On Wed, Mar 23, 2011 at 2:13 PM, Tetsuo Handa < from-****@i-lov*****> wrote: > Mauras Olivier wrote: > > Very nice! I added another "no_initialize_domain /usr/sbin/sshd from > > /etc/rc.d/rc.sshd" to have sshd in the same tree and it gives me: > > 704: 1 /etc/rc.d/rc.sshd > > 705: 1 /usr/sbin/sshd > > /usr/sbin/sshd ( -> 809 ) > > 706: 1 /sbin/ifconfig > > Following /usr/sbin/sshd ( -> 809 ) returns me to the host sshd process > is > > it normal? should i try to avoid having it in the tree? > > This should be avoided. > > This is because /usr/sbin/sshd re-executes /usr/sbin/sshd itself. You can > add > > no_initialize_domain /usr/sbin/sshd from the_full_domainname_of_705_above > > . > > _______________________________________________ > tomoyo-users-en mailing list > tomoy****@lists***** > http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en > So far so good with the following in my exception list: initialize_domain /usr/bin/lxc-start from any no_initialize_domain /sbin/init from /usr/bin/lxc-start no_initialize_domain /usr/sbin/sshd from /etc/rc.d/rc.sshd no_initialize_domain /usr/sbin/sshd from <kernel> /usr/bin/lxc-start /sbin/init /etc/rc.d/rc.M /etc/rc.d/rc.sshd /usr/sbin/sshd no_initialize_domain /sbin/modprobe from <kernel> /usr/bin/lxc-start /sbin/init /etc/rc.d/rc.M no_initialize_domain /usr/bin/lxc-start from <kernel> /usr/bin/lxc-start I have now a clean domain of my container. Now have to find how to get different domain per container :) Thanks, Olivier -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20110323/ee0eba6f/attachment.html>
TOMOYO
Fork