Hello. TOMOYO Linux 1.6.8 was released. This release includes several bug fixes and one enhancement. Below is the list of changes regarding ccs-patch package. (1) ENHANCEMENT: New condition "symlink.target" was added to "if" clause. Until now, "allow_symlink" keyword allows creation of a symlink but does not check the symlink's target. Usually it is no problem because permission checks are done using dereferenced pathname. But in some cases, we should restrict the symlink's target. For example, "ln -s .htpasswd /var/www/html/readme.html" by CGI program should be blocked because we will allow Apache to read both /var/www/html/readme.html and /var/www/html/.htpasswd . Thus, I added new condition, "symlink.target". allow_symlink /var/www/html/\*.html if symlink.target="\*.html" allow_symlink /var/www/html/\*\-.\* if symlink.target="\*\-.\*" (2) BUGFIX: Don't call get_fs_type() with a mutex held. Until now, when ccs_update_mount_acl() is called with unsupported filesystem, /sbin/modprobe is executed from get_fs_type() to load filesystem module. And get_fs_type() does not return until /sbin/modprobe finishes. This means that it will cause deadlock if /sbin/modprobe (which is executed via get_fs_type() in ccs_update_mount_acl()) calls ccs_update_mount_acl(); although it won't happen unless an administrator inserts execute_handler to call mount() requests in learning mode or to add "allow_mount" entries to /proc/ccs/system_policy . I modified to unlock the mutex before calling get_fs_type(). (3) CHANGE: Don't return -EAGAIN when incoming packet was filtered. It turned out that it is not permitted for accept() and recvmsg() to return -EAGAIN if poll() said connections/datagrams are ready. However, recvmsg() may return -EAGAIN and potentially confuse some applications because ccs_socket_recvmsg_permission() is returning -EAGAIN. Thus, I modified ccs_socket_recvmsg_permission() to return -ENOMEM rather than -EAGAIN. (4) NOTICE: ccs-patch-\*.diff until TOMOYO 1.6.7 is no longer applicable for TOMOYO 1.6.8 . Since 1.5.0, I was doing network access control for incoming UDP and RAW packets inside skb_recv_datagram(). But I received a comment that I should not perform protocol specific test inside skb_recv_datagram(). Therefore, I moved ccs_recv_datagram_permission() hook from skb_recv_datagram() to udp_recvmsg()/udpv6_recvmsg()/raw_recvmsg()/rawv6_recvmsg() with name change to ccs_recvmsg_permission(). This means that ccs-patch-\*.diff until TOMOYO 1.6.7 is no longer applicable for TOMOYO 1.6.8 and vice versa. If you have problems in modifying ccs-patch-\*.diff for TOMOYO 1.6.8 , feel free to ask me. (5) BUGFIX: Fix IPv4's "address_group" handling error. Since 1.6.5 , due to lack of ntohl() (byte order conversion) in ccs_update_address_group_entry(), "address_group" with IPv4 address was not working. This problem happens on little endian platforms (e.g. x86). This bug was fixed in ccs-patch-1.6.7-20090410.tar.gz . (6) BUGFIX: Don't print non ASCII printable characters. ccs_check_mount_permission2() was passing unencoded strings to printk() and ccs_update_mount_acl() and ccs_check_supervisor(). This may cause /proc/ccs/system_policy and /proc/ccs/query to contain invalid characters within a string. This bug was fixed in ccs-patch-1.6.7-20090410.tar.gz . (7) CHANGE: Drop "undelete domain" command. I added "undelete domain" command on 2007/01/19, but never used by policy management tools. The garbage collector I added on 2007/01/29 will automatically reuse memory and allow administrators switch domain policy periodically, provided that the administrator kills processes in old domains before recreating new domains with the same domainnames. Thus, I dropped "undelete domain" command. Below is the list of changes regarding ccs-tools package. (1) ENHANCEMENT: ccs-ccstree can get information remotely. ccs-editpolicy-agent now handles requests from ccs-ccstree . (2) BUGFIX: Don't access system_policy for TOMOYO 2.2.0 . Error messages were printed when used with TOMOYO Linux 2.2.0 because TOMOYO Linux 2.2.0 does not have /sys/kernel/security/tomoyo/system_policy interface. This release contains new patches for pax-linux-2.6.27.10-200812271900 , Fedora 11 , CentOS 4.8 and vanilla 2.6.30-rc7 kernel. Thank you for using TOMOYO Linux. ccs-patch-1.6.8-20090528.tar.gz MD5: aaafb9cea744c788d9c9d1ea9580b627 ccs-tools-1.6.8-20090528.tar.gz MD5: 6668bf1f20003d36ec55e4d99d883208 By the way, TOMOYO is compact and suits well on embedded systems. A presentation slide titled "TOMOYO Linux on Android" is available at http://elinux.org/TomoyoLinux#Presentations .