[Freedombox-discuss] PHP is not the problem, security is!
Rob van der Hoeven
robvanderhoeven at ziggo.nl
Tue Jul 17 17:31:42 UTC 2012
> In my particular usage case, Tomoyo revealed alot of nonsense that
> some Firefox add-ons were doing, and allowed me to easily restrict the
> wayward activities. And the add-ons continued to function fine anyway.
This is one of the things i like about TOMOYO, it can show you exactly
what a program is doing. It's a great monitoring/analyzing tool too!
>
> Even though tomoyo is ridiculously simpler to use than SElinux, Should
> Freedombox decide to integrate TOMOYO or AKARI into the build, I would
> still strongly (very very) suggest FreedomBox prepare default profiles
> for the default FreedomBox apps. (SUSE and Canonical did so for
> Apparmor, but when I evaluated Apparmor a few years ago, their
> defaults were uselessly liberal - no offense intended to you liberals
> on the list). I had suggested this a few years ago on the tomoyo
> discussion list and directly with the tomoyo developers, but at the
> time, the effort went nowhere.
Default profiles make sense. Because TOMOYO works with file-paths (not
labels) the profiles will most likely be different for each Linux
distribution. That is probably the reason the TOMOYO community did not
make profiles available. For the FreedomBox profiles are the way to go.
I intend to make the AKARI version of TOMOYO an integral part of my new
FreedomBox security architecture. Probably combine it with control
groups. Will write about this on my blog if things become interesting...
Thanks for sharing your experiences with TOMOYO.
Rob.
http://freedomboxblog.nl
More information about the Freedombox-discuss
mailing list