(empty log message)
trunk/caitsith-patch/include/linux/lsm2caitsith.h (diff) trunk/caitsith-patch/include/linux/caitsith.h (diff)
trunk/caitsith-patch/README.caitsith (diff)
trunk/caitsith-patch/security/caitsith/policy_io.c (diff) trunk/caitsith-patch/security/caitsith/memory.c (diff) trunk/caitsith-patch/security/caitsith/permission.c (diff) trunk/caitsith-patch/security/caitsith/gc.c (diff) trunk/caitsith-patch/security/caitsith/load_policy.c (diff) trunk/caitsith-patch/security/caitsith/realpath.c (diff) trunk/caitsith-patch/security/caitsith/internal.h (diff) trunk/caitsith-patch/caitsith/lsm.c (diff) trunk/caitsith-patch/caitsith/lsm-4.2.c (diff) trunk/caitsith-patch/caitsith/realpath.c (diff) trunk/caitsith-patch/caitsith/mclsm.c (diff) trunk/caitsith-patch/caitsith/caitsith.h (diff) trunk/caitsith-patch/caitsith/lsm-2.6.27-vfs.c (diff) trunk/caitsith-patch/caitsith/lsm-2.6.27.c (diff) trunk/caitsith-patch/caitsith/policy_io.c (diff) trunk/caitsith-patch/caitsith/lsm-2.6.29.c (diff) trunk/caitsith-patch/caitsith/permission.c (diff) trunk/caitsith-patch/caitsith/gc.c (diff)
tags/htdocs/index.html (diff)| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2005-2012 NTT DATA CORPORATION |
| 5 | 5 | * |
| 6 | - * Version: 1.8.4 2015/07/11 | |
| 6 | + * Version: 1.8.4 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #ifndef _LINUX_LSM2CAITSITH_H |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2005-2012 NTT DATA CORPORATION |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #ifndef _LINUX_CAITSITH_H |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2005-2012 NTT DATA CORPORATION |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include "internal.h" |
| @@ -2197,7 +2197,7 @@ | ||
| 2197 | 2197 | static void cs_check_profile(void) |
| 2198 | 2198 | { |
| 2199 | 2199 | cs_policy_loaded = true; |
| 2200 | - printk(KERN_INFO "CaitSith: 0.1.13 2015/06/06\n"); | |
| 2200 | + printk(KERN_INFO "CaitSith: 0.1.14 2015/07/21\n"); | |
| 2201 | 2201 | if (cs_policy_version == 20120401) { |
| 2202 | 2202 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0) && defined(CONFIG_SECURITY) |
| 2203 | 2203 | caitsith_exports.add_hooks(); |
| @@ -3111,7 +3111,7 @@ | ||
| 3111 | 3111 | { |
| 3112 | 3112 | if (head->r.eof) |
| 3113 | 3113 | return; |
| 3114 | - cs_set_string(head, "0.1.13"); | |
| 3114 | + cs_set_string(head, "0.1.14"); | |
| 3115 | 3115 | head->r.eof = true; |
| 3116 | 3116 | } |
| 3117 | 3117 |
| @@ -3179,7 +3179,7 @@ | ||
| 3179 | 3179 | cs_io_printf(head, "quota memory %s %u\n", |
| 3180 | 3180 | cs_memory_headers[i], cs_memory_quota[i]); |
| 3181 | 3181 | } |
| 3182 | - while (head->r.step < CS_MAX_GROUP + CS_MAX_MEMORY_STAT) { | |
| 3182 | + while (head->r.step < CS_MAX_LOG_QUOTA + CS_MAX_MEMORY_STAT) { | |
| 3183 | 3183 | unsigned int a; |
| 3184 | 3184 | unsigned int d; |
| 3185 | 3185 | unsigned int u; |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2005-2012 NTT DATA CORPORATION |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include "internal.h" |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2005-2012 NTT DATA CORPORATION |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include "internal.h" |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2005-2012 NTT DATA CORPORATION |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include "internal.h" |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2005-2012 NTT DATA CORPORATION |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include <linux/version.h> |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2005-2012 NTT DATA CORPORATION |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include "internal.h" |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2005-2012 NTT DATA CORPORATION |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #ifndef _SECURITY_CAITSITH_INTERNAL_H |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2010-2013 Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include <linux/version.h> |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2010-2013 Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include "caitsith.h" |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2005-2012 NTT DATA CORPORATION |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include "caitsith.h" |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2010-2013 Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include "caitsith.h" |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2005-2012 NTT DATA CORPORATION |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #ifndef _SECURITY_CAITSITH_INTERNAL_H |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2010-2013 Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include "caitsith.h" |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2010-2013 Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include "caitsith.h" |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2005-2012 NTT DATA CORPORATION |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include "caitsith.h" |
