From from-tomoyo-dev-en at I-love.SAKURA.ne.jp Sun Dec 2 17:16:04 2012 From: from-tomoyo-dev-en at I-love.SAKURA.ne.jp (Tetsuo Handa) Date: Sun, 2 Dec 2012 17:16:04 +0900 Subject: [tomoyo-dev-en 364] Re: How save permanently a policy in Tomoyo Linux2.5 ? In-Reply-To: References: Message-ID: <201212021716.DGH43227.POtFSNPtZFGPNEPtWU@I-love.SAKURA.ne.jp> Paolo wrote: > Hello, i'm testing Tomoyo Linux 2.5 engine on my OpenSuse distro. > I wanna do a simple example of Policy for blocking a simple command or process > in Linux as a user (not root). Maybe CaitSith ( http://caitsith.sourceforge.jp/ ) fits better for doing that. TOMOYO was originally designed for restricting the entire system. Although TOMOYO now supports restricting only selected processes, CaitSith supports restricting only selected users and/or processes and/or files. > I search on ACL with the find command the pathname "/bin/rm" and so with > next command i arrived upon the current entry for my Xsession. > I set mode from "1" to "3" and play ENTER for "saving" the Policy in > "enforcing mode". > The policy do well but when i reboot my workstation i lost the policy. > But the "enforcing mode" save or not the policy permanently in the kernel > module ? If not, which is the command statement that i have to execute ? tomoyo-editpolicy by default edits on-memory policy. tomoyo-savepolicy saves on-memory policy onto files. > I've read about tomoyo-savepolicy but in the Official Manual of Tomoyo > Linux v.2.5 there aren't dummy sample about a simple Policy like this. > Why ? Are you looking for something similar to http://tomoyo.sourceforge.jp/1.8-old/tutorial-1.html or http://tomoyo.sourceforge.jp/1.8-old/ which are written for TOMOYO 2.5 ? > Why on the manual there are a lot of fluently informations about > policy investigations but there isn't a simple example explained clearly? > Why the manual is only written for Admin Users and there is not information > clearly explained for simple users ? > Why the sample are not clearly explained, in a step to step mode?? Current manual was totally reorganized by Jamie Nguyen, by merging http://tomoyo.sourceforge.jp/1.7/ and two links shown above. You can contribute TOMOYO project with manual updating. > > Thaks, in advance for a reply. Regards.