On Wed, Mar 23, 2011 at 12:16 PM, Tetsuo Handa < [email protected]> wrote:
> Mauras Olivier wrote: > > Thanks Jamie, i now better understand how to manage these containers. > > So i added an exception like said, then added a new domain "<kernel> > > /path/to/container/sbin/init" and set it to learning mode. Made the > > container reboot, have activities but the domain doesn't list anything > and > > in the process view init is still listed as <kernel> /sbin/init > > > I've never set up container environments. But since TOMOYO uses pathnames > seen > outside the chroot() environment, I think TOMOYO will recognize like > > file execute /path/to/container/sbin/init > > rather than > > file execute /sbin/init > > . > > Please check > > grep '^<kernel>' /proc/ccs/domain_policy | grep -F > /path/to/container/sbin/init > > and the domain has learning mode profile (e.g. "use_profile 1"). > > _______________________________________________ > tomoyo-users-en mailing list > [email protected] > http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en > Here's the return of grep command: <kernel> /usr/sbin/sshd /bin/zsh /usr/bin/sudo /bin/su /bin/zsh /usr/bin/chroot /usr/lxc/lxc1/sbin/init <kernel> /usr/sbin/sshd /bin/zsh /usr/bin/sudo /bin/chroot /usr/lxc/lxc1/sbin/init <kernel> /usr/lxc/lxc1/sbin/init last line is the one i created myself. other two are i guess when i issued "chroot container/path /sbin/init 0" to stop the container
_______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
