Thanks for your fast reply. Just to be sure we are talking about the
same thing:
I have hundreds of this empty domains in my policy. They only consist of
"use_profile 0" and "use_group 0". No real ACL entries. I know that I
need use_profile and use_group for domains I really have a policy for.
But for the empty domains these 3 lines are somewhat useless to me. So
there is no simple way to stop this auto adding?
I am just thinking if something like this would do the job:
"file execute /\{\*\}/\* keep"
This would stop domain transistions, which means that there will be no
more empty domains. But I am not yet sure where I should place the entry.
Off-topic: How do I set a placeholder for any number?
"file chmod /path/to/file 0644" works
"file chmod /path/to/file 0-99999" works but is range limited
"file chmod /path/to/file \*" does not work
"file chmod /path/to/file *" does not work
> Hello.
>
> karl156 wrote:
>> How can I stop Tomoyo from auto adding such entries to my policy file?
>>
>> <kernel> /usr/sbin/cron /bin/sh
>> use_profile 0
>> use_group 0
>
>> What am I doing wrong? How can I stop it?
>
> Sorry but you can't.
>
> use_profile and use_group lines are automatically added and are overwritable
> but are not deletable. These lines are essential attributes of the domain.
>
>> I am using Tomoyo 2.5 on Linux 3.2.
>
> use_profile line takes a profile number defined in
> /sys/kernel/security/tomoyo/profile .
>
> use_group line takes an acl_group number defined in
> /sys/kernel/security/tomoyo/exception_policy .
>
> Regards.
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
