Hello,
I am new to this list, I consider tomoyo as an alternative to AppArmor. Before
I start patching my kernel, I'd be happy if you could sketch how the following
would work in tomoyo.
I want to confine some closed source applications such as Adobe Reader, the
firefox plugins for flash and realplayer, or Skype to some minimal sets of
rights. The reason is that these programs have network access and scripting
capabilities and, in case there is a security compromise, I don't want them to
be able to access all the users' home direcories. As far as the Adobe Reader is
concerned, I'd prefer to deny it any network access. Skype should not see any
user files except for its own configuration.
1) If I want to deny some applications all network access, I need to use Tomoyo
1.x.x rather than 2.x.x. Correct?
If I run tomoyo in 'learning mode' while I am using, say, firefox, it records
all capabilities that my firefox needs during that session. Can I
2) get a profile for firefox that applies independently of how firefox is
started, say from KDE, from the shell,.... I.e. can I abstract a profile and
make it independent of its process execution history as long as the
/usr/bin/firefox binary is called?
3) extract this profile from the system, somehow get an ASCII file, pass this
ASCII file to another computer that runs tomoyo and enforce the profile on the
other machine? Thus avoiding learning mode on the other machine, for precisely
one application such as firefox?
Thanks in advance for your help,
Bettina.
_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces.
It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
