TOMOYO

Fork

[tomoyo-dev-en 263] Re: Reloading rules through /sys

Tetsuo Handa from-****@I-lov*****
Tue Jun 7 21:44:05 JST 2011

• Previous message: [tomoyo-dev-en 262] Re: Reloading rules through /sys
• Next message: [tomoyo-dev-en 264] Re: Reloading rules through /sys
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Horvath Andras wrote:
> What i'm trying to load, they don't exist. I thought i can load
> something that doesn't exist, and it will be created.

When writing a domainname line, a domain is created unless
"select " prefix is added.

> Isn't it enough that i first create them an "initialized_domain" entry
> in exception_policy?

Adding an "initialized_domain" entry causes subsequent execute attempts
to evaluate the entry. Adding

  initialize_domain /usr/sbin/cupsd

will cause any process transit to "<kernel> /usr/sbin/cupsd" domain
if the process requested execution of /usr/sbin/cupsd afterward.
But adding it does not cause already running /usr/sbin/cupsd processes
to transit to "<kernel> /usr/sbin/cupsd" domain.

> If not, then what is the proper method to create new domains?

Simply write a domainname line, without "select " nor "delete " prefix.

• Previous message: [tomoyo-dev-en 262] Re: Reloading rules through /sys
• Next message: [tomoyo-dev-en 264] Re: Reloading rules through /sys
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]