TOMOYO
ForkHello.
Lee Worden wrote:
> Is there any way to create a sandbox such that a user can create programs in
> a particular directory, and run them (with the appropriate profile, of
> course), but not run programs in the rest of the filesystem?
Yes. You can use "aggregator" syntax.
For example, if the user creates programs under /home/user/sandbox/ directory
(e.g. /home/user/sandbox/my_app1 /home/user/sandbox/my_app2 ), you can add
aggregator /home/user/sandbox/\* /home/user/sandbox_app
to /proc/ccs/exception_policy and give
allow_execute /home/user/sandbox_app
to /proc/ccs/domain_policy . (You would find some "aggregator" usage by doing
"grep ^aggregator /proc/ccs/exception_policy".) You might want to also give
keep_domain /home/user/sandbox_app
to /proc/ccs/exception_policy so that the user-created applications remain in
the same domain when user-created applications executed some other programs.
If you want to apply to all non-privileged users, you can use
aggregator /home/\*/sandbox/\* /home/user/sandbox_app
rather than
aggregator /home/user/sandbox/\* /home/user/sandbox_app
and tell users to create user-created applications under ~/sandbox_app/
directory.
If you want to allow locating user-created applications under subdirectory of
~/sandbox_app/ directory, you can use recursive matching operator.
aggregator /home/\*/sandbox/\* /home/user/sandbox_app
aggregator /home/\*/sandbox/\{\*\}/\* /home/user/sandbox_app
Notes for TOMOYO 2.x users:
As of TOMOYO 2.2.0 , "aggregator" directive is not supported.
Since I had to minimize the amount of source code, I removed "aggregator"
directive syntax from TOMOYO 2.2.0 .
Kernel 2.6.33 will have recursive matching operator support.
Regards.