Horvath Andras
han****@log69*****
Tue Jun 7 20:47:37 JST 2011
On Tue, 7 Jun 2011 19:42:06 +0900 Tetsuo Handa <from-****@I-lov*****> wrote: > Horvath Andras wrote: > > Everything seems to work, except Tomoyo doesn't remember domains > > with empty rules, where there are no rules, and i reload only this: > > > > select <domain> > > delete use_profile 0 > > use_profile 1 > > > > What am i missing here? > > > The use_profile line cannot be deleted. In other words, you cannot > write a "delete use_profile 0" line. To change value to 1, simply > write a "use_profile 1" line. Something is still not working as expected. (Kernel version is 2.6.38). What i'm trying to achieve is reload my modified rules into the kernel without touching disk (with other words, without first saving it to /etc/tomoyo/domain_policy.conf and then run /usr/sbin/tomoyo-load fa). I run 2 cycles. First i delete all rules, then secondly i add my new rules, like this: - load the content of /sys/kernel/security/tomoyo/domain_policy - create a list with all the domain names found here like this: select <domain> use_profile 0 delete <rule 1 if any> delete <rule 2 if any> delete <rule 3 if any> - then continue to expand this list with my own rules, so my result list will look like this before writing it back to domain_policy: select <domain> use_profile 0 delete <rule 1 if any> delete <rule 2 if any> delete <rule 3 if any> select <mydomain 1> use_profile 1 <my rule 1 if any> <my rule 2 if any> <my rule 3 if any> select <mydomain 2> use_profile 1 <my rule 1 if any> <my rule 2 if any> <my rule 3 if any> ... - and then i write this text list back to domain_policy in /sys. Do i do it correctly? (Thanks for the tip for the pid namespace, i'll check it after this.)
TOMOYO
Fork