Discussion:
[tomoyo-users-en 502] re-about syscalls
(too old to reply)
florian.lissandres
2012-07-20 14:23:03 UTC
Permalink
Raw Message
Thank you very much for those explanations!
I now understand why all opening on non-existent files are not caught by
Tomoyo

But now, I wonder why some syscalls seems not to be caught by Tomoyo. Like
sysinfo, getcwd, sigaltstack.

In fact, I have to study what is monitored and what is not in details. I
give another example:

At the moment where vim tries to read the file /home/user1 for exemple
(file read /home/user1), strace stays locked on the syscalls
open(".",O_READONLY | O_LARGEFIL) = 3. Up to there no problem. But just
after I allow Tomoyo to add this authorization to the policy I see others
syscalls on strace: Fchdir(3) = 0, chdir("/usr/share/vim") = 0,
getcwd("/usr/share/vim", 4096) = 15, close or brk.

I have read the documentation but I do not find enought details on those
questions. I imagine that my request is hard to satisfy, but if you can
help my to get more details, it would be very interesting.

Florian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sourceforge.jp/mailman/archives/tomoyo-users-en/attachments/20120720/8eb1e3e3/attachment.htm
Tetsuo Handa
2012-07-20 14:35:56 UTC
Permalink
Raw Message
Post by florian.lissandres
But now, I wonder why some syscalls seems not to be caught by Tomoyo. Like
sysinfo, getcwd, sigaltstack.
TOMOYO is not checking all of syscalls.
One reason is that LSM hooks are not inserted into every syscall.
The other reason is for TOMOYO's ease of use and less performance impact.

You can see list of syscalls checked by TOMOYO at
http://tomoyo.sourceforge.jp/cgi-bin/lxr/ident?i=tomoyo_mac_keywords and
http://tomoyo.sourceforge.jp/2.5/policy-specification/domain-policy-syntax.html .
Loading...