"Horvath Andras wrote: > > Horvath Andras wrote: > > > Is that allowed with "allow_execute" rule? > > Please repost with kernel version. > > Sorry about the deficient information. > > Kernel version is 2.6.38-8 (Ubuntu 11.04) amd64 > Tomoyo version is 2.3.0-20100820 > > So my problem with Chromium browser is, that it creates an > > allow_execute /proc/$PID/exe > > rule, and then a domain is created for this: > > <kernel> /usr/lib/chromium-browser/chromium-browser /proc/$PID/exe > > where $PID changes with every start. > > Could you recommend a solution for this taht which rule and domain name > can i use here? Or how i could wildcard it?
Please map programs with random names using aggregator directive. aggregator /proc/\$/exe /proc/PID/exe . Please note that TOMOYO 1.8 and TOMOYO 2.4 treat /proc/self/ as proc:/self/ . This means that you will change aggregator entry like aggregator proc:/self/exe /proc/self/exe . _______________________________________________ tomoyo-dev-en mailing list tomoyo-dev-en@lists.sourceforge.jp http://lists.sourceforge.jp/mailman/listinfo/tomoyo-dev-en
