From jamie at tomoyolinux.co.uk Tue Mar 1 07:17:36 2011 From: jamie at tomoyolinux.co.uk (Jamie Nguyen) Date: Mon, 28 Feb 2011 22:17:36 +0000 Subject: [tomoyo-dev-en 160] Re: Distribution support In-Reply-To: <201102282209.GEE60490.OFNttWUPZPNGStPFPE@I-love.SAKURA.ne.jp> References: <201102140033.p1E0XKPs011388@www262.sakura.ne.jp> <201102170644.AJB17671.NPUWFFNtEPOZtStPPG@I-love.SAKURA.ne.jp> <201102282209.GEE60490.OFNttWUPZPNGStPFPE@I-love.SAKURA.ne.jp> Message-ID: Tetsuo Handa wrote: > Sorry for taking so long time for translation. > > I'm currently trying to solve lockdep warning caused by garbage collector's > lazy algorithm. Currently garbage collector waits until /proc/ccs/ interface is > close()d, but that causes lockdep to complain about leaving the kernel with > lock held. I proposed a solution which I'm using for 1.x, but the solution was > not accepted for 2.x. Thus, I'm trying to start garbage collection before > /proc/ccs/ interface is close()d. As of revision 4663, I think I'm approaching > a working solution, but I need to test more. No rush. We already have usable documentation in place anyway, so 1.8-tmp is low priority. Currently, I have linked to 1.8-tmp in the Arch Wiki (with a suitable warning) so that users can make use of it before it is completely done. > By the way, I posted a question regarding kernel module and Ubuntu's support > policy. https://answers.launchpad.net/ubuntu/+source/linux-meta/+question/145601 > Although I didn't get an authoritative answer, I got a positive response for > posting bug reports on kernels running with kernel modules which are not > included in Ubuntu's pristine kernel. Therefore, although AKARI is not > authorized by NTT DATA Corporation, I'm thinking that it might worth > referring/introducing/suggesting AKARI at > http://tomoyo.sourceforge.jp/1.8-tmp/chapter-3.html so that we can help those > who are worrying about (or giving up) distributor's support by reading "TOMOYO > Linux requires the installation of a seperate Linux kernel from the one > provided by your distribution" part. > > What do you think? It would be a good idea to mention AKARI as it is very useful. In the Arch Wiki page that I wrote, I recommend AKARI for custom kernels (many Arch users like to use kernels patched with Con Kolivas patch set, pf-kernel or many other patches). I doubt many would have heard of AKARI unless it was mentioned in the wiki page, so giving it more exposure in the official documentation would certainly be beneficial, especially for users in other distributions that want/need to use the default distribution kernel. From haradats at nttdata.co.jp Tue Mar 1 10:19:11 2011 From: haradats at nttdata.co.jp (Toshiharu Harada) Date: Tue, 1 Mar 2011 10:19:11 +0900 Subject: [tomoyo-dev-en 161] Re: Distribution support In-Reply-To: References: <201102140033.p1E0XKPs011388@www262.sakura.ne.jp> <201102170644.AJB17671.NPUWFFNtEPOZtStPPG@I-love.SAKURA.ne.jp> <201102282209.GEE60490.OFNttWUPZPNGStPFPE@I-love.SAKURA.ne.jp> Message-ID: <4D6C498F.1030305@nttdata.co.jp> (2011/03/01 7:17), Jamie Nguyen wrote: > Tetsuo Handa wrote: >> Sorry for taking so long time for translation. >> >> I'm currently trying to solve lockdep warning caused by garbage collector's >> lazy algorithm. Currently garbage collector waits until /proc/ccs/ interface is >> close()d, but that causes lockdep to complain about leaving the kernel with >> lock held. I proposed a solution which I'm using for 1.x, but the solution was >> not accepted for 2.x. Thus, I'm trying to start garbage collection before >> /proc/ccs/ interface is close()d. As of revision 4663, I think I'm approaching >> a working solution, but I need to test more. > > No rush. We already have usable documentation in place anyway, so > 1.8-tmp is low priority. Currently, I have linked to 1.8-tmp in the > Arch Wiki (with a suitable warning) so that users can make use of it > before it is completely done. That's very nice. Thank you. Every time I open the project web you greatly contributed, I found it useful and familiar. I'm so sure that every TOMOYO users feel the same. Personally, I would like to credit your name somewhere in the project page as an important contributor. I have reflected the explanation of project introduction to various places I maintain. http://tomoyo.sourceforge.net/ http://elinux.org/TomoyoLinux#Overview http://wiki.debian.org/Tomoyo http://freshmeat.net/projects/tomoyo (should be updated soon) http://en.sourceforge.jp/projects/tomoyo/ and some more sites I have forgotten. :-) >> By the way, I posted a question regarding kernel module and Ubuntu's support >> policy. https://answers.launchpad.net/ubuntu/+source/linux-meta/+question/145601 >> Although I didn't get an authoritative answer, I got a positive response for >> posting bug reports on kernels running with kernel modules which are not >> included in Ubuntu's pristine kernel. Therefore, although AKARI is not >> authorized by NTT DATA Corporation, I'm thinking that it might worth >> referring/introducing/suggesting AKARI at >> http://tomoyo.sourceforge.jp/1.8-tmp/chapter-3.html so that we can help those >> who are worrying about (or giving up) distributor's support by reading "TOMOYO >> Linux requires the installation of a seperate Linux kernel from the one >> provided by your distribution" part. >> >> What do you think? > > It would be a good idea to mention AKARI as it is very useful. > > In the Arch Wiki page that I wrote, I recommend AKARI for custom > kernels (many Arch users like to use kernels patched with Con Kolivas > patch set, pf-kernel or many other patches). I doubt many would have > heard of AKARI unless it was mentioned in the wiki page, so giving it > more exposure in the official documentation would certainly be > beneficial, especially for users in other distributions that want/need > to use the default distribution kernel. I totally agree with Jamie. I feel AKARI is like a twin of TOMOYO who is much more friendly. Some people might remain using AKARI, but that should not be a problem, because I believe the most important thing for the project is to be useful for the users. Best regards, Toshiharu Harada From jamie at tomoyolinux.co.uk Wed Mar 2 08:10:34 2011 From: jamie at tomoyolinux.co.uk (Jamie Nguyen) Date: Tue, 1 Mar 2011 23:10:34 +0000 Subject: [tomoyo-dev-en 162] Re: Distribution support In-Reply-To: <4D6C498F.1030305@nttdata.co.jp> References: <201102140033.p1E0XKPs011388@www262.sakura.ne.jp> <201102170644.AJB17671.NPUWFFNtEPOZtStPPG@I-love.SAKURA.ne.jp> <201102282209.GEE60490.OFNttWUPZPNGStPFPE@I-love.SAKURA.ne.jp> <4D6C498F.1030305@nttdata.co.jp> Message-ID: Toshiharu Harada wrote: > That's very nice. Thank you. > Every time I open the project web you greatly contributed, > I found it useful and familiar. I'm so sure that every TOMOYO users > feel the same. Personally, I would like to credit your name somewhere > in the project page as an important contributor. > > I have reflected the explanation of project introduction to various > places I maintain. > > http://tomoyo.sourceforge.net/ > http://elinux.org/TomoyoLinux#Overview > http://wiki.debian.org/Tomoyo > http://freshmeat.net/projects/tomoyo (should be updated soon) > http://en.sourceforge.jp/projects/tomoyo/ > > and some more sites I have forgotten. :-) Thank you for the kind words :-) From haradats at gmail.com Wed Mar 2 08:52:05 2011 From: haradats at gmail.com (Toshiharu Harada) Date: Wed, 2 Mar 2011 08:52:05 +0900 Subject: [tomoyo-dev-en 163] Re: Distribution support In-Reply-To: References: <201102140033.p1E0XKPs011388@www262.sakura.ne.jp> <201102170644.AJB17671.NPUWFFNtEPOZtStPPG@I-love.SAKURA.ne.jp> <201102282209.GEE60490.OFNttWUPZPNGStPFPE@I-love.SAKURA.ne.jp> <4D6C498F.1030305@nttdata.co.jp> Message-ID: <2270FE1D-3CF1-4FDE-A833-64DA57385416@gmail.com> Jamie, You redefined not only the project web, but also TOMOYO Linux, itself. It's a pleasure to have you as a project member and you are more than that. You encouraged Tetsuo and me. Let's keep on rolling together and change the world. Best regards On 2011/03/02, at 8:10, Jamie Nguyen wrote: > Toshiharu Harada wrote: >> That's very nice. Thank you. >> Every time I open the project web you greatly contributed, >> I found it useful and familiar. I'm so sure that every TOMOYO users >> feel the same. Personally, I would like to credit your name somewhere >> in the project page as an important contributor. >> >> I have reflected the explanation of project introduction to various >> places I maintain. >> >> http://tomoyo.sourceforge.net/ >> http://elinux.org/TomoyoLinux#Overview >> http://wiki.debian.org/Tomoyo >> http://freshmeat.net/projects/tomoyo (should be updated soon) >> http://en.sourceforge.jp/projects/tomoyo/ >> >> and some more sites I have forgotten. :-) > > Thank you for the kind words :-) > > _______________________________________________ > tomoyo-dev-en mailing list > tomoyo-dev-en ?? lists.sourceforge.jp > http://lists.sourceforge.jp/mailman/listinfo/tomoyo-dev-en From jamie at tomoyolinux.co.uk Wed Mar 2 17:25:59 2011 From: jamie at tomoyolinux.co.uk (Jamie Nguyen) Date: Wed, 2 Mar 2011 08:25:59 +0000 Subject: [tomoyo-dev-en 164] Re: Distribution support In-Reply-To: <2270FE1D-3CF1-4FDE-A833-64DA57385416@gmail.com> References: <201102140033.p1E0XKPs011388@www262.sakura.ne.jp> <201102170644.AJB17671.NPUWFFNtEPOZtStPPG@I-love.SAKURA.ne.jp> <201102282209.GEE60490.OFNttWUPZPNGStPFPE@I-love.SAKURA.ne.jp> <4D6C498F.1030305@nttdata.co.jp> <2270FE1D-3CF1-4FDE-A833-64DA57385416@gmail.com> Message-ID: Toshiharu Harada wrote: > You redefined not only the project web, but also TOMOYO Linux, itself. > It's a pleasure to have you as a project member and you are more than that. > > You encouraged Tetsuo and me. Let's keep on rolling together and change the world. It's a pleasure to be part of the team. I look forward to more collaboration with you both in the future, and I hope to continue to do what I can to help. Kind regards From from-tomoyo-dev-en at I-love.SAKURA.ne.jp Wed Mar 2 21:56:52 2011 From: from-tomoyo-dev-en at I-love.SAKURA.ne.jp (Tetsuo Handa) Date: Wed, 2 Mar 2011 21:56:52 +0900 Subject: [tomoyo-dev-en 165] Re: Distribution support In-Reply-To: References: <201102170644.AJB17671.NPUWFFNtEPOZtStPPG@I-love.SAKURA.ne.jp><201102282209.GEE60490.OFNttWUPZPNGStPFPE@I-love.SAKURA.ne.jp> Message-ID: <201103022156.DCC73474.PEOUFPtWtPSPNNZGFt@I-love.SAKURA.ne.jp> Jamie Nguyen wrote: > It would be a good idea to mention AKARI as it is very useful. OK. Please add to 1.8-tmp/chapter-3.html.en and documentation.html.en . I thought something like http://sourceforge.jp/projects/tomoyo/svn/view?view=rev&revision=4673 and noticed that users might want advantage/disadvantage comparison in a table format (like we do in AKARI's comparison.html ) rather than plain text blocks (like we do in TOMOYO's documentation.html ). > In the Arch Wiki page that I wrote, I recommend AKARI for custom > kernels (many Arch users like to use kernels patched with Con Kolivas > patch set, pf-kernel or many other patches). I know a Japanese TOMOYO user who applied CKS patch (or "thanks for all the fish" patches?) + {IOP/GLANTANK} patch + TOMOYO patch on the vanilla kernel in 2006. ;-) By the way, please update "Policy sample" link in the Arch Wiki page because I added TOMOYO 1.8 policy on CentOS 5.5 and moved old policy to old/ directory. From jamie at tomoyolinux.co.uk Thu Mar 3 07:56:17 2011 From: jamie at tomoyolinux.co.uk (Jamie Nguyen) Date: Wed, 2 Mar 2011 22:56:17 +0000 Subject: [tomoyo-dev-en 166] Re: Distribution support In-Reply-To: <201103022156.DCC73474.PEOUFPtWtPSPNNZGFt@I-love.SAKURA.ne.jp> References: <201102170644.AJB17671.NPUWFFNtEPOZtStPPG@I-love.SAKURA.ne.jp> <201102282209.GEE60490.OFNttWUPZPNGStPFPE@I-love.SAKURA.ne.jp> <201103022156.DCC73474.PEOUFPtWtPSPNNZGFt@I-love.SAKURA.ne.jp> Message-ID: Tetsuo Handa wrote: > OK. Please add to 1.8-tmp/chapter-3.html.en and documentation.html.en . > I thought something like > http://sourceforge.jp/projects/tomoyo/svn/view?view=rev&revision=4673 > and noticed that users might want advantage/disadvantage comparison in > a table format (like we do in AKARI's comparison.html ) rather than > plain text blocks (like we do in TOMOYO's documentation.html ). OK I added a table in documentation.html.en, what do you think? I will add to chapter-3.html.en soon. > By the way, please update "Policy sample" link in the Arch Wiki page > because I added TOMOYO 1.8 policy on CentOS 5.5 and moved > old policy to old/ directory. Thanks for mentioning. Link now fixed. From from-tomoyo-dev-en at I-love.SAKURA.ne.jp Thu Mar 3 14:48:59 2011 From: from-tomoyo-dev-en at I-love.SAKURA.ne.jp (Tetsuo Handa) Date: Thu, 3 Mar 2011 14:48:59 +0900 Subject: [tomoyo-dev-en 167] Re: Distribution support In-Reply-To: References: <201102282209.GEE60490.OFNttWUPZPNGStPFPE@I-love.SAKURA.ne.jp> <201103022156.DCC73474.PEOUFPtWtPSPNNZGFt@I-love.SAKURA.ne.jp> Message-ID: <201103031448.ECJ87047.SGtPPENFFUOZNPWttP@I-love.SAKURA.ne.jp> Jamie Nguyen wrote: > OK I added a table in documentation.html.en, what do you think? I will > add to chapter-3.html.en soon. Thank you. I removed description of LSM's limitation from documentation.html in revision 4678 because the primary reason for TOMOYO 2.x's limited functionality is that patches unrelated to LSM hooks are not yet proposed and approved. AKARI demonstrates what TOMOYO 2.x will be able to do with currently available LSM hooks if patches unrelated to LSM hooks are approved. From jamie at tomoyolinux.co.uk Sat Mar 5 10:07:20 2011 From: jamie at tomoyolinux.co.uk (Jamie Nguyen) Date: Sat, 5 Mar 2011 01:07:20 +0000 Subject: [tomoyo-dev-en 168] Man pages Message-ID: I've started writing man-pages (branches/man8) by hand instead of using help2man so I can have more control over the formatting (well, I'm not familiar with help2man). I've added your name next to your email address in the "AUTHORS" section, is that ok? Also, after I've finished 1.8.x man pages, would you like me to do the same for 2.3.x man pages? We can then remove dependency for help2man in tomoyo-tools as well. From from-tomoyo-dev-en at I-love.SAKURA.ne.jp Sat Mar 5 11:18:48 2011 From: from-tomoyo-dev-en at I-love.SAKURA.ne.jp (Tetsuo Handa) Date: Sat, 5 Mar 2011 11:18:48 +0900 Subject: [tomoyo-dev-en 169] Re: Man pages In-Reply-To: References: Message-ID: <201103051118.FEH30223.PtUtNtGFPEWFPZONPS@I-love.SAKURA.ne.jp> Jamie Nguyen wrote: > I've started writing man-pages (branches/man8) by hand instead of > using help2man so I can have more control over the formatting (well, > I'm not familiar with help2man). The reason I used help2man is I'm not familiar with writing man pages by hand. If you can write by hand, it's a great help. > I've added your name next to your email address in the "AUTHORS" > section, is that ok? Fine by me. > Also, after I've finished 1.8.x man pages, would you like me to do the > same for 2.3.x man pages? We can then remove dependency for help2man > in tomoyo-tools as well. Well, as ccs-tools-1.8 and tomoyo-tools-2.3 tarballs now include gzipped man pages, dependency on help2man was already removed. ;-) From jamie at tomoyolinux.co.uk Sat Mar 5 17:00:45 2011 From: jamie at tomoyolinux.co.uk (Jamie Nguyen) Date: Sat, 5 Mar 2011 08:00:45 +0000 Subject: [tomoyo-dev-en 170] Re: Man pages In-Reply-To: <201103051118.FEH30223.PtUtNtGFPEWFPZONPS@I-love.SAKURA.ne.jp> References: <201103051118.FEH30223.PtUtNtGFPEWFPZONPS@I-love.SAKURA.ne.jp> Message-ID: Tetsuo Handa wrote: > Jamie Nguyen wrote: >> I've started writing man-pages (branches/man8) by hand instead of >> using help2man so I can have more control over the formatting (well, >> I'm not familiar with help2man). > > The reason I used help2man is I'm not familiar with writing man pages > by hand. If you can write by hand, it's a great help. If only man page syntax wasn't so awful to work with! > Well, as ccs-tools-1.8 and tomoyo-tools-2.3 tarballs now include gzipped > man pages, dependency on help2man was already removed. ;-) Oh right, I didn't realise you did for 2.3 also. Great! :-) From from-tomoyo-dev-en at I-love.SAKURA.ne.jp Sat Mar 5 17:38:25 2011 From: from-tomoyo-dev-en at I-love.SAKURA.ne.jp (Tetsuo Handa) Date: Sat, 5 Mar 2011 17:38:25 +0900 Subject: [tomoyo-dev-en 171] Re: Unusual exception policy behaviour In-Reply-To: References: <201102232310.JDG73435.WPtPNFFtONPGUPtZES@I-love.SAKURA.ne.jp> Message-ID: <201103051738.JIF78680.tFFZOUPSPtEPNWPGtN@I-love.SAKURA.ne.jp> Jamie Nguyen wrote: > Oh yes, of course. I forgot about this kernel config option! Thanks > for the explanation. I added built-in policy support to TOMOYO 1.8 (revision 4684). The built-in policy support is a superset of CONFIG_CCSECURITY_BUILTIN_INITIALIZERS . The result will look like below. Never mind the kernel panic. This is merely I didn't supply enough built-in policy. [ 2.284858] Trying to unpack rootfs image as initramfs... [ 2.345069] debug: unmapping init memory dfc96000..dfee0000 [ 2.399559] DMA-API: preallocated 32768 debug entries [ 2.400113] DMA-API: debugging enabled by kernel config [ 2.402539] Simple Boot Flag at 0x36 set to 0x1 [ 2.412571] apm: BIOS version 1.2 Flags 0x03 (Driver version 1.16ac) [ 2.413196] apm: disabled - APM is not SMP safe. [ 2.427354] Initializing RT-Tester: OK [ 2.434723] Hook version: 2.6.38-rc7 2011/03/02 [ 2.436127] msgmni has been set to 972 [ 2.438354] CCSecurity: 1.8.0+ 2011/03/01 [ 2.438369] Mandatory Access Control activated. [ 2.442470] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254) [ 2.443705] io scheduler noop registered [ 2.444442] io scheduler deadline registered [ 2.445716] io scheduler cfq registered (default) [ 2.544181] pci_hotplug: PCI Hot Plug PCI Core version: 0.5 [ 2.725974] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled [ 3.000402] serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A [ 3.278403] serial8250: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A [ 3.323152] 00:09: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A [ 3.352324] 00:0a: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A [ 3.363520] Non-volatile memory driver v1.3 [ 3.363710] Linux agpgart interface v0.103 [ 3.370454] agpgart-intel 0000:00:00.0: Intel 440BX Chipset [ 3.372328] agpgart-intel 0000:00:00.0: AGP aperture is 256M @ 0x0 [ 3.409088] brd: module loaded [ 3.409104] Uniform Multi-Platform E-IDE driver [ 3.411525] ide-gd driver 1.18 [ 3.412280] ide-cd driver 5.00 [ 3.415989] i8042: PNP: PS/2 Controller [PNP0303:KBC,PNP0f13:MOUS] at 0x60,0x64 irq 1,12 [ 3.926337] serio: i8042 KBD port at 0x60,0x64 irq 1 [ 3.926815] serio: i8042 AUX port at 0x60,0x64 irq 12 [ 3.930988] mousedev: PS/2 mouse device common for all mice [ 3.932491] cpuidle: using governor ladder [ 3.935866] TCP bic registered [ 3.936659] NET: Registered protocol family 17 [ 3.939696] Using IPI No-Shortcut mode [ 3.942397] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input0 [ 3.954513] Warning: unable to open an initial console. [ 3.954858] debug: unmapping init memory c084d000..c0d2d000 [ 3.955867] Write protecting the kernel text: 2904k [ 3.956757] Testing CPA: Reverting c0400000-c06d6000 [ 3.957808] Testing CPA: write protecting again [ 3.958876] Write protecting the kernel read-only data: 1196k [ 3.959764] Testing CPA: undo c06d6000-c0801000 [ 3.960810] Testing CPA: write protecting again [ 3.964749] Failed to execute /init [ 3.965536] Kernel panic - not syncing: No init found. Try passing init= option to kernel. See Linux Documentation/init.txt for guidance. [ 3.966844] Pid: 1, comm: swapper Not tainted 2.6.38-rc7-ccs #2 [ 3.966860] Call Trace: [ 3.966876] [] ? panic+0x5a/0x180 [ 3.966891] [] ? init_post+0xa9/0xb0 [ 3.967807] [] ? kernel_init+0x1b3/0x230 [ 3.967823] [] ? kernel_init+0x0/0x230 [ 3.967838] [] ? kernel_thread_helper+0x6/0x1c Note that MAC is enabled before /init in initramfs is executed. On Android, many operations are done before /system and /data partitions (where the policy would be stored) becomes ready. Currently /sbin/ccs-init and it's dependent libraries and policy files are stored into initramfs. But by using built-in policy, it will become more difficult to hijack the boot process. I think built-in policy support is helpful for using TOMOYO on Android because boot process (e.g. mounting /system and /data partitions) seems to be constify-able. From jamie at tomoyolinux.co.uk Sat Mar 5 19:40:44 2011 From: jamie at tomoyolinux.co.uk (Jamie Nguyen) Date: Sat, 5 Mar 2011 10:40:44 +0000 Subject: [tomoyo-dev-en 172] Re: Man pages In-Reply-To: References: <201103051118.FEH30223.PtUtNtGFPEWFPZONPS@I-love.SAKURA.ne.jp> Message-ID: OK i've finished working on man pages for 1.8, so feel free to integrate whenever you like. From from-tomoyo-dev-en at I-love.SAKURA.ne.jp Sun Mar 13 21:34:23 2011 From: from-tomoyo-dev-en at I-love.SAKURA.ne.jp (Tetsuo Handa) Date: Sun, 13 Mar 2011 21:34:23 +0900 Subject: [tomoyo-dev-en 173] Use of compressed policy format. In-Reply-To: <201103051738.JIF78680.tFFZOUPSPtEPNWPGtN@I-love.SAKURA.ne.jp> References: <201102232310.JDG73435.WPtPNFFtONPGUPtZES@I-love.SAKURA.ne.jp> <201103051738.JIF78680.tFFZOUPSPtEPNWPGtN@I-love.SAKURA.ne.jp> Message-ID: <201103132134.CDC35918.WPSttFGNOFtEPNPPUZ@I-love.SAKURA.ne.jp> Recently I added support for embedding policy into the kernel so that we can start enforcing mode before /init in the initramfs starts. This change is for Android where binary loader ( /system/bin/linker ) and shared libraries ( /system/lib/libc.so and /system/lib/libm.so ) are not accessible from /sbin/ccs-init when /init starts. If policy are embedded into the kernel, we can omit /sbin/ccs-init from the initramfs. (I'm testing and updating htdocs/1.8-tmp/android-arm.html.ja .) Now, I'm trying to support compressed policy format so that the kernel size increment by embedding policy becomes smaller. Currently, TOMOYO 1.8 kernel is ready for dealing with input like file read/write/execute /path/to/file but outputs like file read /path/to/file file write /path/to/file file execute /path/to/file because most of userland tools (e.g. ccs-editpolicy ccs-patternize) are not ready for dealing with input like file read/write/execute /path/to/file . The advantage of using compressed policy format is that it makes the policy files smaller and speeds up loading/saving policy files. The core change is shown in revision 4711. I think we should not change how it looks on the ccs-editpolicy because I think printing a line like file execute/read/write/append/unlink/getattr/rmdir/truncate/symlink/chroot/umount /path/to/file at the "<<< Domain Policy Editor >>>" screen provides poor legibility when mixed with other lines like file read /path/to/another/file . Therefore, I changed to cache the compressed line at ccs_freadline() and break into individual lines when printing. Kusuno-san, please let me know if gpet has troubles with catching up with this change. From from-tomoyo-dev-en at I-love.SAKURA.ne.jp Fri Mar 25 15:58:09 2011 From: from-tomoyo-dev-en at I-love.SAKURA.ne.jp (Tetsuo Handa) Date: Fri, 25 Mar 2011 15:58:09 +0900 Subject: [tomoyo-dev-en 174] Re: Distribution support In-Reply-To: References: <201102140033.p1E0XKPs011388@www262.sakura.ne.jp> <201102170644.AJB17671.NPUWFFNtEPOZtStPPG@I-love.SAKURA.ne.jp> <201102282209.GEE60490.OFNttWUPZPNGStPFPE@I-love.SAKURA.ne.jp> Message-ID: <201103250658.p2P6w98q090150@www262.sakura.ne.jp> Jamie Nguyen wrote: > Tetsuo Handa wrote: > > Sorry for taking so long time for translation. > > No rush. We already have usable documentation in place anyway, so > 1.8-tmp is low priority. Currently, I have linked to 1.8-tmp in the > Arch Wiki (with a suitable warning) so that users can make use of it > before it is completely done. Finished translation (revision 4755), but it is not ready for replacing with current documentation. Several topics I noticed: (1) In the world of TOMOYO, I'm using /path/to/dir/ for representing directory and /path/to/file for representing non-directory. There are cases where directories are represented without trailing / , and vice versa. (2) How program should be used? There are cases where "program" is used instead of program. Also, there are cases where used for program cmdline_arguments. (3) The example programs in chapter-12.html are explained without the location. Since these programs are not compiled/installed by default, I think source code for these programs should be linked from chapter-12.html like honey.c . (4) Should there be domainname_representation tag? (5) chapter-10.html has not enumerated all conditions. I need to add. Regards. From jamie at tomoyolinux.co.uk Sat Mar 26 06:11:47 2011 From: jamie at tomoyolinux.co.uk (Jamie Nguyen) Date: Fri, 25 Mar 2011 21:11:47 +0000 Subject: [tomoyo-dev-en 175] Re: Distribution support In-Reply-To: <201103250658.p2P6w98q090150@www262.sakura.ne.jp> References: <201102140033.p1E0XKPs011388@www262.sakura.ne.jp> <201102170644.AJB17671.NPUWFFNtEPOZtStPPG@I-love.SAKURA.ne.jp> <201102282209.GEE60490.OFNttWUPZPNGStPFPE@I-love.SAKURA.ne.jp> <201103250658.p2P6w98q090150@www262.sakura.ne.jp> Message-ID: Tetsuo Handa wrote: > Finished translation (revision 4755), but it is not ready for replacing with > current documentation. Great, thanks! > Several topics I noticed: > > (1) In the world of TOMOYO, I'm using /path/to/dir/ for representing directory > ? ?and /path/to/file for representing non-directory. There are cases where > ? ?directories are represented without trailing / , and vice versa. Sorry, I'm not sure if you mean cases still exist, or whether you have already fixed them and are simply advising for the