Jamie Nguyen
dysco****@gmail*****
Sun Dec 19 08:14:07 JST 2010
TOMOYO
ForkTetsuo Handa wrote:
> If we clearly define evaluation rule as
>
> evaluation stops at first chunk where rewrite operation took place
>
> and specify both 'old_pattern' and 'new_pattern' in the 'rewrite' line,
> it will be natural to remain 'rewrite' line as conditional.
> In that case (of cource, we can allow users to omit 'new_pattern'
> if 'old_pattern' is reused as 'new_pattern') syntax will look like
>
> rewrite head_pattern proc:/\$/
> rewrite path_pattern proc:/\$/\* @proc_pid_files
> rewrite path_pattern proc:/\$/\{\*\}/\* @proc_pid_files
I think this is an excellent solution. Just to clarify, are you
suggesting something like this?:
acl[1].equals file
acl[2].equals write
rewrite path_pattern /tmp/cc\* @TMP_CC_FILES
I think perhaps it makes more sense to keep old and new on the same
line. Although in some cases this may result in very long lines, it is
probably more important to have intuitive syntax. So I am happy with
this solution that you have suggested :-)
> By the way, since we introduced /etc/ccs/tools/ directory for storing
> configuration for ccs-tools package, I think it is good opportunity to change
> pathnames for policy files.
>
> ...
>
> Proposed structure:
>
> /etc/ccs/ is used by TOMOYO Linux 1.x and AKARI. Within the directory...
>
> domain_policy.conf is a symlink to policy/current/domain_policy.conf .
> exception_policy.conf is a symlink to policy/current/exception_policy.conf .
> profile.conf is a symlink to policy/current/profile.conf .
> manager.conf is a symlink to policy/current/manager.conf .
> meminfo.conf contains data for /proc/ccs/meminfo .
> ccs-load-module is used for loading ccsecurity.ko or akari.ko .
> ccs-post-init is used for doing pre /sbin/init initialization.
>
> tools/ is for storing ccs-tools configuration.
>
> policy/ is for storing policy configuration. Within the directory...
>
> YY-MM-DD.hh:mm:ss/ is for storing domain_policy.conf exception_policy.conf manager.conf profile.conf .
>
> current is a symlink to YY-MM-DD.hh:mm:ss/ , created by ccs-savepolicy .
>
> previous is a symlink to YY-MM-DD.hh:mm:ss/ , created by renaming from current when current is created.
>
> With this change, ccs-savepolicy will always save all of domain_policy.conf ,
> exception_policy.conf , manager.conf and profile.conf whereas currently saves
> by default only domain_policy.conf and exception_policy.conf .
Sounds great. I especially like the addition of previous.
Kind regards