On Tue, 7 Jun 2011 19:42:06 +0900 Tetsuo Handa <from-tomoyo-dev...@i-love.sakura.ne.jp> wrote:
> Creating "rules" for the domain where the specific process identified > by $PID belongs to is done by doing > > select pid=$PID > > . If you have a global PID, you can do > > select global-pid=$PID > > instead. tomoyo-queryd uses the global PID in order to handle PID > namespace. What i'm trying to do is to create rules for an already running process, but i'd like to transit it from its original domain to a new domain on-the-fly if possible. Let's say i have a domain like this: <kernel> /sbin/init /bin/bash /bin/myprog use_profile 0 I'd like to have a domain like this by formerly specifying "initialize_domain /bin/myprog" in exception_policy, then in domain_policy: <kernel> /bin/myprog use_profile 1 I know that after creating this domain, the process will start in this domain if i restart the process. My question is, is there a way to avoid to have to restart the process to have my new domain? Is there a possibility to transform it from the old domain to the new domain on-the-fly? Or you think the best solution for this is what you wrote, using the PID? Like, i would create rules for that PID while running, and i would also create my new domain. So it will have his rules while running, and also the new domain after restart. What i don't see here is, what happens with the PID domain after closing the process. Does it get removed? Couldn't i avoid somehow to have to create double rules? What's the easiest method to apply new rules on a running process without restarting it? Thanks. _______________________________________________ tomoyo-dev-en mailing list tomoyo-dev-en@lists.sourceforge.jp http://lists.sourceforge.jp/mailman/listinfo/tomoyo-dev-en
