TOMOYO
ForkAlthough TOMOYO's automatic domain creation/transition is helpful for
understanding how your system works, TOMOYO's multiple words domainname (e.g.
<kernel> /sbin/init ) is not parser friendly because a domainname must occupy
an entire line in order to safely split by white spaces and new lines.
Therefore, I changed CaitSith to use single word domainname. If you want to
emulate multiple words domainname in CaitSith, you can do something like below.
10 acl execute task.domain="mail-client"
audit 0
10 allow path="/path/to/pdf/viewer" transition="mail-client/pdf-viewer"
20 deny
10 acl read task.domain="mail-client/pdf-viewer"
audit 0
10 allow path="/path/to/pdf/files"
20 deny
Also, TOMOYO's domainname tends to become too long to read. When actually
writing access restriction rules, users are interested in only a few past
programs rather than all past programs. (Users might be interested in all
past programs for tracing purpose like http://lwn.net/Articles/575044/ .)
Therefore, I changed CaitSith not to automatically append requested program
to current domainname.
With abovementioned changes, there is no longer exception_policy file for
controlling domain transition in CaitSith. Much simpler to understand.
Please see http://caitsith.sourceforge.jp/#6.1 for how to control domain
transitions in CaitSith.
Torsten Wortwein wrote:
> ok, thanks.
>
> I read that the behaviour of domains has changed since Tomoyo. But should not
> a task.domain from a child process contain task.exe from its parent process?
> In my case, my mail-client calls a pdf viewer which has set
> task.domain="<kernel>" instead of task.domain="/usr/bin/claws-mail".
> Or does Tomoyo (TOMOYO Linux 2.x) interfere with CaitSith (fully featured
> version) - Tomoyo has a initialize_domain on the pdf viewer, so in Tomoyo's
> case domain <kernel> is correct.
>
> Thanks
> Torsten