早間義博
2011-10-12 17:11:09 UTC
$BAa4V$G$9!#(B
kernel gentoo sys-kernel/gentoo-sources-3.0.4-r2
tomoyo-tools-2.4 $B$N%I%-%e%a%s%H$K$"$k$h$&$K(B
linux-3.1-rc8.tar.gz $B$+$i(Bsecurity/tomoyo/ $B$r<h$j=P$7$F%3%T!<$7(B
$B$F$$$^$9!#(B
tomoyo-2.4-backport-for-3.0.patch $B$r%Q%C%A$7$F$$$^$9!#(B
tomoyo-tools-2.4 $B$K$7$F$+$i(B profile 2 $B$G$N(B WARNING: $B%m%0$,=P$J$$$N(B
$B$G$9$,!"2?$+;XDj$,I,MW$G$9$+!#(B
/usr/lib/tomoyo/init_policy $B$r<B9T$7$F$+$iJQ99$O$7$F$$$^$;$s!#(B
<kernel>
0: PROFILE_VERSION=20100903
1: 0-COMMENT=-----Disabled Mode-----
2: 0-CONFIG={ mode=disabled grant_log=no reject_log=yes }
3: 0-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
4: 1-COMMENT=-----Learning Mode-----
5: 1-CONFIG={ mode=learning grant_log=no reject_log=yes }
6: 1-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
7: 2-COMMENT=-----Permissive Mode-----
8: 2-CONFIG={ mode=permissive grant_log=no reject_log=yes }
9: 2-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048}
10: 3-COMMENT=-----Enforcing Mode-----
11: 3-CONFIG={ mode=enforcing grant_log=no reject_log=yes }
12: 3-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
use_profile 2 $B$N>uBV$GL55v2D$N9T0Y$,9T$o$l$?>l9g!"L55v2D$N9T0Y$,$"$C(B
$B$?$3$H$rCN$j$?$$$N$G$9$,!"(Blog $B$^$?$O(B tomoyo-notifyd $B$K$h$kG'<1$$$:(B
$B$l$+$rF@$k$K$O$I$N$h$&$K$7$?$iNI$$$N$G$7$g$&!#(B
$B#2Bf$N%[%9%H$G(B profile $B$,0[$J$k>uBV$GF1$8%3%^%s%I$,<B9T$5$l$^$7$?!#(B
profile 1 $B$N$b$H$G<B9T$7$?>l9g$K(B
file create /var/lib/local/pgmexe 0666
$B$,DI2C$5$l$F$$$k$N$K(B
policy 2 $B$b$H$G$O(B WARNING $B%m%0$b;D$i$:!"(Btomoyo-notifyd $B$+$i$N%a!<%k(B
$B$bMh$^$;$s!#(B
$B$I$A$i$bBP>]$H$J$k%G%#%l%/%H%j$KBP$9$k(B policy $B$O$"$j$^$;$s!#(B
($BL55v2D$N>uBV$G$9!#(B)
profile 3 $B$,;XDj$5$l$F$$$k%W%m%0%i%`(B(apache2)$B$G$O(B policy $B$KL5$$%U%!(B
$B%$%k$r<B9T$7$h$&$H$7$F!"(Btomoyo-notifyd $B$+$i%a!<%k$,Mh$F$$$^$9$,(B
syslog $B$K$O5-O?$5$l$F$$$^$;$s!#(B
-- $BAa4V(B
kernel gentoo sys-kernel/gentoo-sources-3.0.4-r2
tomoyo-tools-2.4 $B$N%I%-%e%a%s%H$K$"$k$h$&$K(B
linux-3.1-rc8.tar.gz $B$+$i(Bsecurity/tomoyo/ $B$r<h$j=P$7$F%3%T!<$7(B
$B$F$$$^$9!#(B
tomoyo-2.4-backport-for-3.0.patch $B$r%Q%C%A$7$F$$$^$9!#(B
tomoyo-tools-2.4 $B$K$7$F$+$i(B profile 2 $B$G$N(B WARNING: $B%m%0$,=P$J$$$N(B
$B$G$9$,!"2?$+;XDj$,I,MW$G$9$+!#(B
/usr/lib/tomoyo/init_policy $B$r<B9T$7$F$+$iJQ99$O$7$F$$$^$;$s!#(B
<kernel>
0: PROFILE_VERSION=20100903
1: 0-COMMENT=-----Disabled Mode-----
2: 0-CONFIG={ mode=disabled grant_log=no reject_log=yes }
3: 0-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
4: 1-COMMENT=-----Learning Mode-----
5: 1-CONFIG={ mode=learning grant_log=no reject_log=yes }
6: 1-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
7: 2-COMMENT=-----Permissive Mode-----
8: 2-CONFIG={ mode=permissive grant_log=no reject_log=yes }
9: 2-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048}
10: 3-COMMENT=-----Enforcing Mode-----
11: 3-CONFIG={ mode=enforcing grant_log=no reject_log=yes }
12: 3-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
use_profile 2 $B$N>uBV$GL55v2D$N9T0Y$,9T$o$l$?>l9g!"L55v2D$N9T0Y$,$"$C(B
$B$?$3$H$rCN$j$?$$$N$G$9$,!"(Blog $B$^$?$O(B tomoyo-notifyd $B$K$h$kG'<1$$$:(B
$B$l$+$rF@$k$K$O$I$N$h$&$K$7$?$iNI$$$N$G$7$g$&!#(B
$B#2Bf$N%[%9%H$G(B profile $B$,0[$J$k>uBV$GF1$8%3%^%s%I$,<B9T$5$l$^$7$?!#(B
profile 1 $B$N$b$H$G<B9T$7$?>l9g$K(B
file create /var/lib/local/pgmexe 0666
$B$,DI2C$5$l$F$$$k$N$K(B
policy 2 $B$b$H$G$O(B WARNING $B%m%0$b;D$i$:!"(Btomoyo-notifyd $B$+$i$N%a!<%k(B
$B$bMh$^$;$s!#(B
$B$I$A$i$bBP>]$H$J$k%G%#%l%/%H%j$KBP$9$k(B policy $B$O$"$j$^$;$s!#(B
($BL55v2D$N>uBV$G$9!#(B)
profile 3 $B$,;XDj$5$l$F$$$k%W%m%0%i%`(B(apache2)$B$G$O(B policy $B$KL5$$%U%!(B
$B%$%k$r<B9T$7$h$&$H$7$F!"(Btomoyo-notifyd $B$+$i%a!<%k$,Mh$F$$$^$9$,(B
syslog $B$K$O5-O?$5$l$F$$$^$;$s!#(B
-- $BAa4V(B