#(B http://tomoyo.sourceforge.jp/2.4/
$B%9%/%j!<%s%7%g%C%H$O(B CentOS 6 $B$r;H$C$F;#$j$J$*$9$D$b$j$G$9!#(B

$B:#$^$G$N$H$3$m!"%+!<%M%k(B 2.6.38 $B$H(B 3.1 $B$H$N4V$G(B security/tomoyo/ $B%G%#%l%/%H%j(B
$BFb$N%U%!%$%k$N=$@5$rI,MW$H$9$k$h$&$JJQ99$***@8$8$F$$$^$;$s!#$=$N$?$a!"%+!<%M%k(B
2.6.38 / 2.6.39 / 3.0 $B$G$b!"%+!<%M%k(B 3.1 $B$N(B security/tomoyo/ $B%G%#%l%/%H%jFb$N(B
$B%U%!%$%k$r>e=q$-%3%T!<$9$k$@$1$G!"(B TOMOYO 2.4 $B$r;H$&$3$H$,$G$-$kH&$G$9!#(B

TOMOYO 1.8.2 $B$N(B /proc/ccs/.domain_status $B$*$h$S(B TOMOYO 2.4 $B$N(B
/sys/kernel/security/tomoyo/.domain_status $B$K(B

--- a/security/ccsecurity/policy_io.c
+++ b/security/ccsecurity/policy_io.c
@@ -1846,7 +1846,7 @@
return -EINVAL;
domain = ccs_find_domain(cp + 1);
if (domain && (!ccs_policy_loaded ||
- head->w.ns->profile_ptr[(u8) profile]))
+ domain->ns->profile_ptr[(u8) profile]))
domain->profile = (u8) profile;
return 0;
}

$B$H$$$&=$@5$,I,MW$JIT6q9g$,H/8+$5$l$^$7$?$,!"(B /proc/ccs/.domain_status $B$O(B
/usr/sbin/ccs-setprofile $B$@$1$,;H$C$F$*$j!"(B /proc/ccs/.domain_status $B$N5!G=$O(B
/proc/ccs/domain_policy $B$N%5%V%;%C%H$G$"$k$?$a!"$3$NIT6q9g$r=$@5$9$k$N$G$O$J$/(B
/proc/ccs/.domain_status $B$r:o=|$9$k$3$H$K$7$^$7$?!#:G?7$N%=!<%9%U%!%$%k$O(B
ccs-patch-1.8.2-20110707.tar.gz ccs-tools-1.8.2-20110707.tar.gz
akari-1.0.16-20110707.tar.gz $B$G$9!#I,MW$G$"$l$P%]%j%7!<%U%!%$%kFb$N(B
proc:/ccs/.domain_status $B$r(B proc:/ccs/domain_policy $B$KCV49$7$F$/$@$5$$!#(B

TOMOYO 2.3 $B$K%;%-%e%j%F%#>e$N7g4Y$,8+$D$+$j$^$7$?!#<1JLHV9f(B CVE-2011-2518
$B$H$7$F07$o$l$F$$$^$9!#(B
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4e78c724d47e2342aa8fde61f6b8536f662f795f
$B?.Mj$G$-$J$$%f!<%6$K%7%'%k%"%/%;%9$rG'$a$F$$$k>l9g!"%+!<%M%k$N%"%C%W%G!<%H$r(B
$B9T$C$F$/$@$5$$!#(B TOMOYO 1.x $B$G$O(B NULL $B$G$J$$$+$I$&$+$r%A%'%C%/$9$k%i%C%Q!<$r(B
$B;HMQ$7$F$$$k$?$a!"(B TOMOYO 1.x $B$K$O$3$N7g4Y$OB8:_$7$^$;$s!#(B

Tetsuo Handa

2011-07-11 11:52:40 UTC

Permalink

Tetsuo Handa $B$5$s$O=q$-$^$7$?!'(B
TOMOYO 2.4 $B8~$1$N>r7oIU$-%"%/%;%95v2D$N%Q%C%A$,(B accept $B$5$l$?$N$G!"(B
$BHf3SI=$r99?7$7$^$7$?!#(B http://tomoyo.sourceforge.jp/comparison.html

CentOS 6.0 $B$,%j%j!<%9$5$l$^$7$?$N$G!"(B
http://tomoyo.sourceforge.jp/repos-1.[78]/RHEL6/ $B$r(B
http://tomoyo.sourceforge.jp/repos-1.[78]/CentOS6/ $B$K%j%M!<%`$7!"(B
CentOS 6 $B%+!<%M%k$N%=!<%9$rMQ$$$F%3%s%Q%$%k$5$l$?(B i686 $BMQ%Q%C%1!<%8$r(B
$B%"%C%W%m!<%I$7$^$7$?!#(B

