LKML Archive on
help / color / mirror / Atom feed
From: Tetsuo Handa <>
Subject: Re: [TOMOYO #12 (2.6.28-rc2-mm1) 06/11] Common functions for TOMOYOLinux.
Date: Fri, 7 Nov 2008 06:46:22 +0900	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>


Andrew Morton wrote:
> (That's two hours of tomoyo-reading for me.  I need to stop now)
Thank you very much for reviewing.
Before I answer for individual comments, I'd like to show three basic outlines.

(1) The way TOMOYO handles string data.

To be able to handle any characters correctly, TOMOYO Linux follows the rules
shown below to represent a word. A word means all tokens that are treated as
string data, such as pathnames and comments.

 * NUL character (0x00) is used for indicating end of string.
   Thus you cannot include \000 in a word.
 * \ character (0x5C) is used for indicating octal expression.
   Thus, you need to use \\ to represent a \.
 * Characters 0x01 - 0x20 and 0x7F - 0xFF are represented using octal
   expression \ooo .
 * The rest characters (i.e. 0x21 - 0x5B and 0x5D - 0x7E) are represented
   as is.

 * Space character (0x20) is used as a delimiter that separates words.
   Line feed character (0x0A) is used as a delimiter that separates lines.
 * Only words that follow the rule above and the delimiters (i.e. space
   character and line feed characters) are valid. All other characters are
   regarded as space character. Multiple spaces are automatically compressed
   into one space. Leading and trailing spaces are automatically deleted.

(2) The way TOMOYO allocates memory.

In TOMOYO Linux, memory allocated for holding access permissions and words are
never freed. There is no way except rebooting the system that can free unneeded

But don't worry. The policy seldom changes after you start production mode.
By tuning policy before starting production mode, you can reduce memory usage
to (usually) less than 1 Mega Bytes. You can also enable memory quota.

(3) The kernel-userspace interface of TOMOYO.

Policy files are automatically loaded into the kernel upon boot.
When a system boots, /sbin/init is executed. When the execution of /sbin/init
is requested and if /sbin/tomoyo-init exists, /sbin/tomoyo-init is executed,
and /sbin/init is executed after /sbin/tomoyo-init terminates.
/sbin/tomoyo-init is called only once.

TOMOYO requires no modifications of existing userland applications.
The pathname /sbin/tomoyo-init is embedded into the kernel so that we don't
need to modify /sbin/init for loading policy.

/sbin/tomoyo-init loads policy via /sys/kernel/security/tomoyo/ interface.
All data passed through this interface consists of only ASCII printable
characters, for all words consist of only ASCII printable characters.


  reply	other threads:[~2008-11-06 21:46 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-11-04  6:08 [TOMOYO #12 (2.6.28-rc2-mm1) 00/11] TOMOYO Linux Kentaro Takeda
2008-11-04  6:08 ` [TOMOYO #12 (2.6.28-rc2-mm1) 01/11] Introduce security_path_clear() hook Kentaro Takeda
2008-11-04  6:08 ` [TOMOYO #12 (2.6.28-rc2-mm1) 02/11] Add in_execve flag into task_struct Kentaro Takeda
2008-11-05 23:12   ` Andrew Morton
2008-11-04  6:08 ` [TOMOYO #12 (2.6.28-rc2-mm1) 03/11] Singly linked list implementation Kentaro Takeda
2008-11-05 23:12   ` Andrew Morton
2008-11-04  6:08 ` [TOMOYO #12 (2.6.28-rc2-mm1) 04/11] Introduce d_realpath() Kentaro Takeda
2008-11-05 23:12   ` Andrew Morton
2008-11-17  6:52     ` Kentaro Takeda
2008-11-04  6:08 ` [TOMOYO #12 (2.6.28-rc2-mm1) 05/11] Memory and pathname management functions Kentaro Takeda
2008-11-05 23:12   ` Andrew Morton
2008-11-10 10:34     ` Kentaro Takeda
2008-11-11  5:04       ` Andrew Morton
2008-11-11  6:34         ` Kentaro Takeda
2008-11-11  6:46           ` Andrew Morton
2008-11-11  7:32             ` Kentaro Takeda
2008-11-04  6:08 ` [TOMOYO #12 (2.6.28-rc2-mm1) 06/11] Common functions for TOMOYO Linux Kentaro Takeda
2008-11-05 23:12   ` Andrew Morton
2008-11-06 21:46     ` Tetsuo Handa [this message]
2008-11-08 16:38     ` [TOMOYO #12 (2.6.28-rc2-mm1) 06/11] Common functions for TOMOYOLinux Tetsuo Handa
2008-11-10  0:41       ` Serge E. Hallyn
2008-11-10  2:24         ` Tetsuo Handa
2008-11-10  2:52           ` Serge E. Hallyn
2008-11-10  3:30             ` Tetsuo Handa
2008-11-10 14:00               ` Serge E. Hallyn
2008-11-10 10:35     ` [TOMOYO #12 (2.6.28-rc2-mm1) 06/11] Common functions for TOMOYO Linux Kentaro Takeda
2008-11-14  9:22     ` Kentaro Takeda
2008-11-04  6:08 ` [TOMOYO #12 (2.6.28-rc2-mm1) 07/11] File operation restriction part Kentaro Takeda
2008-11-04  6:08 ` [TOMOYO #12 (2.6.28-rc2-mm1) 08/11] Domain transition handler Kentaro Takeda
2008-11-04  6:08 ` [TOMOYO #12 (2.6.28-rc2-mm1) 09/11] LSM adapter functions Kentaro Takeda
2008-11-04  6:08 ` [TOMOYO #12 (2.6.28-rc2-mm1) 10/11] Kconfig and Makefile Kentaro Takeda
2008-11-04  6:08 ` [TOMOYO #12 (2.6.28-rc2-mm1) 11/11] MAINTAINERS info Kentaro Takeda

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).