On Wed, Sep 29, 2010 at 9:45 AM, Tetsuo Handa <from-****@i-lov*****> wrote: > Radoslaw Szkodzinski wrote: >> <snip> > OK. You are the first user who wants to try TOMOYO 1.8 for that purpose. > > In TOMOYO 1.8, automatic domain transition is provided. > > <kernel> /foo > use_profile 3 > use_group 0 > task auto_domain_transition <kernel> /foo /uid=1234 task.uid=1234 > task auto_domain_transition <kernel> /foo /uid=5678 task.uid=5678 > task auto_domain_transition <kernel> /foo /uid=9012 task.uid=9012 > > <snip> > > Unlike "allow_transit" in TOMOYO 1.7.2, "task auto_domain_transition" is applied > automatically when conditions are met. This means that if a user transits to > "<kernel> /foo" domain (typically by executing /foo ), the user will > automatically redirected to "<kernel> /foo /uid=1234" domain if the user's uid > is 1234 (or redirected to "<kernel> /foo /uid=5678" domain if uid is 5678, or > redirected to "<kernel> /foo /uid=9012" domain if uid is 9012, or remain in > that domain otherwise ). This is exactly what I want then. :D The question is, does this transition after current domain rules are checked or before? (I'd prefer the former.) > TOMOYO 1.8 also provides acl grouping for grouping commonly used entries. > In the exception policy, you can define > > acl_group 1 file read @cookies > acl_group 1 file write @cookies > acl_group 1 network inet stream connect @servers @ports > acl_group 1 file execute /usr/lib/firefox/plugin-container > > in the exception policy and include it like > > use_group 1 > > in the domain policy, Group number is an integer between 0 and 255. A bit few in the long run, but could be useful nonetheless. > > You can try TOMOYO 1.8 at http://tomoyo.sourceforge.jp/1.8/ > (although it is still under development and specifications will change). > You can bet I will. Thank you.
TOMOYO
Fork