TOMOYO

Fork

[tomoyo-dev-en 336] Re: click-to-select [patch]

Jamie Nguyen jamie****@tomoy*****
Thu Feb 9 15:27:15 JST 2012

• Previous message: [tomoyo-dev-en 335] Re: click-to-select [patch]
• Next message: [tomoyo-dev-en 337] [PATCH] security: TOMOYO should clean policy files
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

shawn <shawn****@gmail*****> wrote:
> The problem that I went out to solve was that it was very tedious to
> select and delete a bunch of auto-generated ACL lines that are all
> similar after making a general rule. IE file_open /tmp12345;
> file_open /tmp12346, and the like, and then AGAIN and AGAIN for
> truncate, chmod, etc, etc.The ultimate way would be to have some sort of
> heuristic autodetection

Sounds like ccs-findtemp and ccs-patternize might be what you're looking for?
http://tomoyo.sourceforge.jp/1.8/chapter-6.html.en


>                                   or even just groupings like AppArmor has, where
> you can apply multiple permissions to the same path match

Sounds like path_group directive in exception policy might be what you
mean by groupings?
http://tomoyo.sourceforge.jp/1.8/policy-specification/exception-policy-syntax.html.en#path_group

Sorry if I misunderstand you.

Also, it's fairly straightforward to process the policy files
themselves within /etc/ccs either through vim/sed/awk etc. and then
load the edited file as policy.

• Previous message: [tomoyo-dev-en 335] Re: click-to-select [patch]
• Next message: [tomoyo-dev-en 337] [PATCH] security: TOMOYO should clean policy files
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]