Oops, I didn't notice this mail until now. Paolo Bolzoni wrote: > I copied a part of the reject_003.log in the bottom of the email, > the first line it is expected as the original configuration file > did not mention infinality, and I fixed it with two new lines in > domain_policy.conf: > > file read /etc/fonts/infinality/styles.conf.avail/infinality/\*.conf > file read /etc/fonts/infinality/\*.conf > > Updating the configuration and restarting skype the lines disappear. Did you run tomoyo-loadpolicy -d < /etc/tomoyo/domain_policy.conf after adding file read /etc/fonts/infinality/styles.conf.avail/infinality/\*.conf file read /etc/fonts/infinality/\*.conf to /etc/tomoyo/domain_policy.conf ? If you run tomoyo-savepolicy without running tomoyo-loadpolicy -d < /etc/tomoyo/domain_policy.conf after updating /etc/tomoyo/domain_policy.conf , changes you have made on the /etc/tomoyo/domain_policy.conf will be lost. > > > But the next lines completely puzzled me, the path_group in > exception_policy.conf contains all the files and directory under > ~/.Skype and the configuration file domain_policy.conf the lines > > file create @SKYPE_FILES 0666 > file read/write/unlink/truncate @SKYPE_FILES > > should ensure that Skype can do whatever it needs in the directory. > Why tomoyo is stopping the request? This would be probably because either /etc/tomoyo/domain_policy.conf is not loaded after it was modified or the domain the process is referring does not match the domain the domain policy says (TOMOYO's domain has an inode's lifecycle semantics. A domain can be deleted and recreated with the same name without restarting the process referring the deleted domain. When such delete/recreate is done, the domain the process is referring does not match the domain the domain policy says.) To solve the former case, be sure to run tomoyo-loadpolicy if you added to /etc/tomoyo/domain_policy.conf rather than editing directly via tomoyo-editpolicy . To solve the latter case, you can check the policy for currently running processes using tomoyo-editplicy . Please see http://tomoyo.sourceforge.jp/2.5/tool-editpolicy.html.en#edit_acl_by_task and press the Enter key after moving the cursor line to currently running Skype process at the Process State Viewer screen, and check that the policy for currently running Skype process and the policy the policy file says are identical. Regards.
TOMOYO
Fork