[patch 2/2] [RFC] Simple tamper-proof device filesystem.
From: Tetsuo Handa
Date: Sun Dec 16 2007 - 06:04:10 EST
Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
---
fs/Kconfig | 21 +++++++++++++++++++++
fs/Makefile | 1 +
2 files changed, 22 insertions(+)
--- linux-2.6.24-rc5.orig/fs/Kconfig
+++ linux-2.6.24-rc5/fs/Kconfig
@@ -1555,6 +1555,27 @@ config UFS_DEBUG
Y here. This will result in _many_ additional debugging messages to be
written to the system log.
+config SYAORAN_FS
+ tristate "SYAORAN (Tamper-Proof Device Filesystem) support"
+ help
+ Say Y or M here to support the Tamper-Proof Device Filesystem.
+
+ SYAORAN stands for
+ "Simple Yet All-important Object Realizing Abiding Nexus".
+ SYAORAN is a filesystem for /dev with Mandatory Access Control.
+
+ The system can't work if /dev is read-only.
+ Therefore you need to mount a writable filesystem (such as tmpfs)
+ for /dev if root fs is read-only.
+
+ But the writable /dev means that files on /dev might be tampered.
+ For example, if /dev/null is deleted and re-created as a symbolic
+ link to /dev/hda by an attacker, the contents of the IDE HDD
+ will be destroyed at a blow.
+
+ SYAORAN can ensure /dev/null is a character device file
+ with major=1 minor=3.
+
endmenu
menuconfig NETWORK_FILESYSTEMS
--- linux-2.6.24-rc5.orig/fs/Makefile
+++ linux-2.6.24-rc5/fs/Makefile
@@ -118,3 +118,4 @@ obj-$(CONFIG_HPPFS) += hppfs/
obj-$(CONFIG_DEBUG_FS) += debugfs/
obj-$(CONFIG_OCFS2_FS) += ocfs2/
obj-$(CONFIG_GFS2_FS) += gfs2/
+obj-$(CONFIG_SYAORAN_FS) += syaoran/syaoran.o
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/