Hello. I uploaded TOMOYO 1.6.8p3 which fixed some bugs. http://osdn.dl.sourceforge.jp/tomoyo/30297/ccs-patch-1.6.8-20100120.tar.gz MD5: 000051ebfaf504abf7d047354fa72eea Fix 2009/09/25 @ Fix incorrect reference after ccs_try_alt_exec(). Since 1.6.0 , I forgot to update dentry/vfsmount reference inside ccs_try_alt_exec(). But this bug did not come out because nobody used old dentry/vfsmount after ccs_try_alt_exec(). Fix 2010/01/17 @ Use current domain's name for execute_handler audit log. Since 1.6.7 , /proc/ccs/grant_log was by error using next domain's name when auditing current domain's "execute_handler" line. @ Fix buffer contention. A permission like allow_env PATH if exec.envp["PATH"]="/" was not working since I was using the same buffer for both environment variable's name and value. Fix 2010/01/20 @ Use rcu_read_lock() for find_task_by_pid(). Since kernel 2.6.18 , caller of find_task_by_pid() needs to call rcu_read_lock() rather than read_lock(&tasklist_lock) because find_pid() uses RCU primitives but spinlock does not prevent RCU callback if preemptive RCU ( CONFIG_PREEMPT_RCU or CONFIG_TREE_PREEMPT_RCU ) is enabled. Regarding TOMOYO 1.7.1p1, the bug @ Use current domain's name for execute_handler audit log. is not fixed yet. But since it is not a critical bug, I don't have a plan to upload a new release immediately. If you need now, please reply.
TOMOYO
Fork