Horvath Andras
han****@log69*****
Tue Jun 7 22:46:16 JST 2011
On Tue, 7 Jun 2011 19:42:06 +0900 Tetsuo Handa <from-****@I-lov*****> wrote: > Creating "rules" for the domain where the specific process identified > by $PID belongs to is done by doing > > select pid=$PID > > . If you have a global PID, you can do > > select global-pid=$PID > > instead. tomoyo-queryd uses the global PID in order to handle PID > namespace. What i'm trying to do is to create rules for an already running process, but i'd like to transit it from its original domain to a new domain on-the-fly if possible. Let's say i have a domain like this: <kernel> /sbin/init /bin/bash /bin/myprog use_profile 0 I'd like to have a domain like this by formerly specifying "initialize_domain /bin/myprog" in exception_policy, then in domain_policy: <kernel> /bin/myprog use_profile 1 I know that after creating this domain, the process will start in this domain if i restart the process. My question is, is there a way to avoid to have to restart the process to have my new domain? Is there a possibility to transform it from the old domain to the new domain on-the-fly? Or you think the best solution for this is what you wrote, using the PID? Like, i would create rules for that PID while running, and i would also create my new domain. So it will have his rules while running, and also the new domain after restart. What i don't see here is, what happens with the PID domain after closing the process. Does it get removed? Couldn't i avoid somehow to have to create double rules? What's the easiest method to apply new rules on a running process without restarting it? Thanks.