future? Perhaps I'm too tired today, but after scanning through briefly I'm not sure that I can spot any cases. > (2) How program should be used? There are cases where "program" is > ? ?used instead of program. Also, there are cases where used for > ? ?program cmdline_arguments. I used tags for referring to commands within inline text. I found one case of using the tag with command line arguments in chapter 7.1, which I have now changed. Though I can't find cases where "program" is used instead of program. Again, is this something you have already fixed? > (3) The example programs in chapter-12.html are explained without the location. > ? ?Since these programs are not compiled/installed by default, I think source > ? ?code for these programs should be linked from chapter-12.html like > ? ?honey.c . Good idea, I've added one link to the web interface. > (4) Should there be domainname_representation tag? I'm not sure we need it. We would have to consider what to do for domain names within exception policy, or in other cases. It might complicate things more than help, but I'm open to suggestion. To me it seems readable as it is now. > (5) chapter-10.html has not enumerated all conditions. I need to add. Sure. I need to upload new html man pages too. Kind regards, Jamie From jamie at tomoyolinux.co.uk Wed Mar 30 16:00:45 2011 From: jamie at tomoyolinux.co.uk (Jamie Nguyen) Date: Wed, 30 Mar 2011 08:00:45 +0100 Subject: [tomoyo-dev-en 176] Man page authors Message-ID: I've updated 1.8.x man page authors (rev 4776) to include this: Main authors: - Tetsuo Handa Other contributers: - Toshiharu Harada Project pages. - Jamie Nguyen Man pages, documentation and website. Is everyone happy with this change? There are quite a lot of people on the developer list, but I do not know what their contributions have been, so please feel free to add their names to this list or change it. Toshiharu, I wasn't sure what to put as your contributions, so please feel free to change it to something more correct! Or perhaps we can remove the description of the contributions and just list names. Any preferences? I just wanted to make it clear that the _code_ comes predominantly from Tetsuo, with other contributions generally being in other areas. Has Toshiharu or any other developers also contributed code (aside from yocto with line coloring and the other person who did gentoo bug fix)? I want to make this authors list more complete. Kind regards, Jamie From haradats at gmail.com Wed Mar 30 16:21:43 2011 From: haradats at gmail.com (Toshiharu Harada) Date: Wed, 30 Mar 2011 16:21:43 +0900 Subject: [tomoyo-dev-en 177] Re: Man page authors In-Reply-To: References: Message-ID: Jamie, 2011/3/30 Jamie Nguyen : > I've updated 1.8.x man page authors (rev 4776) to include this: > > Main authors: > ?- Tetsuo Handa > > Other contributers: > ?- Toshiharu Harada > ? ?Project pages. > ?- Jamie Nguyen > ? Man pages, documentation and website. > > Is everyone happy with this change? There are quite a lot of people on > the developer list, but I do not know what their contributions have > been, so please feel free to add their names to this list or change > it. > > Toshiharu, I wasn't sure what to put as your contributions, so please > feel free to change it to something more correct! > > Or perhaps we can remove the description of the contributions and just > list names. Any preferences? I just wanted to make it clear that the > _code_ comes predominantly from Tetsuo, with other contributions > generally being in other areas. Has Toshiharu or any other developers > also contributed code (aside from yocto with line coloring and the > other person who did gentoo bug fix)? I want to make this authors list > more complete. I think there are two reasons to have names in online documentation. Firstly, showing authors which means giving readers responsibilities and contact methods. Secondary showing appreciations to contributors. So I'd like to suggest that man pages and tutorials should have names of Tetsuo and Jamie (I insist to have your name :-). For contributions, I'd like to leave decisions to Tetsuo. Regardless of the size and the purpose of the code, it should be considered as contribution if Tetsuo thinks so. Regarding myself (my name), the only place I would like to see (or I can stand to see) is the contact page. Surprisingly, I have seldom received messages from that page, therefore I have to admire keeping it. ;-) Best regards, Toshiharu Harada haradats ?? gmail.com From wangxiaochen0 at gmail.com Wed Mar 30 22:57:56 2011 From: wangxiaochen0 at gmail.com (Xiaochen Wang) Date: Wed, 30 Mar 2011 21:57:56 +0800 Subject: [tomoyo-dev-en 178] [PATCH] tomoyo: fix memory leak in tomoyo_commit_ok() Message-ID: <20110330135756.GA21138@chii> Description: free alloced meory when tomoyo_commit_ok() return NULL When memory used for policy exceeds the quota, tomoyo_memory_ok() return false. In this case, tomoyo_commit_ok() return NULL, not freeing the alloced memory. Signed-off-by: Xiaochen Wang --- security/tomoyo/memory.