View 1.5.0 - Change Log
file info- category(Tag)
- root
- file name
- ccs-patch_1.5.0_-_Changes
- 마지막 업데이트
- 2007-09-21 15:09
- type
- Plain Text
- editor
- Kentaro Takeda
- description
- 1.5.0 - Change Log
- language
- English
- translate
Fix 2007/08/06
@ Remove mount-flags manipulation.
Until now, administrator is permitted to turn on/off specific mount options
regardless of mount options passed to kernel.
I removed this feature because "exact option matching" sounds better than
"automatic option enabler/disabler".
@ Remove /proc/ccs/info/mapping .
I removed /proc/ccs/info/mapping because nobody seems to use this feature.
@ Call external policy loader automatically.
Until now, users had to add init=/.init parameter to load policy
before /sbin/init starts.
I inserted call_usermodehelper() to call external policy loader when
execve("/sbin/init") is requested and external policy loader exists.
This change will remove init=/.init parameter from most environment,
although call_usermodehelper() can't handle interactive operations.
@ Move external policy loader from /.init to /sbin/ccs-init .
Installing programs in / directory is not good for packaging.
Fix 2007/08/13
@ Update external policy loader.
It turned out that /sbin/ccs-init invoked via call_usermodehelper()
can handle interactive operations by opening /dev/console .
Now, there is no difference between init=/sbin/ccs-init and
call_usermodehelper("/sbin/ccs-init"), and users no longer need to
add init=/sbin/ccs-init parameter to load policy before /sbin/init starts.
Fix 2007/08/14
@ Update recvmsg() hooks.
Until now, it was impossible to apply network access control for
incoming UDP and RAW packets if they are brought to userland using
read() or recvmsg() with NULL address because address buffer is NULL.
I moved hooks from sock_recvmsg() to skb_recv_datagram() so that
network access control for incoming UDP and RAW packets always work.
Fix 2007/08/16
@ Return appropriate error code for CheckMountPermission().
I was returning -EPERM if something is wrong with CheckMountPermission().
But SELinux determines whether selinuxfs is supported by kernel
based on whether error code is -ENODEV or not.
So I stopped returning -EPERM unconditionally.
Fix 2007/08/17
@ Remove initializer directive.
Use "initialize_domain" instrad of "initializer".
Fix 2007/08/21
@ Fix "allow_argv0 ... if if ..." bug.
It was impossible to use a word "if" to the second argument of
allow_argv0 if condition part is used.
Fix 2007/08/24
@ Move /proc/ccs/\*/\* to /proc/ccs/\* .
Some pathnames for /proc/ccs/ interface were changed.
Fix 2007/09/05
@ Drop MSG_PEEK'ed message before skb_free_datagram().
I need to remove head message from unwanted source
from socket's receive queue so that the caller can pick up
next message from wanted source with MSG_PEEK flags.
Version 1.5.0 2007/09/20 Usability enhancement release. | |
TOMOYO