Discussion:
[tomoyo-users-en 585] Re: /var/log/tomoyo and updating apps
(too old to reply)
clausreheis
2014-03-17 11:31:41 UTC
Permalink
Raw Message
Hello Tetsuo Handa,
After playing around with "Tomoyo Linux" since one week I have to
say
that I really enjoy analyzing my system and confining applications
with
Tomoyo Linux.
Yes, TOMOYO is a powerful tool for analyzing/understanding Linux
systems.
After putting some applications in "permissive mode" I wanted to
take a
look at the "reject logs" in /var/log/tomoyo/ and was surprised how
big
the file reject_001.log has grown... 6.9GB!!!
This file is from the "learning mode" as far as I understand!?
Yes.
Luckily I habe a big hard drive in my laptop, but when this log file
continue to grow at this rate I will be out of space soon!
What is filling up this file so fast and what can I do about it?
Probably /proc/$pid/ files and temporary files are filling up this file.
You can use tomoyo-patternize utility (see
/etc/tomoyo/tools/patternize.conf
for configuration) for converting such pathnames to patterns.
http://tomoyo.sourceforge.jp/2.5/chapter-6.html
Can I safely delete the logfiles from time to time until I figured it out
how to manage the tomoyo-patternize utility?
As Mageia is providing Firefox ESR, we have a Version what does
not get
upgraded ad often as it happens in other distributions and when I
see
this from the perspective of a Tomoyo Linux user, I even appreciate
it
more to have less frequent changes.
Unless dependency changes, there will be little with updating
TOMOYO's
configuration when updating software packages. There is tomoyo-
queryd
utility which you can use for interactively judging exceptional
requests
which happen while updating software packages.
/usr/lib64/firefox-24.3.0/plugin-container
if there there a way to do some wildcard magic what makes it
possible
that the policy automatically adopts to a new version/path like
/usr/lib64/firefox-24.4.0/plugin-container
or do I have to create and edit a new policy every time Firefox gets
updated?
You can use aggregator directive (see
/etc/tomoyo/policy/current/exception_policy.conf for configuration).
aggregator /usr/lib/firefox-\*/plugin-container
/usr/lib/firefox/plugin-container
The "file execute" permission and domainname can be wildcarded by
the
aggregator directive. Other permissions (e.g. "file read") can be
wildcarded
by tomoyo-patternize utility.
Greetings from Austria,
Tetsuo Handa
2014-03-17 11:42:47 UTC
Permalink
Raw Message
Post by clausreheis
Probably /proc/$pid/ files and temporary files are filling up this file.
You can use tomoyo-patternize utility (see
/etc/tomoyo/tools/patternize.conf
for configuration) for converting such pathnames to patterns.
http://tomoyo.sourceforge.jp/2.5/chapter-6.html
Can I safely delete the logfiles from time to time until I figured it out
how to manage the tomoyo-patternize utility?
Since new logfiles are automatically created if they are missing, you can
safely delete (or rename) them anytime.
rehcla.mailinglist
2014-03-17 11:44:11 UTC
Permalink
Raw Message
Post by Tetsuo Handa
Post by clausreheis
Probably /proc/$pid/ files and temporary files are filling up this file.
You can use tomoyo-patternize utility (see
/etc/tomoyo/tools/patternize.conf
for configuration) for converting such pathnames to patterns.
http://tomoyo.sourceforge.jp/2.5/chapter-6.html
Can I safely delete the logfiles from time to time until I figured it out
how to manage the tomoyo-patternize utility?
Since new logfiles are automatically created if they are missing, you can
safely delete (or rename) them anytime.
_______________________________________________
tomoyo-users-en mailing list
tomoyo-users-en at lists.sourceforge.jp
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
Perfect...
Have a nice day and thank you again!!!

Loading...