名称 | 大小 | Rev. | 时间 | 作者 | Log Message |
---|---|---|---|---|---|
load_policy.c | 7.91 k | r268 | 2011-06-19 17:10:29 | kumaneko | |
realpath.c | 14.17 k | r288 | 2011-07-11 17:17:19 | kumaneko | |
mount.c | 7.77 k | r289 | 2011-07-13 17:34:43 | kumaneko | |
autobind.c | 2.54 k | r268 | 2011-06-19 17:10:29 | kumaneko | |
audit.c | 13.65 k | r268 | 2011-06-19 17:10:29 | kumaneko | |
domain.c | 34.26 k | r303 | 2011-09-02 21:12:57 | kumaneko | |
memory.c | 10.46 k | r319 | 2011-09-15 12:44:40 | kumaneko | |
config.h | 290 | r321 | 2011-09-15 15:52:57 | kumaneko | |
README | 4.92 k | r323 | 2011-09-15 17:40:38 | kumaneko | |
signal.c | 4.95 k | r268 | 2011-06-19 17:10:29 | kumaneko | |
util.c | 28.31 k | r268 | 2011-06-19 17:10:29 | kumaneko | |
file.c | 44.73 k | r268 | 2011-06-19 17:10:29 | kumaneko | |
environ.c | 2.92 k | r268 | 2011-06-19 17:10:29 | kumaneko | |
internal.h | 58.75 k | r319 | 2011-09-15 12:44:40 | kumaneko | |
capability.c | 4.18 k | r269 | 2011-06-20 12:30:08 | kumaneko | |
proc_if.c | 9.22 k | r282 | 2011-07-07 20:59:33 | kumaneko | |
ccsecurity.h | 21.2 k | r268 | 2011-06-19 17:10:29 | kumaneko | |
condition.c | 25.87 k | r268 | 2011-06-19 17:10:29 | kumaneko | |
akari_test.c | 16.68 k | r324 | 2011-09-15 21:14:25 | kumaneko | |
policy_io.c | 79.25 k | r303 | 2011-09-02 21:12:57 | kumaneko | |
COPYING | 17.57 k | r18 | 2010-10-08 16:26:01 | kumaneko | |
gc.c | 25.98 k | r303 | 2011-09-02 21:12:57 | kumaneko | |
network.c | 36.84 k | r303 | 2011-09-02 21:12:57 | kumaneko | |
lsm.c | 78.94 k | r324 | 2011-09-15 21:14:25 | kumaneko | |
group.c | 5.42 k | r289 | 2011-07-13 17:34:43 | kumaneko | |
Makefile | 2.06 k | r323 | 2011-09-15 17:40:38 | kumaneko |
Notes for AKARI project AKARI is Access Keeping And Regulating Instrument for Linux 2.6 and later kernels. You can use AKARI for analyzing your system's behavior (i.e. reports which application accesses which resources like strace command does) and optionally restricting your system's behavior (i.e. controls which application can access which resources like TOMOYO/AppArmor does). AKARI is forked from TOMOYO 1.8 and made as a LKM (loadable kernel module) so that you don't need to replace your kernels installed in your system. This patch is released under the GPLv2. Project URL: http://akari.sourceforge.jp/ ChangeLog: Version 1.0 2010/10/10 First release. Version 1.0.1 2010/10/18 Minor update release. Synchronize with TOMOYO revision 4069. Fix off-by-two in ccs_check_unix_address(). Implement post accept() LSM hook. Version 1.0.2 2010/10/25 Minor update release. Synchronize with TOMOYO revision 4090. Add getattr() and readdir() checks. Use "YYYY/MM/DD hh:mm:ss" format for /proc/ccs/ interface. Do not automatically add / for umount(). Version 1.0.3 2010/11/01 Minor update release. Synchronize with TOMOYO revision 4104. Fix pathname handling in ccs_unix_entry(). Version 1.0.4 2010/11/11 Minor update release. Synchronize with TOMOYO 1.8.0 release. Add sysctl() check for 2.6.21 to 2.6.32 kernels. Fix double new_decode_dev() bug for mknod(). Fix keyword typo. Fix build failure on some kernels. Changed pathname prefix priority. Use hash table for faster scan. Updated function comments. Version 1.0.5 2010/11/22 Minor update release. Make ccs_domain_info/ccs_flags inheritable for 2.6.29 and later kernels. Version 1.0.6 2010/12/31 Minor update release. Synchronize with TOMOYO revision 4280. Use same interface for audit logs. Split ccs_null_security into ccs_default_security and ccs_oom_security. Version 1.0.7 2011/01/21 Minor update release. Synchronize with TOMOYO revision 4400. Use filesystem name for unnamed devices when vfsmount is missing. Version 1.0.8 2011/02/07 Minor update release. Synchronize with TOMOYO revision 4545. Fix infinite loop bug when reading /proc/ccs/audit or /proc/ccs/query . Version 1.0.9 2011/02/14 Minor update release. Fix missing permission check for interpreters in 2.6.30 and later kernels. Version 1.0.10 2011/02/15 Minor update release. Fix missing permission check for interpreters in 2.6.23 and earlier kernels. Fix wrong execute permission check and domain transition in 2.6.28 and earlier kernels. Version 1.0.11 2010/04/01 Minor update release. Synchronize with TOMOYO 1.8.1 release. Run garbage collector without waiting for /proc/ccs/ users. Support built-in policy configuration. Remove /proc/ccs/meminfo interface. Pack policy when printing via /proc/ccs/ interface. Fix conditional policy parsing. Serialize updating profile's comment line. Version 1.0.12 2011/04/11 Minor update release. Synchronize with TOMOYO revision 4874. Fix fcntl(F_SETFL, O_APPEND) handling. Version 1.0.13 2011/05/05 Minor update release. Synchronize with TOMOYO revision 4963. Fix wrong profile number in audit logs for "misc env" permission. Version 1.0.14 2011/05/11 Minor update release. Synchronize with TOMOYO revision 4978. Fix wrong domainname validation. Version 1.0.15 2011/06/20 Minor update release. Synchronize with TOMOYO 1.8.2 release. Add policy namespace support. Version 1.0.16 2011/07/07 Minor update release. Synchronize with TOMOYO revision 5235. Remove /proc/ccs/.domain_status interface. Version 1.0.17 2011/07/13 Minor update release. Synchronize with TOMOYO revision 5266. Fix /proc/ccs/stat parser. Accept "::" notation for IPv6 address. Version 1.0.18 2011/09/03 Minor update release. Synchronize with TOMOYO revision 5401. Avoid race when retrying "file execute" permission check. Remove unneeded daemonize(). Fix load failure with !CONFIG_SMP && !CONFIG_DEBUG_SPINLOCK kernels. Version 1.0.19 2011/09/15 Minor update release. Use akari/config.h for choosing build options. Fix build error on CONFIG_CCSECURITY_OMIT_USERSPACE_LOADER=y case. Use lookup_mnt() rather than __put_namespace(). (2.6.0 to 2.6.2 kernels) Fix unbalanced spin_lock()/spin_unlock() pair in lsm_pin(). (2.6.15 to 2.6.35 kernels) Fix "struct task_struct" leaks of tasks created before loading akari.ko . (2.6.28 and earlier kernels) Use "struct task_struct"->pids[PIDTYPE_PID].pid instead of "struct task_struct" for associating with per "struct task_struct" variables (i.e. "struct ccs_security") in order to reduce amount of dead memory waiting for garbage collection. (2.6.29 and later kernels) Add akari_test.ko for checking whether akari.ko seems to work or not. Add SH and ARM architectures support. (Needs more testing.)