Hello, I've two pressing issues concerning Tomoyo 1.7. Does it support mprotect writable and executable bit protection like SELinux supposedly does? This closes the last important hole in mainline Exec Shield implementation with NX bit (which is in mainline). With Tomoyo (1.7 or even maybe 2.3) one could plug this hole easily, whitelisting only problematic applications. (I think I've asked about the following before, but got a... not so good an answer) Does there exist a learning mode GUI for users? Something as simple as asking about access permission for an application in case of access violation, possibly remembering the rule? I do know about the CUI, but it's not as user-friendly as it could get. My idea is to use Tomoyo 1.7 for MAC, provide good base rules (some of them already made for Tomoyo Debian) and in simple unknown cases ask the user (otherwise denying). Said unknown cases would mostly include listening sockets, file reads and writes. Is there any GUI for such a dialog available? (preferably as good as gksu) If not, could I get at least a link to good API documentation of the API CUI uses? Best regards, Radoslaw
TOMOYO
Fork