TOMOYO Linux Changelog

New in version 1.8.3

October 3rd, 2011
  • Fix 2011/09/25
  • @ Simplify garbage collector.
  • It turned out that use of batched processing tends to choke garbage
  • collector when certain pattern of entries are queued. Thus, I replaced it
  • with sequential processing.
  • Fix 2011/09/16
  • @ Allow specifying domain transition preference.
  • I got an opinion that it is difficult to use exception policy's domain
  • transition control directives because they need to match the pathname
  • specified to "file execute" directives. For example, if "file execute
  • /bin/\*\-ls\-cat" is given, corresponding domain transition control
  • directive needs to be like "no_keep_domain /bin/\*\-ls\-cat from any".
  • To solve this difficulty, I introduced optional argument that supersedes
  • exception policy's domain transition control directives.
  • file execute /bin/ls keep exec.realpath="/bin/ls" exec.argv[0]="ls"
  • file execute /bin/cat keep exec.realpath="/bin/cat" exec.argv[0]="cat"
  • file execute /bin/\*\-ls\-cat child
  • file execute /usr/sbin/httpd exec.realpath="/usr/sbin/httpd" exec.argv[0]="/usr/sbin/httpd"
  • This argument allows transition to different domains based on conditions.
  • /usr/sbin/sshd
  • file execute /bin/bash /usr/sbin/sshd //batch-session exec.argc=2 exec.argv[1]="-c"
  • file execute /bin/bash /usr/sbin/sshd //root-session task.uid=0
  • file execute /bin/bash /usr/sbin/sshd //nonroot-session task.uid!=0

New in version 1.8.2 (June 21st, 2011)

  • Remove unused "struct inode *" parameter from ccs-patch-\*.diff .
  • Allow specifying trigger for activation.
  • Add policy namespace support.
  • Remove CONFIG_CCSECURITY_BUILTIN_INITIALIZERS option.

New in version 1.8.1 (April 1st, 2011)

  • Several bugs were fixed.
  • A new feature to protect the Android environment from privilege escalation was added.
  • Support for packed policy format was added.
  • The garbage collector was modified so as not to wait for /proc/ccs/ users.
  • As a result, memory reclamation can start earlier.

New in version 1.8.0-p3 (February 8th, 2011)

  • Fix infinite loop bug when reading /proc/ccs/audit or /proc/ccs/query .
  • @ Use filesystem name for unnamed devices when vfsmount is missing.
  • @ Split ccs_null_security into ccs_default_security and ccs_oom_security.
  • @ Use same interface for audit logs.

New in version 1.8.0-20110207 (February 8th, 2011)

  • Fix infinite loop bug when reading /proc/ccs/audit or /proc/ccs/query . In ccs_flush(), head->r.w[0] holds pointer to string data to be printed. But head->r.w[0] was updated only when the string data was partially printed (because head->r.w[0] will be updated by head->r.w[1] later if completely printed). However, regarding /proc/ccs/audit and /proc/ccs/query , an additional '\0' is printed after the string data was completely printed. But if free space for read buffer became 0 before printing the additional '\0', ccs_flush() was returning without updating head->r.w[0]. As a result, ccs_flush() forever reprints already printed string data.

New in version 1.6.7 (April 2nd, 2009)

  • A severe memory consumption problem was discovered in ccs-patch-1.6.5-20081111.tar.gz .
  • http://lists.sourceforge.jp/mailman/archives/tomoyo-users-en/2008-December/000011.html
  • Those who downloaded ccs-patch-1.6.5-20081111.tar.gz , please update to ccs-patch-1.6.6-20090202.tar.gz .

New in version 1.6.6 (February 2nd, 2009)

  • This release fixes 3 bugs that existed in versions 1.6.0 to 1.6.5.

New in version 1.6.5 (November 14th, 2008)

  • This third anniversary release fixes many bugs and includes many enhancements.