Paolo Bolzoni wrote: > I tried seeking for Skype in tomoyo-editpolicy after pressing > @ and all the rules appear.... Well, I think that the "file create" denial logs are caused by mode mismatch. The policy says 0666 file create @SKYPE_FILES 0666 while the denial log says 0600 file create /home/paolo/.Skype/shared_dynco/dc.lock 0600 . You might want to change file create @SKYPE_FILES 0666 to file create @SKYPE_FILES 0600-0666 . But you are still seeing the "file read" denial logs, aren't you? Then, try running Skype process while running tomoyo-queryd on a terminal application. tomoyo-queryd should show you which request is about to be rejected by TOMOYO. http://tomoyo.sourceforge.jp/2.5/chapter-7.html.en#7.3
TOMOYO
Fork