Thanks, the "file create" problem was the culprit. There was some other fine tune to do, but it works fine now. Thanks again! Paolo On Mon, Apr 1, 2013 at 3:26 PM, Tetsuo Handa < from-****@i-lov*****> wrote: > Paolo Bolzoni wrote: > > I tried seeking for Skype in tomoyo-editpolicy after pressing > > @ and all the rules appear.... > > Well, I think that the "file create" denial logs are caused by mode > mismatch. > > The policy says 0666 > > file create @SKYPE_FILES 0666 > > while the denial log says 0600 > > file create /home/paolo/.Skype/shared_dynco/dc.lock 0600 > > . You might want to change > > file create @SKYPE_FILES 0666 > > to > > file create @SKYPE_FILES 0600-0666 > > . > > But you are still seeing the "file read" denial logs, aren't you? > Then, try running Skype process while running tomoyo-queryd on a terminal > application. tomoyo-queryd should show you which request is about to be > rejected by TOMOYO. http://tomoyo.sourceforge.jp/2.5/chapter-7.html.en#7.3 > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20130402/2bc602e0/attachment.html>
TOMOYO
Fork