FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS Development

 
 
LinkBack Thread Tools
 
Old 12-28-2011, 05:17 PM
Akemi Yagi
 
Default TOMOYO security module in the centosplus kernel

I would like to continue this thread under a new subject.

On Wed, Nov 2, 2011 at 5:01 AM, Tetsuo Handa
<from-centos@i-love.sakura.ne.jp> wrote:
> Karanbir Singh wrote:
>> On 10/27/2011 04:57 AM, Tetsuo Handa wrote:
>> > My apologies. I was misunderstanding. I was assuming that making changes in
>> > "struct security_operations" breaks the kABI. But it seems it does not.
>>
>> excellent, lets do it then.
>>
> I see. Created http://bugs.centos.org/view.php?id=5219 for this topic.

As can be seen in that bug report, the centosplus kernel has had
TOMOYO security module enabled since kernel-2.6.32-131.21.1.el6.

Handa-san, do you think it is a good idea to apply patches [1]
referenced on the TOMOYO 2.2 page [2]?

The cplus kernel can easily accommodate patches like that until they
eventually appear in the upstream kernel.

Akemi

[1] http://tomoyo.sourceforge.jp/2.2/patches/
[2] http://tomoyo.sourceforge.jp/2.2/install.html.en
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 12-29-2011, 12:31 AM
Tetsuo Handa
 
Default TOMOYO security module in the centosplus kernel

Akemi Yagi wrote:
> > Karanbir Singh wrote:
> >> On 10/27/2011 04:57 AM, Tetsuo Handa wrote:
> >> > My apologies. I was misunderstanding. I was assuming that making changes in
> >> > "struct security_operations" breaks the kABI. But it seems it does not.
> >>
> >> excellent, lets do it then.
> >>
> > I see. Created http://bugs.centos.org/view.php?id=5219 for this topic.
>
> As can be seen in that bug report, the centosplus kernel has had
> TOMOYO security module enabled since kernel-2.6.32-131.21.1.el6.
>
> Handa-san, do you think it is a good idea to apply patches [1]
> referenced on the TOMOYO 2.2 page [2]?

Well, nobody has ever hit this race. But if carrying below patch does not
bother toracat, it is nice to have below patch applied.
----------
[PATCH] TOMOYO: Fix race on updating profile's comment line.

commit 2a086e5d3a23570735f75b784d29b93068070833 upstream.

tomoyo_save_name() in tomoyo_write_profile() may return NULL.
Therefore,

profile->comment ? profile->comment->name : ""

in tomoyo_read_profile() may race.
Keep the old value rather than replace with empty string when out of memory
error has occurred.

Signed-off-by: Xiaochen Wang <wangxiaochen0@gmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
security/tomoyo/common.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

--- linux-2.6.32.49.orig/security/tomoyo/common.c
+++ linux-2.6.32.49/security/tomoyo/common.c
@@ -924,7 +924,11 @@ static int tomoyo_write_profile(struct t
return -EINVAL;
*cp = '';
if (!strcmp(data, "COMMENT")) {
- profile->comment = tomoyo_save_name(cp + 1);
+ const struct tomoyo_path_info *new_comment
+ = tomoyo_save_name(cp + 1);
+ if (!new_comment)
+ return -ENOMEM;
+ profile->comment = new_comment;
return 0;
}
for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) {
----------
Regards.
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 12-29-2011, 01:26 AM
Akemi Yagi
 
Default TOMOYO security module in the centosplus kernel

On Wed, Dec 28, 2011 at 5:31 PM, Tetsuo Handa
<from-centos@i-love.sakura.ne.jp> wrote:
> Akemi Yagi wrote:

>> Handa-san, do you think it is a good idea to apply patches [1]
>> referenced on the TOMOYO 2.2 page [2]?
>
> Well, nobody has ever hit this race. But if carrying below patch does not
> bother toracat, it is nice to have below patch applied.
> ----------
> [PATCH] TOMOYO: Fix race on updating profile's comment line.
>
> commit 2a086e5d3a23570735f75b784d29b93068070833 upstream.

toracat can never be bothered by patches. :-)

Thanks for the patch. Just filed a RFE here:

http://bugs.centos.org/view.php?id=5378

Akemi
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 

Thread Tools




All times are GMT. The time now is 01:26 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org