[tomoyo-users-en 710] Re: Set profile in a child process

Tetsuo Handa pengu****@i-lov*****
Wed Jun 5 22:23:34 JST 2019

On 2019/06/05 21:21, Pannbacker, Ole wrote:
> Okay I've set profile 1 to the sshd process, started by the init system
> and rebooted after saving the policys. however the problem remains.

Yes. That's the expected result. When you saved the policy files onto
the disk, domains for child processes were saved with profile 0. Then,
when you rebooted the system, the policy files were loaded from the disk,
profile value of domains for child processes are that of when you saved
the policy files onto the disk (i.e. it remains 0).

Please change profile value of domains for child processes before
saving the policy files onto the disk. Then, you will see changed
profile value when you rebooted the system.

The location of policy files is /etc/ccs/ for TOMOYO 1.x and /etc/tomoyo/
for TOMOYO 2.x. You can browse domain_policy.conf file in that directory
after you saved the policy files onto the disk.

More information about the tomoyo-users-en mailing list