Thanks for the response. My question stemmed from what is probably just some confusion on my part. I have been attempting to make changes directly to /etc/caitsith/policy/current and then load those changes by issuing command # /usr/sbin/caitsith-loadpolicy < /etc/caitsith/policy/current. What I found is that this seems to append /etc/caitsith/policy/current to /sys/kernel/security/caitsith/policy. If I had made some deletions to /etc/caitsith/policy/current, # cat /sys/kernel/security/caitsith/policy would still show some of the policy I had deleted. I tried the command # /usr/sbin/caitsith-loadpolicy << /etc/caitsith/policy/current, but that didn't work. In hindsight, I should have asked if there is a way to completely replace /sys/kernel/security/caitsith/policy with /etc/caitsith/policy/current without rebooting? > Hello. > > Darrell wrote: >> Do you have any plans to create an ncurses caitsith-editpolicy similar >> to ccs-editpolicy? I've been contemplating migrating from CCS to >> Caitsith and miss the ncurses editor for in-memory policy editing. > Since I think that caitsith-loadpolicy and caitsith-queryd are sufficient > for editing in-memory policy configuration ( /proc/caitsith/policy or > /sys/kernel/security/caitsith/policy ), I don't have a plan to create > caitsith-editpolicy . > > Since TOMOYO modifies in-memory policy configuration, we use ccs-editpolicy > or tomoyo-editpolicy for browsing and editing in-memory policy configuration. > But since CaitSith does not, there is little need for browsing and editing > in-memory policy configuration using a dedicated tool. > > You can run caitsith-savepolicy when you modified in-memory policy configuration > using caitsith-loadpolicy or caitsith-queryd . >
TOMOYO
Fork