Hi, 2009/8/8 Brian Lewis <brian****@lorf*****>: > I am using TOMOYO to restrict Firefox. It works well. Thank you! > But if I, e.g., do a soft restart of my window manager and restart > Firefox, its domain will be different, so it won't be protected. I'd > like to restrict it no matter how it happens to be invoked. In TOMOYO Linux, domain (name) consists of how the process invoked. So, the followings will be different. <kernel> /sbin/init foo bar <kernel> /sbin/init foo foo bar <kernel> bar With the keyword "initializer", you can make every process as a single domain. initializer bar "Initializer"ed domain will always be under <kernel> domain. By the way, which version are you using? http://tomoyo.sourceforge.jp/index.html.en Cheers, Toshiharu Harada harad****@gmail*****
TOMOYO
Fork