Gitlab 现已全面支持 git over ssh 与 git over https。通过 HTTPS 访问请配置带有 read_repository / write_repository 权限的 Personal access token。通过 SSH 端口访问请使用 22 端口或 13389 端口。如果使用CAS注册了账户但不知道密码，可以自行至设置中更改；如有其他问题，请发邮件至 service@cra.moe 寻求协助。

Commit 74c3cbe3 authored Jul 22, 2007 by Al Viro

[PATCH] audit: watching subtrees



New kind of audit rule predicates: "object is visible in given subtree".
The part that can be sanely implemented, that is.  Limitations:
	* if you have hardlink from outside of tree, you'd better watch
it too (or just watch the object itself, obviously)
	* if you mount something under a watched tree, tell audit
that new chunk should be added to watched subtrees
	* if you umount something in a watched tree and it's still mounted
elsewhere, you will get matches on events happening there.  New command
tells audit to recalculate the trees, trimming such sources of false
positives.

Note that it's _not_ about path - if something mounted in several places
(multiple mount, bindings, different namespaces, etc.), the match does
_not_ depend on which one we are using for access.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

parent 455434d4

fs/dcache.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -38,7 +38,7 @@ int sysctl_vfs_cache_pressure __read_mostly = 100;
		EXPORT_SYMBOL_GPL(sysctl_vfs_cache_pressure);

		__cacheline_aligned_in_smp DEFINE_SPINLOCK(dcache_lock);
		static __cacheline_aligned_in_smp DEFINE_SEQLOCK(rename_lock);
		__cacheline_aligned_in_smp DEFINE_SEQLOCK(rename_lock);

		EXPORT_SYMBOL(dcache_lock);

include/linux/audit.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -63,6 +63,8 @@
		#define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */
		#define AUDIT_DEL_RULE 1012 /* Delete syscall filtering rule */
		#define AUDIT_LIST_RULES 1013 /* List syscall filtering rules */
		#define AUDIT_TRIM 1014 /* Trim junk from watched tree */
		#define AUDIT_MAKE_EQUIV 1015 /* Append to watched tree */
		#define AUDIT_TTY_GET 1016 /* Get TTY auditing status */
		#define AUDIT_TTY_SET 1017 /* Set TTY auditing status */

		@@ -203,6 +205,7 @@
		#define AUDIT_SUCCESS 104 /* exit >= 0; value ignored */
		#define AUDIT_WATCH 105
		#define AUDIT_PERM 106
		#define AUDIT_DIR 107

		#define AUDIT_ARG0 200
		#define AUDIT_ARG1 (AUDIT_ARG0+1)

include/linux/dcache.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -178,6 +178,7 @@ d_iput: no no no yes
		#define DCACHE_INOTIFY_PARENT_WATCHED 0x0020 /* Parent inode is watched */

		extern spinlock_t dcache_lock;
		extern seqlock_t rename_lock;

		/**
		* d_drop - drop a dentry

init/Kconfig

+4 −0

Original line number	Diff line number	Diff line
		@@ -234,6 +234,10 @@ config AUDITSYSCALL
		such as SELinux. To use audit's filesystem watch feature, please
		ensure that INOTIFY is configured.

		config AUDIT_TREE
		def_bool y
		depends on AUDITSYSCALL && INOTIFY

		config IKCONFIG
		tristate "Kernel .config support"
		---help---

kernel/Makefile

+1 −0

Original line number	Diff line number	Diff line
		@@ -46,6 +46,7 @@ obj-$(CONFIG_IKCONFIG) += configs.o
		obj-$(CONFIG_STOP_MACHINE) += stop_machine.o
		obj-$(CONFIG_AUDIT) += audit.o auditfilter.o
		obj-$(CONFIG_AUDITSYSCALL) += auditsc.o
		obj-$(CONFIG_AUDIT_TREE) += audit_tree.o
		obj-$(CONFIG_KPROBES) += kprobes.o
		obj-$(CONFIG_SYSFS) += ksysfs.o
		obj-$(CONFIG_DETECT_SOFTLOCKUP) += softlockup.o

CRA Git | Maintained and supported by SUSTech CRA and CCSE