Milton Yates wrote: > If you don't have time, I could start diving in the code to provide a > patch for this (in a few weeks). Although I am missing kernel coding > experience, I'm up for challenges - and would love to see this > functionality come alive. > I personally believe this would speed up policy writing for TOMOYO, once > the base groups have been defined. OK. I'll try. I already wrote an incomplete patch to do this. It was less than 100 lines of addition. But to make the patch complete, I must consider changing the way how the kernel prints current policy configuration. The length of a permission line operation target condition may be longer than the buffer size passed to read(), and therefore TOMOYO has a lot of cookie variables and branches so that TOMOYO can pause at any location of printing the line. By changing from acl_group N operation target condition (array of 256 elements) to acl_group name operation target condition (list of variable length), TOMOYO needs more cookie variables and branches but I don't want to add more. Thus, I'm now considering use of kernel thread only for reading current policy so that I can reduce cookie variables and branches.
TOMOYO
Fork