Hi, I'm trying to make use of the aggregator feature but either I'm misunderstanding it or using it wrong... For example I would like to treat /bin/bash, /bin/dash, and /bin/sh the same, both for shell scripts and esp. for interactive shells. So I put this into my exception policy: aggregator /bin/bash /bin/sh aggregator /bin/dash /bin/sh And in my domain policy reference things just be by /bin/sh, eg: <kernel> /usr/sbin/sshd /bin/sh <kernel> /bin/sh /usr/bin/sudo /bin/sh <kernel> /bin/sh I was hoping that would work whether a user's shell is bash, dash, or sh. However, it does not work, ssh'ing in as a user with shell /bin/bash is not allowed until I explicitly allow <kernel> /usr/sbin/sshd /bin/bash I'm using Tomoyo 2.5. Thanks, Manuel
TOMOYO
Fork