Hi Milton, thanks for your interest in TOMOYO Linux. Milton Yates wrote: > Well if people are willing to discuss some more, then yes, it's a good > way to have a good chat :) > A channel on irc.freenode.net would be nice! I have just now reserved > #tomoyolinux & #tomoyo-linux, let me know if you want one of these. > #tomoyo is already taken but you could reclaim it, I guess. Although IRC channels are conducive to informal discussions, there is one shortcoming. On a mailing list, the questions and discussions are archived and are helpful for other users to browse at a later date. On IRC, the discussions are only available to those present at the time. > While I'm at it, quick question: I can't find a way to create deny rules > for the domain, for example "deny file read /etc/shadow" so that Tomoyo > does not try to add "file read /etc/shadow" every time the program > requests it. There was a similar functionality in AppArmor, it is quite > handy for applications known to do stuff that are not necessary. > Is this currently possible? Sorry, blacklists are not implemented in TOMOYO Linux. For associated discussion, see the thread titled "Blacklisting" in the May 2011 mailing list archive [1]. Toshiharu and Tetsuo both give a good summary of their opinions. Kind regards, Jamie [1] http://sourceforge.jp/projects/tomoyo/lists/archive/users-en/2011-May/thread.html
TOMOYO
Fork