Hello. Kyle Moffett wrote: > secure fashion. It sounds like TOMOYO Linux would not be able to > handle this situation at all; I would either have to completely turn > off that security "feature" and lose most of the functionality of > TOMOYO Linux, or hard-code the list of realms into the policy file > and have to completely reload policy every time I need to add/remove > realms (big gaping security hole). Thank you for your usage.
So, you are using argv[0] as a location to hold domainname for your tool. No problem. TOMOYO Linux accepts syntax "allow_argv0 /usr/sbin/kadmind kadmind(\*.COM)" to allow any domainname.COM to argv[0] or "allow_argv0 /usr/sbin/kadmind \*" to allow any value to argv[0]. Also, TOMOYO Linux's access control feature is configurable for per-a-domain basis. You may turn off only argv[0]-checking feature for a domain for kadmind while you can keep other features turned on. Thanks. - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
