Hello,
Arjan van de Ven wrote:
> > A new and easy to master access control for Linux,
> > TOMOYO Linux, is now available.
> very interesting; a few quick questions that I didn't see answered on
> the side
Thank you for your interest.
> 1) where can we download the patches?
You can download from http://sourceforge.jp/projects/tomoyo/ .
Click the links "Download" in the middle of the page.
The ccs-patch is the kernel patch and the ccs-tools is the userland
utilities such as policy editors.
The documentation index page is http://tomoyo.sourceforge.jp/en/doc/ .
The complete installation guide is at
http://tomoyo.sourceforge.jp/en/doc/install.html .
The kickstart installation guide will be added in a several days.
> 2) How does the use of "absolute paths" interact with namespaces?
> In principle each process can have its own namespace after all!
> (not many distributions use this today, but that will change soon,
> per user /tmp is a very attractive feature and all needed
> infrastructure helpers for this will be in the 2.6.15 kernel)
This is like d_path(), expect that TOMOYO Linux ignores
each process's root directory. TOMOYO Linux uses global namespace.
For example, if a process accesses to /foo/bar which has already
chroot'ed to /jail directory, then TOMOYO Linux regards
as if the process is accessing to /jail/foo/bar .
You can find some example policies at
http://tomoyo.sourceforge.jp/example_policy/ .
You can feel the image of realpath()-based policy files.
Regards...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
