git.baikalelectronics.ru Git - kernel.git/commit

author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
	Sun, 26 Jun 2011 14:19:52 +0000 (23:19 +0900)
committer	James Morris <jmorris@namei.org>
	Tue, 28 Jun 2011 23:31:21 +0000 (09:31 +1000)
commit	5a4f677fe76e5d0ca97a4574f6575ffde60d4a1e
tree	9d78290c878e6466fe3e0bda7ee5989c0dc39e40	tree \| snapshot
parent	9bb3933d05c02060d94a69459031850ab42e7194	commit \| diff

TOMOYO: Add policy namespace support.

Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments,
for TOMOYO cannot distinguish between environments outside the container and
environments inside the container since LXC environments are created using
pivot_root(). To address this problem, this patch introduces policy namespace.

Each policy namespace has its own set of domain policy, exception policy and
profiles, which are all independent of other namespaces. This independency
allows users to develop policy without worrying interference among namespaces.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

security/tomoyo/audit.c		diff \| blob \| history
security/tomoyo/common.c		diff \| blob \| history
security/tomoyo/common.h		diff \| blob \| history
security/tomoyo/domain.c		diff \| blob \| history
security/tomoyo/file.c		diff \| blob \| history
security/tomoyo/gc.c		diff \| blob \| history
security/tomoyo/memory.c		diff \| blob \| history
security/tomoyo/util.c		diff \| blob \| history