Re: [RFC] Tomoyo ASK mode (tomoyo-users-en 152) - TOMOYO

Hello.

Rados$(D)H(Baw Szkodzi$(D+M(Bski wrote:
> [Please CC, I'm not subscribed to the list]
> 
> Hello,
> thank you for the excellent piece of software that is TOMOYO Linux.
> 
Thank you for trying TOMOYO.

> I'd like this one feature implemented to extend Tomoyo's reach to more
> desktop use cases.
> The feature would be simple: allow means to call a notification
> executable on any failed security hook if e.g. TOMOYO_ASK is
> set in the profile. Of course that application would have to be added
> to manager.conf if it needs to change the policy, but that's irrelevant.
> 
> Some simple communication protocol would have to be defined (e.g.
> command line options).
> 
This mechanism is already implemented regarding TOMOYO 1.x . Please see
"Step 2: Handling policy violation arising in during software updates"
in http://tomoyo.sourceforge.jp/1.7/enforcing.html.en .

> I'm not sure if it's possible to block in an LSM hook w/o hanging the
> machine... I hope it is.

Since TOMOYO 2.x uses LSM hooks which are permitted to block, it will be
possible to implement this mechanism for TOMOYO 2.x as well.

> Another semi-related feature would be to a way to disable logging for
> some matches. (ones expected to fail) This should reduce unnecessary
> clutter.

Which one do you want to do?

(1) Suppress audit log generation for per-operation (e.g. open execute) basis.
(2) Suppress audit log generation for per-pathname (e.g. /bin/ /etc/ ) basis.

Regarding TOMOYO 1.7 , (1) is implemented.
For example, you can generate audit log for execute operations
and can suppress audit log for open operations.

In TOMOYO, all data is tokenized by ' ' and '\n'. You can filter audit logs
using "grep". Therefore, I don't have a plan to implement (2).

Regards.

TOMOYO
Fork

[tomoyo-users-en 152] Re: [RFC] Tomoyo ASK mode

TOMOYO Fork

[tomoyo-users-en 152] Re: [RFC] Tomoyo ASK mode

TOMOYO
Fork