Hi folks, Quick question - I need to do a large scale deployment of tomoyo. Problem is that the policy files are deployed and managed by puppet/chef and there's no perfect way to guarantee that they may not be corrupt (imagine power interruption during puppet update). I've written shutdown scripts that does syntax check before halt/restart, and I've modified the grub menu entry to allow a kernel command line without tomoyo enabled just in case kernel panic occurs. All that said, is there any sane way to ensure that tomoyo doesn't cause kernel panic on boot due to policy issues? I can start with no policy but that requires manual bypass. Maybe the ability to automate the bypass? Ryan -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20140618/a59fbc15/attachment.html>
TOMOYO
Fork