Hello.
Ritesh Raj Sarraf wrote:
> This is what I get from the Index list
>
> Press one of below keys to switch window.
>
> e <<< Exception Policy Editor >>>
> d <<< Domain Transition Editor >>>
> p <<< Profile Editor >>>
> m <<< Manager Policy Editor >>>
> u <<< Memory Usage >>>
> q Quit this editor.
>
> Notice no "Domain Policy Editor". Maybe I am doing something wrong here.
If you press "w" key from windows other than "<<< Domain Transition Editor >>>"
window, you will get above list.
It is correct that "a <<< Domain Policy Editor >>>" line is missing.
If you press "w" key from "<<< Domain Transition Editor >>>" window, you will
get below list.
e <<< Exception Policy Editor >>>
d <<< Domain Transition Editor >>>
a <<< Domain Policy Editor >>>
p <<< Profile Editor >>>
m <<< Manager Policy Editor >>>
u <<< Memory Usage >>>
q Quit this editor.
The "a <<< Domain Policy Editor >>>" line should be present.
> The 'A' key press is still accepted but I get blank window there.
>
> <<< Domain Policy Editor >>> 0 entry '?' for help
>
> <kernel>
This is because "<kernel>" domain is using profile 0. You are seeing
"<<< Domain Transition Editor >>>" window like below, aren't you?
<<< Domain Transition Editor >>> 360 domains '?' for help
<kernel>
0: 0 <kernel>
1: 0 * /etc/rc.d/init.d/acpid
2: 0 /bin/bash
/usr/sbin/acpid ( -> 328 )
3: 0 /bin/touch
(...snipped...)
But profile 0 is configured for "disabled" mode.
> 23:53:23 r...@champaran:/etc/tomoyo $ cat profile.conf
> 0-COMMENT=-----Disabled Mode-----
> 0-MAC_FOR_FILE=disabled
> 0-TOMOYO_VERBOSE=disabled
> 1-COMMENT=-----Learning Mode-----
> 1-MAC_FOR_FILE=learning
> 1-TOMOYO_VERBOSE=disabled
Profile 1 is configured for "learning" mode.
Please rewrite /etc/tomoyo/domain_policy.conf like
# cat > /etc/tomoyo/domain_policy.conf << EOF
<kernel>
use_profile 1
EOF
and reboot. Then, you will see "<<< Domain Transition Editor >>>" window
like
<<< Domain Transition Editor >>> 360 domains '?' for help
<kernel>
0: 1 <kernel>
1: 1 * /etc/rc.d/init.d/acpid
2: 1 /bin/bash
/usr/sbin/acpid ( -> 328 )
3: 1 /bin/touch
(...snipped...)
and "<<< Domain Policy Editor >>>" window with some entries.
<<< Domain Policy Editor >>> 2 entries '?' for help
<kernel>
0: allow_execute /sbin/init
1: allow_execute /sbin/modprobe
<<< Domain Policy Editor >>> 17 entries '?' for help
<kernel> /etc/rc.d/init.d/acpid
0: allow_execute /bin/bash
1: allow_read /bin/bash
2: allow_execute /bin/touch
3: allow_execute /bin/unicode_stop
4: allow_ioctl /dev/console
5: allow_read/write /dev/console
6: allow_read/write /dev/tty
7: allow_read /etc/nsswitch.conf
8: allow_read /etc/passwd
9: allow_read /etc/profile.d/lang.sh
10: allow_ioctl /etc/rc.d/init.d/acpid
11: allow_read /etc/rc.d/init.d/acpid
12: allow_read /etc/rc.d/init.d/functions
13: allow_read /etc/sysconfig/i18n
14: allow_read /etc/sysconfig/init
15: allow_execute /sbin/consoletype
16: allow_execute /usr/bin/id
Regards.
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
