Hello, thank you very much for your detailed response. I think a short upgrade guide in the Wiki would be very useful for others? Something like: 2.6.32 -> 2.6.33: allow_xxx added would be great as well. I will upgrade to 2.6.35 then and later to Tomoyo 2.3. I can set 0-0xFFFFFFFF everywhere easily using a script and check all allow_execute manually. Later on I can then setup each process from scratch one by one. Thanks again, Thomas >> Now I would like to upgrade to 2.6.35 or 2.6.36 if available soon. I saw >> on the site for 2.3 that the policy is not compatible any more - but as I >> can see from the syntax this should only be true for an automatic >> upgrade, >> not for a manual upgrade? > > Please see http://tomoyo.sourceforge.jp/comparison.html . > > Regarding 2.6.31 -> 2.6.35 , > > allow_ioctl /path/to/file > allow_chown /path/to/file > allow_chgrp /path/to/file > allow_chmod /path/to/file > allow_mount /path/to/dir/ > allow_unmount /path/to/dir/ > allow_chroot /path/to/dir/ > allow_pivot_root /path/to/dir/ /path/to/dir/ > > needs to be added to /sys/kernel/security/tomoyo/domain_policy . > > Thus, I think > >> What is the best way to do an upgrade now? For .35 I thought about: >> - install newest 2.2 tools >> - install new kernel >> - set "use_profile 2" for all processes >> - reboot with kernel .35 >> - fix all issues because of new rights >> - set "use_profile 3" for all processes >> Does this work? > > will work. > > > > Regarding 2.6.31 -> 2.6.36 , > > allow_create /path/to/file => allow_create /path/to/file mode > allow_mkdir /path/to/dir/ => allow_mkdir /path/to/dir/ mode > allow_mkfifo /path/to/file => allow_mkfifo /path/to/file mode > allow_mksock /path/to/file => allow_mksock /path/to/file mode > allow_mkblock /path/to/file => allow_mkblock /path/to/file mode major > minor > allow_mkchar /path/to/file => allow_mkchar /path/to/file mode major > minor > allow_ioctl /path/to/file => allow_ioctl /path/to/file cmd > allow_chmod /path/to/file => allow_chmod /path/to/file mode > allow_chown /path/to/file => allow_chown /path/to/file uid > allow_chgrp /path/to/file => allow_chgrp /path/to/file gid > > needs to be replaced in addition to changes in 2.6.31 -> 2.6.35 . > > As you can see, TOMOYO 2.3 checks numeric parameters which TOMOYO 2.2 > didn't. > This is one of reasons for policy incompatibility between TOMOYO 2.2 and > TOMOYO 2.3 . > > You may specify 0-0xFFFFFFFF for mode, major, minor, cmd, uid, gid fields. > But restarting from scratch is better due to another reason for policy > incompatibility. > > TOMOYO 2.2 by default uses "pathnames with symbolic links solved" for > "allow_execute" keyword and domainname definitions. You can use "alias" > keyword > for letting TOMOYO use "symbolic link's pathnames". > > TOMOYO 2.3 by default uses "symbolic link's pathnames" for "allow_execute" > keyword and domainname definitions. You can use "aggregator" keyword for > letting TOMOYO use "arbitrary names". > >> What about .36 / Tomoyo 2.3? >> - install newest 2.3 tools >> - install new kernel >> - execute /usr/lib/tomoyo/init_policy >> - reboot with kernel .36 >> >>Is it possible to load my old policy (with use_profile 2) now? Starting >>from scratch again would be a nightmare. > > Since pathname used for "allow_execute" keyword and domainname definitions > is different between TOMOYO 2.2 and TOMOYO 2.3 , I think starting from > scratch > is easier. > > Please be sure to remove (or rename) /etc/tomoyo/ before running > /usr/lib/tomoyo/init_policy . > > Regards.
TOMOYO
Fork