TOMOYO

Fork

[tomoyo-users-en 235] Re: new numerical parameters in 2.3

• Previous message (by thread): [tomoyo-users-en 234] new numerical parameters in 2.3
• Next message (by thread): [tomoyo-users-en 236] Re: new numerical parameters in 2.3
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.

Anton Khirnov wrote:
> I see that new numerical parameters were added to many directives, like
> allow_create, allow_ioctl etc. Is there a way to get the old behavior --
> e.g. allow creating files with any mode, or arbitrary ioctls?

Please see http://sourceforge.jp/projects/tomoyo/lists/archive/users-en/2010-October/000222.html

In addition to above info, you may add

  number_group ANY_NUMBER 0-0xFFFFFFFF

(for 32bits environments) or

  number_group ANY_NUMBER 0-0xFFFFFFFFFFFFFFFF

(for 64bits environments) to /sys/kernel/security/tomoyo/exception_policy
and refer it from /sys/kernel/security/tomoyo/domain_policy like

  allow_create /path/to/file @ANY_NUMBER
  allow_ioctl /path/to/file @ANY_NUMBER

etc.

Regards.

• Previous message (by thread): [tomoyo-users-en 234] new numerical parameters in 2.3
• Next message (by thread): [tomoyo-users-en 236] Re: new numerical parameters in 2.3
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]