Hello. Tetsuo Handa: > If wildcards were allowed in domain transition control directives, calculation > of the domainname to transit to becomes fuzzy. In order to avoid fuzziness, > wildcards are not allowed in domain transition control directives.
Well, my explanation was wrong. Wildcards are allowed in domainnames like <kernel> /usr/sbin/sshd /bin/bash /home/\*/\*\-.\* and wildcards are allowed in "file execute" entries like file execute /home/\*/\*\-.\* and wildcards are allowed in domain transition control directives like initialize_domain /home/\*/\*\-.\* from any . Therefore, you will get domains like <kernel> /home/\*/\*\-.\* by giving entries like file execute /home/\*/\*\-.\* and initialize_domain /home/\*/\*\-.\* from any . Since the pathname specified by "file execute" keyword (which might contain wildcards) is used for comparing with the pathname specified by "initialize_domain" keyword (which might contain wildcards), strcmp() is used (that is, wildcard characters are treated as normal characters) when matching domain transition control directives. However, since what you want to do is to transit to <kernel> /home/\*/\*\-.\* domain without giving file execute /home/\*/\*\-.\* to every domain, initialize_domain /home/\*/\*\-.\* from any will not work. Please use aggregator /home/\*/\*\-.\* /user-defined-programs and initialize_domain /user-defined-programs from any so that you can transit to <kernel> /user-defined-programs domain without explicitly giving file execute /home/\*/\*\-.\* to every domain. _______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
