Hello. I released TOMOYO Linux 1.7.2 . ccs-patch-1.7.2-20100401.tar.gz MD5:5555725f3fc8cb7c203a20cc9ee1ffc8 ccs-tools-1.7.2-20100401.tar.gz MD5:aaaa18f4573e3b02c3c6f56877f9e0fc This release includes patches for vanilla 2.6.34-rc3 / Ubuntu 10.04 / RHEL 5.5 etc. Please see http://sourceforge.jp/projects/tomoyo/lists/archive/users-en/2010-March/000136.html for changes. However, "(3) Improve garbage collector." in the above link was removed from TOMOYO 1.7.2 because I found that there is a race problem. Until TOMOYO 1.7.1 , to disable TOMOYO in case of emergency, we passed "CCS=disabled" to kernel command line so that /sbin/ccs-init loads profiles for disabled mode. This "userland disabling" calls TOMOYO's hooks inside kernel. Thus, there was performance penalty. Since TOMOYO 1.7.2 , to disable TOMOYO in case of emergency, we can pass "ccsecurity=off" to kernel command line so that kernel skips calling TOMOYO's hooks. This "kernel disabling" does not call TOMOYO's hooks inside kernel. This means that, if TOMOYO 1.7.2 were merged into distributor's kernels, TOMOYO does not carry performance penalty for those who don't use TOMOYO. Also, if TOMOYO 1.7.2 is built as a loadable kernel module, TOMOYO does not carry filesize penalty for those who don't use TOMOYO. Regarding userland tools, /usr/sbin/ccs-sortpolicy was modified to print "use_profile" line. /usr/sbin/ccs-sortpolicy was designed for compressing /proc/ccs/grant_log and /proc/ccs/reject_log by sorting them by domainnames. Usage examples (assuming that /proc/ccs/reject_log is saved as /var/log/tomoyo/reject_log.conf by /usr/sbin/ccs-auditd ) are # grep -A 3 -F 'profile=2 mode=permissive' /var/log/tomoyo/reject_log.conf | /usr/sbin/ccs-sortpolicy > /var/log/tomoyo/log.conf # grep -A 3 -F 'profile=2 mode=permissive' /var/log/tomoyo/reject_log.conf | /usr/lib/ccs/convert-audit-log | /usr/sbin/ccs-sortpolicy > /var/log/tomoyo/log.conf . You can append the sorted policy to /proc/ccs/domain_policy by # /usr/sbin/ccs-loadpolicy -d < /var/log/tomoyo/log.conf or to /etc/ccs/domain_policy.conf by # cat /var/log/tomoyo/log.conf >> /etc/ccs/domain_policy.conf . Since "use_profile" lines changes access control mode of a domain (e.g. profile 1 is for learning mode, profile 3 is for enforcing mode) but /var/log/tomoyo/reject_log.conf may contain conflicting entries (e.g. "use_profile 1" and "use_profile 3") regarding the same domain, it is dangerous to append /var/log/tomoyo/log.conf to /proc/ccs/domain_policy or to /etc/ccs/domain_policy.conf if there are conflicting "use_profile" lines. Thus, I made /usr/sbin/ccs-sortpolicy remove "use_profile" lines so that /var/log/tomoyo/log.conf won't unexpectedly change current access control mode specified by /proc/ccs/domain_policy or by /etc/ccs/domain_policy.conf . But since the ability to sort /proc/ccs/domain_policy or /etc/ccs/domain_policy.conf seems to be useful, I modified /usr/sbin/ccs-sortpolicy to print "use_profile" line. (As with /proc/ccs/domain_policy , if there are multiple "use_profile" lines regarding the same domain, only the line specified last is printed.) Regards.
TOMOYO
Fork