Hi,
> > allow_write /var/www/html/\* > allow_write /var/www/html/\*/\* > allow_write /var/www/html/\*/\*/\* > > and I don't think it is secure. It should be something like > > allow_write /var/www/html/\*.html > allow_write /var/www/html/\*/\*.html > allow_write /var/www/html/\*/\*/\*.html > > Third is that TOMOYO uses pathname's depth (number of slashes in a pathname) > for avoiding useless comparison that never matches > (e.g. comparing /bin/true and /var/www/html/\*/\*/\*/\*/\*/\*/\*.html ). > Allowing "recursive" option will destroy TOMOYO's string comparison logic. > Yes, I see. I've written some scripts so I can define policy with macros which get translated to tomoyo directives. I agree with you in general that this recursive thing is a bad idea. However, for example, flash plugin creates files & directories that are 11 levels deep inside ~/.macromedia/Flash_Plugin. I was more thinging in line of apparmour syntax which allows the following: allow_read /var/www/html/**/*.html ** can match any character including '/', but the expression still allows only .html files. I was thinking that this would help automatic learning too (if file_pattern also supported such a thing). But you are right, this can easily be handled by the userland program or simple macro processing. I would like to ask something else. I've written my rules for firefox and everything works as expected except that firefox is able to list any directory on the system. If it tries to open any file, tomoyo will stop it it if doesn't have allow_read, but it is able to read any directory. I'm I doing something wrong, or this is the part of design ? thank you very much for your help, Vladimir _______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
