Dear All, I am new to tomoyo linux. I have just gone through few pages in the documentation of version 2.5. I have one basic question. My understanding: Learning - through this mode i can develop policy for all domain in my system. Enforcing - through this mode i can enforce policy which i have developed earlier with learning mode Now My Use case below, I want to use this tomoyo for an embedded device which includes rich set of features like web browser.. In which End - User is allowed to install any game and play the same at any time. (game includes features like save current and resume it on next power cycle). Now My question: I want to restrict process read/write on File System for unknown processes. At the time of developing policy i will not be knowing the forked process which is created from my browser task. With the above scenario in my how shall i use tomoyo linux in enforcing mode? My objective is i don't want to allow (malicious activities) any unknown process which is forked from my Main task. (Also consider that my system includes lot third party libraries) Thanks in Advance.. Best Regards Hari -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20120111/dccf711e/attachment.html>
TOMOYO
Fork