TOMOYO
ForkHi,
thank you for your work on this awesome project, I really like Tomoyo, esp
its learning mode.
Also thank you specifically for the documentation section "TOMOYO Linux on
Yocto"
I'd like to understand a few things, and I could not find a reference in
the documentation...
1. The learning-mode generated domain policy has a couple of combinations
of rules added like
file getattr <file>
file read/getattr <file>
file getattr/truncate <file>
file read/write/getattr <file>
file read/write <file>
file append/getattr <file>
Can I just list these separately, or combine then in different ways to
make ? For example:
file getattr <any-file>
file create/append/write/truncate/rename <write-file>
file read <readonly-file>
Or even just:
file
getattr/read/write/append/trucate/execute/unlink/symlink/rename/create
<file>
2. There was a patch to ccs-patch in 2015 adding support for multiple
use_group <n>
per domain.
Did this ever make it into Tomoyo? From a quick glance, it doesn't look
like it, but
I wanted to make sure before I get deep into policy writing.
3. Can the various groupings (path_group, number_group, address_group...)
be used recursively?
For example
path_group LIBS /lib/lib\*.so\*
path_group MYAPP /etc/myapp/\*
path_group MYAPP @LIBS
I was also wondering if there was a place (ie. github repo) where example
policies for common programs are kept?
For example, to run Nginx webserver, there are few things that are common
across all installs that would make it possible to reuse, and thus one does
not have to start from scratch...
Thanks,
Manuel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20200313/9e12658b/attachment.html>