<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="/rss.xsl.xml"?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>
    <title>Changes in Kconfig</title>
    <description></description>
    <language>en</language>
    <copyright>Copyright 2015</copyright>
    <generator>Java</generator><item>
        <title>c5e3cdbf - tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/tomoyo/Kconfig#c5e3cdbf</link>
        <description>tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM supportThis patch reverts two TOMOYO patches that were merged into Linus&apos; treeduring the v6.12 merge window:8b985bbfabbe (&quot;tomoyo: allow building as a loadable LSM module&quot;)268225a1de1a (&quot;tomoyo: preparation step for building as a loadable LSM module&quot;)Together these two patches introduced the CONFIG_SECURITY_TOMOYO_LKMKconfig build option which enabled a TOMOYO specific dynamic LSM loadingmechanism (see the original commits for more details).  Unfortunately,this approach was widely rejected by the LSM community as well as somemembers of the general kernel community.  Objections included concernsover setting a bad precedent regarding individual LSMs managing theirLSM callback registrations as well as general kernel symbol exportingpractices.  With little to no support for the CONFIG_SECURITY_TOMOYO_LKMapproach outside of Tetsuo, and multiple objections, we need to revertthese changes.Link: https://lore.kernel.org/all/0c4b443a-9c72-4800-97e8-a3816b6a9ae2@I-love.SAKURA.ne.jpLink: https://lore.kernel.org/all/CAHC9VhR=QjdoHG3wJgHFJkKYBg7vkQH2MpffgVzQ0tAByo_wRg@mail.gmail.comAcked-by: John Johansen &lt;john.johansen@canonical.com&gt;Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;

            List of files:
            /linux-6.15/security/tomoyo/Kconfig</description>
        <pubDate>Thu, 03 Oct 2024 20:43:39 +0000</pubDate>
        <dc:creator>Paul Moore &lt;paul@paul-moore.com&gt;</dc:creator>
    </item>
<item>
        <title>8b985bbf - tomoyo: allow building as a loadable LSM module</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/tomoyo/Kconfig#8b985bbf</link>
        <description>tomoyo: allow building as a loadable LSM moduleOne of concerns for enabling TOMOYO in prebuilt kernels is that distributorwants to avoid bloating kernel packages. Although boot-time kernel commandline options allows selecting built-in LSMs to enable, file size increaseof vmlinux and memory footprint increase of vmlinux caused by builtin-but-not-enabled LSMs remains. If it becomes possible to make LSMs dynamicallyappendable after boot using loadable kernel modules, these problems willgo away.Another of concerns for enabling TOMOYO in prebuilt kernels is that who canprovide support when distributor cannot provide support. Due to &quot;those whocompiled kernel code is expected to provide support for that kernel code&quot;spell, TOMOYO is failing to get enabled in Fedora distribution [1]. Thepoint of loadable kernel module is to share the workload. If it becomespossible to make LSMs dynamically appendable after boot using loadablekernel modules, as with people can use device drivers not supported bydistributors but provided by third party device vendors, we can breakthis spell and can lower the barrier for using TOMOYO.This patch is intended for demonstrating that there is nothing difficultfor supporting TOMOYO-like loadable LSM modules. For now we need to livewith a mixture of built-in part and loadable part because fully loadableLSM modules are not supported since Linux 2.6.24 [2] and number of LSMswhich can reserve static call slots is determined at compile time inLinux 6.12.Major changes in this patch are described below.There are no behavior changes as long as TOMOYO is built into vmlinux.Add CONFIG_SECURITY_TOMOYO_LKM as &quot;bool&quot; instead of changingCONFIG_SECURITY_TOMOYO from &quot;bool&quot; to &quot;tristate&quot;, for something wentwrong with how Makefile is evaluated if I choose &quot;tristate&quot;.Add proxy.c for serving as a bridge between vmlinux and tomoyo.ko .Move callback functions from init.c to proxy.c when building as a loadableLSM module. init.c is built-in part and remains for reserving static callslots. proxy.c contains module&apos;s init function and tells init.c location ofcallback functions, making it possible to use static call for tomoyo.ko .By deferring initialization of &quot;struct tomoyo_task&quot; until tomoyo.ko isloaded, threads created between init.c reserved LSM hooks and proxy.cupdates LSM hooks will have NULL &quot;struct tomoyo_task&quot; instances. Assumingthat tomoyo.ko is loaded by the moment when the global init process starts,initialize &quot;struct tomoyo_task&quot; instance for current thread as a kernelthread when tomoyo_task(current) is called for the first time.There is a hack for exporting currently not-exported functions.This hack will be removed after all relevant functions are exported.Link: https://bugzilla.redhat.com/show_bug.cgi?id=542986 [1]Link: https://lkml.kernel.org/r/caafb609-8bef-4840-a080-81537356fc60@I-love.SAKURA.ne.jp [2]Signed-off-by: Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;

