Horvath Andras
han****@log69*****
Thu Jun 9 23:16:52 JST 2011
I'd like to ask something different too regarding the mechanism of the policy update of Tomoyo. When i create a list like this to update my policy: delete $domainname delete $rule1 delete $rule2 delete $rule3 $domainname $newrule1 $newrule2 and then i write this to /sys/kernel/security/tomoyo/domain_policy then i update the rules just right. That's ok. My quiestion is: Might there be any race condition during the policy update within the kernel? Can it happen that after i wrote my policy update list to domain_policy, that between deleting and creating the new policy, there is a tiny amount of time, when the particular process has full permission and it can do anything? Or does Tomoyo work something like applying only the differences? Or it just creates some kind of locking mechanism while updating the rules? Thanks.
TOMOYO
Fork