Hello. Several months have elapsed since the restart of "Multiple concurrent LSMs" proposal. While I consider that legally supporting LKM-based LSM modules ( http://lwn.net/Articles/526983/ ) improves the value of this proposal, I decided to suppress it until this proposal arrives at Linus's tree ( http://marc.info/?l=linux-security-module&m=135903049311553&w=3 ). Instead, I updated AKARI and CaitSith to follow version 12 (2013/01/08) patchset. Also, the new version of AKARI and CaitSith can now work together (other than on Linux 2.6.29 and 2.6.30 kernels). From now on, you can enforce restriction on some processes using AKARI while enforcing protection on specific resources using CaitSith. This is an example usage of "Multiple concurrent LKM-based LSM modules". ;-) Regarding code for probing LSM hooks, it was rewritten so that both AKARI and CaitSith can use the same code. Please test for regression about code for probing LSM hooks, for I can't test on all possible environments. Regarding tools packages, all tarballs are updated for rpm/deb package management reasons (i.e. handle rpm installation error in Fedora 18, handle missing hardening flags when compiling a deb package). ccs-patch-1.8.3-20130214.tar.gz MD5: aaaa44ee64f36d04bfd75ebc0bd7874e akari-1.0.30-20130214.tar.gz MD5: dddd88385c53b99cb3eb635b68753c94 caitsith-patch-0.1-20130214.tar.gz MD5: cccc3448ad2a83d03c6c611b026acd2c ccs-tools-1.8.3-20130214.tar.gz MD5: ffff5333a3d7c4f61fb6addfbc961c65 tomoyo-tools-2.5.0-20130214.tar.gz MD5: ffff6b531ed9ac32b01722a9cd749a2f caitsith-tools-0.1-20130214.tar.gz MD5: 3333f80afd48c7c44b56fe8748a2d143
TOMOYO
Fork