I am looking at the table located here: http://tomoyo.sourceforge.jp/1.8/policy-reference.html.en#domain_policy_network_inet
Is this table meant to be a complete table? I notice that it is possible to add entries in domain policy that are not listed in this table, such as "network inet stream recv 127.0.0.1 53" or "network inet stream send 127.0.0.1 53". Any combination of the stream/dgram/raw with bind/listen/accept/connect/send/recv can be used, but not all combinations are listed in the table. I don't have a strong grasp of network operations, but are these unlisted operations valid? If they are valid, then I can add them to the table. If they are invalid then perhaps when a user tries to add them to domain policy the directive should not be added. The same applies for "network unix" directive. There is no table here, but I guess that stream and dgram use same syntax as "network inet" but without the port number. I assume that seqpacket only supports bind/send/recv. Kind regards _______________________________________________ tomoyo-dev-en mailing list tomoyo-dev-en@lists.sourceforge.jp http://lists.sourceforge.jp/mailman/listinfo/tomoyo-dev-en
