Tetsuo Handa
from-****@I-lov*****
Thu Dec 2 10:00:39 JST 2010
Jamie Nguyen wrote: > I actually falsely thought that yama had already been integrated, but > now realise that this is not the case. I can't tell from the > discussions on LKML whether yama will make 2.6.37 or not. Yama was about to get into 2.6.36. But it was dropped by last-minute changes. Thread starts from http://lkml.org/lkml/2010/7/30/61 . It didn't get into 2.6.37, and so far no activities toward 2.6.38. One of reasons is that we can't enable multiple LSM modules at the same time. ( http://lwn.net/Articles/398726/ ) I believe that we should allow enabling multiple LSM modules at the same time because label based access control (e.g. SELinux/Smack) and pathname based access control (e.g. TOMOYO/AppArmor) are complementary. AKARI/UUID are examples of enabling multiple LSM modules at the same time. > The latest patch I could find was here [1]. Yama is included in Ubuntu 10.10 and later kernels, in a way that both Yama and one of SELinux/Smack/TOMOYO/AppArmor can be enabled at the same time. You can get the latest version from http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-maverick.git (2.6.35) http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-natty.git (2.6.37) Regards.
TOMOYO
Fork