TOMOYO

Fork

[tomoyo-dev-en 254] Reloading rules through /sys

Horvath Andras han****@log69*****
Tue Jun 7 17:31:02 JST 2011

• Previous message: [tomoyo-dev-en 253] Re: About supporting policy namespace.
• Next message: [tomoyo-dev-en 255] Re: Reloading rules through /sys
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I'd like to ask for some help in the following question of mine:

I create domains and rules (new ones) from a C code and reload the
rules into the kernel by creating a list in a form like:

select <domain>
delete use_profile 0
delete <old rule1>
delete <old rule2>
delete <old rule3>
use_profile 1
<new rule1>
<new rule2>

and then write this to /sys/kernel/security/tomoyo/domain_policy file.

Everything seems to work, except Tomoyo doesn't remember domains with
empty rules, where there are no rules, and i reload only this:

select <domain>
delete use_profile 0
use_profile 1

What am i missing here?

I have another question: is it possible to create rules and domains for
an already running process without having to restart that process to
activate the new rules? For example, i'd like to switch the particular
process into learning mode without having to restart it (and without
having any domain or rules for it earlier).

Is it possible?


Thanks,
Andras Horvath

• Previous message: [tomoyo-dev-en 253] Re: About supporting policy namespace.
• Next message: [tomoyo-dev-en 255] Re: Reloading rules through /sys
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]