Tetsuo Handa
from-****@I-lov*****
Wed Jan 26 17:43:22 JST 2011
TOMOYO
ForkJamie Nguyen wrote:
> Sound good?
Sure.
> This section would include all material that I have not
> written yet from the tutorials, such as securing login sessions and
> Apache CGI.
As the tutorial was originally written for TOMOYO 1.3.1, there are some topics
which are missing for TOMOYO 1.8.0. Especially,
(1) How to selectively enable functionality
This is (e.g.) between "init_policy --file-only-profile" and
"init_policy --full-profile".
Although this is described in policy-reference.html.en , examples are not
provided.
(2) How not to suppress domain transition in login session.
keep_domain keyword was added for restricting operations in login session.
But some users do not want to suppress domain transition in login session
for auditing purpose while restricting operations in login session. Thus,
in TOMOYO 1.8, I changed to create domains even in enforcing mode.
(3) How to use use_group and acl_group keywords
This is related with (2), for use_group acts like #include directive in C
programs.
Also, acl_group 0 is defined by default and many entries are given to
group 0. By using acl_group with non 0, users can give fewer entries.
This will help giving (e.g.) firefox fewer entries than default.
(4) Some of htdocs/1.8-tmp/policy-reference.html.en#Advanced_Features could be
moved to tutorial pages.