Oops. I replied to myself by error. Forwarding to ML ... ------- Forwarded Message Subject: Re: [tomoyo-users-en 282] Re: ccs-editpolicy usage Date: Wed, 23 Mar 2011 22:06:58 +0900
Mauras Olivier wrote: > Here's the return of grep command: > > <kernel> /usr/sbin/sshd /bin/zsh /usr/bin/sudo /bin/su /bin/zsh > /usr/bin/chroot /usr/lxc/lxc1/sbin/init > <kernel> /usr/sbin/sshd /bin/zsh /usr/bin/sudo /bin/chroot > /usr/lxc/lxc1/sbin/init > <kernel> /usr/lxc/lxc1/sbin/init > > last line is the one i created myself. > other two are i guess when i issued "chroot container/path /sbin/init 0" to > stop the container So, in the container environments, TOMOYO recognizes as /sbin/init rather than /usr/lxc/lxc1/sbin/init . Well... I've just installed lxc package in Fedora 14. I brwosed lxc.conf(5) and found that it uses pivot_root(8) in addition to chroot(1). This is why TOMOYO recognized the /usr/lxc/lxc1/sbin/init as /sbin/init . ------- End of Forwarded Message ... speak of pivot_root, 2.6.38 has a deadlock problem. http://www.spinics.net/lists/linux-fsdevel/msg43134.html This problem will be fixed in 2.6.38.1 or 2.6.38.2. (Also, memory leak in TOMOYO 2.3 will be fixed.) Meanwhile, please be careful when using TOMOYO on 2.6.38 (or AppArmor in Ubuntu Natty) as TOMOYO and AppArmor call d_path() frequently. _______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
