TOMOYO Linux introduced support for "domain transition without execve()" in 1.7.2 so that you can split permissions for Apache's CGI programs that are executed without execve(). The behavior of "domain transition without execve()" in TOMOYO 1.7.2 is to allow transition to only child domain of the caller domain while supporting disabled/learning/permissive/enforcing modes. But I thought that allowing transition to arbitrary domain while supporting only enforcing mode is more useful/flexible/secure. Thus, I changed the behavior in TOMOYO 1.8.0 . Now, I'm updating mod_ccs (Apache module for doing "domain transition without execve()"). mod_ccs for TOMOYO 1.7.2 ( http://tomoyo.sourceforge.jp/1.7/tutorial-10.html ) automatically performs domain transition based on virtual host's name and optionally performs domain transition based on requested pathname. mod_ccs for TOMOYO 1.8.0 ( http://tomoyo.sourceforge.jp/1.8/tutorial-10.html ) currently does not perform domain transition based on virtual host's name because too many domains will be created if Apache hosts many virtual hosts. This mail is for requesting for comments/questions on specification of mod_ccs . Please have a look at the page above and talk about your preferred specification. For example, (1) mod_ccs should (a) use a single configuration file or (b) use separated configuration files split by each virtual host . (2) mod_ccs should (a) reject request or (b) accept request without doing domain transition or (c) accept request with default domain transition if configuration file for that virtual host was not found. (3) mod_ccs should (a) reject request or (b) accept request without doing domain transition or (c) accept request with default domain transition if no matching entry was found in the configuration file. (4) mod_ccs should determine based on what parameters. As of revision 4393 (in TOMOYO's subversion repository), the behavior is (b) for (1) and (a) for (2) and (a) for (3). Currently, mod_ccs determines "domainname to transit to for processing the requested pathname" based on "virtual host's name" and "requested pathname". By the way, 2.6.38-rc1 was released and TOMOYO 1.8 is ready for supporting 2.6.38, but TOMOYO 1.7 is not ready. Does anyone want to use TOMOYO 1.7 on 2.6.38? If yes, please reply.
TOMOYO
Fork