            List of files:
            /linux-6.15/security/tomoyo/Kconfig</description>
        <pubDate>Mon, 23 Sep 2024 10:55:50 +0000</pubDate>
        <dc:creator>Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;</dc:creator>
    </item>
<item>
        <title>c6144a21 - tomoyo: update project links</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/tomoyo/Kconfig#c6144a21</link>
        <description>tomoyo: update project linksTOMOYO project has moved to SourceForge.net .Signed-off-by: Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;

            List of files:
            /linux-6.15/security/tomoyo/Kconfig</description>
        <pubDate>Mon, 03 Jun 2024 13:43:11 +0000</pubDate>
        <dc:creator>Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;</dc:creator>
    </item>
<item>
        <title>fa17087e - tomoyo: Update website link</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/tomoyo/Kconfig#fa17087e</link>
        <description>tomoyo: Update website linkSourceForge.JP was renamed to OSDN in May 2015.Signed-off-by: Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;

            List of files:
            /linux-6.15/security/tomoyo/Kconfig</description>
        <pubDate>Fri, 13 Jan 2023 14:11:38 +0000</pubDate>
        <dc:creator>Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;</dc:creator>
    </item>
<item>
        <title>1ed8a462 - tomoyo: Remove &quot;select SRCU&quot;</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/tomoyo/Kconfig#1ed8a462</link>
        <description>tomoyo: Remove &quot;select SRCU&quot;Now that the SRCU Kconfig option is unconditionally selected, there isno longer any point in selecting it.  Therefore, remove the &quot;select SRCU&quot;Kconfig statements.Signed-off-by: Paul E. McKenney &lt;paulmck@kernel.org&gt;Signed-off-by: Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;

            List of files:
            /linux-6.15/security/tomoyo/Kconfig</description>
        <pubDate>Fri, 13 Jan 2023 14:08:04 +0000</pubDate>
        <dc:creator>Paul E. McKenney &lt;paulmck@kernel.org&gt;</dc:creator>
    </item>
<item>
        <title>80f8be7a - tomoyo: Omit use of bin2c</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/tomoyo/Kconfig#80f8be7a</link>
        <description>tomoyo: Omit use of bin2cbin2c was, as its name implies, introduced to convert a binary file toC code.However, I did not see any good reason ever for using this tool becauseusing the .incbin directive is much faster, and often results in simplercode.Most of the uses of bin2c have been killed, for example:  - 13610aa908dc (&quot;kernel/configs: use .incbin directive to embed config_data.gz&quot;)  - 4c0f032d4963 (&quot;s390/purgatory: Omit use of bin2c&quot;)security/tomoyo/Makefile has even less reason for using bin2c becausethe policy files are text data. So, sed is enough for converting themto C string literals, and what is nicer, generates human-readablebuiltin-policy.h.This is the last user of bin2c. After this commit lands, bin2c will beremoved.Signed-off-by: Masahiro Yamada &lt;masahiroy@kernel.org&gt;[penguin-kernel: Update sed script to also escape backslash and quote ]Signed-off-by: Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;

