First of all, thank you for TOMOYO Linux! It is absolutely wonderful so far.
I would like certain programs, for example Firefox, to have certain permissions
when launched from different situations.
One situation in which I may launch Firefox, for example, would be if Firefox
is launched directly from my window manager. Another would be if it is
launched from bash in an xterm in my window manager.
My problem is that my window manager often changes. For example, Firefox
normally launches in this domain:
<kernel> /sbin/getty /bin/login/ /bin/bash /usr/bin/startx /usr/bin/xinit
/bin/sh /usr/local/bin/dwm /usr/bin/firefox
After changing my window manager (for example, from dwm to openbox), the domain
changes:
<kernel> /sbin/getty /bin/login/ /bin/bash /usr/bin/startx /usr/bin/xinit
/bin/sh /usr/local/bin/dwm /usr/bin/openbox /usr/bin/firefox
After a few more changes, this quickly becomes messy:
<kernel> /sbin/getty /bin/login/ /bin/bash /usr/bin/startx /usr/bin/xinit
/bin/sh /usr/local/bin/dwm /usr/bin/openbox /usr/bin/compiz /usr/bin/dwm
/usr/bin/openbox /usr/bin/firefox
This is a problem when launching Firefox from bash in an xterm as well, since
the middle of the domain also changes when switching window managers.
One near-solution I've found is to simply use "initialize_domain
/usr/bin/firefox". If I understand correctly, this would force Firefox to
launch in the "<kernel> /usr/bin/firefox" domain irrelevant of what launches
it. However, this means that if I launch it from bash in an xterm, it will
have the same permissions as if it were launched from the window manager
directly.
What I would like to do is to force the section of the domain which has all the
window managers to all be the same thing. I believe that some combination of
"aggregate" and "keep_domain" could do this, but after playing with it for
quite some time I am unable to figure out exactly how to use them to accomplish
this.
Any recommendations or suggestions?
I am running TOMOYO Linux 1.7.2
Thanks,
Daniel
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
