11:23 p.m.
Hi
I'm almost ready to release SMACK user space v1.0.4. Main highlights
for the release are at least:
- Rules are ordered by subject in the internal structure and merged
when they are applied to the kernel or written to a file.
- Label addition operation uses a hash table to lookup whether a label
already exists.
- Rules are uploaded to the kernel in page chunks when the kernel is
recent enough. The availability of the feature is dynamically probed.
- Improved backwards compatibility. Handling of short labels and short
CIPSO labels has been added to every function that deals with the
kernel interface.
- libsmack is now ready for init systems like systemd and
upstart. Lazy lookup is used to find the SmackFS mount point instead
of doing the lookup in the DSO initializer.
- Reliability and security has been improved by keeping a file
descriptor open to the SmackFS mount point from the point when it is
first accessed to the end of the process life-cycle.
- chsmack has gained a feature to follow symbolic links with '-L' option.
- chsmack has gained a feature to delete attributes with '-d' option.
Phew, I just scratched these things from my head without looking much
to the code. The thing I'm happy about in this release is that I've been
able to move myself more from developer role to the maintainer role making
only small fixes and improvements here and there and big things come from
people who need those for some of their workloads.
I'll put a full git changelog with release announcement when once I've
tagged the release to this mailing list.
/Jarkko
11:47 p.m.
On gio, 2014-02-20 at 14:23 +0200, Jarkko Sakkinen wrote:
Hi
I'm almost ready to release SMACK user space v1.0.4. Main highlights
for the release are at least:
- Rules are ordered by subject in the internal structure and merged
when they are applied to the kernel or written to a file.
- Label addition operation uses a hash table to lookup whether a label
already exists.
- Rules are uploaded to the kernel in page chunks when the kernel is
recent enough. The availability of the feature is dynamically probed.
- Improved backwards compatibility. Handling of short labels and short
CIPSO labels has been added to every function that deals with the
kernel interface.
- libsmack is now ready for init systems like systemd and
upstart. Lazy lookup is used to find the SmackFS mount point instead
of doing the lookup in the DSO initializer.
- Reliability and security has been improved by keeping a file
descriptor open to the SmackFS mount point from the point when it is
first accessed to the end of the process life-cycle.
- chsmack has gained a feature to follow symbolic links with '-L' option.
- chsmack has gained a feature to delete attributes with '-d' option.
Phew, I just scratched these things from my head without looking much
to the code. The thing I'm happy about in this release is that I've been
able to move myself more from developer role to the maintainer role making
only small fixes and improvements here and there and big things come from
people who need those for some of their workloads.
I'll put a full git changelog with release announcement when once I've
tagged the release to this mailing list.
This is really good!
Thank you
Best regards
José
/Jarkko
_______________________________________________
SMACK-discuss mailing list
SMACK-discuss(a)lists.01.org
https://lists.01.org/mailman/listinfo/smack-discuss
5:47 p.m.
On Thu, Feb 20, 2014 at 02:23:18PM +0200, Jarkko Sakkinen wrote:
Hi
I'm almost ready to release SMACK user space v1.0.4. Main highlights
for the release are at least:
- Rules are ordered by subject in the internal structure and merged
when they are applied to the kernel or written to a file.
- Label addition operation uses a hash table to lookup whether a label
already exists.
- Rules are uploaded to the kernel in page chunks when the kernel is
recent enough. The availability of the feature is dynamically probed.
- Improved backwards compatibility. Handling of short labels and short
CIPSO labels has been added to every function that deals with the
kernel interface.
- libsmack is now ready for init systems like systemd and
upstart. Lazy lookup is used to find the SmackFS mount point instead
of doing the lookup in the DSO initializer.
- Reliability and security has been improved by keeping a file
descriptor open to the SmackFS mount point from the point when it is
first accessed to the end of the process life-cycle.
- chsmack has gained a feature to follow symbolic links with '-L' option.
- chsmack has gained a feature to delete attributes with '-d' option.
Phew, I just scratched these things from my head without looking much
to the code. The thing I'm happy about in this release is that I've been
able to move myself more from developer role to the maintainer role making
only small fixes and improvements here and there and big things come from
people who need those for some of their workloads.
I'll put a full git changelog with release announcement when once I've
tagged the release to this mailing list.
This the changelog for the v1.0.4 release.
Jan Cybulski (5):
Add dictionary for labels
libsmack: implement internal hash table of labels
libsmack: add possibility of resizing table of labels
tests: Change program generating test data
tests: Produce sorted policy with unique rule only
Jarkko Sakkinen (13):
Revert "utils: use common code for apply_rules and apply_cipso"
tests: starting point for stress testing
libsmack: fix label validation in smack_new_label_from_path
libsmack: fixed label validation in smack_have_access()
utils: fix error message in smackaccess
libsmack: fix: 'accesses_print' declaration was in wrong place
libsmack: fix: fail if neither 'load' and 'load2' cannot be opened
libsmack: add a common function for opening long and short label file
libsmack: fallback to 'cipso' when 'cipso2' is not available
libsmack: close smackfs_mnt_dirfd in the library destructor
libsmack: lazy initialization for SmackFS mount point
Removed redundant AUTHORS files.
Changed library version to 1.0.4
José Bollo (24):
Fix return value of 'smack_new_label_from_path'
chsmack: using linux constants for Smack's names
chsmack: put usage string at head
chsmack: validation of labels
chsmack: use of 'smack_new_label_from_path'
chsmack: use of 'smack_set_label_for_path'
chsmack: exchanging order of nested blocks if/for
chsmack: add dereference option
chsmack: checking transmute on directories
chsmack: using flags for labels
chsmack: split option scan in two parts
chsmack: add option to remove labels
chsmack: refusing repeated labels
chsmack: update of the manual
libsmack: fix a bug in validation of labels
Fix bug in cipso written rules
Adding a program generating test data.
tests: Changing filenames
tests: Renaming 'r' to 'alea'
tests: Correcting exit codes
tests: Adding some comments
tests: Adding a usage function.
tests: Improved formating of code
tests: Improved version of generator
Rafal Krypa (22):
Avoid memory allocation while opening smackfs files.
utils: drop build dependency on libattr, introduced by 5da1a22.
autogen.sh: fix passing arguments to configure
Compile for the C99 standard.
utils: fix build warnings related to smack_smackfs_path()
libsmack: don't define __GNU_SOURCE in the code
utils: use common code for apply_rules and apply_cipso
libsmack: use common code for smack_accesses_add() and smack_accessess_add_modify()
libsmack: use common code for smack_accesses_apply() and smack_accesses_save().
Update .gitignore files to ignore all build-time generated files
libsmack: change logic for detecting long labels in smack_accesses
libsmack: use 16 bits for smack access codes instead of sizeof(int) * 2
libsmack: make local function accesses_add() static
libsmack: refactoring of label dictionary code
libsmack: shrink few rule and label struct fields
libsmack: reorganize rule lists for struct smack_accesses
libsmack: change semantics of rule allow_code and deny_code
libsmack: merge rules with the same subject and object before applying them
change type of label_id back to int
don't allocate memory in accesses_print
libsmack: enable multi-line support for writing to load2 and change-rule
libsmack: avoid sprintf() when printing rules in long format
/Jarkko
3106
days inactive
3132
days old
2 comments
2 participants
participants (2)
-
Jarkko Sakkinen -
José Bollo