| @@ -2154,7 +2154,7 @@ | ||
| 2154 | 2154 | void cs_check_profile(void) |
| 2155 | 2155 | { |
| 2156 | 2156 | cs_policy_loaded = true; |
| 2157 | - printk(KERN_INFO "CaitSith (LSM): 0.1.13 2015/06/06\n"); | |
| 2157 | + printk(KERN_INFO "CaitSith (LSM): 0.1.14 2015/07/21\n"); | |
| 2158 | 2158 | if (cs_policy_version == 20120401) { |
| 2159 | 2159 | printk(KERN_INFO "CaitSith module activated.\n"); |
| 2160 | 2160 | return; |
| @@ -3065,7 +3065,7 @@ | ||
| 3065 | 3065 | { |
| 3066 | 3066 | if (head->r.eof) |
| 3067 | 3067 | return; |
| 3068 | - cs_set_string(head, "0.1.13"); | |
| 3068 | + cs_set_string(head, "0.1.14"); | |
| 3069 | 3069 | head->r.eof = true; |
| 3070 | 3070 | } |
| 3071 | 3071 |
| @@ -3133,7 +3133,7 @@ | ||
| 3133 | 3133 | cs_io_printf(head, "quota memory %s %u\n", |
| 3134 | 3134 | cs_memory_headers[i], cs_memory_quota[i]); |
| 3135 | 3135 | } |
| 3136 | - while (head->r.step < CS_MAX_GROUP + CS_MAX_MEMORY_STAT) { | |
| 3136 | + while (head->r.step < CS_MAX_LOG_QUOTA + CS_MAX_MEMORY_STAT) { | |
| 3137 | 3137 | unsigned int a; |
| 3138 | 3138 | unsigned int d; |
| 3139 | 3139 | unsigned int u; |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2010-2013 Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include "caitsith.h" |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2005-2012 NTT DATA CORPORATION |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include "caitsith.h" |
| @@ -3,7 +3,7 @@ | ||
| 3 | 3 | * |
| 4 | 4 | * Copyright (C) 2005-2012 NTT DATA CORPORATION |
| 5 | 5 | * |
| 6 | - * Version: 0.1.13 2015/06/06 | |
| 6 | + * Version: 0.1.14 2015/07/21 | |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include "caitsith.h" |
| @@ -779,7 +779,7 @@ | ||
| 779 | 779 | quota memory policy $max_byte_for_policy |
| 780 | 780 | quota memory audit $max_byte_for_audit_logs |
| 781 | 781 | quota memory query $max_byte_for_query |
| 782 | -quota audit[$audit_index] allowed=$max_logs_for_allowed_request unmatched=$max_logs_for_unmatched_request denied=$max_logs_for_denied_request | |
| 782 | +quota audit[$audit_index] allowed=$max_logs_for_allowed_request denied=$max_logs_for_denied_request unmatched=$max_logs_for_unmatched_request | |
| 783 | 783 | string_group $string_group_name $string_group_member |
| 784 | 784 | number_group $number_group_name $number_group_member |
| 785 | 785 | ip_group $ip_group_name $ip_group_member |
| @@ -791,7 +791,7 @@ | ||
| 791 | 791 | <li>$max_byte_for_policy is max amount of memory in byte which can be allocated for policy. Default is unlimited.</li> |
| 792 | 792 | <li>$max_byte_for_audit_logs is max amount of memory in byte which can be allocated for audit logs. Default is unlimited. $max_byte_for_audit_logs=16777216 should be sufficient.</li> |
| 793 | 793 | <li>$max_byte_for_query is max amount of memory in byte which can be allocated for interactive enforcement. Default is unlimited. $max_byte_for_audit_logs=1048576 should be sufficient.</li> |
| 794 | -<li>quota audit[$audit_index] lines (0 <= $audit_index <= 255) are max number of audit logs which can be held in the kernel space. $max_logs_for_allowed_request is for allowed requests. $max_logs_for_unmatched_request is for unmatched requests. $max_logs_for_denied_request is for denied requests. Default is 0. Unless you have special reasons, you should set 0 to $max_logs_for_allowed_request. Regarding $max_logs_for_unmatched_request and $max_logs_for_denied_request, 1024 should be sufficient.</li> | |
| 794 | +<li>quota audit[$audit_index] lines (0 <= $audit_index <= 255) are max number of audit logs which can be held in the kernel space. $max_logs_for_allowed_request is for allowed requests. $max_logs_for_denied_request is for denied requests. $max_logs_for_unmatched_request is for unmatched requests. Default is 0. Unless you have special reasons, you should set 0 to $max_logs_for_allowed_request. Regarding $max_logs_for_unmatched_request and $max_logs_for_denied_request, 1024 should be sufficient.</li> | |
| 795 | 795 | <li>string_group $string_group_name lines define group of strings. $string_group_member is a member for $string_group_name group.</li> |
| 796 | 796 | <li>number_group $number_group_name lines define group of numbers. $number_group_member is a member for $number_group_name group.</li> |
| 797 | 797 | <li>ip_group $ip_group_name lines define group of IP addresses. $ip_group_member is a member for $ip_group_name group.</li> |