TOMOYO

Fork

[tomoyo-users-en 599] disable the execution of files in a directory

• Previous message (by thread): [tomoyo-users-en 598] Presentation slides for LinuxCon Japan 2014
• Next message (by thread): [tomoyo-users-en 600] Re: disable the execution of files in a directory
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

I tried to disable the execution of files in a directory /home using Tomoyo

My exception_policy.conf

///
path_group ANY_PATHNAME2 /
path_group ANY_PATHNAME2 /\*\-home
path_group ANY_PATHNAME2 /\{\*\}\-home/
path_group ANY_PATHNAME2 /\{\*\}\-home/\*
path_group ANY_PATHNAME2 \*\-home:/
path_group ANY_PATHNAME2 \*\-home:/\*
path_group ANY_PATHNAME2 \*\-home:/\{\*\}/
path_group ANY_PATHNAME2 \*\-home:/\{\*\}/\*
path_group ANY_PATHNAME2 \*\-home:[\$]
acl_group 4 file execute @ANY_PATHNAME2
///

My domain_policy.conf

///
<kernel>
use_profile 4
use_group 4
///

My profile.conf

///
4-COMMENT=-----Enforcing file::execute only-----
4-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
4-CONFIG::file::execute={ mode=enforcing grant_log=no reject_log=no }
///

But it not working

#kernel panic: switch_root can't execute sbin/init

what was my mistake?

Tnx!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20140523/60883143/attachment.html>

• Previous message (by thread): [tomoyo-users-en 598] Presentation slides for LinuxCon Japan 2014
• Next message (by thread): [tomoyo-users-en 600] Re: disable the execution of files in a directory
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]