TOMOYO

Fork

[tomoyo-users-en 540] Re: Domain-error

• Previous message (by thread): [tomoyo-users-en 539] Domain-error
• Next message (by thread): [tomoyo-users-en 541] AKARI 1.0.30 and CaitSith 0.1.9 are available.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.

TorstenWw wrote:
> if I execute chromium I will get the following message (via dmesg):
> 
> ERROR: Domain
> '<kernel> /sbin/init /bin/su /bin/bash /bin/bash /usr/bin/startx /usr/bin/xinit /bin/sh /usr/bin/dbus-launch /usr/bin/awesome /usr/bin/chromium /usr/lib/chromium/chromium
> proc:/self/exe' not defined.
> 
> which seems to be tomoyo related - but there is no domainPolicy nor exceptionPolicy for
> chromium

Some applications do execve("/proc/self/exe") but TOMOYO represents
"/proc/self/exe" as "proc:/self/exe". Since TOMOYO's domainname has to be
in the form of "<namespace> /path/to/app1 /path/to/app2 /path/to/app3",
"proc:/self/exe" does not match "/path/to/app3".

Please add a line

aggregator proc:/self/exe /proc/self/exe

to the exception policy (i.e.
# echo 'aggregator proc:/self/exe /proc/self/exe' >> /etc/tomoyo/exception_policy.conf
and/or
# echo 'aggregator proc:/self/exe /proc/self/exe' | tomoyo-loadpolicy -e
) so that "proc:/self/exe" appears as "/proc/self/exe".

Regards.

• Previous message (by thread): [tomoyo-users-en 539] Domain-error
• Next message (by thread): [tomoyo-users-en 541] AKARI 1.0.30 and CaitSith 0.1.9 are available.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]