Some corrections to the previous posting. Tetsuo Handa wrote: > Simple (and hopefully reasonable) approach for protection purpose will be > > (a) apply initialize_domain directive to each init script and each daemon > program > > and > > (b) apply keep_domain directive to each init script > > . > > In this way, total number of domains will be kept small while applying > fine-grained restriction. > > /usr/lib/tomoyo/init_policy tries to follow the approach listed above.
/usr/lib/tomoyo/init_policy tries to follow (a), but (b) is up to users because default configuration tries to split domains as much as possible. I forgot to add "from any" part of initialize_domain directive and "any from" part of keep_domain directive. The syntax you will use looks like: > For postfix as an example, you can specify > > initialize_domain /path/to/init/script/for/postfix initialize_domain /path/to/init/script/for/postfix from any > keep_domain /path/to/init/script/for/postfix keep_domain any from /path/to/init/script/for/postfix > initialize_domain /path/to/main/program/of/postfix initialize_domain /path/to/main/program/of/postfix from any > > , and you can optionally specify > > keep_domain /path/to/main/program/of/postfix keep_domain any from /path/to/main/program/of/postfix > > if you are not interested in splitting subprograms executed from main program. _______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
