Work in progress
intika opened this issue · comments
intika commented
Todo :
- Create a main app (same as startup-watcher) and use "ccq > /tmp/tomoyo" to display logs...
- When deny dgram bind denied (udp) > connection bind still occur (test with skype and profile 6) (apparently was a mistake because of allow and learn... so update allow and learn to distinguish tcp/udp)
- Auto-save on deny all
- Change "Allow and learn" to "Allow and remember"
- Edit documentation with full explanation how this app works
- Create a system call function that integrate fork to populate fork to all system function (fix keep alive problem...)
- Integrate ccs in save_policy function
- Add clear log
- Add tray icon
- Add window to display logs or increase buffer
- Clean the code and make the app pro.
- Use profile over a setting file instead of hard coding it
- Fix warning
- Add ccs-firewall to exception (can cause problem when route used because of sudo... or remove sudo from system call because its already root)
- Along with text config file... manage question according to file/capability/network/misc/ipc (different question with different action on different policy)
- Bug : Allow & Save Show Twice For Same Request
- Disable/Enable >> Allow-All Without Logs (disable feature...)
- Modes : Learn / Allow-All-Without-Saving / Deny-All-Do-Not-Disturb / Disabled
- Tomoyo Clean Domains
- Check Allowed Tomoyo Managers (Must be copied to /usr/bin )
- HIPS-4-Linux - Tomoyo (Dev GUI with Lazarus/Py/Qt/Py+Qt+Glade/Glade/KDE-Plasmoid/Gnome-Widgets ?) Lazarus Terminal https://www.youtube.com/watch?v=KcHZVT1mHJY ?
- I can switch to use use_group instead of profile to be able to manage different access level network/capability/file...
Note :
Enforcing_penalty =
If the Enforcing Mode
profile is configured with PREFERENCE={ enforcing_penalty=1 }
then domains that violate policy will be made to sleep for 0.1 seconds. This is useful for avoiding infinite loops that can cause CPU usage to reach 100%.