Rahmadi Trimananda wrote: > > > Thank you! I managed to install Tomoyo on my system and it's working well. > :) Good. > > I have another question that I hope is do-able to do on Tomoyo. > > So, I am experimenting with a folder (shown below): > > iotuser at raspberrypi:~/tomoyo/test $ ls > a.out save Test2.class test2.txt Test.class test.txt > edit stat Test2.java test.c Test.java > > Basically, I wish to create separate domains for different java executions. > So, as I have 2 class files, I would like to create separate domains for > "java Test" and "java Test2". I've been trying to use initialize_domain and > no_initialize_domain in Exception Policy Editor but no success yet. It > seems that no_initialize_domain only works if the application is run from > different paths? Need your insights/advice to make this work. Thank you! Please use wrapper programs ---------- run_Test1 start ---------- #!/bin/sh exec /usr/bin/java Test ---------- run_Test1 end ---------- ---------- run_Test2 start ---------- #!/bin/sh exec /usr/bin/java Test2 ---------- run_Test2 end ---------- and specify path to these wrapper programs instead of /usr/bin/java . If Test.java and Test2.java can be updated to write to /sys/kernel/security/tomoyo/self_domain interface, you can specify for example <kernel> /usr/bin/java task manual_domain_transition <kernel> //Test task manual_domain_transition <kernel> //Test2 <kernel> //Test <kernel> //Test2 instead. http://tomoyo.osdn.jp/2.5/policy-specification/domain-transition-procedure.html.en#transition_by_non_execute > > Regards, > Rahmadi
TOMOYO
Fork