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c index 2976126..42a7b1b 100644 --- a/security/tomoyo/memory.c +++ b/security/tomoyo/memory.c @@ -75,6 +75,7 @@ void *tomoyo_commit_ok(void *data, const unsigned int size) memset(data, 0, size); return ptr; } + kfree(ptr); return NULL; } -- 1.7.2.3 From from-tomoyo-dev-en at I-love.SAKURA.ne.jp Wed Mar 30 23:19:59 2011 From: from-tomoyo-dev-en at I-love.SAKURA.ne.jp (Tetsuo Handa) Date: Wed, 30 Mar 2011 23:19:59 +0900 Subject: [tomoyo-dev-en 179] Re: [PATCH] tomoyo: fix memory leak intomoyo_commit_ok() In-Reply-To: <20110330135756.GA21138@chii> References: <20110330135756.GA21138@chii> Message-ID: <201103302319.DAF04674.FtPNGNWPZEtOUPFtPS@I-love.SAKURA.ne.jp> Xiaochen Wang wrote: > Description: free alloced meory when tomoyo_commit_ok() return NULL > > When memory used for policy exceeds the quota, tomoyo_memory_ok() return false. > In this case, tomoyo_commit_ok() return NULL, not freeing the alloced memory. > > Signed-off-by: Xiaochen Wang > --- > security/tomoyo/memory.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c > index 2976126..42a7b1b 100644 > --- a/security/tomoyo/memory.c > +++ b/security/tomoyo/memory.c > @@ -75,6 +75,7 @@ void *tomoyo_commit_ok(void *data, const unsigned int size) > memset(data, 0, size); > return ptr; > } > + kfree(ptr); > return NULL; > } > > -- > 1.7.2.3 Good catch. This bug exists since 2.6.35(TOMOYO 2.2/TOMOYO 2.3). You can forward this patch to linux-security-module ?? vger.kernel.org . Acked-by: Tetsuo Handa (TOMOYO 1.x do not have this bug.) From wangxiaochen0 at gmail.com Wed Mar 30 23:58:27 2011 From: wangxiaochen0 at gmail.com (Xiaochen Wang) Date: Wed, 30 Mar 2011 22:58:27 +0800 Subject: [tomoyo-dev-en 180] [PATCH] tomoyo: check tomoyo_get_name() return value Message-ID: <20110330145827.GA24407@chii> Description: check tomoyo_get_name() return value in tomoyo_write_profile Although tomoyo_read_profile will check this value (see below), we should not ignore the error of memory lacking. tomoyo_read_profile(): const struct tomoyo_path_info *comment = profile->comment; tomoyo_io_printf(head, "%u-COMMENT=", index); tomoyo_set_string(head, comment ? comment->name : ""); Signed-off-by: Xiaochen Wang --- security/tomoyo/common.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 7556315..fed4a0c 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -461,6 +461,10 @@ static int tomoyo_write_profile(struct tomoyo_io_buffer *head) if (!strcmp(data, "COMMENT")) { const struct tomoyo_path_info *old_comment = profile->comment; profile->comment = tomoyo_get_name(cp); + if (!profile->comment) { + profile->comment = old_comment; + return -ENOMEM; + } tomoyo_put_name(old_comment); return 0; } -- 1.7.2.3 From penguin-kernel at I-love.SAKURA.ne.jp Thu Mar 31 00:13:51 2011 From: penguin-kernel at I-love.SAKURA.ne.jp (Tetsuo Handa) Date: Thu, 31 Mar 2011 00:13:51 +0900 Subject: [tomoyo-dev-en 181] Re: [PATCH] tomoyo: check tomoyo_get_name() return value In-Reply-To: <20110330145827.GA24407@chii> References: <20110330145827.GA24407@chii> Message-ID: <201103301513.p2UFDpSZ079776@www262.sakura.ne.jp> Xiaochen Wang wrote: > Although tomoyo_read_profile will check this value (see below), > we should not ignore the error of memory lacking. Thank you. I rechecked the code and noticed that we need to use a lock for protecting the replacement. TOMOYO 1.7/1.8 and AKARI also need to use a lock and I've just fixed them. Below is an updated patch based on your suggestion. Regards. ---------------------------------------- >From 8dd2f256c3ab48851660822a8c67dfa76991b908 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Wed, 30 Mar 2011 23:11:11 +0900 Subject: [PATCH] TOMOYO: Fix race on updating profile's comment line. tomoyo_write_profile() since 2.6.34 was not using a lock when replacing profile's comment line. If multiple threads attempted echo '0-COMMENT=comment' > /sys/kernel/security/tomoyo/profile in parallel, garbage collector will fail to kfree() the old value. Protect the replacement using a lock. Also, keep the old value rather than replacing with empty string when out of memory error has occurred. Signed-off-by: Xiaochen Wang Signed-off-by: Tetsuo Handa --- security/tomoyo/common.c | 12 ++++++++++-- 1 files changed, 10 insertions(+), 2 deletions(-) diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 7556315..2b7b1a1 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -459,8 +459,16 @@ static int tomoyo_write_profile(struct tomoyo_io_buffer *head) if (profile == &tomoyo_default_profile) return -EINVAL; if (!strcmp(data, "COMMENT")) { - const struct tomoyo_path_info *old_comment = profile->comment; - profile->comment = tomoyo_get_name(cp); + static DEFINE_SPINLOCK(lock); + const struct tomoyo_path_info *new_comment + = tomoyo_get_name(cp); + const struct tomoyo_path_info *old_comment; + if (!new_comment) + return -ENOMEM; + spin_lock(&lock); + old_comment = profile->comment; + profile->comment = new_comment; + spin_unlock(&lock); tomoyo_put_name(old_comment); return 0; } -- 1.6.1 From jamie at tomoyolinux.co.uk Thu Mar 31 05:35:24 2011 From: jamie at tomoyolinux.co.uk (Jamie Nguyen) Date: Wed, 30 Mar 2011 21:35:24 +0100 Subject: [tomoyo-dev-en 182] Re: Man