Hello.
Ryan Seu wrote:
> All that said, is there any sane way to ensure that tomoyo doesn't cause
> kernel panic on boot due to policy issues? I can start with no policy but
> that requires manual bypass. Maybe the ability to automate the bypass?
What /sbin/tomoyo-init is doing is basically
#! /bin/sh
for i in manager exception_policy domain_policy profile stat
do
cat /etc/tomoyo/$i.conf > /sys/kernel/debug/tomoyo/$i
done
You can write your version of /sbin/tomoyo-init (e.g. adding GPG signature
check or whatever you want.)
http://sourceforge.jp/projects/tomoyo/scm/svn/blobs/head/trunk/2.5.x/tomoyo-tools/sbin/tomoyo-init.c
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