            List of files:
            /linux-6.15/security/tomoyo/Kconfig</description>
        <pubDate>Sun, 08 Jan 2023 13:47:26 +0000</pubDate>
        <dc:creator>Masahiro Yamada &lt;masahiroy@kernel.org&gt;</dc:creator>
    </item>
<item>
        <title>a7f7f624 - treewide: replace &apos;---help---&apos; in Kconfig files with &apos;help&apos;</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/tomoyo/Kconfig#a7f7f624</link>
        <description>treewide: replace &apos;---help---&apos; in Kconfig files with &apos;help&apos;Since commit 84af7a6194e4 (&quot;checkpatch: kconfig: prefer &apos;help&apos; over&apos;---help---&apos;&quot;), the number of &apos;---help---&apos; has been graduallydecreasing, but there are still more than 2400 instances.This commit finishes the conversion. While I touched the lines,I also fixed the indentation.There are a variety of indentation styles found.  a) 4 spaces + &apos;---help---&apos;  b) 7 spaces + &apos;---help---&apos;  c) 8 spaces + &apos;---help---&apos;  d) 1 space + 1 tab + &apos;---help---&apos;  e) 1 tab + &apos;---help---&apos;    (correct indentation)  f) 1 tab + 1 space + &apos;---help---&apos;  g) 1 tab + 2 spaces + &apos;---help---&apos;In order to convert all of them to 1 tab + &apos;help&apos;, I ran thefollowing commend:  $ find . -name &apos;Kconfig*&apos; | xargs sed -i &apos;s/^[[:space:]]*---help---/\thelp/&apos;Signed-off-by: Masahiro Yamada &lt;masahiroy@kernel.org&gt;

            List of files:
            /linux-6.15/security/tomoyo/Kconfig</description>
        <pubDate>Sat, 13 Jun 2020 16:50:22 +0000</pubDate>
        <dc:creator>Masahiro Yamada &lt;masahiroy@kernel.org&gt;</dc:creator>
    </item>
<item>
        <title>ec8f24b7 - treewide: Add SPDX license identifier - Makefile/Kconfig</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/tomoyo/Kconfig#ec8f24b7</link>
        <description>treewide: Add SPDX license identifier - Makefile/KconfigAdd SPDX license identifiers to all Make/Kconfig files which: - Have no license information of any formThese files fall under the project license, GPL v2 only. The resulting SPDXlicense identifier is:  GPL-2.0-onlySigned-off-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

            List of files:
            /linux-6.15/security/tomoyo/Kconfig</description>
        <pubDate>Sun, 19 May 2019 12:07:45 +0000</pubDate>
        <dc:creator>Thomas Gleixner &lt;tglx@linutronix.de&gt;</dc:creator>
    </item>
<item>
        <title>e80b1859 - tomoyo: Add a kernel config option for fuzzing testing.</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/tomoyo/Kconfig#e80b1859</link>
        <description>tomoyo: Add a kernel config option for fuzzing testing.syzbot is reporting kernel panic triggered by memory allocation faultinjection before loading TOMOYO&apos;s policy [1]. To make the fuzzing testsuseful, we need to assign a profile other than &quot;disabled&quot; (no-op) mode.Therefore, let&apos;s allow syzbot to load TOMOYO&apos;s built-in policy for&quot;learning&quot; mode using a kernel config option. This option must not beenabled for kernels built for production system, for this option alsodisables domain/program checks when modifying policy configuration via/sys/kernel/security/tomoyo/ interface.[1] https://syzkaller.appspot.com/bug?extid=29569ed06425fcf67a95Reported-by: syzbot &lt;syzbot+e1b8084e532b6ee7afab@syzkaller.appspotmail.com&gt;Reported-by: syzbot &lt;syzbot+29569ed06425fcf67a95@syzkaller.appspotmail.com&gt;Reported-by: syzbot &lt;syzbot+2ee3f8974c2e7dc69feb@syzkaller.appspotmail.com&gt;Signed-off-by: Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;Signed-off-by: James Morris &lt;jamorris@linux.microsoft.com&gt;

            List of files:
            /linux-6.15/security/tomoyo/Kconfig</description>
        <pubDate>Fri, 12 Apr 2019 11:04:54 +0000</pubDate>
        <dc:creator>Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;</dc:creator>
    </item>
<item>
        <title>7e114bbf - tomoyo: Use bin2c to generate builtin-policy.h</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/tomoyo/Kconfig#7e114bbf</link>
        <description>tomoyo: Use bin2c to generate builtin-policy.hSimplify the Makefile by using a readily available tool instead of acustom sed script. The downside is that builtin-policy.h becomesunreadable for humans, but it is only a generated file.Acked-by: Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;Signed-off-by: Michal Marek &lt;mmarek@suse.cz&gt;