Tetsuo Handa

2011-08-19 08:25:51 UTC

Permalink

Post by Tetsuo Handa
$B:#$^$G$N$H$3$m!"%+!<%M%k(B 2.6.38 $B$H(B 3.1 $B$H$N4V$G(B security/tomoyo/ $B%G%#%l%/%H%j(B
2.6.38 / 2.6.39 / 3.0 $B$G$b!"%+!<%M%k(B 3.1 $B$N(B security/tomoyo/ $B%G%#%l%/%H%jFb$N(B

$B%+!<%M%k(B 2.6.33 $B!A(B 2.6.37 $B8~$1$N%P%C%/%]!<%H%Q%C%A$rDI2C$7$^$7$?!#(B
http://tomoyo.sourceforge.jp/2.4/patches/
$B$3$l$K$h$j!"!J%P%C%/%]!<%H$rMFG'$G$-$k$N$G$"$l$P!K%+!<%M%k(B 2.6.33 $B0J9_$G(B
TOMOYO 2.4 $B$rMxMQ$G$-$k$h$&$K$J$j$^$7$?!#(B

Tetsuo Handa

2011-09-14 08:24:31 UTC

Permalink

$B!V(B execve() $B$KEO$5$l$k4D6-JQ?tL>$r%A%'%C%/$9$k5!G=!W!V%M%C%H%o!<%/Aw?.;~$***@h(B
$B%"%I%l%9$r%A%'%C%/$9$k5!G=!W!V!J<g$K(B Apache $B$N%P!<%A%c%k%[%9%H$KBP1~$9$k$?$a$N!K(B
execve() $B$rH<$o$J$$$G%I%a%$%sA+0\$r$9$k5!G=!W$,:NMQ$5$l$^$7$?$N$G!"(B TOMOYO 2.5
$B$H$7$^$9!#(B http://tomoyo.sourceforge.jp/comparison.html

$B8=;~E@$G$O%]%j%7!<$r:n$j$J$*$9I,MW$,@8$8$k$h$&$JJQ99E@$O$J$$$?$a!"(B
TOMOYO 2.4 $BMQ$N%]%j%7!<$r(B TOMOYO 2.5 $B$G$b$=$N$^$^;H$($k$h$&$K(B
/sbin/tomoyo-init $BFb$G%W%m%U%!%$%k$***@0$r9T$&M=Dj$G$9!#(B

openSUSE 12.1 $B$G$O(B Linux 3.1 $B$rEk:\$9$k$3$H$K$J$C$?$N$G!"(B
TOMOYO 2.3 $B$G$O$J$/(B TOMOYO 2.4 $B$,;H$($k$h$&$K$J$j$^$9!#(B

Tetsuo Handa

2011-09-20 12:45:10 UTC

Permalink

$B%I%i%U%HHG$,=PMh$^$7$?!#(B http://tomoyo.sourceforge.jp/2.5/
TOMOYO 2.4 $B$HF1MM!"(B Linux 2.6.33 $B!A(B 3.1 $B$X$N%P%C%/%]!<%H%Q%C%A$,MxMQ$G$-$^$9!#(B

http://sourceforge.jp/projects/tomoyo/lists/archive/dev-en/2011-September/000322.html
$B$G<($5$l$F$$$k%I%a%$%sA+0\;XDj$b(B TOMOYO 2.5 $B$GMxMQ$G$-$k$h$&$K$J$j$^$9!#(B
$B!J$?$@$7!"@bL@%Z!<%8$K$O$^$@H?1G$5$l$F$$$^$;$s!#!K(B

$B8=:_(B kernel.org $B$+$i(B tarball $B$r%@%&%s%m!<%I$G$-$J$$>uBV$G$9$,!"(B github.com $B$+$i(B
3.1-rc6 $B!J$^$b$J$/(B 3.1-rc7 $B!K$N(B tarball $B$r%@%&%s%m!<%I$G$-$^$9!#(B

wget -O linux-3.1-rc6.tar.gz https://github.com/torvalds/linux/tarball/v3.1-rc6

$B$=$l$+$i!"(B ccs-tools $B%Q%C%1!<%8$N%"%C%W%G!<%H$H(B TOMOYO 1.8.2 LiveCD $B$N(B
$B%"%C%W%G!<%H$r9T$$$^$7$?!#(B

/usr/sbin/ccs-editpolicy
Fix infinite recursion if "task auto_domain_transition" or
"task manual_domain_transition" entries are given to exception policy
using "acl_group" keyword.

--- 1.8.2p4/ccstools/usr_sbin/editpolicy.c
+++ 1.8.2p5/ccstools/usr_sbin/editpolicy.c
@@ -1609,7 +1609,8 @@ static void ccs_parse_exception_line(con
return;
for (index = 0; index < ccs_dp.list_len; index++) {
char *cp;
- if (ccs_dp.list[index].group != group)
+ const struct ccs_domain *ptr = &ccs_dp.list[index];
+ if (ptr->group != group || ptr->target || ptr->is_dd)
continue;
cp = ccs_strdup(line);
ccs_parse_domain_line(ns, cp, index, false);