Posted Apr 2, 2009 15:48 UTC (Thu) by Trou.fr (subscriber, #26289) Parent article: 2.6.30 merge window, part I The merge of TOMOYO Linux sounds like very good news to me, I hope our editor will cover it in depth very soon. Also, not completely unrelated, the SMACK LSM seems to have essentially died since its inclusion in the mainline : no userland tools in Debian, last update in June, no HOWTOs ? Does anyone have more infos ?
Posted Apr 2, 2009 18:05 UTC (Thu) by nix (subscriber, #2304) [Link]
I've had a look at it, and, well, the core idea (process execution history) is lovely, though the cost is high (a near-100% slowdown of open() for instance), but the configuration file syntax and user interface, ewwww. It renders it almost unusable in my eyes. You have *numbered* 'profiles' corresponding to (non-POSIX) capability sets, so you have to remember what each number corresponds to; backslashing of *all* metacharacters, including *, combined with the absence of an 'all below' option, leading to insanity like /home/\*/\* /home/\*/\*/\* /home/\*/\*/\*/\* /home/\*/\*/\*/\*/\* /home/\*/\*/\*/\*/\*/\* /home/\*/\*/\*/\*/\*/\*/\* and hope your users don't create directories more than five deep under their $HOME, and that you didn't make a typo in that appalling forest. (What's worst about this last bit is that it can't be fixed by some userspace component munging a configuration file in a better format and echoing it to TOMOYO's /proc files. Oh, and did I mention the awful name given to the directory those files are in? If I saw it on a random system I'd have no idea it was related to TOMOYO at all.)
As of this writing, almost 6200 non-merge changesets have been added to the mainline for the 2.6.30 release. So the merge window is well and truly open. There's a lot of stuff set up for 2.6.30 already, with more certainly to come. The user-visible changes merged so far include: ・・・ Also at long last, TOMOYO Linux has been merged. TOMOYO is a pathname-based security module similar to (but significantly different from) AppArmor.
Short-term forecast: the 2.6.30 release will probably happen sometime in June, 2009. As of this writing, the merge window for new features is open; it can be expected to close sometime around April 9. Some of the more interesting changes merged to date include: ... The TOMOYO Linux security module has been merged, providing a new type of pathname-based mandatory access control.