On 25/08/2011 00:26, Jamie Nguyen wrote:
> Jamie Nguyen wrote:
>> If you are asking about entries being added during Learning Mode
>> (profile=2), then you could for example set file read/write to
>> enforcing by adding this to your profile:
>>
>> 4-COMMENT=-----Learning mode with read/write in enforcing mode -----
>> 4-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
>> 4-CONFIG::file={ mode=leanring grant_log=no reject_log=yes }
>> 4-CONFIG::file::open={ mode=enforcing grant_log=no reject_log=yes }
>>
>> Setting that domain to profile=4 will then stop new "file read" and
>> "file write" entries from being automatically added, though it will
>> also deny all read/write requests that are not already in the policy
>> for that domain.
>>
>>
>> If you are talking about log files generated by the tomoyo-auditd
>> daemon, then you could add something like this to
>> /etc/tomoyo/tools/auditd.conf and then restart the daemon:
>>
>> domain.contains /usr/bin/application
>> acl.equals file read /etc/shadow
>> destination /dev/null
>>
>> This will mean the all "file read /etc/shadow" requests for that
>> domain will not be logged. The /etc/tomoyo/toools/auditd.conf file has
>> some useful instructions inside about the syntax to use.
>
> Oh and the appropriate chapters for the above mentioned topics are here:
>
> http://tomoyo.sourceforge.jp/2.4/chapter-9.html.en#9.2.2
> http://tomoyo.sourceforge.jp/2.4/chapter-4.html.en#4.6
Second option seems to be what I am looking for, thanks a lot for the
example!
Cheers,
Milton.
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
