stank.k...@xoxy.net wrote:
> Hello, all.
> I'm using Arch Linux 32-bit. I compiled my own kernel to include Tomoyo 
> and installed tomoyo-tools.  My goal for now is to restrict Skype and 
> ignore everything else.

OK. You are trying to use TOMOYO 2.5.

>                          When I try to add things to the policies by 
> editing domain_policy.conf / exception_policy.conf and loading them, the 
> changes are removed from these files.

Will you explain what "the changes are removed from domain_policy.conf / 
exception_policy.conf" means?

domain_policy.conf / exception_policy.conf are updated by executing 
tomoyo-savepolicy (or
tomoyo-editpolicy as offline mode) which means that changes in 
domain_policy.conf / exception_policy.conf
should not be reverted unless explicitly updated.

>                                       When I try to add a line with 
> tomoyo-editpolicy, nothing happens (ex: go to Exception Policy Editor 
> and press a, type "initialize_domain /usr/bin/skypeforlinux from any" 
> and press enter. The line is not added to the list.)

You are running tomoyo-editpolicy as online mode (i.e. starting 
without /etc/tomoyo/ command line argument), aren't you?

You are running tomoyo-editpolicy as root user, aren't you?

Are there messages like

  <kernel> /usr/sbin/sshd /usr/bin/bash /usr/sbin/tomoyo-editpolicy ( 
/usr/sbin/tomoyo-editpolicy ) is not permitted to update policies.

in output of dmesg command? If yes, programs for updating on-memory policies 
are not listed in
/sys/kernel/security/tomoyo/manager . Please make sure that you executed 
/usr/lib/tomoyo/init_policy .

> Did I fail to enable/disable something that protects these files? Or 
> what is the problem?

tomoyo-users-en mailing list

Reply via email to