2012-12-25 09:30:26 UTC
I want to have two domains, so I add into domain_policy:
# cat /sys/kernel/security/tomoyo/domain_policy
And two rules in exception policy:
# grep domain /sys/kernel/security/tomoyo/exception_policy
<kernel> keep_domain any from any
<kernel> reset_domain /bin/id from any
Now when I run /bin/id I get error:
-bash: /bin/id: Cannot allocate memory
and error in dmesg:
ERROR: Domain '</bin/id>' not ready.
What is the cause of this? As I guess this should be only if "profile for the domain is not defined", but it's defined in domain_policy.
When I use initialize_domain all works OK, but I want to understand what's wrong with reset_domain.
# uname -r