            List of files:
            /linux-6.15/security/tomoyo/Kconfig</description>
        <pubDate>Fri, 09 Jan 2015 13:08:26 +0000</pubDate>
        <dc:creator>Michal Marek &lt;mmarek@suse.cz&gt;</dc:creator>
    </item>
<item>
        <title>83fe27ea - rcu: Make SRCU optional by using CONFIG_SRCU</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/tomoyo/Kconfig#83fe27ea</link>
        <description>rcu: Make SRCU optional by using CONFIG_SRCUSRCU is not necessary to be compiled by default in all cases. For tinificationefforts not compiling SRCU unless necessary is desirable.The current patch tries to make compiling SRCU optional by introducing a newKconfig option CONFIG_SRCU which is selected when any of the components makinguse of SRCU are selected.If we do not select CONFIG_SRCU, srcu.o will not be compiled at all.   text    data     bss     dec     hex filename   2007       0       0    2007     7d7 kernel/rcu/srcu.oSize of arch/powerpc/boot/zImage changes from   text    data     bss     dec     hex filename 831552   64180   23944  919676   e087c arch/powerpc/boot/zImage : before 829504   64180   23952  917636   e0084 arch/powerpc/boot/zImage : afterso the savings are about ~2000 bytes.Signed-off-by: Pranith Kumar &lt;bobby.prani@gmail.com&gt;CC: Paul E. McKenney &lt;paulmck@linux.vnet.ibm.com&gt;CC: Josh Triplett &lt;josh@joshtriplett.org&gt;CC: Lai Jiangshan &lt;laijs@cn.fujitsu.com&gt;Signed-off-by: Paul E. McKenney &lt;paulmck@linux.vnet.ibm.com&gt;[ paulmck: resolve conflict due to removal of arch/ia64/kvm/Kconfig. ]

            List of files:
            /linux-6.15/security/tomoyo/Kconfig</description>
        <pubDate>Fri, 05 Dec 2014 16:24:45 +0000</pubDate>
        <dc:creator>Pranith Kumar &lt;bobby.prani@gmail.com&gt;</dc:creator>
    </item>
<item>
        <title>059d84db - TOMOYO: Add socket operation restriction support.</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/tomoyo/Kconfig#059d84db</link>
        <description>TOMOYO: Add socket operation restriction support.This patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIXsocket&apos;s bind()/listen()/connect()/send() operations.Signed-off-by: Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;Signed-off-by: James Morris &lt;jmorris@namei.org&gt;

            List of files:
            /linux-6.15/security/tomoyo/Kconfig</description>
        <pubDate>Sat, 10 Sep 2011 06:23:54 +0000</pubDate>
        <dc:creator>Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;</dc:creator>
    </item>
<item>
        <title>0e4ae0e0 - TOMOYO: Make several options configurable.</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/tomoyo/Kconfig#0e4ae0e0</link>
        <description>TOMOYO: Make several options configurable.To be able to start using enforcing mode from the early stage of boot sequence,this patch adds support for activating access control without calling externalpolicy loader program. This will be useful for systems where operations whichcan lead to the hijacking of the boot sequence are needed before loading thepolicy. For example, you can activate immediately after loading the fixed partof policy which will allow only operations needed for mounting a partitionwhich contains the variant part of policy and verifying (e.g. running GPGcheck) and loading the variant part of policy. Since you can start usingenforcing mode from the beginning, you can reduce the possibility of hijackingthe boot sequence.This patch makes several variables configurable on build time. This patch alsoadds TOMOYO_loader= and TOMOYO_trigger= kernel command line option to boot thesame kernel in two different init systems (BSD-style init and systemd).Signed-off-by: Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;Signed-off-by: James Morris &lt;jmorris@namei.org&gt;

            List of files:
            /linux-6.15/security/tomoyo/Kconfig</description>
        <pubDate>Sun, 26 Jun 2011 14:22:59 +0000</pubDate>
        <dc:creator>Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;</dc:creator>
    </item>
<item>
        <title>00d7d6f8 - Kconfig and Makefile</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/tomoyo/Kconfig#00d7d6f8</link>
        <description>Kconfig and MakefileTOMOYO uses LSM hooks for pathname based access control and securityfs support.Signed-off-by: Kentaro Takeda &lt;takedakn@nttdata.co.jp&gt;Signed-off-by: Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;Signed-off-by: James Morris &lt;jmorris@namei.org&gt;

            List of files:
            /linux-6.15/security/tomoyo/Kconfig</description>
        <pubDate>Thu, 05 Feb 2009 08:18:17 +0000</pubDate>
        <dc:creator>Kentaro Takeda &lt;takedakn@nttdata.co.jp&gt;</dc:creator>
    </item>
</channel>
</rss>
