TOMOYO

Fork

[tomoyo-users-en 542] Re: AKARI 1.0.30 and CaitSith 0.1.9 are available.

• Previous message (by thread): [tomoyo-users-en 541] AKARI 1.0.30 and CaitSith 0.1.9 are available.
• Next message (by thread): [tomoyo-users-en 543] Re: AKARI 1.0.30 and CaitSith 0.1.9 areavailable.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Tetsuo,

Great stuff! I understand you need to have both CaitSith and AKARI as a
module for both to work.
That's actually nice as CaitSith functionality look great for overall
system hardening, while I have some targetted policies for
Tomoyo/CCS/AKARI that look hard to port to CaitSith and the resulting
policy would be much harder to read/maintain imo.

Is there any way to have both compiled in?

Cheers
Milton


Le 14/02/2013 15:23, Tetsuo Handa a écrit :
> Hello.
> 
> Several months have elapsed since the restart of "Multiple concurrent LSMs"
> proposal. While I consider that legally supporting LKM-based LSM modules
> ( http://lwn.net/Articles/526983/ ) improves the value of this proposal, I
> decided to suppress it until this proposal arrives at Linus's tree
> ( http://marc.info/?l=linux-security-module&m=135903049311553&w=3 ). Instead,
> I updated AKARI and CaitSith to follow version 12 (2013/01/08) patchset.
> 
> Also, the new version of AKARI and CaitSith can now work together (other than
> on Linux 2.6.29 and 2.6.30 kernels). From now on, you can enforce restriction
> on some processes using AKARI while enforcing protection on specific resources
> using CaitSith. This is an example usage of "Multiple concurrent LKM-based LSM
> modules". ;-)
> 
> Regarding code for probing LSM hooks, it was rewritten so that both AKARI and
> CaitSith can use the same code. Please test for regression about code for
> probing LSM hooks, for I can't test on all possible environments.
> 
> Regarding tools packages, all tarballs are updated for rpm/deb package
> management reasons (i.e. handle rpm installation error in Fedora 18, handle
> missing hardening flags when compiling a deb package).
> 
> ccs-patch-1.8.3-20130214.tar.gz     MD5: aaaa44ee64f36d04bfd75ebc0bd7874e
> akari-1.0.30-20130214.tar.gz        MD5: dddd88385c53b99cb3eb635b68753c94
> caitsith-patch-0.1-20130214.tar.gz  MD5: cccc3448ad2a83d03c6c611b026acd2c
> ccs-tools-1.8.3-20130214.tar.gz     MD5: ffff5333a3d7c4f61fb6addfbc961c65
> tomoyo-tools-2.5.0-20130214.tar.gz  MD5: ffff6b531ed9ac32b01722a9cd749a2f
> caitsith-tools-0.1-20130214.tar.gz  MD5: 3333f80afd48c7c44b56fe8748a2d143
> 
> _______________________________________________
> tomoyo-users-en mailing list
> tomoy****@lists*****
> http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
> 

• Previous message (by thread): [tomoyo-users-en 541] AKARI 1.0.30 and CaitSith 0.1.9 are available.
• Next message (by thread): [tomoyo-users-en 543] Re: AKARI 1.0.30 and CaitSith 0.1.9 areavailable.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]