OSDN -- Développer et télécharger des logiciels Open Source
Traduction statut du Français translation status for fr

[tomoyo-users-en 671] Re: Command line policy management and port management

Back to archive index
Rahmadi Trimananda rtrim****@uci*****
Wed Apr 5 05:27:12 JST 2017 

Thank you! I managed to install Tomoyo on my system and it's working well.
:)

I have another question that I hope is do-able to do on Tomoyo.

So, I am experimenting with a folder (shown below):

iotuser at raspberrypi:~/tomoyo/test $ ls
a.out  save  Test2.class  test2.txt  Test.class  test.txt
edit   stat  Test2.java   test.c     Test.java

Basically, I wish to create separate domains for different java executions.
So, as I have 2 class files, I would like to create separate domains for
"java Test" and "java Test2". I've been trying to use initialize_domain and
no_initialize_domain in Exception Policy Editor but no success yet. It
seems that no_initialize_domain only works if the application is run from
different paths? Need your insights/advice to make this work. Thank you!

Regards,
Rahmadi


On Tue, Apr 4, 2017 at 3:41 AM, Tetsuo Handa <
pengu****@i-lov*****> wrote:

> Hello.
>
> Rahmadi Trimananda wrote:
> >
> > Hello,
> >
> > I am a new Tomoyo user and I've been trying to read the Tomoyo
> > documentation (https://tomoyo.osdn.jp/2.5/index.html.en) for the past
> > couple days. I've got 2 questions:
> >
> > 1) I seem to get the impression that Tomoyo policy needs to be developed
> by
> > learning process and then little edits to adjust them. Is there any way
> > that I specify policies from command lines? I am looking for something
> like
> > Linux iptables. Could you point me to the right documentations?
>
> Yes, tomoyo-loadpolicy is a way to specify policies from command line.
> https://tomoyo.osdn.jp/2.5/man-pages/tomoyo-loadpolicy.html.en
>
> >
> > 2) Does Tomoyo still support IP network management, such as protocol
> (TCP,
> > UDP, port numbers, etc.)? I seem to have Tomoyo version 2.X but I think I
> > still need to do Kernel recompilation (I am using Raspbian for
> RaspberryPi,
> > a variant of Debian).
>
> Yes, though TOMOYO is different from iptables that TOMOYO checks
> permissions
> at system call layer.
> https://tomoyo.osdn.jp/2.5/policy-specification/domain-
> policy-syntax.html.en#network_inet
>
> Hints at https://tomoyo.osdn.jp/2.5/yocto-arm.html.en will be helpful
> even if you are using Raspbian.
>
> >
> > Thank you!
> >
> > Regards,
> > Rahmadi
>



-- 
Kind regards,
Rahmadi Trimananda

Ph.D. student @ University of California, Irvine
"Stay hungry, stay foolish!" - Steve Jobs -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20170404/dc081124/attachment.html>

More information about the tomoyo-users-en mailing list
Back to archive index