Hello. Tetsuo Handa wrote: > > I'd like this one feature implemented to extend Tomoyo's reach to more > > desktop use cases. > > The feature would be simple: allow means to call a notification > > executable on any failed security hook if e.g. TOMOYO_ASK is > > set in the profile. Of course that application would have to be added > > to manager.conf if it needs to change the policy, but that's irrelevant. > > > > Some simple communication protocol would have to be defined (e.g. > > command line options). > > > This mechanism is already implemented regarding TOMOYO 1.x . Please see > "Step 2: Handling policy violation arising in during software updates" > in http://tomoyo.sourceforge.jp/1.7/enforcing.html.en . > > > I'm not sure if it's possible to block in an LSM hook w/o hanging the > > machine... I hope it is. > > Since TOMOYO 2.x uses LSM hooks which are permitted to block, it will be > possible to implement this mechanism for TOMOYO 2.x as well.
The patch that implements this mechanism is added to security-testing-2.6#next tree. Thus, this mechanism will become available in 2.6.36. Thanks. _______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
