Discussion:
[tomoyo-users-en 539] Domain-error
(too old to reply)
TorstenWw
2013-02-13 15:52:07 UTC
Permalink
Raw Message
Hi there,

if I execute chromium I will get the following message (via dmesg):

ERROR: Domain
'<kernel> /sbin/init /bin/su /bin/bash /bin/bash /usr/bin/startx /usr/bin/xinit /bin/sh /usr/bin/dbus-launch /usr/bin/awesome /usr/bin/chromium /usr/lib/chromium/chromium
proc:/self/exe' not defined.

which seems to be tomoyo related - but there is no domainPolicy nor exceptionPolicy for
chromium

as I do use chromium only rarely I can not tell whether this message is since a specific
version of chromium

ArchLinux x86_64
Kernel: 3.7.4
Tomoyo-Tools: 2.5.0.20120805
Chromium: 24.0.1312.70


Regards
Torsten
Tetsuo Handa
2013-02-13 22:15:30 UTC
Permalink
Raw Message
Hello.
Post by TorstenWw
ERROR: Domain
'<kernel> /sbin/init /bin/su /bin/bash /bin/bash /usr/bin/startx /usr/bin/xinit /bin/sh /usr/bin/dbus-launch /usr/bin/awesome /usr/bin/chromium /usr/lib/chromium/chromium
proc:/self/exe' not defined.
which seems to be tomoyo related - but there is no domainPolicy nor exceptionPolicy for
chromium
Some applications do execve("/proc/self/exe") but TOMOYO represents
"/proc/self/exe" as "proc:/self/exe". Since TOMOYO's domainname has to be
in the form of "<namespace> /path/to/app1 /path/to/app2 /path/to/app3",
"proc:/self/exe" does not match "/path/to/app3".

Please add a line

aggregator proc:/self/exe /proc/self/exe

to the exception policy (i.e.
# echo 'aggregator proc:/self/exe /proc/self/exe' >> /etc/tomoyo/exception_policy.conf
and/or
# echo 'aggregator proc:/self/exe /proc/self/exe' | tomoyo-loadpolicy -e
) so that "proc:/self/exe" appears as "/proc/self/exe".

Regards.

Loading...