page authors In-Reply-To: References: Message-ID: Toshiharu Harada wrote: > So I'd like to suggest that man pages and tutorials should have > names of Tetsuo and Jamie (I insist to have your name :-). Thank you. My contribution is only small so far, but I hope to carry on contributing more to this great project :-) > For contributions, I'd like to leave decisions to Tetsuo. > Regardless of the size and the purpose of the code, it should be > considered as contribution if Tetsuo thinks so. Yes, that is my stance also. I merely mentioned it so that I could help to integrate into man pages (as man page formatting is rather tedious) in case there were any additional people Tetsuo thought should deserve a mention. > Regarding myself (my name), the only place I would like to see > (or I can stand to see) is the contact page. Surprisingly, I have > seldom received messages from that page, therefore I have to > admire keeping it. ;-) I have removed your name as requested, although I (or you) can add back at any time if you wish. I have updated 1.8.x (and also 2.3.x documentation) in preparation for 1.8.1 release. If anyone has any comments/criticisms then don't hold back! From from-tomoyo-dev-en at I-love.SAKURA.ne.jp Thu Mar 31 08:54:30 2011 From: from-tomoyo-dev-en at I-love.SAKURA.ne.jp (Tetsuo Handa) Date: Thu, 31 Mar 2011 08:54:30 +0900 Subject: [tomoyo-dev-en 183] Re: Man page authors In-Reply-To: References: Message-ID: <201103302354.p2UNsUou093146@www262.sakura.ne.jp> Jamie Nguyen wrote: > Toshiharu Harada wrote: > > For contributions, I'd like to leave decisions to Tetsuo. > > Regardless of the size and the purpose of the code, it should be > > considered as contribution if Tetsuo thinks so. > > Yes, that is my stance also. I merely mentioned it so that I could > help to integrate into man pages (as man page formatting is rather > tedious) in case there were any additional people Tetsuo thought > should deserve a mention. Contributors include those who reviewed code, gave us feedback, reported/fixed bugs, worked for enabling TOMOYO in distributor's kernels, developed GUI tools etc. I think we can make http://tomoyo.sourceforge.jp/contributors.html (or acknowledgements.html ?) since it will be impossible to enumerate all contributors within ccs-tools's man pages. From haradats at nttdata.co.jp Thu Mar 31 10:28:40 2011 From: haradats at nttdata.co.jp (Toshiharu Harada) Date: Thu, 31 Mar 2011 10:28:40 +0900 Subject: [tomoyo-dev-en 184] Re: Man page authors In-Reply-To: <201103302354.p2UNsUou093146@www262.sakura.ne.jp> References: <201103302354.p2UNsUou093146@www262.sakura.ne.jp> Message-ID: <4D93D8C8.8000909@nttdata.co.jp> (2011/03/31 8:54), Tetsuo Handa wrote: > Jamie Nguyen wrote: >> Toshiharu Harada wrote: >>> For contributions, I'd like to leave decisions to Tetsuo. >>> Regardless of the size and the purpose of the code, it should be >>> considered as contribution if Tetsuo thinks so. >> >> Yes, that is my stance also. I merely mentioned it so that I could >> help to integrate into man pages (as man page formatting is rather >> tedious) in case there were any additional people Tetsuo thought >> should deserve a mention. > > Contributors include those who reviewed code, gave us feedback, reported/fixed > bugs, worked for enabling TOMOYO in distributor's kernels, developed GUI tools > etc. I think we can make http://tomoyo.sourceforge.jp/contributors.html (or > acknowledgements.html ?) since it will be impossible to enumerate all > contributors within ccs-tools's man pages. Great idea. Reviewers names can be picked up from the page 122 of the following slide. http://www.slideshare.net/haradats/kernel-development-drawing-lessons-from-mistakes Those names have been picked up from the LKML archive. http://tomoyo.sourceforge.jp/wiki-e/?JLS2009 Best regards, Toshiharu From haradats at nttdata.co.jp Thu Mar 31 11:08:53 2011 From: haradats at nttdata.co.jp (Toshiharu Harada) Date: Thu, 31 Mar 2011 11:08:53 +0900 Subject: [tomoyo-dev-en 185] Re: Man page authors In-Reply-To: References: Message-ID: <4D93E235.4090102@nttdata.co.jp> Jamie, (2011/03/31 5:35), Jamie Nguyen wrote: > Thank you. My contribution is only small so far, but I hope to carry > on contributing more to this great project :-) Mark Twain said, ?It's not the size of the dog in the fight, it's the size of the fight in the dog.? (I'm a big fan of CSI) It's not the period nor quantity, but the spirit. Every messages you wrote and your e-mail address shows you are not just a user. In my opinion, "contribution" means supports from outside of the project, but you are already in the project. :-) :-) >> Regarding myself (my name), the only place I would like to see >> (or I can stand to see) is the contact page. Surprisingly, I have >> seldom received messages from that page, therefore I have to >> admire keeping it. ;-) > > I have removed your name as requested, although I (or you) can add > back at any time if you wish. > > I have updated 1.8.x (and also 2.3.x documentation) in preparation for > 1.8.1 release. If anyone has any comments/criticisms then don't hold > back! Best regards, Toshiharu