OSDN -- Développer et télécharger des logiciels Open Source
Traduction statut du Français translation status for fr

[tomoyo-users-en 254] About specification of mod_ccs module

Back to archive index
Tetsuo Handa from-****@I-lov*****
Thu Jan 20 21:27:42 JST 2011 

TOMOYO Linux introduced support for "domain transition without execve()" in
1.7.2 so that you can split permissions for Apache's CGI programs that are
executed without execve().

The behavior of "domain transition without execve()" in TOMOYO 1.7.2 is to
allow transition to only child domain of the caller domain while supporting
disabled/learning/permissive/enforcing modes.

But I thought that allowing transition to arbitrary domain while supporting
only enforcing mode is more useful/flexible/secure. Thus, I changed the
behavior in TOMOYO 1.8.0 .

Now, I'm updating mod_ccs (Apache module for doing "domain transition without
execve()").

mod_ccs for TOMOYO 1.7.2 ( http://tomoyo.sourceforge.jp/1.7/tutorial-10.html )
automatically performs domain transition based on virtual host's name and
optionally performs domain transition based on requested pathname.

mod_ccs for TOMOYO 1.8.0 ( http://tomoyo.sourceforge.jp/1.8/tutorial-10.html )
currently does not perform domain transition based on virtual host's name
because too many domains will be created if Apache hosts many virtual hosts.

This mail is for requesting for comments/questions on specification of mod_ccs .
Please have a look at the page above and talk about your preferred
specification. For example,

  (1) mod_ccs should

        (a) use a single configuration file

      or

        (b) use separated configuration files split by each virtual host

      .

  (2) mod_ccs should

        (a) reject request

      or

        (b) accept request without doing domain transition

      or

        (c) accept request with default domain transition

      if configuration file for that virtual host was not found.

  (3) mod_ccs should

        (a) reject request

      or

        (b) accept request without doing domain transition

      or

        (c) accept request with default domain transition

      if no matching entry was found in the configuration file.

  (4) mod_ccs should determine based on what parameters.

As of revision 4393 (in TOMOYO's subversion repository), the behavior is
(b) for (1) and (a) for (2) and (a) for (3). Currently, mod_ccs determines
"domainname to transit to for processing the requested pathname" based on
"virtual host's name" and "requested pathname".



By the way, 2.6.38-rc1 was released and TOMOYO 1.8 is ready for supporting
2.6.38, but TOMOYO 1.7 is not ready. Does anyone want to use TOMOYO 1.7 on
2.6.38? If yes, please reply.

More information about the tomoyo-users-en mailing list
Back to archive index