On Wed, Sep 29, 2010 at 9:45 AM, Tetsuo Handa <[email protected]> wrote: > Radoslaw Szkodzinski wrote: >> <snip> > OK. You are the first user who wants to try TOMOYO 1.8 for that purpose. > > In TOMOYO 1.8, automatic domain transition is provided. > > <kernel> /foo > use_profile 3 > use_group 0 > task auto_domain_transition <kernel> /foo /uid=1234 task.uid=1234 > task auto_domain_transition <kernel> /foo /uid=5678 task.uid=5678 > task auto_domain_transition <kernel> /foo /uid=9012 task.uid=9012 > > <snip> > > Unlike "allow_transit" in TOMOYO 1.7.2, "task auto_domain_transition" is > applied > automatically when conditions are met. This means that if a user transits to > "<kernel> /foo" domain (typically by executing /foo ), the user will > automatically redirected to "<kernel> /foo /uid=1234" domain if the user's uid > is 1234 (or redirected to "<kernel> /foo /uid=5678" domain if uid is 5678, or > redirected to "<kernel> /foo /uid=9012" domain if uid is 9012, or remain in > that domain otherwise ).
This is exactly what I want then. :D The question is, does this transition after current domain rules are checked or before? (I'd prefer the former.) > TOMOYO 1.8 also provides acl grouping for grouping commonly used entries. > In the exception policy, you can define > > acl_group 1 file read @cookies > acl_group 1 file write @cookies > acl_group 1 network inet stream connect @servers @ports > acl_group 1 file execute /usr/lib/firefox/plugin-container > > in the exception policy and include it like > > use_group 1 > > in the domain policy, Group number is an integer between 0 and 255. A bit few in the long run, but could be useful nonetheless. > > You can try TOMOYO 1.8 at http://tomoyo.sourceforge.jp/1.8/ > (although it is still under development and specifications will change). > You can bet I will. Thank you. _______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
