Thank You.
On Wed, 13 Jul 2011 23:47:22 +0900 Tetsuo Handa <from-tomoyo-dev...@i-love.sakura.ne.jp> wrote: > "Horvath Andras wrote: > > > Horvath Andras wrote: > > > > Is that allowed with "allow_execute" rule? > > > Please repost with kernel version. > > > > Sorry about the deficient information. > > > > Kernel version is 2.6.38-8 (Ubuntu 11.04) amd64 > > Tomoyo version is 2.3.0-20100820 > > > > So my problem with Chromium browser is, that it creates an > > > > allow_execute /proc/$PID/exe > > > > rule, and then a domain is created for this: > > > > <kernel> /usr/lib/chromium-browser/chromium-browser /proc/$PID/exe > > > > where $PID changes with every start. > > > > Could you recommend a solution for this taht which rule and domain > > name can i use here? Or how i could wildcard it? > > Please map programs with random names using aggregator directive. > > aggregator /proc/\$/exe /proc/PID/exe > > . Please note that TOMOYO 1.8 and TOMOYO 2.4 treat /proc/self/ as > proc:/self/ . This means that you will change aggregator entry like > > aggregator proc:/self/exe /proc/self/exe > > . > > _______________________________________________ > tomoyo-dev-en mailing list > tomoyo-dev-en@lists.sourceforge.jp > http://lists.sourceforge.jp/mailman/listinfo/tomoyo-dev-en _______________________________________________ tomoyo-dev-en mailing list tomoyo-dev-en@lists.sourceforge.jp http://lists.sourceforge.jp/mailman/listinfo/tomoyo-dev-en
