Hello. Since Linux 4.11 will be released shortly, I uploaded the latest files which include patches for Linux 4.11. ccs-patch-1.8.5-20170417.tar.gz MD5:0000b9a678f7c99fb49f71ae3b97b22e akari-1.0.36-20170417.tar.gz MD5:eeee0d421b518d2c939e4406934cdf59 caitsith-patch-0.2-20170417.tar.gz MD5:5555ac47eec6e2b93c54ecccb9971846 Tetsuo Handa wrote: > The array of "struct security_hook_list" which is used for LSM hooks is > also subjected to this add "read only" attribute after initialization > completed proposal. It might become difficult to load modules like AKARI > which interrupts into LSM hooks. I think this change will be merged into 4.12-rc1. Therefore, it will become impossible to load LKM based LSM modules unless you specify rodata=0 kernel boot command line option if your kernel was not built with CONFIG_SECURITY_WRITABLE_HOOKS=y. Although there seems to be an architecture-dependent method for temporarily changing read-only memory to read-write and/or suppress exceptions caused by trying to write to read-only memory, these files do not include such method. > As for the rest, it seems that the security_task_alloc() hook which was > removed in Linux 2.6.29 is about to be revived for the first time in a > decade, due to proposal of new LSM modules (e.g. ptags, Timgad) which want > to manage security attributes for per "struct task_struct" basis rather than > per "struct cred" basis. For TOMOYO which was named due to use of per > "struct task_struct" basis management, names and natures will agree. ;-) Since I think this change will also be merged into 4.12-rc1, patches for Linux 4.12 included in these files use security_task_alloc() hook.
TOMOYO
Fork