Hi Ryan, On Fri, Dec 19, 2014 at 7:33 AM, Ryan Seu <[email protected]> wrote: > > Hey folks, > > Can anyone provide more information on how tomoyo-loadpolicy behaves? I > can probably look through the code but figure I would ask here first. > > We're managing tomoyo via puppet and we're trying to figure out how to > load/update policy in a clean and safe manner. > > We invoke the loadpolicy periodically via a cron job which is managed by > puppet. Unfortunately we also protect cron behind tomoyo which means that > when we use the overwrite flag (-ef) everything that's currently applied > gets flushed and things go to a complete lockdown mode. >
If you invoke loadpolicy with the flag (-ef), it first clears up the existing policy while the flag (-e) simply appends/deletes. Cases you need the flag (-ef) is quite limited and I assume your don't want it this time. > What's the functional difference between -ef and -e? How does the > appending work? What I made changes to the full existing policy and try to > load it? > I assume that what you want to do is keeping update (patch) the policy and finally save it to files. If so, invoke loadpolicy with the flag (-e) and savepolicy when you get ready. > Thank you! > Ryan > > > Best regards, Toshiharu Harada [email protected]
_______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
