• Tetsuo Handa's avatar
    TOMOYO: Add policy namespace support. · bd03a3e4
    Tetsuo Handa authored
    Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments,
    for TOMOYO cannot distinguish between environments outside the container and
    environments inside the container since LXC environments are created using
    pivot_root(). To address this problem, this patch introduces policy namespace.
    
    Each policy namespace has its own set of domain policy, exception policy and
    profiles, which are all independent of other namespaces. This independency
    allows users to develop policy without worrying interference among namespaces.
    Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    bd03a3e4
common.c 57.7 KB