Claus Reheis wrote: > After playing around with "Tomoyo Linux" since one week I have to say > that I really enjoy analyzing my system and confining applications with > Tomoyo Linux.
Yes, TOMOYO is a powerful tool for analyzing/understanding Linux systems. ;-) > > After putting some applications in "permissive mode" I wanted to take a > look at the "reject logs" in /var/log/tomoyo/ and was surprised how big > the file reject_001.log has grown... 6.9GB!!! > This file is from the "learning mode" as far as I understand!? Yes. > Luckily I habe a big hard drive in my laptop, but when this log file > continue to grow at this rate I will be out of space soon! > What is filling up this file so fast and what can I do about it? Probably /proc/$pid/ files and temporary files are filling up this file. You can use tomoyo-patternize utility (see /etc/tomoyo/tools/patternize.conf for configuration) for converting such pathnames to patterns. http://tomoyo.sourceforge.jp/2.5/chapter-6.html > > As Mageia is providing Firefox ESR, we have a Version what does not get > upgraded ad often as it happens in other distributions and when I see > this from the perspective of a Tomoyo Linux user, I even appreciate it > more to have less frequent changes. > Unless dependency changes, there will be little with updating TOMOYO's configuration when updating software packages. There is tomoyo-queryd utility which you can use for interactively judging exceptional requests which happen while updating software packages. > Particular I was wondering if I have a Tomoyo policy for the domain: > > /usr/lib64/firefox-24.3.0/plugin-container > > if there there a way to do some wildcard magic what makes it possible > that the policy automatically adopts to a new version/path like > > /usr/lib64/firefox-24.4.0/plugin-container > > or do I have to create and edit a new policy every time Firefox gets > updated? You can use aggregator directive (see /etc/tomoyo/policy/current/exception_policy.conf for configuration). aggregator /usr/lib/firefox-\*/plugin-container /usr/lib/firefox/plugin-container The "file execute" permission and domainname can be wildcarded by the aggregator directive. Other permissions (e.g. "file read") can be wildcarded by tomoyo-patternize utility. _______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
