Hi All, I'm having an issue getting to grips with tomoyo that I hope people can help me with, I decided to first try it out on chromium - seemed like a sensible first thing to secure. I added "initialize_domain /usr/lib/chromium/chromium from any" to exception policy in order to apply the same rules however chromium is started, and deleted the ! marked domains. This resulted in a domain "/usr/bin/chromium". Which I put into learning mode and played about surfing on the web for half an hour, bookmarking things, using it as a file browser, all the common stuff I do usually, and then put it into enforcing mode. But then underneath the domain appeared "/usr/lib/chromium/chromium ( -> 266)". If I enter it, I get sent to that domain, marked with a "*" and with, if I enter the policy editor 0: transition_failed and 1: use_group 0. The "/usr/bin/chromium" domain had a lot more entries to the domain policy after I switched from learning mode, including tty and shell related things. When I used @ to switch to process view, after putting "/usr/bin/chromium" into enforcing mode (3). The chomium process were not (0). Additionally chromium stopped going to any address I put in the address after this, even when I switched everything back to (0). I reason that perhaps the processes would have switched to (3) if "/usr/lib/chromium/chromium" was set to (3), and that I should have activated learning mode on it. However that does not explain in my mind why "/usr/bin/chromium" acted what seemed to me as odd and the appearance of "/usr/lib/chromium/chromium ( -> 266)" only after I activated learning mode on "/usr/bin/chromium". Should I also include some option or polict to allow me to visit websites and basically anything I type in the address bar in the future - as I can't visit every webpage I will ever visit (something like patterning?). I didn't save anything I'd done incase I got it wrong the first time.
Thanks, Ben W. (Ben9250) _______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
