On Wed, Mar 23, 2011 at 11:39 AM, Jamie Nguyen <jamie****@tomoy*****>wrote: > Mauras Olivier wrote: > > Thanks Jamie, i now better understand how to manage these containers. > > So i added an exception like said, then added a new domain "<kernel> > > /path/to/container/sbin/init" and set it to learning mode. Made the > > container reboot, have activities but the domain doesn't list anything > and > > in the process view init is still listed as <kernel> /sbin/init > > > > Do i have to do something else? Reload anything? > > What exactly have you put in exception policy regarding /sbin/init? > Can you post the output of: > > cat /etc/ccs/exception_policy.conf | grep "/sbin/init" > > > Also, what are the exact domains that are launching /sbin/init (e.g. > what domains are doing "file execute /sbin/init")? > > Kind regards, > Jamie > initialize_domain /sbin/init from any no_initialize_domain /sbin/init from <kernel> /usr/lxc/lxc1/sbin/init no_initialize_domain /sbin/init from /usr/lxc/lxc1/sbin/init I did try the second line without <kernel> as a second step to see if it would be different. Should i completely remove the initialize_domain line? These /sbin/init are launched by "lxc-start" command that are listed as subprocess of my "rc.local" script. Thanks, Olivier -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20110323/13f2450e/attachment.html>
TOMOYO
Fork