[tomoyo-users-en 367] TOMOYO Linux version 1.8.2 released.

Back to archive index
Tetsuo Handa from-****@I-lov*****
Mon Jun 20 23:49:21 JST 2011


Today I released TOMOYO 1.8.2.
Many improvements have been made since TOMOYO 1.0.
Too many to list all, but here are some.

TOMOYO 1.1 (2006/04/01)
(01) Write permission was divided into individual permissions such as "create",
     "unlink", "write".
(02) /proc/self/ was introduced in order to allow accessing only current
     thread's information.

TOMOYO 1.1.1 (2006/05/15)
(03) Interactive enforcing mode was added in order to help updating policy upon
     software updates.

TOMOYO 1.1.2 (2006/06/02)
(04) Aggregating executable program's pathnames was added in order to make it
     possible to run temporarily programs without disabling MAC.

TOMOYO 1.1.3 (2006/07/13)
(05) Allow executing programs via symbolic links in order to make it easier to
     use TOMOYO on busybox systems.

TOMOYO 1.2 (2006/09/03)
(06) Conditional permissions based on current thread's uid/gid etc. and file's
     owner/group etc. was introduced in order to restrict operations by root.

TOMOYO 1.3 (2006/11/11)
(07) Per-domain profile was introduced in order to make it possible to use
     TOMOYO as building up approach.
(08) Location of policy loader became configurable upon boot using CCS_loader=
     option.

TOMOYO 1.3.2 (2007/02/14)
(09) Pathname grouping directive was introduced.
(10) Domain transition keeper/initializer directives were introduced.

TOMOYO 1.4.1 (2007/06/05)
(11) Pathname subtraction was introduced in order to allow users to exclude
     specific files and directories such as .htaccess and ~/.ssh/ .

TOMOYO 1.5.0 (2007/09/20)
(12) Passing init=/sbin/ccs-init to the kernel boot commandline became
     unnecessary.

TOMOYO 1.6.0 (2008/04/01)
(13) Allow restricting environment variables in order to make it difficult to
     attack using environment variables.
(14) Allow restricting argv[]/envp[] passed to do_execve() in order to make it
     difficult for shellcodes and OS-command injection vulnerability from
     spawning shells and arbitrary commands.
(15) Allow carrying sleep penalty upon policy violation in enforcing mode in
     order to avoid CPU power consumption by the hijacked process.
(16) Allow redirecting program execution using execute handler functionality in
     order to help validating and sanitizing argv[]/envp[] arguments.
(17) Allow redirecting program execution using denied execute handler
     functionality in order to help getting back the control of the hijacked
     process.

TOMOYO 1.6.5 (2008/11/11)
(18) Allow caching whether the current thread was once authorized as a policy
     manager or not in order to allow package managers to rename/delete the
     manager programs.

TOMOYO 1.7.0 (2009/09/03)
(19) Garbage collector was introduced.
(20) Allow checking numeric arguments for file operations that receive them.
(21) Use global PID in audit logs in order to make it possible to use TOMOYO
     with PID namespaces.

TOMOYO 1.7.1 (2009/11/11)
(22) Recursive pathname matching operator /\{pattern\}/ was introduced in order
     to make it easier to apply TOMOYO against home directories.

TOMOYO 1.7.2 (2010/04/01)
(23) Allow domain transition without invoking do_execve() in order to make it
     possible to support Apache's virtual hosts.
(24) Allow compiling TOMOYO as almost a loadable kernel module in order to make
     it easier to use TOMOYO on embedded systems where the partition size for
     kernel is tight.

TOMOYO 1.8.0 (2010/11/11)
(25) Allow managing per-task variables outside "struct task_struct" in order to
     make it possible to use TOMOYO without breaking kernel ABI.
(26) Use proc:/self/ rather than /proc/self/ in order to make it easier to use
     TOMOYO in chroot()ed environments.
(27) Allow use of ACL grouping in order to make it easier to group commonly
     granted permissions.
(28) Access request granted logs became configurable for per-ACL entry basis
     in order to make it easier to use TOMOYO with Xen and KVM environments.
(29) Automatic domain transition upon match was introduced in order to make it
     easier to use TOMOYO in Android environments.

TOMOYO 1.8.1 (2011/04/01)
(30) Built-in policy configuration was introduced in order to make it easier to
     use TOMOYO in Android environments.

TOMOYO 1.8.2 (2011/06/20)
(31) Policy namespace was introduced in order to make it easier to use TOMOYO
     in LXC environments.
(32) Trigger for activation became configurable upon boot using CCS_trigger=
     option in order to make it easier to use TOMOYO with systemd environments.



Now, I'm proposing TOMOYO 2.4 (made based on TOMOYO 1.8.2) for upstream. I hope
many of improvements listed above are accepted in TOMOYO 2.4. But TOMOYO 2.4
wants reviewers. Please come to LSM-ML and join the review if you can.

Regards.




More information about the tomoyo-users-en mailing list
Back to archive index