[tomoyo-users-en 443] restricting access on forked process

thiruhari thiru****@gmail*****
Thu Jan 12 00:44:13 JST 2012

Dear All,

I am new to tomoyo linux. I have just gone through few pages in the
documentation of version 2.5.

I have one basic question.

My understanding:

Learning - through this mode i can develop policy for all domain in my

Enforcing - through this mode i can enforce policy which i have developed
earlier with learning mode

Now My Use case below,

I want to use this tomoyo for an embedded device which includes rich set of
features like web browser..

In which End - User is allowed to install any game and play the same at any
time. (game includes features like save current and resume it on next power

Now My question:

I want to restrict process read/write on File System for unknown processes.

At the time of developing policy i will not be knowing the forked process
which is created from my browser task.

With the above scenario in my how shall i use tomoyo linux in enforcing

My objective is i don't want to allow (malicious activities) any unknown
process which is forked from my Main task.

(Also consider that my system includes lot third party libraries)

Thanks in Advance..

Best Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20120111/dccf711e/attachment.html>

More information about the tomoyo-users-en mailing list