Bhargava Shastry wrote: > How feasible is it to extend Tomoyo (either version 1.8 or version 2.4) in > its present form for run-time mandatory access control? The assumption is > that there is a module outside of Tomoyo that is capable of taking decisions > based on certain information it has at run-time. Tomoyo then delegates the > decision to allow/deny a particular permission (in the case the Tomoyo > policy does not cover it already) to this module at run-time. The module > then sends its decision to Tomoyo when then adds this to its policy file, > all at run-time. Are you talking about ccs-auditd (for TOMOYO 1.8) and tomoyo-queryd (for TOMOYO 2.4) utility? If yes, TOMOYO is already capable of doing what you wrote above. Please watch the movie at http://tomoyo.sourceforge.jp/1.8/chapter-7.html#7.3 .
TOMOYO
Fork