Discussion:
[tomoyo-users-en 480] ccs-patch-1.6.9p4/1.7.3p4/1.8.3p7 akari-1.0.27 caitsith-0.1p1 uploaded.
(too old to reply)
Tetsuo Handa
2012-05-05 13:50:03 UTC
Permalink
Raw Message
ccs-patch 1.8.3p7 fixes three bugs.

(1) Regarding 2.6.0-2.6.11 kernels, TOMOYO needs to use
spin_lock_bh()/spin_unlock_bh() rather than
spin_lock_irq()/spin_unlock_irq() when a packet was dropped by TOMOYO.

(2) Regarding RHEL 5.2-5.8 kernels, TOMOYO needs to protect
skb_kill_datagram() call with lock_sock()/release_sock() when UDP packet
was dropped by TOMOYO.

(3) Regarding Ubuntu 12.04 kernel on Live CD, TOMOYO needs to accept manager
programs which do not start with / because the pathname of
/usr/sbin/ccs-editpolicy seen from Ubuntu 12.04 Live CD is
squashfs:/usr/sbin/ccs-editpolicy rather than /usr/sbin/ccs-editpolicy .

Unless you are using one of kernel versions listed above, this update will not
be needed.



ccs-patch-1.7.3p4 and ccs-patch-1.6.9p4 fixes the bugs (1) and (2).



Live CD for Ubuntu 12.04 + TOMOYO 1.8.3p7 is now available.
http://tomoyo.sourceforge.jp/1.8/ubuntu12.04-live.html

This Live CD can be also used as Ubuntu 12.04 + TOMOYO 2.5 by appending
"security=tomoyo ccsecurity=off" to the kernel boot options.

We are too late for putting tomoyo-tools-2.5 into repository for Ubuntu 12.04.
Please install tomoyo-tools-2.5 from source rather than trying to install
binary tomoyo-tools-2.5 package using apt-get, for the package installed by
apt-get is tomoyo-tools-2.4 and therefore causes kernel panic upon boot due to
profile version mismatch.

TOMOYO: 2.5.0
Profile version 20100903 is not supported.
Userland tools for TOMOYO 2.5 must be installed and policy must be initialized.
Please see http://tomoyo.sourceforge.jp/2.5/ for more information.
Kernel panic - not syncing: STOP!



akari-1.0.27 fixes the bug (3) and supports any RHEL 4/5/6 kernels.
The bugs (1) and (2) do not affect AKARI, for AKARI cannot handle incoming
packets.



Please let me know if you found any problems.

ccs-patch-1.6.9-20120505.tar.gz MD5: 3333f441b9e74b8fc6f9722c701e2e1d
ccs-patch-1.7.3-20120505.tar.gz MD5: aaaa0b076d2ff853a7f7007c7521df8e
ccs-patch-1.8.3-20120505.tar.gz MD5: 444498151f894b1985f1beb98679bcfe
akari-1.0.27-20120505.tar.gz MD5: bbbbb12c4aee2e8e5ffc3b4075163bcc
caitsith-patch-0.1-20120505.tar.gz MD5: 1111566e2503e5155771c4c4f80f96ff
caitsith-tools-0.1-20120505.tar.gz MD5: aaaa08c1b97338647a2d240be6d6e430
Tetsuo Handa
2012-07-10 12:59:12 UTC
Permalink
Raw Message
Hello.

As CentOS 6.3 was released, I refreshed ccs-patch-1.8.3p7 and
akari-1.0.27 tarballs. These tarballs also include changes for
supporting kuid_t and kgid_t data types (which were added for
supporting UID namespace in Linux 3.5).

Please let me know if you found any problems (e.g. build warning).

ccs-patch-1.8.3-20120710.tar.gz MD5: 7777477757d7a567f70d36a5e13e846c
akari-1.0.27-20120710.tar.gz MD5: 9999077ee38a66bb9fbe97d753b3607e



I'll attend LinuxCon North America 2012 and have a presentation on CaitSith
(2:00 pm of August 29 at http://events.linuxfoundation.org/events/linuxcon/schedule ).
Presentation slides are under construction but I appreciate if someone can
check for grammatical errors.

Loading...