Hello, I want to have two domains, so I add into domain_policy: # cat /sys/kernel/security/tomoyo/domain_policy <kernel> use_profile 0 use_group 0 </bin/id> use_profile 0 use_group 0 And two rules in exception policy: # grep domain /sys/kernel/security/tomoyo/exception_policy <kernel> keep_domain any from any <kernel> reset_domain /bin/id from any Now when I run /bin/id I get error: # /bin/id -bash: /bin/id: Cannot allocate memory and error in dmesg: ERROR: Domain '</bin/id>' not ready. What is the cause of this? As I guess this should be only if "profile for the domain is not defined", but it's defined in domain_policy. When I use initialize_domain all works OK, but I want to understand what's wrong with reset_domain. # uname -r 3.4.22 Best regards, Don.