Hello. Rados$(D)H(Baw Szkodzi$(D+M(Bski wrote: > [Please CC, I'm not subscribed to the list] > > Hello, > thank you for the excellent piece of software that is TOMOYO Linux. > Thank you for trying TOMOYO. > I'd like this one feature implemented to extend Tomoyo's reach to more > desktop use cases. > The feature would be simple: allow means to call a notification > executable on any failed security hook if e.g. TOMOYO_ASK is > set in the profile. Of course that application would have to be added > to manager.conf if it needs to change the policy, but that's irrelevant. > > Some simple communication protocol would have to be defined (e.g. > command line options). > This mechanism is already implemented regarding TOMOYO 1.x . Please see "Step 2: Handling policy violation arising in during software updates" in http://tomoyo.sourceforge.jp/1.7/enforcing.html.en . > I'm not sure if it's possible to block in an LSM hook w/o hanging the > machine... I hope it is. Since TOMOYO 2.x uses LSM hooks which are permitted to block, it will be possible to implement this mechanism for TOMOYO 2.x as well. > Another semi-related feature would be to a way to disable logging for > some matches. (ones expected to fail) This should reduce unnecessary > clutter. Which one do you want to do? (1) Suppress audit log generation for per-operation (e.g. open execute) basis. (2) Suppress audit log generation for per-pathname (e.g. /bin/ /etc/ ) basis. Regarding TOMOYO 1.7 , (1) is implemented. For example, you can generate audit log for execute operations and can suppress audit log for open operations. In TOMOYO, all data is tokenized by ' ' and '\n'. You can filter audit logs using "grep". Therefore, I don't have a plan to implement (2). Regards.