Tetsuo Handa
from-****@I-lov*****
Wed Jan 26 17:43:22 JST 2011
Jamie Nguyen wrote: > Sound good? Sure. > This section would include all material that I have not > written yet from the tutorials, such as securing login sessions and > Apache CGI. As the tutorial was originally written for TOMOYO 1.3.1, there are some topics which are missing for TOMOYO 1.8.0. Especially, (1) How to selectively enable functionality This is (e.g.) between "init_policy --file-only-profile" and "init_policy --full-profile". Although this is described in policy-reference.html.en , examples are not provided. (2) How not to suppress domain transition in login session. keep_domain keyword was added for restricting operations in login session. But some users do not want to suppress domain transition in login session for auditing purpose while restricting operations in login session. Thus, in TOMOYO 1.8, I changed to create domains even in enforcing mode. (3) How to use use_group and acl_group keywords This is related with (2), for use_group acts like #include directive in C programs. Also, acl_group 0 is defined by default and many entries are given to group 0. By using acl_group with non 0, users can give fewer entries. This will help giving (e.g.) firefox fewer entries than default. (4) Some of htdocs/1.8-tmp/policy-reference.html.en#Advanced_Features could be moved to tutorial pages.