提交 b21597d0 编写于 作者: L Linus Torvalds

Merge branch 'for-linus' of...

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  tomoyo: version bump to 2.2.0.
  tomoyo: add Documentation/tomoyo.txt
--- What is TOMOYO? ---
TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel.
LiveCD-based tutorials are available at
http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/ubuntu8.04-live/
http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/centos5-live/ .
Though these tutorials use non-LSM version of TOMOYO, they are useful for you
to know what TOMOYO is.
--- How to enable TOMOYO? ---
Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on
kernel's command line.
Please see http://tomoyo.sourceforge.jp/en/2.2.x/ for details.
--- Where is documentation? ---
User <-> Kernel interface documentation is available at
http://tomoyo.sourceforge.jp/en/2.2.x/policy-reference.html .
Materials we prepared for seminars and symposiums are available at
http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 .
Below lists are chosen from three aspects.
What is TOMOYO?
TOMOYO Linux Overview
http://sourceforge.jp/projects/tomoyo/docs/lca2009-takeda.pdf
TOMOYO Linux: pragmatic and manageable security for Linux
http://sourceforge.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf
TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box
http://sourceforge.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf
What can TOMOYO do?
Deep inside TOMOYO Linux
http://sourceforge.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf
The role of "pathname based access control" in security.
http://sourceforge.jp/projects/tomoyo/docs/lfj2008-bof.pdf
History of TOMOYO?
Realities of Mainlining
http://sourceforge.jp/projects/tomoyo/docs/lfj2008.pdf
--- What is future plan? ---
We believe that inode based security and name based security are complementary
and both should be used together. But unfortunately, so far, we cannot enable
multiple LSM modules at the same time. We feel sorry that you have to give up
SELinux/SMACK/AppArmor etc. when you want to use TOMOYO.
We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM
version of TOMOYO, available at http://tomoyo.sourceforge.jp/en/1.6.x/ .
LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning
to port non-LSM version's functionalities to LSM versions.
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
* *
* Copyright (C) 2005-2009 NTT DATA CORPORATION * Copyright (C) 2005-2009 NTT DATA CORPORATION
* *
* Version: 2.2.0-pre 2009/02/01 * Version: 2.2.0 2009/04/01
* *
*/ */
...@@ -1773,7 +1773,7 @@ void tomoyo_load_policy(const char *filename) ...@@ -1773,7 +1773,7 @@ void tomoyo_load_policy(const char *filename)
envp[2] = NULL; envp[2] = NULL;
call_usermodehelper(argv[0], argv, envp, 1); call_usermodehelper(argv[0], argv, envp, 1);
printk(KERN_INFO "TOMOYO: 2.2.0-pre 2009/02/01\n"); printk(KERN_INFO "TOMOYO: 2.2.0 2009/04/01\n");
printk(KERN_INFO "Mandatory Access Control activated.\n"); printk(KERN_INFO "Mandatory Access Control activated.\n");
tomoyo_policy_loaded = true; tomoyo_policy_loaded = true;
{ /* Check all profiles currently assigned to domains are defined. */ { /* Check all profiles currently assigned to domains are defined. */
...@@ -1800,7 +1800,7 @@ void tomoyo_load_policy(const char *filename) ...@@ -1800,7 +1800,7 @@ void tomoyo_load_policy(const char *filename)
static int tomoyo_read_version(struct tomoyo_io_buffer *head) static int tomoyo_read_version(struct tomoyo_io_buffer *head)
{ {
if (!head->read_eof) { if (!head->read_eof) {
tomoyo_io_printf(head, "2.2.0-pre"); tomoyo_io_printf(head, "2.2.0");
head->read_eof = true; head->read_eof = true;
} }
return 0; return 0;
......
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
* *
* Copyright (C) 2005-2009 NTT DATA CORPORATION * Copyright (C) 2005-2009 NTT DATA CORPORATION
* *
* Version: 2.2.0-pre 2009/02/01 * Version: 2.2.0 2009/04/01
* *
*/ */
......
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
* *
* Copyright (C) 2005-2009 NTT DATA CORPORATION * Copyright (C) 2005-2009 NTT DATA CORPORATION
* *
* Version: 2.2.0-pre 2009/02/01 * Version: 2.2.0 2009/04/01
* *
*/ */
......
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
* *
* Copyright (C) 2005-2009 NTT DATA CORPORATION * Copyright (C) 2005-2009 NTT DATA CORPORATION
* *
* Version: 2.2.0-pre 2009/02/01 * Version: 2.2.0 2009/04/01
* *
*/ */
......
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
* *
* Copyright (C) 2005-2009 NTT DATA CORPORATION * Copyright (C) 2005-2009 NTT DATA CORPORATION
* *
* Version: 2.2.0-pre 2009/02/01 * Version: 2.2.0 2009/04/01
* *
*/ */
......
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
* *
* Copyright (C) 2005-2009 NTT DATA CORPORATION * Copyright (C) 2005-2009 NTT DATA CORPORATION
* *
* Version: 2.2.0-pre 2009/02/01 * Version: 2.2.0 2009/04/01
* *
*/ */
......
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
* *
* Copyright (C) 2005-2009 NTT DATA CORPORATION * Copyright (C) 2005-2009 NTT DATA CORPORATION
* *
* Version: 2.2.0-pre 2009/02/01 * Version: 2.2.0 2009/04/01
* *
*/ */
......
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
* *
* Copyright (C) 2005-2009 NTT DATA CORPORATION * Copyright (C) 2005-2009 NTT DATA CORPORATION
* *
* Version: 2.2.0-pre 2009/02/01 * Version: 2.2.0 2009/04/01
* *
*/ */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册