)]}'
{
  "log": [
    {
      "commit": "d58e0da854376841ac99defeb117a83f086715c6",
      "tree": "b6e37d1030180680a7801ecb295d8d3990930375",
      "parents": [
        "5dbe3040c74eef18e66951347eda05b153e69328"
      ],
      "author": {
        "name": "Tetsuo Handa",
        "email": "penguin-kernel@I-love.SAKURA.ne.jp",
        "time": "Sat Sep 10 15:22:48 2011 +0900"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed Sep 14 08:27:05 2011 +1000"
      },
      "message": "TOMOYO: Add environment variable name restriction support.\n\nThis patch adds support for checking environment variable\u0027s names.\nAlthough TOMOYO already provides ability to check argv[]/envp[] passed to\nexecve() requests,\n\n  file execute /bin/sh exec.envp[\"LD_LIBRARY_PATH\"]\u003d\"bar\"\n\nwill reject execution of /bin/sh if environment variable LD_LIBRARY_PATH is not\ndefined. To grant execution of /bin/sh if LD_LIBRARY_PATH is not defined,\nadministrators have to specify like\n\n  file execute /bin/sh exec.envp[\"LD_LIBRARY_PATH\"]\u003d\"/system/lib\"\n  file execute /bin/sh exec.envp[\"LD_LIBRARY_PATH\"]\u003dNULL\n\n. Since there are many environment variables whereas conditional checks are\napplied as \"\u0026\u0026\", it is difficult to cover all combinations. Therefore, this\npatch supports conditional checks that are applied as \"||\", by specifying like\n\n  file execute /bin/sh\n  misc env LD_LIBRARY_PATH exec.envp[\"LD_LIBRARY_PATH\"]\u003d\"/system/lib\"\n\nwhich means \"grant execution of /bin/sh if environment variable is not defined\nor is defined and its value is /system/lib\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    }
  ]
}